Privacy Policy Arndt’s Boathouse

Privacy policy

Last modified: June 2018

The operators of these pages (hereinafter only “responsible persons” or “operators”) take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

The use of our website is usually possible without providing personal data. Insofar as personal data (e.g. name, address or e-mail addresses) is collected on our website, this is always done on a voluntary basis as far as possible. This data will not be passed on to third parties without your express consent.

The processing of your personal data, such as the name, address, e-mail address or telephone number, is always in accordance with the national and European law provisions, in particular the General Data Protection Regulation (hereinafter referred to as the “GDPR”). By means of this data protection declaration, our company would like to inform you about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, you will be informed about your rights by means of this data protection declaration.

We would like to point out that data transmission over the Internet (e.g. when communicating via e-mail) may have security gaps. Complete protection of data against access by third parties is not possible.

1. Definitions

The data protection declaration of these pages is based on the terms of Article 4 of the GDPR, which were defined by the European Union when the General Data Protection Regulation (GDPR) was adopted. Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. In order to ensure this, we would like to explain the terms used in advance.

In this Privacy Policy, we use the following terms, among others:

• a) Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject” or “user”). Identifiable is a natural person who can be identified directly or indirectly, in particular by association with an identifier such as a name, identification number, location data, online identifier or one or more specific characteristics that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

• (b) Data subject

The data subject is any identified or identifiable natural person whose personal data is processed by the controller.

• c) Processing

Processing is any operation or series of operations carried out with or without the help of automated procedures in connection with personal data such as the collection, collection, organisation, ordering, storage, adaptation or modification, reading, querying, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.

• d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

• e) Profiling

Profiling is any form of automated processing of personal data that consists in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or relocation of that natural person.

• f) Pseudonymization

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not assigned to an identified or identifiable natural person.

• g) Controller or controller

The person responsible for processing or the controller is the natural or legal person, authority, body or other body which decides, alone or jointly with others, on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller may or may provide for the specific criteria for his designation in accordance with Union law or the law of the Member States.

• (h) Processors

Processor is a natural or legal person, authority, body or other body that processes personal data on behalf of the controller.

• (i) Recipients

Recipient is a natural or legal person, authority, body or other body to which personal data are disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union or Member State law under a particular investigative mission shall not be deemed to be recipients.

• j) Third parties

A third party is a natural or legal person, authority, body or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or processor.

• k) Consent

Consent is any statement of intent voluntarily made by the data subject in an informed and unequivocal manner in the form of a declaration or other unambiguous affirmative act in which the data subject indicates that he or she agrees to the processing of the personal data concerning him or her.

2. User’s rights

It is also important to us to draw your attention to the rights to which you are entitled under the GDPR with regard to the processing of your data:

• a) Right to confirmation (Art. 15 sec. 1 GDPR)

Each data subject has the right to request confirmation from the controller as to whether personal data concerning him/her will be processed. If a data subject wishes to avare this right of confirmation, he or she may at any time contact the address indicated in the imprint or this data protection declaration, or contact another employee of the controller.

• b) Right of access (Art. 15 sec. 1 and 3 GDPR)

Every person (user) affected by the processing of personal data has the right to receive free information from the controller at any time about the personal data stored about him and a copy of this information. In addition, the person responsible must provide information on the following information:

• • the processing purposes
  • the categories of personal data that are processed
  • the recipients or categories of recipients to whom the personal data have been or is still being disclosed, in particular for recipients in third countries or international organisations
  • where possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining that duration
  • the existence of a right to rectification or erasure of personal data concerning them or to restrict the processing by the controller or a right to object to such processing
  • the existence of a right of appeal to a supervisory authority
  • if the personal data are not collected from the data subject: all available information on the origin of the data
  • the existence of automated decision-making, including profiling in accordance with Article 22(1) and 4 GDPR and, at least in such cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject

In addition, the data subject has a right of access to whether personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject shall also have the right to obtain information on the appropriate guarantees in connection with the transfer.

• c) Right to correction (Art 16 GDPR)

Any person concerned by the processing of personal data has the right to request the immediate rectification of inaccurate personal data concerning him/her. In addition, the data subject has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration.

• d) Right to erasure (right to be forgotten) (Art 17 GDPR)

Any person affected by the processing of personal data has the right to require the controller to delete the personal data concerning him or her without delay, provided that one of the following reasons applies and that the processing is not necessary:

• • The personal data have been collected or processed in any other way for which they are no longer necessary.
  • The data subject revokes his consent, to which the processing in accordance with Article 6(6) 1 Letter a GDPR or Article 9(1) 2 point a GDPR and there is no other legal basis for processing.
  • In accordance with Article 21(21) 1 GDPR object to the processing and there are no legitimate priority reasons for processing, or the data subject submits in accordance with Article 21(4) of the data. 2 GDPR objection to processing.
  • The personal data were processed unlawfully.
  • The erasure of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
  • The personal data have been collected in relation to information society services offered in accordance with Article 8(4) of the European Data Protection Agency. 1 GDPR.

If the personal data has been made public by the controller and our company is responsible in accordance with Art. 17 sec. 1 GDPR obliges the deletion of personal data, the controller shall take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform other data controllers who process the published personal data that the data subject has requested that the data subject request that the data subject delete all links to such personal data or copies or replicas of that personal data from those other data controllers. , unless the processing is required.

1. e) Right to restrict processing (Art 18 GDPR)

Any person affected by the processing of personal data has the right to require the controller to restrict the processing if one of the following conditions is met:

• • The accuracy of the personal data is disputed by the data subject for a period of time that allows the controller to verify the accuracy of the personal data.
  • The processing is unlawful, the data subject refuses to delete the personal data and instead demands the restriction of the use of the personal data.
  • The controller no longer needs the personal data for the purposes of the processing, but the data subject needs it to assert, exercise or defend legal claims.
  • The data subject has objected to the processing in accordance with the Art. 21 Abs. 1 GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject.
• f) Right to data portability (Art 20 GDPR)

Any person concerned by the processing of personal data has the right to receive the personal data concerning him or her, which have been provided by the data subject to a controller, in a structured, common and machine-readable format. It also has the right to transfer this data to another controller without hindrance by the controller to whom the personal data was provided, provided that the processing is based on the consent in accordance with Article 6(4) of the European Data Protection Centre. 1 Letter a GDPR or Article 9(1) 2 Letter a GDPR or on a contract pursuant to Article 6(0). 1 point (b) and the processing is carried out using automated procedures, provided that the processing is not necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.

Furthermore, in exercising his right to data portability in accordance with Article 20(20), the data subject shall have the right to transfer data. 1 GDPR has the right to obtain that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible and provided that this does not affect the rights and freedoms of other persons.

• (g) Right to object (Art 21 GDPR)

Any person concerned by the processing of personal data has the right, for reasons arising from his or her particular situation, to object at any time to the processing of personal data concerning him or her, which is subject to Article 6(4) of the European Union. 1 letter e or f GDPR is to be objected to. This also applies to profiling based on these provisions.

The controller will no longer process the personal data in the event of an objection, unless we can prove compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

If the controller processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling in so far as it is related to such direct marketing. If the data subject objects to the controller of the processing for direct marketing purposes, the controller will no longer process the personal data for these purposes.

In addition, the data subject has the right, for reasons arising from his or her particular situation, to prevent the processing of personal data concerning him or her, the processing of personal data which is brought before the controller for scientific or historical research purposes or for statistical purposes in accordance with Article 89(3) of the European Data Protection Centre. 1 GDPR shall be made to object, unless such processing is necessary for the performance of a task in the public interest.

The user is also free to exercise his right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

• h) Automated decisions on a case-by-case basis, including profiling (Art 22 GDPR)

Any person concerned by the processing of personal data shall have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effect on him or otherwise significantly affects it, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) on the basis of Union or Member State legislation, , to which the controller is subject, is permissible and that legislation contains appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject or (3) takes place with the express consent of the data subject.

If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) it is made with the express consent of the data subject, the controller shall take appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of a person from the controller. , on presentation of one’s own point of view and on the challenge of the decision.

• i) Right to withdraw from data protection consent

Any person affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time.

3. Cookies

The websites sometimes use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and stored by your browser.

Most of the cookies we use are so-called “session cookies”. They will be deleted automatically after the end of your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser the next time you visit.

You can set your browser so that you are informed about the setting of cookies and allow cookies only on a case-by-case basis, exclude the acceptance of cookies for certain cases or in general, and enable the automatic deletion of cookies when the browser is closed. When disabling cookies, the functionality of this website may be limited.

4. Data processing when using PMS systems (widgets)

On these pages, widgets of the company zadego GmbH (easybooking) may be implemented.

zadego GmbH
Tschamlerstraße 4
6020 Innsbruck
Austria

The provider is a PMS system, which represents the provider of the hotel software of the responsible person. Depending on the tourism business, the widgets may be:

• Request
• Booking mask
• Small Search (request, booking)
• Category View
• Room view
• Flat-rate widget
• Prices
• Price comparison
• Availability calendar
• Online Check-In
  1. General

In order to process your request or booking, it is necessary that the data you provide to the controller be processed.

The above-mentioned controller and zadego GmbH ( both collectively called “provider“) are in a contractually regulated business relationship. The responsible person obtains his hotel management and/or booking software from zadego GmbH.

The personal data you provide will be transferred to the management system and to companies in business relations with the management system. This transfer takes place in particular to the above-g. landlord, if necessary. also to tourism associations, reporting providers, payment providers and other companies that are linked to the administrative system and/or landlords and which must be used to fulfil post-contractual obligations.

The use of personal data by the providers is governed by the applicable legal provisions and the consent given by you to the use of your data.

1. Collection of data

As part of an enquiry or booking with the tourism company, you will provide the same relevant data for the purpose of carrying out the same data. These are usually the following:

• First and last name
• E-mail address
• Address
• Phone
• Payment details (bank details, credit card details)
• Dates of birth (to identify children)

This data will only be collected to the extent permitted by law and only with your consent and through your active participation. Insofar as the consent is declared electronically within the scope of the services, the statutory notification requirements are taken into account and this consent is recorded by appropriate technical systems.

1. Purpose of this data processing

In this context, the controller will process your personal data for the following purposes:

• Offer submission
• Online Check-In
• Fulfillment of reporting obligations
• Payment
• Accounting

If personal data (contact details, e-mail, data of the desired stay in our company) is entered in one of these widgets, this is always done on a voluntary basis and only for the purpose of being able to make a corresponding offer to your wish to stay.

If no contractual relationship is established between the parties (i.e. there is no stay in the operation of the controller), the data of the data subject will be automatically deleted from the systems immediately. In individual cases, legal retention and erasure periods must be observed.

5. Reporting obligation

According to the applicable reporting law, the controller is obliged to register all guests resident with the data specified in the Reporting Act. This includes the following data:

• Name
• Name of the passengers
• Date of birth
• Sex
• Nationality
• Country
• Address
• Travel document (type, number, date of issue, issuing authority, state)
• Date of travel period

1. Guest directory

According to a legal obligation, the controller must keep all guest data transmitted to him to a booking in a so-called guest directory. This guest directory is subject to the automatic deletion and anonymization periods stored in the system. Providers provide appropriate technical and organisational measures to keep personal data in the system in accordance with the law. In individual cases, statutory storage and storage periods must be observed and observed. The set storage periods shall apply if the data concerned is not processed for a longer period for other purposes specified in this Privacy Policy.

The guest directory is kept electronically by the controller, whereby the data is forwarded to zadego GmbH. In this case, zadego GmbH acts as a processor, as it stores the data on your servers. A transfer to a third country does not take place without prior information to the persons concerned.

6. SSL encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as a site operator. You can recognize an encrypted connection by changing the address line of the browser from “http://” to “https://” and by the lock icon in your browser line.

If SSL encryption is enabled, the data you submit to us cannot be read by third parties.

7. Privacy Policy Google Maps

This website uses the product Google Maps from Google Inc. By using this website, you agree to the collection, processing and use of the automatically collected data by Google Inc., its representatives and third parties.

The Google Maps Terms of Use can be found under “Google Maps Terms of Use“.

8. Privacy Policy on the Use and Use of Google Analytics (with Anonymization)

The responsible person has integrated the component Google Analytics (with anonymization function) on this website. Google Analytics is a web analytics service. Web analysis is the collection, collection and evaluation of data on the behaviour of visitors to websites. A web analysis service collects, among other things, data about which website a data subject came to a website from (so-called referrers), which subpages of the website were accessed or how often and for what length of stay a subpage was viewed.

The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The person responsible uses the words “_gat._anonymizeIp” for web analysis via Google Analytics. By means of this addition, the IP address of the data subject’s Internet connection is truncated by Google and anonymized when access to our websites is made from a Member State of the European Union or from another contracting state of the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us that show the activities on our websites, and to provide other services related to the use of our website.

Google Analytics sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, Google is able to analyze the use of our website. Every time one of the individual pages of this website is accessed, which is operated by the controller and on which a Google Analytics component has been integrated, the internet browser on the information technology system of the data subject is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical procedure, Google becomes aware of personal data, such as the IP address of the data subject, which, among other things, serve Google to track the origin of visitors and clicks and subsequently enable commission statements.

The cookie is used to store personal information, such as access time, the location from which access was made and the frequency of visits to our website by the data subject. Every time you visit our website, this personal data, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected through the technical procedure to third parties.

The data subject can prevent the setting of cookies by our website, as already shown above, at any time by means of a corresponding setting of the internet browser used and thus permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Google from placing a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.

Furthermore, the data subject has the possibility to object to the collection of data generated by Google Analytics, related to the use of this website, as well as the processing of this data by Google and to prevent such data. To do this, the data subject must download and install a browser add-on under the https://tools.google.com/dlpage/gaoptout link. This browser add-on informs Google Analytics via JavaScript that no data and information about the visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as a contradiction. If the data subject’s information technology system is later deleted, formatted or reinstalled, the data subject must reinstall the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person who is imputable to his or her power, it is possible to reinstall or reactivate the browser add-on.

9. Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and browser version
• operating system used
• Referrer URL
• Host name of the accessing machine
• Time of server request

This data cannot be allocated to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of concrete indications of illegal use.

10. Non-existence of automated decision-making

As a responsible company, we do not use automatic decision-making or profiling.

11. Note on Online Dispute Resolution

Online dispute resolution in accordance with Art. 1 ODR-VO: The European Commission provides an online dispute resolution (ODR) platform, which can be found at http://ec.europa.eu/consumers/odr/.

12. Opposition advertising emails

The use of contact data published within the scope of the imprint obligation for sending unsolicited advertising and information materials is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, e.g. by spam e-mails.

13. Changes to this Privacy Policy

We may update our Privacy Policy from time to time. Therefore, it is recommended that you check this page regularly for changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes will take effect immediately after publication on this page.

14. How to contact us

If you have any questions, suggestions or concerns about this policy or the use of your data, please contact us at the address provided in the imprint or this privacy policy.