Declarition of agreementagreement.pdf (31.7 KiB)
We appreciate your interest in our company. Data protection is a particularly high priority for the Parkhotel Graz.
The use of the web pages of Parkhotel Graz is in principle possible without providing personal information. Want to take unless an affected person special services of our company on our website to complete, but the processing of personal data could be needed. If the processing of personal data required, and there is for such processing is no legal basis, we get a general consent of the person concerned.
The processing of personal data, such as the name, address, e-mail address or phone number of a person concerned, shall always be in line with the Data Protection Regulation and in accordance with the rules of the Parkhotel Graz country-specific data protection regulations.
The Parkhotel Graz implemented as the person responsible for processing numerous technical and organizational measures to ensure the consistent maximum protection of processed via this website personal data. Nonetheless, Internet-based data transfers can basically have security holes, so that an absolute protection can not be guaranteed. For this reason, it is open to any person concerned to submit personally identifiable information on alternative routes, for example by phone, contact us.
a) personal data
Personal data is any information relating (to an identified or identifiable natural person refer to as the "data subject"). An individual is considered to be identified, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, to an online identifier or to one or more special features that reflect the physical, physiological, are genetic, mental, economic, cultural or social identity of that natural person can be identified.
b) affected person
exposed person is any identified or identifiable natural person whose personal data are processed by the data controller.
processing of each operation performed with or without the aid of automated processes or any such process number associated with personal data such as collection, the collection, the organization, arrangement, storage, adaptation or alteration, retrieval, queries, the use, disclosure by transmission, dissemination or otherwise making available, the balance or the shortcut that limitation, deletion or destruction.
d) restricting the processing
limitation of the processing is the marking of stored personal data with the aim of limiting their future processing.
profiling is any kind of automated processing of personal data is that this personal data may be used to evaluate certain personal aspects that relate to an individual, in particular to aspects relating to performance, economical position, to analyze health, personal preferences, interests, reliability, performance, location or relocation of this natural person or predict.
of pseudonyms is the processing of personal data in a manner in which the personal data can no longer be assigned to a specific subject without the assistance of additional information, provided this additional information be kept separately and technical and organizational measures are in place to ensure that the personal data will not be assigned to an identified or identifiable natural person.
g) Responsible or data controller
in charge or data controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Are the purposes and means of processing prescribed by European Union law or the law of the Member States, the person responsible or the specific criteria being appointed, in accordance with Union law or the law of the Member States can be provided can.
processors is a natural or legal person, public authority, agency, or other entity that processes personal data on behalf of the person responsible.
recipient is a natural or legal person, public authority, agency or any other body to whom data are disclosed, regardless of whether it is with her to a third party or not. Authorities that may receive personal data in the context of a particular inquiry shall in accordance with Union law or the law of the Member States, but not as receiver.
Third is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who are authorized under the direct authority of the controller or the processor to process the personal data.
Consent is any voluntary for the particular case and unequivocally delivered by the data subject informed manner expression of will in the form of a declaration or another recognizable affirmative act by which is meant the person that they agree to the processing of personal data concerning is.
2. Name & address of the data controller
Responsible in terms of the Data Protection Regulation, other force in the Member States of the European Union Data Protection Act and other regulations with data protection law nature is the:
Mag. Stephan Baumgartner
Tel .: 0043/316/363027
Web site: www.parkhotel-graz.at
3. Subscription to our newsletter
On the website of Parkhotel Graz will users be given the opportunity, the newsletter of our company to subscribe. What personal information when ordering the newsletter to be sent to the controller, resulting from the use this input mask.
The Parkhotel Graz informs its customers and business partners on a regular basis by way of a newsletter about the company's offerings. The newsletter of our company can basically only be received by the person concerned, if (1) the person has a valid e-mail address and (2) the person registered for sending out newsletters. To affected by a person for the first time sending out newsletters registered email address a confirmation email in the double opt-in procedure will be sent for legal reasons. This confirmation is used to check whether the holder of the e-mail address has a affected person authorized to receive the newsletter.
When registering for our newsletter, we also save from the Internet Service Provider (ISP) assigned IP address of the person concerned by the the time of registration computer system used and the date and time of the registration. The collection of this information is required to the (possible) misuse of the email address of a person concerned to be able to understand at a later date and therefore serves as a legal safeguard of the data controller.
The collected as part of a subscription to the newsletter personal data will only be used to send our newsletter. Moreover, subscribers of the newsletter by e-mail could be informed if this is necessary for the operation of the newsletter service or a related registration, as might be the case in the event of changes to the newsletter offer or in changing the technical conditions. There is no transfer of collected within the scope of the newsletter service personal data to third parties. The subscription of our newsletter can be canceled by the person at any time. The consent to the storage of personal data which the data subject has given us sending out newsletters, may at any time be revoked. For the purpose of the withdrawal of consent, a corresponding link found in every newsletter. It is also possible, at any time directly on the website of the log data controllers from newsletters or communicate this to the other way, the data controller.
4. contact possibilities via the website
The website contains the Parkhotel Graz under law disclosures that enable rapid electronic contact to our company as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If an affected person by e-mail or via a contact form contact with the receiving of the data controller, the personal information provided by the data subject are automatically saved. Such voluntarily from a data subject to the transmitted data controllers personal data are stored for the purpose of processing or contacting the affected person. There is no transfer of personal data to third parties.
5. Routine deletion and blocking of personal data
The processed data controller and stores personal data of the person concerned only for the period of time necessary to achieve the storage purpose or if allowed by the European directives and regulations donors or other lawmakers in laws or regulations to which the data controller subject was provided.
Eliminates the storage purpose or prescribed by the European directives and regulations donors or other responsible legislator storage period expires, the personal data are blocked or deleted routinely and as required by law.
6. Rights of the person concerned
a) Right to confirm
each person concerned is granted by the European directives and regulations donor right to obtain from the data controller confirmation as to whether they are processed personal data concerning. Wants to take a victim of this right of confirmation to complete, they can for this purpose at any time contact our data protection officer.
b) Right to information
Each of the processing of personal data subject shall have the right granted by the European directives and regulations donors to obtain at any time from the data controller free information about the stored personal personal data and a copy of that information. In addition, the European policy and legislature of the affected person information has granted the following information:
the categories of data that are processed
the recipients or categories of recipients to whom the personal data have been disclosed or not disclosed, particularly in recipients in third countries or international organizations
If possible, the planned duration for which the personal data are stored, or, if this is not possible, the criteria for determining such duration
the existence of a right to correct or delete personal data concerning him or restriction of processing by the controller or the right of appeal against this processing
the existence of a right of application with a regulatory body
if the personal data are not collected from the data subject: all available information on the origin of the data
the existence of an automated decision-making, including profiling in accordance with Article 22, paragraph 1 and 4 DS-GMO and - at least in these cases - meaningful information about the logic involved and the scope and the desired impact of such processing for the person concerned
Furthermore, the data subject shall have a right to obtain information on whether personal data have been transferred to a third country or to an international organization. If this is the case, the person concerned is, moreover, have the right to obtain information about the appropriate safeguards in connection with the submission. Wants to take a victim of this Right to complete, they can for this purpose at any time contact our data protection officer.
c) the right to correct
any of the processing of personal data subject shall have the right granted by the European directives and regulations donors, the immediate correction to demand of respective incorrect personal data. Furthermore, the data subject shall have the right, taking into account the purposes of the processing, the completion of incomplete personal data - to demand - also by means of a supplementary statement. Wants to take a victim of this right of rectification, they can for this purpose at any time contact our data protection officer.
d) right to delete (right to be forgotten are)
Each of the processing of personal data subject shall have the right granted by the European policy and legislature to require the person responsible that the personal data concerning them will be deleted immediately, unless one of the following true reasons and as far as the processing is not required:
The personal data was collected for such purposes or processed in some other way, for which they are no longer necessary.
The person concerned shall withdraw their consent to the processing according to Art. 6 para. 1 point a DS-GMO or Art. 9 par. 2 point a DS-GMO supported, and there is a lack of otherwise legal basis for the processing.
The person concerned shall in accordance with Art. 21 para. 1 DS-GMO object to the processing, and there are no overriding legitimate grounds for processing before, or the person acting in accordance with Art. 21 para. 2 DS-GMO opposition to the processing one.
The personal data has been unlawfully processed.
The deletion of personal data is necessary for compliance with a legal obligation under Union law or the law of the Member States, the subject of the charge.
The personal data 1 DS-GMO were offered in terms of information society services in accordance with Art. 8 para. Collected.
If any of the above reasons applies and an affected person wants the deletion of personal data stored in Parkhotel Graz cause, they can for this purpose at any time contact our data protection officer. The data protection supervisor of Parkhotel Graz or another employee will cause the delete request is fulfilled immediately.
The personal data was taken from the Parkhotel Graz public and our company as the person responsible in accordance with Art. 17 para. 1 DS-GMO obliged to deletion of personal data, the Parkhotel Graz meets taking into account the available technology and the cost of implementation appropriate measures, including technical to another for data controllers that process the published personal data about to be informed that the person concerned from these other has for the data controller requires the deletion of all links to these personal data or copies or replications of personal data insofar as such processing is not required. The data protection supervisor of Parkhotel Graz or another employee will do what is necessary in individual cases.
e) right to limitation of processing
Any person implicated in the processing of personal data has the right granted by the European directives and regulations donors to demand the limitation of processing by the person responsible if any of the following circumstances:
The accuracy of personal data is contested by the data subject, namely for a period which allows the controller to verify the accuracy of the personal data.
The processing is unlawful and the data subject rejects the deletion of personal data and calls instead for limiting the use of personal data.
The person in charge does not need the personal data for the purposes of processing longer, the person concerned, however, it needs to establishment, exercise or defense of legal claims.
The person concerned pursuant to object to processing. Art. 21 para. 1 DS-GMO inserted and it is not yet clear whether the legitimate reasons for the charge against those outweigh the individual concerned.
If one of the above conditions is given and a person concerned would the restriction of personal data stored in Parkhotel Graz require, they can for this purpose at any time contact our data protection officer. The data protection manager of the Parkhotel Graz or another employee will cause the limitation of the processing.
f) right to data portability
Any person implicated in the processing of personal data has the right granted by the European directives and regulations donors that they get personal data, which were provided by the person concerned a charge, in a structured, consistent and machine-readable format , It also has to submit these data to another charge without being hindered by those responsible, which the personal data have been provided the right, provided that the processing on the consent according to Art. 6 para. 1 point a DS-GMO or Art. 9 para . 2, point a DS-GMO or on a contract in accordance with Art. 6, para. 1, point b DS-GMO based and carried out the processing using automated procedures, provided that the processing is not required for the performance of a task which is in the public interest or , done in the exercise of official authority which has been transferred to the person responsible.
Furthermore, the data subject 1 DS-GMO has in exercising their right to data portability under Art. 20 para. To obtain that personal data are transferred directly from a charge to a different charge, if this is technically feasible and if the law, This does not, the rights and freedoms of others are affected.
To exercise the right to data portability, the affected person can always turn to the ordered by Parkhotel Graz data protection officer or other member.
g) right of appeal
Any person implicated in the processing of personal data has the right granted by the European directives and regulations donor, for reasons arising from their specific situation at any time to the processing concerning them of personal data on the basis of Art. 6 carried para. 1 letter e or f DS-GMO to appeal. This also applies to a system based on these provisions profiling.
The Parkhotel Graz not process the personal data in the event of contradiction, unless we can prove compelling legitimate grounds for processing, outweigh the interests, rights and freedoms of the data subject, or the processing is for the establishment, exercise or defense of legal claims.
The Parkhotel Graz processes personal information to operate direct mail, the person concerned has the right at any time to object to the processing of personal data for the purposes of such advertising. This also applies to the profiling, as far as it is in connection with such direct mail. Contradict the person against the Parkhotel Graz the processing for direct marketing purposes, the Parkhotel Graz will not process personal data for these purposes.
In addition, the person concerned has the right for reasons arising from their specific situation, against which they carried out processing of personal data for scientific when Parkhotel Graz or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 DS-GMO concerned to appeal, unless such processing is necessary for the performance of a public interest task.
To exercise the right to object to the data subject can directly contact the Data Security Officer of Parkhotel Graz or another employee. The person concerned are also free, in connection with the use of information society services, regardless of Directive 2002/58 / EC to exercise their right by means of automated processes in which technical specifications defined.
h) Automated decisions in individual cases, including profiling
Any person implicated in the processing of personal data has the right granted by the European directives and regulations donors, not one solely on automated processing - to be subject-based decision, which unfolds over legal effect - including profiling or significantly affects him in a similar way, if the decision (1) is not for the conclusion or performance of a contract between the data subject and the person responsible is required, or (2) due to the laws of the Union or the Member States, which is subject to charge is admissible and this legislation contains adequate measures to safeguard the rights and freedoms and the legitimate interests of the data subject or (3) with the express consent of the data subject.
If the decision (1) for the conclusion or performance of a contract between the data subject and the person responsible is required or (2) it is done with the express consent of the individual, the Parkhotel Graz take appropriate measures to ensure the rights and freedoms and the legitimate interests to safeguard the data subject, including at least the right to obtaining of a person's intervention on the part of those responsible, to a statement of his own position and to challenge the decision belongs.
The person wants to have rights in relation to automated decisions they can for this purpose at any time contact our data protection officer.
i) the right to revoke a data protection consent
Any person implicated in the processing of personal data has the right granted by the European policy and legislature to revoke a consent to the processing of personal data at any time.
Want the person their right to withdraw a consent claim that they can for this purpose at any time contact our data protection officer.
7. Legal basis for the processing
Art. 6 I lit. a DS-GMO serves our company as a legal basis for processing operations in which we seek consent for a particular purpose processing. If the processing of personal data to fulfill a contract, the contracting party is the person required, as is the case with processing operations that are necessary for a supply of goods or the provision of any other service or consideration, the processing is based on Art. 6 I lit. b DS GMOs. The same applies to such processing operations, the pre-contractual to carry out measures are required, such as in cases of requests for our products or services. Our company is subject to a legal obligation by which a processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c DS GMOs. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another individual. This would be the case if a visitor would be hurt in our company and then his name, his age, his health insurance data or other vital information to a doctor, hospital or other third parties would have to be passed. Then, the processing on Article would. 6 I lit. d DS GMOs rest. Ultimately could processing operations on Art. 6 I lit. f DS GMOs rest. On this legal basis based processing operations which are not covered by any of the above legal bases when the processing to protect a legitimate interest of our company or a third party is required unless outweigh the interests for fundamental rights and freedoms of the data subject. Such processing operations are particularly us therefore permitted because they were specifically mentioned by the European legislator. He extent considered that a legitimate interest could be deemed to exist if the person concerned is a client of the charge (Recital 47 sentence 2 DS-GMO).
8. Legitimate interests of the processing that are pursued by the controller or a third party
Based processing of personal data Article 6 I lit. f DS-GMO is our legitimate interest to carry out our activities towards the welfare of all our employees and our shareholders.
13. period for which the personal data are stored
The criterion for the duration of the storage of personal data is relevant and statutory retention period. After the deadline, the relevant data is routinely deleted if they are no longer required to fulfill the contract or contract negotiations.
9. Statutory or contractual provisions to provide the personal data; Necessity for the conclusion of the contract; Obligation of the person concerned to provide the personal data; possible consequences of failure to provide
We will clarify the fact that the provision of personal data is required by law in some cases (eg tax laws) or also from contractual arrangements (eg information on the contractor) may result. Sometimes it may be necessary to conclude a contract that any interested person presents us with personal data that must be processed in the order by us. The person concerned, for example, committed to provide personal information when our company enters into a contract with her. A failure to provide personal data would mean that the contract with the person concerned could not be closed. Before a deployment of personal data by the person concerned, the person must contact our data protection officer. Our data protection supervisor clears the affected individual cases also on whether the provision of personal data required by law or contract or is required for the contract if there is an obligation to provide the personal data, and what consequences would the failure to provide personal information.
10. existence of an automated decision-making
As a responsible company we do without an automatic decision or a profiling.
11. Competent authority
Austrian Data Protection Authority