Privacy Policy

Privacy Policy

Information on data processing

We are pleased that you are visiting our homepage and thank you for your interest in our hotels and restaurants. Handling the data of our guests, customers and interested parties as well as applicants is a matter of trust for us. We attach great importance to the trust you place in us and are therefore committed to handling your data with care and protecting it from misuse and unauthorised use.

ARCOTEL Hotels & Resorts specifically follow the EU General Data Protection Regulation (GDPR) as well as the current national data protection laws. When using the Internet, we follow the Telecommunications Act (TKG) of the Republic of Austria to protect your personal data. In the following, we explain what information we collect during your visit to our websites and how it is used.

 

Name and address of the person responsible

The responsible person within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:

ARCOTEL Hotels & Resorts GmbH
Konstantingasse 6-8, A-1160 Vienna, Austria

Tel: +43 1 485 5000
Fax: +43 1 485 5000-12
Mail: office@arcotel.com


Name and address of the data protection officer

Mr Andreas Thurmann

DataSolution LUD GmbH
Isarstr. 13, D-14974 Ludwigsfelde, Germany

Tel.: +49 (0) 3378 202513
Mail: mail@hoteldatenschutz.de


General information on data processing

Scope of the processing of personal data
As a matter of principle, we collect and use personal data of our users only insofar as this is necessary for the provision of a functional website as well as our contents and services. The collection and use of our users' personal data regularly only takes place with the user's consent. An exception applies in cases where it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by legal regulations.

Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a; 7 GDPR serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. If processing of personal data is necessary for compliance with legal obligations to which our hotels are subject (e.g. national registration laws), Art. 6 (1) lit. c GDPR serves as the legal basis. If processing is necessary to protect a legitimate interest of our hotel group or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1) f GDPR serves as the legal basis for the processing.

Data deletion and storage period
The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.


E-mail contact

Description and scope of data processing
A contact option is available on our website, which can be used for electronic contact. If you make use of this option, you can contact the respective contact person via the e-mail addresses provided. In this case, the user's personal data transmitted with the e-mail will be stored in the e-mail system.

Legal basis for data processing
The legal basis for the processing of the data is firstly our legitimate interest in the processing of data in the context of contacting the enquirer.

Purpose of the data processing
The processing of personal data from the input mask or from an e-mail serves us solely to process the contact.

Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively clarified.

Possibility of objection
You have the option to object to the processing of your data at any time. We have set up the e-mail address datenschutz@arcotel.com for this purpose. We would like to point out that in the event of an objection, the conversation cannot be continued or we cannot create any offers etc.


Advice and support for company contacts

Description and scope of data processing
For the consultation and support of corporate customers, we collect and use the contact person, telephone number, e-mail address and postal address in addition to the business partner or also potential business partner. We obtain the information from various sources, either through an enquiry (e-mail or telephone), but also via events, trade fairs, business cards that our sales staff receive, etc.

In this context, the data will not be passed on to third parties.

Legal basis for data processing
The legal basis for processing the data is our legitimate interest in data processing. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is the pre-contractual relationship or the conclusion of the contract.

To increase our services, we manage all data received in the CRM module of our central hotel software within ARCOTEL Hotels & Resorts. The responsible entity is the hotel with which a business contact exists. Central services such as sales, banqueting, reservations and marketing access this data. The legal basis for processing the data is our legitimate interest in data processing within the framework of central administration and use of the data of our customers and business partners within the hotel group.

Purpose of the data processing
We use this contact data exclusively for our own purposes and for the needs-based design of our own sales activities.

Duration of storage
In principle, no deletion period is foreseen. However, if our sales department has not had any contact with the company contact within 3 years, the sales department will decide whether the contact person of the company contact will be deleted.

If the contact is a pre-contractual relationship (offer or reservation request), the transmitted data will also be stored in our hotel software and used to execute the contract. If there is no contractual relationship, we delete the data after one year at the end of the year.

Possibility of objection
As a company contact, you have the option to object to the processing of your data at any time. We have set up the e-mail address datenschutz@arcotel.com for this purpose. All personal data relating to the contact person that has been stored for the business partner will be deleted in this case.


Newsletter service

Description and scope of data processing
On our website, you have the option of registering for our newsletter service in various ways. If you take advantage of this option, the data entered in the input mask will be transmitted to us and stored. These data are: E-mail address and voluntary information such as title, first name, surname, language, desired destination or topics.

If you register for a newsletter from our website, the data will be stored in our newsletter tool of Revinate Inc, 1 Letterman Drive Building C, Suite CM 100, San Francisco, California 94129, USA. Revinate has committed itself to handling your transmitted data in accordance with data protection regulations. It takes all organisational and technical measures to protect your data. For further information on data protection, please refer to the website.

Should we otherwise receive an email address where the recipient clearly informs us that he/she would like to receive our newsletter, we will record his/her data via the input mask on our website or also transfer it to the Revinate platform (see also "Sending emails before arrival).

Legal basis for data processing
The legal basis for the processing of the data is the existence of the recipient's consent. This is ensured by a double-opt-in procedure.

Purpose of the data processing
The processing of personal data is solely for the purpose of sending individual newsletters.

Duration of storage
The data will be deleted or, if necessary, blocked as soon as the newsletter service is cancelled.

Possibility of objection
As a newsletter recipient, you have the option to object to the processing of your data at any time. With each newsletter, you can unsubscribe from the newsletter service at any time via a link. In addition, we have set up the e-mail address datenschutz@arcotel.com. Please let us know the e-mail address here.


Online application to a job advertisement

Description and scope of data processing
If you provide us with personal data as part of the application process, this data is divided into the following data types and data categories for collection, processing and / or use:

• Personal data (first and last name, date of birth, address, school-leaving qualification)
• Communication data (telephone no., mobile no., e-mail address)
• Data on assessment and evaluation in the application procedure
• Data on education (school, vocational training, civilian/ military service, studies, doctorate)
• Data on your professional career to date, training and work references
• Information on other qualifications (e.g. language skills, PC skills, voluntary activities)
• Application photo
• Application history

If you submit an online application from our websites, this is done through the online application system of d.vinci HR-Systems GmbH, Nagelsweg 37-39, D- 20097 Hamburg, Germany. All application data entered by you will be transmitted in encrypted form. d.vinci has undertaken to handle your transmitted data in accordance with data protection regulations. It takes all organisational and technical measures to protect your data.

We use the personal data you provide exclusively for processing your application for the advertised position. Your personal data will only be disclosed to persons involved in the application process. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. We do not pass on your personal data to third parties unless you have consented to the passing on of data or we are obliged to pass on data due to legal provisions and/or official or court orders.

If your application fits the profile of another job advertisement published by a company affiliated with us, we will be happy to forward the application documents. We will obtain your consent before doing so. Otherwise, the data will be used exclusively for processing the application by the specialist department and for communication.

Legal basis for data processing
The legal basis for processing the data is the pre-contractual relationship or the conclusion of a contract with the applicant. For the forwarding of the application documents to an affiliated company, we will obtain consent beforehand.

Purpose of the data processing
The processing of the personal data from the input mask and the submitted documents is solely for the purpose of processing the application.

Duration of storage
Your data will be automatically deleted within six months after completion of the specific application procedure. This does not apply insofar as legal provisions oppose deletion, which require further storage for the purpose of evidence or you have expressly consented to longer storage. There will be no notification of the deletion of the data.

Possibility of objection
You have the option to object to the processing of your data at any time. We have set up the e-mail address datenschutz@arcotel.com for this purpose. Please note that in the event of an objection, the application cannot be completed or the conversation cannot be continued.


Provision of the website and creation of log files

Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

• Information about the browser type and version used
• The operating system of the user
• The IP address of the user
• Date and time of access
• Website from which the user's system accesses our website
• Website accessed by the user's system via our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. Personal user profiles cannot be formed. The stored data is only evaluated for statistical purposes.

Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is our legitimate interest in data processing for the stated purpose.

Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible if we are required to do so by law. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.

Possibility of objection and removal
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.


Use of cookies and scripts

Description and scope of data processing
Cookies are small files that enable us to store specific information related to you, the user, on your PC while you are visiting one of our websites. Cookies help us to determine the frequency of use and the number of users of our website, as well as to make our offers as convenient as possible for you.

We use cookies on our website that enable an analysis of the user's surfing behaviour. The following data can be transmitted in this way: Search terms entered, frequency of page views, use of website functions. The user data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the user. When accessing our website, the user is informed about the use of cookies for analysis purposes and his or her consent to the processing of personal data used in this context is obtained. In this context, a reference to this data protection declaration is also made.

Legal basis for data processing
The legal basis for the use of technically necessary cookies is our legitimate interest in the proper operation of our website.

The legal basis for the processing of personal data using cookies for analysis purposes is the existence of a relevant consent of the user.

Purpose of the data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change. The user data collected through technically necessary cookies are not used to create user profiles.

Analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimise our offer.

Duration of storage, possibility of objection and elimination
Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.


Use of Google services

Google Analytics
Our website uses Google Analytics, a web analysis service provided by Google Inc ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookies about the use of this website by the users is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, however, Google will truncate the user's IP address beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymisation is active on this website.

On behalf of the operator of this website, Google will use this information for the purpose of evaluating the use of the website by users, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Users may refuse the use of cookies by selecting the appropriate settings on their browser, however please note that if you do this you may not be able to use the full functionality of this website. Users may also prevent the collection of data generated by the cookie and relating to their use of the website (including their IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. As an alternative to the browser add-on or within browsers on mobile devices, please click this link to prevent the collection of data by Google Analytics within this website in the future. This will place an opt-out cookie on your device. If you delete your cookies, you must click this link again.

Deactivation of Google advertising
(https://www.google.com/privacy_ads.html) or on the deactivation page of the Network Advertising Initiative (https://www.networkadvertising.org/managing/opt_out.asp).

Google Tag Manager
We use Google Tag Manager provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags through one interface and allows us to control the exact integration of services on our website

This allows us to flexibly integrate additional services to evaluate user access to our website.

The use of Google Tag Manager is based on our legitimate interests, i.e. interest in optimising our services.

The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google.

Google DoubleClick
We have integrated components of DoubleClick by Google on our website. DoubleClick is a brand of Google, under which mainly special online marketing solutions are marketed to advertising agencies and publishers. DoubleClick by Google transfers data to the DoubleClick server with each impression as well as with clicks or other activities.

Each of these data transfers triggers a cookie request to the browser of the data subject. If the browser accepts this request, DoubleClick sets a cookie in your browser.

DoubleClick uses a cookie ID, which is required to process the technical procedure. The cookie ID is required, for example, to display an advertisement in a browser. DoubleClick can also use the cookie ID to record which advertisements have already been displayed in a browser in order to avoid duplicate placements. Furthermore, the cookie ID enables DoubleClick to record conversions. Conversions are recorded, for example, if a DoubleClick advertisement has previously been displayed to a user and the user subsequently makes a purchase on the advertiser's website using the same internet browser.

A DoubleClick cookie does not contain any personal data, but may contain additional campaign identifiers. A campaign identifier serves to identify the campaigns with which you have already been in contact on other websites. As part of this service, Google obtains knowledge of data that Google also uses to generate commission statements. Among other things, Google can track that you have clicked on certain links on our website. In this case, your data will be passed on to the operator of DoubleClick, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information and the applicable data protection provisions of DoubleClick by Google can be found at https://policies.google.com/privacy.

We process your data with the help of the Double-Click cookie for the purpose of optimising and displaying advertising based on your consent. You give your consent by setting the use of cookies (cookie banner / Consent Manager), with which you can also declare your revocation at any time with effect for the future in accordance with Art. 7 (3) GDPR. The cookie is used, among other things, to place and display user-relevant advertising and to create reports on advertising campaigns or to improve them. Furthermore, the cookie is used to avoid multiple displays of the same advertisement. Each time you call up one of the individual pages of our website on which a DoubleClick component has been integrated, your browser is automatically prompted by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and the settlement of commissions. There is no legal or contractual obligation to provide your data. If you do not give us your consent, it will be possible to visit our website without restriction, but not all functions may be fully available.

The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google.

Google CDN
We use Google CDN to properly deliver the content of our website. Google CDN is a service of Google Ireland Limited, which acts as a content delivery network (CDN) on our website.

A CDN helps to provide content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google CDN.

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision and optimisation of our online offer.

The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google.

Google Fonts
We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering. To obtain these fonts, you connect to servers of Google Ireland Limited, whereby your IP address is transmitted.

The use of Google Fonts is based on our legitimate interests, i.e. interest in a uniform provision as well as the optimization of our online offer.

The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google.


Use of social media plugins

The use of social media plugins is in the interest of an appealing presentation and expansion of our online offers. This represents a legitimate interest.

Use of Facebook
Plugins of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated on our pages. You can recognise the plugins by the logo on our page. You can find an overview of the plugins here.

We have no influence on the data collection and further processing by Facebook. Furthermore, it is not apparent to us to what extent, where and for how long the data is stored, to what extent Facebook complies with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on. If you would like to avoid Facebook processing personal data that you have transmitted to us, please contact us by other means.

You can find more information on this in Facebook's privacy policy. If you do not want Facebook to be able to assign your visit to our pages to your user account, please log out of your respective user account!

Facebook fan page
On our Facebook fan page at: https://www.facebook.com/ARCOTELHotels we use plugins from the provider Facebook.com, which are provided by the company Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304 in the USA.

By using the fan page, data is forwarded to the Facebook servers, which contain information about your visits to our fan page. For logged-in users, this results in the usage data being assigned to their personal Facebook account. As soon as you actively use the Facebook plugin as a logged-in Facebook user, e.g. by clicking on the "Facebook" logo or using the comment function, this data is transferred to your Facebook account and published. You can only avoid this by logging out of your Facebook account first.

We do not know exactly what data Facebook stores and uses. As a user of the fan page, you must therefore expect that Facebook also stores your actions on the fan page without gaps.

In all other respects, the General Terms of Use of Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland apply.

The legal basis for this data processing is Art. 6 para. 1 lit. a, f) GDPR.

Every person depicted as well as other third parties have the possibility to object to the publication of their personal data (photos) at any time. We have set up the e-mail address datenschutz@arcotel.com for this purpose. The right to object applies in particular to the publication of pictures for the future.

It can always happen that we accidentally publish pictures of people where no consent has been given. If publication is not desired, we will immediately do everything possible to comply with your right. In the case of group pictures, we reserve the right to distort faces.

Use of YouTube
Our website uses social plugins ("plugins") from the YouTube site operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

The plugin is marked with a YouTube logo and can be activated directly by you. When you activate it, a connection to the YouTube servers is established and the page: https://www.youtube.com/arcotel is called up. This tells the YouTube server which of our pages you have visited.

Furthermore, YouTube may store various cookies on your terminal device. These cookies allow YouTube to obtain information about visitors to our website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts. The cookies remain on your terminal device until you delete them.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

No data is transferred from our website to Google when you visit our website. You can find more information on the handling of user data in Google's privacy policy.

Use of Instagram
The "Instagram button" is used on this website. When you access our website: https://www.instagram.com/arcotelhotels/, your browser establishes a connection to servers of the social network Instagram, offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA.

When you visit our pages, a direct connection is established between your browser and the Instagram server via the plugin. Instagram thereby receives the information that you have visited our site with your IP address. If you click on the Instagram button while you are logged into your Instagram account, you can link the content of our pages on your Instagram profile. This allows Instagram to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.

There is no data transfer from our website to Instagram when you visit our website.

For more information, please see Instagram's privacy policy.

Use of LinkedIn
Our website uses social plugins ("plugins") of the social network LinkedIn or LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter referred to as "LinkedIn").

The plugin is marked with a LinkedIn logo and can be activated directly by you. If you activate it, a direct connection to our website: https://www.linkedin.com/company/arcotel-hotels is established via the plugin. LinkedIn thereby receives the information that you have visited our site with your IP address when the plugin is activated. If you click the LinkedIn button while you are logged into your LinkedIn account, you can link the content of our pages on your LinkedIn profile. This enables LinkedIn to assign the visit to our pages to your user account.

We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn. You can find more information on this in LinkedIn's privacy policy.


Use of services to provide the website

Adobe Typekit
We use Adobe Typekit from Adobe Inc., San Jose, California, US, as a service to provide fonts for our online offering. To obtain these fonts, you establish a connection to Adobe Inc. servers, whereby your IP address is transmitted.

The use of Adobe Typekit is based on our legitimate interests, i.e. interest in a uniform provision and optimisation of our online offer.

The concrete storage period of the processed data cannot be influenced by us, but is determined by Adobe Inc. Further information can be found in the privacy policy for Adobe Typekit.


Cloudflare CDN
We use Cloudflare CDN to properly deliver the content of our website. Cloudflare CDN is a service of Cloudflare, Inc. which acts as a content delivery network (CDN) on our website.

A CDN helps to provide content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Cloudflare, Inc., whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Cloudflare CDN.

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision and optimisation of our online offer.

The concrete storage period of the processed data cannot be influenced by us, but is determined by Cloudflare, Inc. Further information can be found in the privacy policy for Cloudflare CDN.

 

Protection of minors

Our service is mainly aimed at adults. We do not currently market any specific areas for children. Accordingly, we do not knowingly collect age-identifying information, nor do we knowingly collect personal information from children under the age of 16. However, we caution all visitors to our website under the age of 16 not to disclose or provide any personally identifiable information through our service. In the event that we determine that a child under the age of 16 has provided us with personal information, we will, in accordance with the Children's Online Privacy Protection Act (see the Federal Trade Commission's website at www.ftc.gov/kidzprivacy for more information about this Act), delete the child's personal information from our files to the extent technically feasible.

 

The rights you can exercise against us

If we process your personal data, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

• You have a right to information about the personal data stored about you, about the purposes of processing, about any transfers to other bodies and about the duration of storage.

• If data is inaccurate or no longer necessary for the purposes for which it was collected, you may request that it be corrected, erased or restricted from processing. Where provided for in the processing procedures, you may also consult your data yourself and correct them if necessary.

• Should grounds against the processing of your personal data arise from your particular personal situation, you may, insofar as the processing is based on a legitimate interest, object to it. The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

• If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to the processing for direct marketing or profiling purposes, the personal data concerning you will no longer be processed for these purposes.

You have the right to revoke your declaration of consent under data protection law at any time via our e-mail address datenschutz@arcotel.com. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

If you have any questions about your rights and how to exercise them, please contact the responsible body (the respective hotel or the head office) or our data protection officers.

 

Right to complain to a supervisory authority

As a data subject, without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your residence or of the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes data protection.

The supervisory authority to which the complaint is submitted will inform you of the status and outcome of your complaint, including the possibility of a judicial remedy.

More information can be found on the website of the Federal Data Protection Authority.

For Austria please follow this link.

Security

ARCOTEL Hotels & Resorts uses technical and organisational security measures in accordance with Art. 32 GDPR in order to protect the data we have under our control against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. Our security measures are continuously improved in line with technological developments. Access is only possible for a few authorised persons and persons who are obliged to provide special data protection and who are involved in the technical, administrative or editorial care of data.

For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This means that data you transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the "https://" address line of your browser and the lock symbol in the browser line.

Status | January 2023

Privacy Policy