1. general information on the processing of your data in our webshop
1.1 Unsere Kontaktdaten / Verantwortliches Unternehmen im Sinne der DSGVO:
Burg-Vital-Hotel GmbH & Co KG
Oberlech 568
6764 Lech am Arlberg
Österreich
Tel. +43 5583 3140
E-Mail: office@burgvitalresort.com
Thank you for visiting our Vitalshop and for your interest in our products. We take the protection of your personal data very seriously. We strictly adhere to the legal provisions of the EU General Data Protection Regulation as well as the Austrian Data Protection Act in its current version. In the following, we would like to inform you comprehensively and transparently about the processing of your personal data by us as the responsible company. These explanations refer to the respectively valid legal situation. We expressly reserve the right to make future changes or adjustments. Therefore, we recommend that you read this data protection policy regularly to stay informed about the processing of your personal data. If you have any questions or suggestions, please contact us at the above address.
1.2 Rights of data subjects / your rights to protect your personal data
You have a number of rights in relation to your, You have a number of rights in relation to the personal data we process. All these rights You can exercise them free of charge and informally (by e-mail, telephone or post), or, where appropriate, after providing proof of your identity, at the address below. address below. Your rights in detail:
- Right to information: You can request information about the data we process informally at any time. In this case, we will inform you in writing about the data we have stored about you, the purposes for which we use it, the categories of recipients to whom we pass it on and how long we intend to continue storing it. We will comply with your request for information without delay, but within one month at the latest.
- Right to deletion: You have the right to request the deletion of your data processed by us informally at any time. We will comply with this request if your data is no longer necessary for the purpose for which it was collected, if you revoke any existing consent, in the event of unlawful data processing or if deletion is necessary to fulfil a legal obligation.
- Right to rectification: If we process incorrect or incomplete data about you in error, we will of course rectify this. An informal request addressed to us is sufficient for this purpose.
- Right to restriction of processing: If deletion of your data is not possible or if you do not wish this, but you do not consent to use of the data beyond storage, we have the obligation to restrict further processing of your personal data at your request.
- Right to data portability: We will make the data we have stored about you, which we have received on the basis of a contract or your consent, available to you free of charge in a common file format upon your informal request. You may use this data for your own purposes and pass it on to future contractual partners. If you wish and if it is technically feasible, we will also transfer your data directly to an addressee named by you. In this case, we will inform you after the transfer has taken place. We will comply with your request without delay, but within one month at the latest.
- Right to object: In certain cases, you also have the right to object to the further processing of your data under the General Data Protection Regulation. Since we do not currently carry out any data processing in our company for which the right of objection applies, we refer you at this point to the right to erasure or to the right to restriction of processing (see above).
- Withdrawal
If we process data on the basis of your consent, you have the right to revoke your consent at any time. The revocation of consent does not mean that the data processing carried out on the basis of the consent up to the time of revocation becomes ineffective. - Right to
lodge a complaint The EU General Data Protection Regulation and the Austrian Data Protection Act guarantee you the above-mentioned rights in the area of data protection. If you believe that one of these rights has been violated by our company, you have the opportunity to complain to a data protection supervisory authority. In Austria, the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, is responsible for this. Claims against us to which you are entitled on the basis of other legal bases remain unaffected.
2. access our webshop
2.1 Provision of the website.
Each time our website is accessed, our web server automatically records data and information from the computer system of the accessing computer in so-called server log files. The following data is collected:
- Date and time of access
- The IP address of the user
- Information about the browser type and version used
We store this information for a maximum period of 30 days. The storage is done for data security reasons to ensure the stability and operational security of our system.
2.2 Cookies
We use cookies on our website to make our offer user-friendly. Cookies are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone, etc.) when you visit our site. The cookies remain stored until you delete them. This allows us to recognise your browser the next time you visit.
If you do not wish to do this, you can set up your browser so that it informs you about the setting of cookies and you allow them in individual cases. However, we would like to point out that deactivating cookies means that you will not be able to use all the functions of our website.
The legal basis for the data processed by cookies is Art. 6 para. 1 p. 1 lit. f DSGVO.
The cookies remain valid for an indefinite period and are then deleted by your browser.
In our Cookie Notice you will find all cookies listed, sorted by function and explained in detail. You can individualise your settings and allow or reject only the necessary or all cookies (incl. statistics, marketing, etc.) accordingly.
2.3 Web analytics
Our website uses „Google Analytics“, a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94.043 USA, to analyse website usage. Google Analytics uses cookies that are stored on your computer. The information contained therein about the website and internet usage of the visitor can be processed and evaluated by Google. The data collected by Google may be transmitted by Google to countries outside the EU and the EEA, in particular the USA.
We have activated the IP anonymisation function on this website so that your IP address is anonymised before being transmitted to Google.
You can also prevent the use of your data by Google Analytics with the browser add-on to deactivate Google Analytics.
You can also prevent the cookies from Google Analytics by selecting the „Only necessary cookies“ button in the „Cookie information“ pop-up that appears when you call up the website. The use of cookies from Google Analytics will then not be permitted.
The legal basis for the data processed by Google Analytics cookies is Art. 6 (1) p. 1 lit. a DSGVO („consent“).
3. establishment, performance and/or termination of a contract
3.1 Data processing by conluding a contract
When you register with our website and enter into a contract with us, we will process the data necessary for the the conclusion, performance or termination of a contract with you. with you. This includes:
- First name, last name
- Invoice and delivery address
- Payment information
- E-mail address
- Telephone number
The legal basis for this is Article 6 paragraph 1 b) DSGVO, i.e. you provide us with the data on the basis of the respective contractual relationship (e.g. management of your customer account, execution of a purchase contract) between you and us. For the processing of your e-mail address in the event of a purchase via our website, we are also required by the legal requirements in the General Civil Code (ABGB) to send an electronic order confirmation. to have to send an electronic order confirmation (Article 6 paragraph 1 c) DSGVO).
We store the data collected for data collected for contract processing until the expiry of the legal or possible possible contractual warranty and guarantee rights. After expiry of this period, we retain the information required by company and tax law on the information on the contractual relationship for the periods stipulated by law. periods. For this period, the data is processed again solely in the event of a review by the by the tax authorities.
3.2 Transfer of data to third parties
3.2.1 Online payment transactions
For the processing of online payment transactions, we only transfer the most necessary personal data to the payment service provider (Payrexx and PayPal): Name, purpose of order, amount. This data is encrypted and only used to process the payment.
Depending on the payment method you choose, our payment service provider will forward payment data either to Klarna Bank AB (Sofortüberweisung) or your credit card institution.
3.2.2 Logistics service providers/transport companies
For the purpose of delivering ordered goods, we work together with logistics service providers/transport companiesand/or shipping partners. The following data may be transmitted to them for the purpose of delivery of the ordered goods or for their announcement: First name, last name, postal address. The respective data is transmitted solely for the respective purposes and deleted again after delivery has taken place. The legal basis for the processing is Art. 6 (1) b) DSGVO.
4. customer account/user account
In order to provide you with the greatest possible we offer you the permanent storage of your personal data in a password-protected data in a password-protected customer account/user account.
The creation of the customer account is voluntary and takes place on the basis of your consent within the meaning of of Article 6 para. 1 lit. a) DSGVO. After setting up a customer account no new data entry is required. In addition, you can access your customer account you can view and change the data stored about you at any time.
In addition to the data requested when placing an order, you must enter a password of your you must enter a password of your choice. This password, together with your e-mail address to access your customer account. Please treat your personal access data confidentially please treat your personal access data confidentially and in particular do not make them unauthorised third party. Please note that even after you have left our website you will you will automatically remain logged in, unless you actively log out. You have the option to delete your customer account at any time. Please note Please note, however, that this does not mean that the data visible in your account once you have placed an order with us. The deletion data will be deleted automatically after the expiry of the commercial and tax retention and tax retention obligations applicable to us. The legal basis for this data processing is Art. 6 (1) c) DSGVO and Art. 6 (1) f) DSGVO.
You can also place orders without without a customer account – in this case, we will process your personal data only as far as necessary for the processing of the order. A further storage of the data does not take place. The legal basis for data processing in this case is (only) Art. 6 Para. 1 lit. b DSGVO.
5. Contact
Right to
lodge a complaint The EU General Data Protection Regulation and the Austrian Data Protection Act guarantee you the above-mentioned rights in the area of data protection. If you believe that one of these rights has been violated by our company, you have the opportunity to complain to a data protection supervisory authority. In Austria, the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, is responsible for this. Claims against us to which you are entitled on the basis of other legal bases remain unaffected.
6. Data security
We take all necessary and appropriate technical and organisational security measures in order to protect the data use of our website against loss and misuse. misuse. Your data will be stored in a secure, state of the art operating environment. Access to our website is also secured via HTTPS if your browser supports SSL. This means that communication between your end device and the servers is encrypted. takes place.
Our website is hosted by a specialised service provider. Since we also rent servers from this service provider, the service provider has the contractually limited possibility of accessing the aforementioned data to the technically necessary minimum.
The service provider has knowledge of the personal data collected to the extent mentioned above, but is not entitled to use the data for its own purposes or to pass it on to third parties.