Privacy

Hotel Bergschlössl GmbH, with its registered office at Lüsner Strasse 24, I-39040 Lüsen, (hereinafter referred to as Hotel Bergschlössl) always endeavours to protect the online privacy of its users. This document has been drafted in accordance with Art. 13 of the EU Regulation 2016/679 (hereinafter referred to as the "Regulation") in order for you to be aware of our Privacy Policy and to understand how your personal information will be treated when using our website and, where applicable, to give your explicit and informed consent to the processing of your personal data (valid only for persons aged 16 or over). The information and data provided by you or otherwise acquired by us when using our services on the website (hereinafter referred to as "Services") will be processed in accordance with the provisions of the Regulation and the confidentiality obligations that affect the activities of the controller.

In accordance with the provisions of the Regulation, the processing carried out by Hotel Bergschlössl is based on the principles of lawfulness, fair processing, transparency, purpose limitation, storage limitation, data minimisation, accuracy, integrity and confidentiality.

DIRECTORY

1. The responsible
2. The personal data which are the subject of the processing shall be
   1. navigation data
   2. Special categories of personal data
   3. Data voluntarily provided by the data subject
3. Purpose of the processing
4. Legal basis and mandatory or optional nature of the processing operation
5. Recipients of personal data
6. Disclosure of personal data
7. Storage of personal data
8. Rights of the data subjects
9. Modifications
10. The responsible

The controller of the processing operations carried out on the website is Hotel Bergschlössl GmbH, as designated above. For information about the processing of personal data by the controller, including the list of processors appointed to process the data, please write to the following address: info@bergschloessl.com

1. The personal data which are the subject of the processing operation

We inform you that, as a result of your navigation on the website , the data controller will process personal data that may consist of an identifier such as your name, an identification number, an online identifier, a postal address, an email address, a telephone number (fixed and/or mobile) or one or more elements of your physical, physiological, psychological, economic, cultural or social identity in order to identify or make identifiable the data subject (hereinafter referred to as "personal data").

The personal data processed through the website are the following:

a. Navigation data

The computer systems and software procedures used to operate the website collect, during their normal operation, some personal data, the transmission of which is implicit in the communication protocols of the Internet. This information is not collected to be associated with identified data subjects, but may, by its nature, allow users to be identified through processing and association with third party data. This category of data includes IP addresses or domain names of computers used by users connecting to the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to send the request to the server, the size of the file received in response, the numerical code indicating the status of the server's response (successful, error, etc.) and other parameters relating to the operating system and computer environment. These data are used exclusively to obtain anonymous statistical information on the use of the website and to verify its correct functioning, detect anomalies and/or abuse and are deleted immediately after processing. The data may be used to establish liability in the event of hypothetical computer offences against the website or third parties. Apart from this possibility, the data collected on the website will be deleted after a short period of time.

b. Special categories of personal data

When you use our website to apply for a job (or send an email to us), there could be a transfer of your personal data that falls under the special categories of personal data as defined in Art. 9 of the Regulation, literally the "[...] personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership". ] personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, as well as the [...] genetic data, biometric data uniquely identifying a natural person, health data or data concerning a natural person's sex life or sexual orientation." Please do not publish this data unless it is absolutely necessary. We explicitly inform you that in relation to the transfer of special categories of personal data, but in the absence of explicit consent to process such data (you are of course allowed to send a CV), the controller cannot be held liable for whatever, nor receive remonstrances of any kind, as in this case the processing is allowed as it relates to data that have been manifestly made public by the data subject, in accordance with Art. 9(1)e of the Regulation. However, we would like to point out that, as mentioned above, it is important to give explicit consent to the processing of special categories of personal data if you decide to provide this information.

We also inform you that for the purpose of candidate selection, the data controller may analyse social profiles freely accessible on the internet for professional purposes (e.g. LinkedIn).

c. Data voluntarily provided by the data subject

When you use certain services on the website (e.g. the enquiry, contact or reservation form), we may process personal data from third parties that you send to the data controller. In these cases, you are the data controller, who assumes all legal obligations and liabilities. In this sense, you give us the maximum indemnity in relation to any retention, claims, compensation for damages arising from the processing, etc. that the data controller may receive from third parties whose personal data has been processed through the use of the functions of the website in violation of the applicable regulations on the protection of personal data. In any case, if you provide or otherwise process personal data of third parties in the course of using the Website, you warrant that this particular case of processing is based on an adequate legal basis pursuant to Art. 6 of the Regulation, which legitimises the processing of the information in question.

2. Purpose of the processing

The processing we intend to carry out (where necessary) with your explicit consent has the following purposes:

3. Legal basis and mandatory or optional nature of the processing operation

The legal basis for the processing of personal data for the purposes mentioned in section 3 (a-b-c) is Art. 6(1)(b) of the Regulation (performance of a contract), as the data processing is necessary for the provision of the services or to respond to requests from the data subject. Providing personal data for these purposes is optional, but failure to do so would make it impossible to activate the services provided by the website, process requests or evaluate CVs. With specific reference to purpose 3.c and the related analysis of social media profiles of a professional nature made freely available on the internet in accordance with section 2.b, Article 6(1)(f) of the Regulation constitutes the legal basis for the processing of the data, i.e. the legitimate interest of the data controller to check possible risks to the suitability of the candidate to fill the specific vacancy.

The purpose referred to in Section 3.d constitutes lawful processing of personal data within the meaning of Article 6(1)(c) of the Regulation (compliance with a legal obligation). Indeed, once the personal data have been provided, the processing is necessary for compliance with a legal obligation to which the controller is subject.

The legal basis of the processing for the purposes indicated in section 3.e is art. 6(1)(a) of the Regulation (consent of the user).
The controller may, without your consent, in order to carry out the processing for the same purposes involving the direct sending of advertising material or direct sales or the carrying out of market research or commercial communications relating to products or services of the controller that are similar to those purchased, use e-mail addresses and postal addresses in accordance with and within the limits permitted by art. 130, paragraph 4 of the Privacy Code and the order of the Guarantor for the Protection of Personal Data of 19 June 2008. The legal basis for processing your data for this purpose is Art. 6(1)(f) of the Regulation (the legitimate interest).

The legal basis of the processing for the purposes mentioned in section 3.f is Art. 6(1)(a) (consent of the user).

4. Recipients of personal data

Your personal data may be disclosed for the purposes set out in section 3 to:

5. Disclosure of personal data

Some of your personal data will be disclosed to recipients who may be located outside the European Economic Area. The data controller will ensure that the processing of your personal data by these recipients is carried out in accordance with the Regulation. Indeed, transfers may be based on an adequacy decision, on the contractual clauses approved by the European Commission or on another appropriate legal basis. For more information, please contact the data controller at the following address: info@bergschloessl.com.

6. Storage of the personal data

Personal data processed for the purposes referred to in section 3(a-b) will be kept for as long as strictly necessary for the achievement of those purposes. In any case, since the data processing is carried out for the provision of services, the data controller will process the personal data until the time provided for by Italian legislation on the safeguarding of interests (art. 2946 et seq. of the Civil Code). With regard to the CVs sent through the website or by e-mail in accordance with section 3.c, the personal data will be kept for a period deemed adequate for the purpose for which the data was collected. This is without prejudice to the possibility for the data controller to contact the applicant again shortly before the expiry of the period indicated for requesting an extension of this retention period.

The personal data processed for the purposes referred to in section 3.d shall be stored until the date provided for by the specific obligation or applicable law.

Personal data processed for the purposes referred to in sections 3.e and 3.f, on the other hand, shall be kept until consent is withdrawn by the data subject or, in the absence of such withdrawal, for a specified maximum period deemed appropriate.

For more information on the retention period of the data and the criteria for determining this period, please contact the data controller at the following address: info@bergschloessl.com.

7. Rights of the data subjects

In accordance with Article 15 et seq. of the Regulation, you have the right to ask the controller at any time for access to your personal data, to request that it be rectified or erased, or to object to processing. You have the right to request the restriction of processing in the cases provided for in Article 18 of the Regulation, as well as to receive the data concerning you in a structured, commonly used and machine-readable format in the cases provided for in Article 20 of the Regulation.

Any request must be made in writing to the Responsible Officer at the following address: info@bergschloessl.com.

You have the right to lodge a complaint with the competent supervisory authority (personal data protection guarantor) in accordance with Art. 77 of the Regulation at any time if you believe that the processing of your personal data violates applicable law.

8. Modifications

This privacy policy is valid as of 01.01.2023. The responsible person reserves the right to change or update the content in whole or in part, also due to changes in the applicable legislation. Therefore, the responsible person encourages you to visit this section regularly to keep yourself informed about the latest and most up-to-date version of this privacy policy.

Google Analytics & Google Remarketing

This website uses Google Analytics, Google Remarketing and Google Analytics reports on demographic characteristics. These are services provided by Google Inc ("Google"). Google uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. The IP address is then shortened by Google by the last three digits, so that a clear assignment of the IP address is no longer possible. Google observes the data protection provisions of the "US Safe Harbor" agreement and is registered with the "Safe Harbor" programme of the US Department of Commerce. Google Analytics reports use data from Google's interest-based advertising and visitor data from third-party providers. This data cannot be traced back to a specific person and can be deactivated at any time via the ad settings and as follows.

Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

Third-party vendors, including Google, serve ads on websites on the Internet. Third-party vendors, including Google, use stored cookies to serve ads based on a user's previous visits to this website.

Google will not associate your IP address with any other data held by Google. You can object to the collection and storage of data at any time with effect for the future. You can deactivate the use of cookies by Google by visiting the Google advertising deactivation page. Alternatively, users can deactivate the use of cookies by third-party providers by visiting the Network Advertising Initiative deactivation page.

However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

The collection and storage of data can be objected to at any time with effect for the future. Further information on Google's terms and conditions can be found here.

To increase customer loyalty and promote the sale of services and additional services, we use hotel marketing automation software by ADDITIVE OHG, 39011 Lana (BZ), Italy ("ADDITIVE") in the field of marketing and sales automation for hotels. Data that we collect and process in connection with your inquiry, booking, order, activation, registration, or other form submissions on the website is analyzed and used to send you automated offers for services and additional services via ADDITIVE+ MARKETING AUTOMATION. An adequate level of data protection is ensured by the concluded data processing agreement.

You may object to the use of your data for this purpose at any time by clicking the unsubscribe link provided in each message.

Data processing is carried out on the basis of the legal provisions of Art. 6 para. 1 lit. f (legitimate interest) of the GDPR.

Our legitimate interest within the meaning of the GDPR is to avoid disadvantages compared to our competitors, to improve our brand awareness, and to maximize our economic success through optimal use of acquired contacts.

ADDITIVE+ VOUCHERS

You have the opportunity to purchase vouchers through our website using an online voucher system. To process your purchase and to store and manage your data, we use the voucher software provided by ADDITIVE OHG, 39011 Lana (BZ), Italy ("ADDITIVE") in the field of voucher marketing for tourism. Your data is processed and stored within the EU or EEA.

The data you provide is necessary for the fulfillment of the contract or to carry out pre-contractual measures. Without this data, we cannot conclude a contract with you. Data will not be transferred to third parties, with the exception of the transmission of credit card data to the relevant payment service providers for the purpose of charging the purchase price, and to our tax advisor for fulfilling our legal tax obligations.

Data processing is carried out on the basis of the legal provisions of Art. 6 para. 1 lit. a (consent) and/or lit. b (necessary for contract performance) of the GDPR.

ADDITIVE+ NEWSLETTER

You have the option to subscribe to our newsletter via our website. To do so, we require your email address and confirmation that you agree to receive the hotel newsletter via ADDITIVE OHG, our provider in the field of email marketing for hotels.

To send you targeted information, we also collect and process voluntarily provided data such as interests, name, date of birth, and region/country of origin using our newsletter system.

After you have signed up, you will receive a confirmation email with a link to verify your subscription.

You can unsubscribe from the newsletter at any time by using the unsubscribe link provided in each issue.

To process your subscription and send the newsletter to your email address, we use the software provided by ADDITIVE OHG, 39011 Lana (BZ), Italy ("ADDITIVE"). Your data may be processed and stored, at least in part, outside the EU or EEA. An adequate level of data protection is ensured through the data processing agreement in place.

Online Marketing and Landing Pages

In addition to our website, we also operate optimized sales landing pages. To process your inquiry, booking, order, activation, registration, or other form submission on such a landing page and to store and manage your data, we use common cloud services, CRM systems, and software from ADDITIVE OHG, 39011 Lana (BZ), Italy ("ADDITIVE"). The appropriate level of data protection is ensured through data processing agreements with the respective companies.
Our landing pages use functions from the web analytics service Google Analytics by Google Inc. ("Google"). Google Analytics enables analysis of user behavior on the website. The data generated about your usage will be transmitted to Google’s servers and stored there.
Your IP address is collected but immediately anonymized (e.g., by deleting the last 8 bits). This allows only approximate geolocation.
You can prevent the transmission of data related to your use of the website to Google, as well as the processing of such data by Google, by downloading and installing the browser plugin available at:
https://chrome.google.com/webstore/detail/google-analytics-opt-out/fllaojicojecljbmefodhfapmkghcbnh
ADDITIVE has access to the data collected via Google Analytics. This data is used exclusively for analyzing website usage and evaluating our marketing and sales measures.
Our websites and landing pages also use functions provided by ADDITIVE to capture and evaluate cross-channel usage of our websites and marketing activities, such as landing pages, newsletters, and social media presences. Information about your visits and submitted forms is also transmitted to ADDITIVE in order to optimize our marketing and sales efforts.
Data processing is carried out on the basis of the legal provisions of Art. 6 para. 1 lit. f (legitimate interest) of the GDPR.
Our legitimate interest according to the GDPR is to improve our offerings and web presence through the analysis of website usage and marketing/sales activities.
Additionally, our website and landing pages use remarketing features provided by Google Inc. ("Google") and Meta Platforms Inc. ("Meta"). Meta and Google are notified that you visited our website. These features serve the purpose of displaying interest-based advertisements to visitors of the landing pages within the advertising networks of Google, Facebook, and Instagram.
Data processing related to these remarketing features is based on the legal provisions of Art. 6 para. 1 lit. a (consent) of the GDPR.
When visiting our landing pages, you will be informed via a banner about the use of cookies for these remarketing features. By continuing to use the page or by clicking the relevant button, you consent to this use. You may withdraw your consent at any time by visiting the cookie information page on the respective landing page and rejecting the use of cookies in the banner.

In some publicly accessible areas of the hotel, a video surveillance system is in operation. It is used exclusively for security purposes and to protect individuals and property.

Video recordings are stored locally within the premises and are not transmitted to third parties or stored on cloud servers.

The recorded data is automatically deleted after a maximum of 12 months, unless it is required for the establishment, exercise, or defense of legal claims. In such cases, the footage may be retained until the final conclusion of the relevant legal process.

The processing is based on the legitimate interest of the data controller in accordance with Article 6(1)(f) of Regulation (EU) 2016/679 (GDPR).

For more information, you may contact the data controller at: info@bergschloessl.com