Mag. Gabriele Schlappinger
We provide this privacy statement to inform you about how we may collect, use, share, and otherwise process your personal information. As a private customer, an employee of one of our corporate clients or other individuals to whom we offer or provide our services – travel, (overnight) stays and related services – via our website, mobile applications, email communications or other online and offline means. We have a strong commitment to respect our users’ concerns regarding privacy and process all personal information in compliance with the European and the Austrian data protection law. Personal information provided by you when making a request regarding data protection is used exclusively for the purpose of processing your request.
Who acts as invigilator with respect to the processing of your data and whom can you turn to?
Responsible is Mag. Gabriele Schlappinger in 1170 Wien, Pezzlgasse 36/ Top 6. Tel.: +43/664/460 16 44; E-Mail: firstname.lastname@example.org
What data categories do we process?
Due to our contractual obligations, we process: Account Information – If you contact us, register with us or receive services from us, we collect general information about you in order to contact you regarding booking and additional travel information or service information in connection with your booking requests. This may include your name, email address, phone numbers, employer, and physical addresses, in some cases, your gender and date of birth. Guest and Travel Information – If you book a stay or any other service, we collect directly or – if you do not book the stay or journey yourself – the details of your trip or stay or other services (such as arrival and departure time and location …) and other information required to complete your travel bookings indirectly – (via third parties eg. via your employer, other intermediary travel agents, friends and family members or other organizers). If necessary, we also require passport data from travellers. If we book trips for your escorts, we may collect the same data categories from them. Please forward this information to all those affected whose data you provide in a travel booking. Your customer data is stored in your travel or guest profile, where we collect the information required for your travel booking and the provision of our services. You can provide additional information in your travel or guest profile, e.g. emergency contact information. Payment Information – To pay for bookings and other transactions through our services, we collect payment card information and other details necessary to process payments. Based on our legitimate interest to provide you with personalized advertisements and to create statistics on user behaviour during the use of our websites and mobile applications, we also process: Device Data – We collect information about how you use our services, including your computer’s IP address and information that can be derived from it (such as internet provider and general geographic location), your device’s unique identifier and other technical information. We also collect information about how you use our websites and mobile applications. We collect some of this information using cookies and similar technologies, as described here.
How long do we store your data?
Your data will be stored at least as long and to the extent as it is required by our contractual basis. After termination of the contract, your data will be kept in accordance with our retention obligations for max. 7 years. In addition, your information will be stored
- on the basis of our legitimate interest until we receive a substantiated objection from you, or
- on the basis of your consent until you withdraw it.
For what purposes do we process your data?
To provide you with services– We use your information for the provision of travel services, in particular to book your overnight stays, prepare invoices, communicate with you about your journey or our services, provide customer service, and manage your account. To provide our products and services to corporate clients – we use your information to comply with our agreements with your employer or travel sponsor, communicate about our products and services or help them ensure compliance with their policies. Process payments – We use your information to process transactions and provide you with related customer service.
Operate websites and mobile applications – We use device data to
- monitor and improve the performance and content of our services,
- provide updates,
- analyse trends and use in connection with our services, and
- measure whether our ads and offers are effective.
Operate and improve our business – We use your information for compliance with our company policies and procedures, for accounting and financial purposes, to detect or prevent fraud or criminal activity, to perform, analyse and improve our business and services, and otherwise as required by law.
Optimization of services and marketing
We use your data in your and our legitimate interest to optimize our services and future benefits, including:
- the pre filling-in of forms and payment data
- the use of contact information
- for the transmission of performance and service changes
- to contact you and related parties in emergencies
- to obtain feedback on our services provided
- to send you information about our services electronically as well as by mail
We ask for appropriate information if you do not agree with the storage or use of your data.
With whom and how do we share your information?
Generally, we do not transmit your data to third parties without your consent, neither free of charge nor against payment. Exceptions to this are transfers that we make on the basis of a legal or contractual obligation or on the basis of our mutual and legitimate interests as mentioned above: Your employer or travel sponsor – Our services to you may be provided under the terms of service agreements with your employer or travel sponsor. We share your information with them to allow them to manage their business travel needs and assure compliance with their company travel policies. At the request of your employer or travel sponsor, we may also share information with their vendors. Vendors, suppliers, processors – We share information with vendors that perform functions on our behalf, such as mobile application and software developers, and vendors who provide IT support, data hosting, marketing and communication services, and collections. Authorities, government agencies, banks, courts – We may disclose information to regulatory authorities, courts, and government agencies where we believe doing so would be permitted or absolutely necessary by law, regulation or legal process, or to defend our or third party interests, rights or property.
We have integrated components from Facebook Inc. on our website.
The operating company is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2. Ireland acts as controller if an affected person lives outside the US or Canada.
Each time you visit one of the individual pages of websites operated by us and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on your IT-system is automatically triggered by the respective Facebook component to download a respective representation of the Facebook component. An overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=en_US. As part of this technical process, Facebook receives information about which specific individual page of our website is visited by the person concerned.
If you are logged in to Facebook at the same time, Facebook recognizes with each of your visits to our website and during the entire duration of the respective stay, which specific individual page of our website is visited. This information is collected through the Facebook component and assigned by Facebook to the respective Facebook account. If you press one of the integrated Facebook buttons on our website, for example the “Like”-button, or leave a comment, Facebook assigns this information to your personal Facebook user account and saves this personal data.
If transmission of this information to Facebook is not wanted, you can prevent this transmission by logging out of your Facebook account before visiting our website.
International data transmission
We may transfer your information to jurisdictions outside of your home country for the purposes described here, including to countries that may not provide the same level of data protection as your home country. To protect the information, transfers will be made in accordance with appropriate data transfer agreements and other protections. Regardless of where we process your information, we protect it in the manner described in this Privacy Statement and in accordance with applicable law.
What are your privacy rights?
You have the right(s)
- to obtain confirmation as to whether or not personal data relating to you are being processed, and, where that is the case, to receive free information on the personal data stored about you and a copy of this information;
- to withdraw your consent to the processing of personal data without affecting the lawfulness of the processing already carried out;
- to obtain the rectification of any (incorrect) personal data relating to you or, at most,
- to obtain the erasure of your data if there is no legal reason to store them any longer;
- to obtain restriction of processing;
- to receive your personal data processed on the basis of your given consent and which you have provided to us, in a structured, commonly used and machine-readable format and
- to transmit those data to another controller unhindered;
- to have personal data transmitted directly from one controller to another, where technically feasible and where this not does not adversely affect the rights and freedoms of others;
- to lodge a complaint with the Austrian Data Protection Authority in the case that we do not comply with the Austrian data protection provisions.
How do we protect your data?
We maintain reasonable administrative, technical, and physical security measures to protect your information from unauthorized access and use. We retain your information only as long as needed to provide our services and for legitimate business purposes, unless we are required by law or regulation or for litigation and regulatory investigations to keep it for longer periods of time.
General data security measures
At any time we implement appropriate technical and organizational measures, such as pseudonymisation, which are designed to implement data-protection principles, in order to meet the requirements of the data protection provisions and to implement the necessary warranties during the processing in order to comply with the requirements of the data protection laws and to protect your data. We implement appropriate technical and organisational measures to ensure that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual’s intervention to an indefinite number of natural persons. These measures include
- the pseudonymisation and encryption of your personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
Special data security measures
Secure Socket Layer (SSL)
Whenever it is necessary for you to enter personal information online, we use an encrypted transmission method (SSL) to protect your confidential information. “SSL” stands for “Secure Socket Layer”. When accessing a secure server, the first characters of the site address will change from “http://” to “https://”. This indicates that you are in a secure mode.
We may change this Privacy Statement from time to time as our business changes or legal requirements change. If we make material changes to this Privacy Statement, we will post a notice on our website before the changes go into effect, and notify you as otherwise required by applicable law.
If you have questions or complaints regarding the processing of your data, please contact us in writing to the above mentioned address.
We will review your request and reply in writing within 30 days after receipt.