Privacy Policy of the Donube Tower

Privacy Policy

For Donauturm Aussichtsturm- und Restaurantbetriebsgesellschaft m.b.H the protection of your privacy and your personal data is of great importance.

Information sheet

We hereby inform you about your rights and obligations as well as information on how your data is processed in our company Donauturm Aussichtsturm- und Restaurantbetriebsgesellschaft m.b.H, Donauturmplatz 1, 1220 Vienna.

Responsible

Donauturm Aussichtsturm- und Restaurantbetriebsgesellschaft m.b.H
Danube Tower Square 1
1220 Vienna
Austria
Phone: +43 1 2633572
E-mail: reservierungen@donauturm.at

Data Protection Oficer

According to recital 97 to Art. 37 GDPR, the concept of core activity focuses on the main activity and not on the processing of personal data as an ancillary activity. Since the core activity of the present company is not the processing of sensitive data, it can thereby be concluded that no data protection officer is required.

Processing purposes and legal basis

Your data will be processed in our company for the following purposes:

Marketing/direct marketing mailings by post
Marketing/direct marketing mailings
Marketing/direct marketing sending by SMS
Marketing/direct marketing calls by telephone
Invoicing & business processing
Statistics and analysis of customer visits
Documentation of the service/products in a program on the PC
Telemarketing
Order processing

The following legal bases apply to the processed data

Art 6 para 1 lit a (consent of the data subject), b (necessary for the performance of the contract), c (legal obligations under the BAO and the UGB), f (legitimate interests of the controller) DSGVO
§ 132 BAO
§§ 190, 212 UGB
For data processed in accordance with the legal basis of legitimate interest (DSGVO Art. 6 para. 1 lit f), the following shall apply.
Processing of data concerned in order to be able to act in accordance with the interest of the person responsible for providing the service in a qualitative manner.

Data categories

Personal data (title, first name, last name, gender)
Address (street, no., postal code, city, country)
Bank data (IBAN, BIC, bank, owner)
Contact data (phone, mobile no., mail, website, photo)
Company data (company name, position)
Customer specific information (birthday, name day, wedding day, recruited by,...)
Credit card data
Nationality
Service record - customer history
Personal preferences - interests, hobbies, diet
Notes

Recipients of the data

In case of need - authorities, lawyers, courts, collection agencies, insurance companies
Internal recipients - managers, employees
Suppliers of services and products (printers, consultants, parcel services)
Infrastructure providers (telephone, Internet, IT service providers, cloud, software manufacturers)
Financial service providers (banks, accountants, tax consultants, payroll providers)
Agencies

Duration of data storage

The data is stored until the statutory retention period expires.

Data subject rights

As a data subject, you are entitled to the following rights according to the GDPR:

Duty to inform on the part of the responsible party - Art. 13, 14 DSGVO.
a. If personal data is collected directly from the data subject
b. If personal data is not collected directly from the data subject.
Right to information - Art. 15 DSGVO
Right to rectification - Art. 16 DSGVO
Right to erasure - Art. 17 DSGVO
Right to restriction of processing - Art. 18 DSGVO
Right to data portability - Art. 20 DSGVO
Right to object - Art. 21 DSGVO
Right to withdraw your consent - Art. 7 DSGVO
Right of appeal to the supervisory authority

The provision of the data subject's personal data is not required by law or by contract. However, for the processing purposes carried out by the controller, the provision proves to be useful, as this enables qualitative services and process handling in the sense of the data subject.

Profiling of data subjects

No personal data based on automated processing, including profiling, is used.

Data protection information about the data processing on our website

In the following, we inform you in this data protection information about the data processing on our website. The processing of your data is carried out on the basis of the legal provisions (Basic Data Protection Regulation and Telecommunications Act 2003).

Processing in the course of contacting us

Data provided by you in the course of online contact via e-mail or our online application form will be processed and stored by us for the purpose of handling the inquiry and further processing. Your data will not be passed on without your consent and, if no longer required for these purposes, will be deleted as soon as possible.

Security of your personal information

Donauturm Aussichtsturm- und Restaurantbetriebsgesellschaft m.b.H secures your personal information from unauthorized access, use or disclosure. Donauturm Aussichtsturm- und Restaurantbetriebsgesellschaft m.b.H secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. When security-related personal information, such as credit card numbers, is transmitted to other Web sites, it is protected by Secure Socket Layer (SSL) protocol encryption.

Cookies

Cookies are used on this website to improve the user experience. Disabling cookies may limit the functionality of the website.

Order processing

The data you submit when ordering goods and/or services from us will have to be processed in order to fulfill your order. Please note that orders cannot be processed without providing this data. In order to process your order, we will share your data with the shipping company responsible for delivery to the extent required to deliver your order and/or with the payment service provider to the extent required to process your payment.

Customer account/registration

If you create a customer account with us via our website, we will use the data you entered during registration (e.g. your name, your address, or your email address) exclusively for services leading up to your potential placement of an order or entering some other contractual relationship with us, to fulfill such orders or contracts, and to provide customer care (e.g. to provide you with an overview of your previous orders or to be able to offer you a wishlist function). We also store your IP address and the date and time of your registration. This data will not be transferred to third parties.

During the registration process, your consent will be obtained for this processing of your data, with reference made to this privacy policy. The data collected by us will be used exclusively to provide your customer account.

If you register for our free newsletter, the data requested from you for this purpose, i.e. your email address and, optionally, your name and address, will be sent to us. We also store the IP address of your computer and the date and time of your registration. During the registration process, we will obtain your consent to receive this newsletter and the type of content it will offer, with reference made to this privacy policy. The data collected will be used exclusively to send the newsletter and will not be passed on to third parties.

You may revoke your prior consent to receive this newsletter under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent or click on the unsubscribe link contained in each newsletter.

User posts, comments, and ratings

We offer you the opportunity to post questions, answers, opinions, and ratings on our website, hereinafter referred to jointly as "posts." If you make use of this opportunity, we will process and publish your post, the date and time you submitted it, and any pseudonym you may have used.

In addition, we will also process your IP address and email address. The IP address is processed because we might have a legitimate interest in taking or supporting further action if your post infringes the rights of third parties and/or is otherwise unlawful.

Follow-up comments

If you make posts on our website, we also offer you the opportunity to subscribe to any subsequent follow-up comments made by third parties. In order to be able to inform you about these follow-up comments, we will need to process your email address.

Online job applications / publication of job advertisements

We offer you the opportunity to apply for jobs with our company via our website. In the case of these digital applications, we collect your application data electronically in order to process your application.

If you are hired as a result of the application process, we will store the data you provide during the application process in your personnel file for the purpose of the usual organizational and administrative process, naturally in compliance with further legal obligations.

If we do not hire you, we will automatically delete the data submitted to us two months after the final decision is made. We will not delete the data, however, if we must store the data for legal reasons such as evidence of equal treatment of applicants, until any legal action is concluded, or four months.

If you expressly consent to a longer storage of your data, e.g. for your inclusion in a database of applicants or interested parties, the data will be processed further on the basis of your consent. The legal basis is then Art. 6 Para. 1 lit. a) GDPR. You may withdraw your consent at any time with future effect per Art. 7 Para. 3 GDPR with future effect.

Agency Services - Social Recruiting

We process our customers' data as part of our contractual services, which may include, for example, conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes, handling, server administration, data analysis/consulting services and training services.

We delete the data after the expiry of legal warranty and comparable obligations, i.e., generally after 90 days, unless the data is stored in a customer account, e.g., as long as it must be retained for legal archiving reasons (e.g., for tax purposes generally 10 years). We delete data disclosed to us by the contractual partner as part of an order in accordance with the specifications of the order, generally after the end of the order.

Video surveillance at the parking and Danube Tower

Video surveillance at the Danube Tower parking lot as well as at the Tower is used to protect the safety and property of visitors and employees. Images and, if necessary, sound recordings are captured, and personal data may also be recorded. The data is processed exclusively for security purposes and is automatically deleted after 24 hours, unless it is required for the clarification of incidents or legal obligations. Access to recordings is restricted to authorized personnel, and disclosure to third parties occurs only in certain cases. Video surveillance is based on our legitimate interest in security.

Photography and Photopoints at the Danube Tower

Please be aware that during your visit to the Danube Tower, you may be photographed by our photographer or captured when using our Photopoints. These photos are intended to enhance your experience with us and are handled with the utmost care. In line with our commitment to your privacy and data security, all photos taken in this manner will be automatically deleted from our systems within a maximum of four hours.

Contests

We offer you the opportunity to take part in contests on our website. If you participate in one of our competitions, the data you provide when you enter will be processed without your further consent, but only to run the contest.

As part of the competition, we will pass on your data to the transport company entrusted with the delivery of the goods or to a financial service provider if the transfer is necessary for the delivery or payment of your winnings. If you win and your information is to be published, you will be informed of this in the declaration of consent.

Your consent to the processing of your data for participation in our competitions may be exercised in accordance with Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent.

Twitter

We maintain an online presence on Twitter to present our company and our services and to communicate with customers/prospects. Twitter is a service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

We would like to point out that this might cause user data to be processed outside the European Union, particularly in the United States. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to Twitter.

The privacy policy of Twitter can be found at

https://twitter.com/privacy

We maintain an online presence on Pinterest to present our company and our services and to communicate with customers/prospects. Pinterest is a service of Pinterest Inc., 651 Brannan Street, San Francisco, CA, 94107, USA.

The Pinterest privacy policy can be found here:

https://policy.pinterest.com/de/privacy-policy

YouTube

We maintain an online presence on YouTube to present our company and our services and to communicate with customers/prospects. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043 USA.

The YouTube privacy policy can be found here:

https://policies.google.com/privacy

We maintain an online presence on LinkedIn to present our company and our services and to communicate with customers/prospects. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

The LinkedIn privacy policy can be found here:

https://www.linkedin.com/legal/privacy-policy

Facebook

To advertise our products and services as well as to communicate with interested parties or customers, we have a presence on the Facebook platform.

On this social media platform, we are jointly responsible with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.

The data protection officer of Facebook can be reached via this contact form:

https://www.facebook.com/help/contact/540977946302970

We have defined the joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, which sets out the reciprocal obligations, is available at the following link:

https://www.facebook.com/legal/terms/page_controller_addendum

The legal basis for the processing of the resulting and subsequently disclosed personal data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis, communication, sales, and promotion of our products and services.

The legal basis may also be your consent per Art. 6 para. 1 lit. a GDPR granted to the platform operator. Per Art. 7 para. 3 GDPR, you may revoke this consent with the platform operator at any time with future effect.

When accessing our online presence on the Facebook platform, Facebook Ireland Ltd. as the operator of the platform in the EU will process your data (e.g. personal information, IP address, etc.).

This data of the user is used for statistical information on the use of our company presence on Facebook. Facebook Ireland Ltd. uses this data for market research and advertising purposes as well as for the creation of user profiles. Based on these profiles, Facebook Ireland Ltd. can provide advertising both within and outside of Facebook based on your interests. If you are logged into Facebook at the time you access our site, Facebook Ireland Ltd. will also link this data to your user account.

If you contact us via Facebook, the personal data your provide at that time will be used to process the request. We will delete this data once we have completely responded to your query, unless there are legal obligations to retain the data, such as for subsequent fulfillment of contracts.

Facebook Ireland Ltd. might also set cookies when processing your data.

If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Cookies that have already been saved can be deleted at any time. The instructions to do this depend on the browser and system being used. For Flash cookies, the processing cannot be prevented by the settings in your browser, but instead by making the appropriate settings in your Flash player. If you prevent or restrict the installation of cookies, not all of the functions of Facebook may be fully usable.

Details on the processing activities, their suppression, and the deletion of the data processed by Facebook can be found in its privacy policy:

https://www.facebook.com/privacy/explanation

It cannot be excluded that the processing by Facebook Ireland Ltd. will also take place in the United States by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025.

Instagram

To advertise our products and services as well as to communicate with interested parties or customers, we have a presence on the Instagram platform.

On this social media platform, we are jointly responsible with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

The data protection officer of Instagram can be reached via this contact form:

https://www.facebook.com/help/contact/540977946302970

https://www.facebook.com/legal/terms/page_controller_addendum

When accessing our online presence on the Instagram platform, Facebook Ireland Ltd. as the operator of the platform in the EU will process your data (e.g. personal information, IP address, etc.).

This data of the user is used for statistical information on the use of our company presence on Instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes as well as for the creation of user profiles. Based on these profiles, Facebook Ireland Ltd. can provide advertising both within and outside of Instagram based on your interests. If you are logged into Instagram at the time you access our site, Facebook Ireland Ltd. will also link this data to your user account.

If you contact us via Instagram, the personal data your provide at that time will be used to process the request. We will delete this data once we have completely responded to your query, unless there are legal obligations to retain the data, such as for subsequent fulfillment of contracts.

Facebook Ireland Ltd. might also set cookies when processing your data.

Details on the processing activities, their suppression, and the deletion of the data processed by Instagram can be found in its privacy policy:

https://help.instagram.com/519522125107875

It cannot be excluded that the processing by Facebook Ireland Ltd. will also take place in the United States by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025.

Social media links via graphics

We also integrate the following social media sites into our website. The integration takes place via a linked graphic of the respective site. The use of these graphics stored on our own servers prevents the automatic connection to the servers of these networks for their display. Only by clicking on the corresponding graphic will you be forwarded to the service of the respective social network.

Once you click, that network may record information about you and your visit to our site. It cannot be ruled out that such data will be processed in the United States.

Initially, this data includes such things as your IP address, the date and time of your visit, and the page visited. If you are logged into your user account on that network, however, the network operator might assign the information collected about your visit to our site to your personal account. If you interact by clicking Like, Share, etc., this information can be stored your personal user account and possibly posted on the respective network. To prevent this, you need to log out of your social media account before clicking on the graphic. The various social media networks also offer settings that you can configure accordingly.

The following social networks are integrated into our site by linked graphics:

Facebook

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.

twitter

Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA

Pinterest Inc., 651 Brannan Street, San Francisco, CA, 94107, USA.

YouTube

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA

LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA.

Instagram

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.

Google Analytics

We use Google Analytics on our website. This is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google).

The Google Analytics service is used to analyze how our website is used. The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our site.

Usage and user-related information, such as IP address, place, time, or frequency of your visits to our website will be transmitted to a Google server in the United States and stored there. However, we use Google Analytics with the so-called anonymization function, whereby Google truncates the IP address within the EU or the EEA before it is transmitted to the US.

The data collected in this way is in turn used by Google to provide us with an evaluation of visits to our website and what visitors do once there. This data can also be used to provide other services related to the use of our website and of the internet in general.

Google states that it will not connect your IP address to other data. In addition, Google provides further information with regard to its data protection practices at

https://www.google.com/intl/de/policies/privacy/partners,

including options you can exercise to prevent such use of your data.

In addition, Google offers an opt-out add-on at

https://tools.google.com/dlpage/gaoptout?hl=en

in addition with further information. This add-on can be installed on the most popular browsers and offers you further control over the data that Google collects when you visit our website. The add-on informs Google Analytics' JavaScript (ga.js) that no information about the website visit should be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or to other web analytics services we may use as detailed herein.

Google-Maps

Our website uses Google Maps to display our location and to provide directions. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google).

To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed.

If you access the Google Maps components integrated into our website, Google will store a cookie on your device via your browser. Your user settings and data are processed to display our location and create a route description. We cannot prevent Google from using servers in the USA.

The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in optimizing the functionality of our website.

By connecting to Google in this way, Google can determine from which website your request has been sent and to which IP address the directions are transmitted.

If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Further details can be found in the section about cookies above.

In addition, the use of Google Maps and the information obtained via Google Maps is governed by the Google Terms of Use https://policies.google.com/terms?gl=DE&hl=en and the Terms and Conditions for Google Maps https://www.google.com/intl/de_de/help/terms_maps.html.

Google also offers further information at

https://adssettings.google.com/authenticated

https://policies.google.com/privacy

Google AdWords with Conversion Tracking

Our website uses Google AdWords and conversion tracking. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google).

We use conversion tracking to provide targeted promotion of our site. The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our site.

If you click on an ad placed by Google, the conversion tracking we use stores a cookie on your device. These so-called conversion cookies expire after 30 days and do not otherwise identify you personally.

If the cookie is still valid and you visit a specific page of our website, both we and Google can evaluate that you clicked on one of our ads placed on Google and that you were then forwarded to our website.

The data collected in this way is in turn used by Google to provide us with an evaluation of visits to our website and what visitors do once there. In addition, we receive information about the number of users who clicked on our advertisement(s) as well as about the pages on our site that are subsequently visited. Neither we nor third parties who also use Google AdWords will be able to identify you from this conversion tracking.

You can also prevent or restrict the installation of cookies by making the appropriate settings in your browser. Likewise, you can use the browser to delete cookies that have already been stored. However, the steps and measures required vary, depending on the browser you use. If you have any questions, please use the help function or consult the documentation for your browser or contact its maker for support.

In addition, Google provides further information with regard to its data protection practices at

https://services.google.com/sitestats/de.html

https://www.google.com/policies/technologies/ads/

http://www.google.de/policies/privacy/

in particular information on how you can prevent the use of your data.

Google Remarketing

We use the remarketing function on our website. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google).

We use this feature to deliver interest-based, personalized advertising on third-party websites that also participate in Google's advertising network.

The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our site.

To allow this advertising service to function, Google stores a cookie with a sequence of numbers on your device via your browser when you visit our website. This cookie records both your visit and the use of our website in anonymous form. However, personal data will not be passed on. If you subsequently visit a third-party website that also uses the Google advertising network, advertising may appear that refers to our website or our offers there.

To permanently disable this feature, Google provides a browser plugin for most common browsers at

https://www.google.com/settings/ads/plugin?hl=de

Likewise, the use of cookies from certain providers, e.g. via

http://www.youronlinechoices.com/uk/your-ad-choices/

http://www.networkadvertising.org/choices/

can be deactivated by opt-out.

Cross-device marketing allows Google to track your usage patterns across multiple devices, so you may see interest-based, personalized advertising even when you switch devices. However, this requires that you have agreed to link your browsing history to your existing Google account.

Google offers more information about Google Remarketing at

https://www.google.com/privacy/ads/

Microsoft Bing Ads

Our website uses Bing Ads for remarketing and follow-up. This is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 - 6399, USA, hereinafter referred to as "Microsoft", based on so-called Universal Event Tracking (UEN).

The legal basis for collecting and processing this information is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our site.

If you click on an advertisement placed by us on the Bing search engine, Microsoft stores a cookie on your terminal device to track your activity via your browser. This cookie expires after 180 days and is not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, both Microsoft and we may recognize that you have clicked on an advertisement placed by us at Bing and have been forwarded to our website from there.

Microsoft uses the information collected by the tracking cookie to compile visit statistics for us. This provides us with information on the number of hits triggered by the advertising placed on Bing and which pages on our site were subsequently accessed. However, we do not receive any information that could be used to identify you personally.

In addition, Microsoft may be able to track your user behavior across multiple devices using cross-device tracking. This enables Microsoft to display personalized advertising across all devices.

If you have a Microsoft account, you can also change the settings for personalized advertising there at http://choice.microsoft.com/de-de/opt-out.

Microsoft also provides additional information about Bing Ads, the collection and use of data, and your rights and disclosures about how you can protect your privacy at https://help.bingads.microsoft.com/#apex/3/de/53056/2 and https://privacy.microsoft.com/de-de/privacystatement.

Sendinblue

We offer you the opportunity to register for our free newsletter on our website.

We use Sendinblue to send newsletters. Sendinblue is a service provided by the company Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, hereinafter referred to as " Sendinblue ".

If you sign up to receive our newsletter, the data requested during the registration process (your email address) will be processed by Sendinblue. For this your IP address and the date of your registration will be saved along with the time. As a further part of the registration process, your consent to the sending of the newsletter will be obtained, the content will be described in concrete terms and reference made to this data protection declaration.

Additionally at

https://www.newsletter2go.de/datenschutz/
https://www.sendinblue.com/legal/privacypolicy/

Informationen Newsletter-Empfänger - Sendinblue

Sendinblue offers further data protection information.

The newsletters sent by Sendinblue contain technologies by which we can analyse whether and when an email was opened and whether and which links contained in the newsletter were followed. We save this data in addition to the technical data (system data and IP address) so that the respective newsletter can be best tailored to your wishes and interests. The data thus collected is used to continuously improve the quality of our newsletters.

The legal basis for sending the newsletter and the analysis is Art. 6 Para. 1 lit. a.) EU General Data Protection Regulation (GDPR).

Consent to the newsletter being sent can be revoked at any time with future effect in accordance with Art. 7 Para. 3 GDPR. To do this, you only have to inform us of your revocation or click the unsubscribe link contained in each newsletter.

Links to other websites

Our website may contain links to websites of other organizations that have their own privacy notices. Please be sure to read the terms of use and privacy notice carefully before providing any personal information to any other organization's website, as we do not assume any responsibility or liability for any other organization's website.

Changes

This Privacy Policy may be amended by us from time to time due to business changes or legislative changes. In the event of material changes to this Privacy Policy, we will post a notice on our website prior to their effective date and otherwise notify you if required by applicable law.

Your rights

You are generally entitled to the rights of access, rectification, erasure, restriction, data portability, revocation and objection. If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in some way, you can complain to the supervisory authority. In Austria, this is the data protection authority.

Privacy information about the processing of personal data by aleno

Collection of guest data for reservations
In order for us to accept reservation requests and manage them, we use the restaurant management system aleno, which is offered by aleno AG, based in Switzerland. The use of aleno allows us to electronically collect personal information about our guests ("Guest Data"). The Guest Data is the following information:

First name and last name
Telephone number and e-mail address
Number of people, time and date of the requested visit.

Collecting Guest Data allows us to process your reservation request and ensure that the table you request is reserved in their name and that we can contact you if necessary. The legal basis for using aleno to electronically record reservations is to protect our legitimate interests pursuant to Art. 6 (1) lit. f DSGVO. The guest data we collect is not automatically deleted after the reservation has been made, but is used to create a personal guest profile. You have the right to request deletion of your guest data at any time. If the deletion occurs before the date of the reservation, the corresponding reservation will be automatically cancelled.

Collection of credit card information for reservations
Online reservation requests are not binding until we have confirmed the table, date and original time by means of an e-mail confirmation. To ensure that we do not incur any damage in the event of an unexcused no-show, we reserve the right to request a credit card as a guarantee of payment.
require. In doing so, we will collect the following information ("Payment Information"):

Name of the issuer of the credit card
Name of the holder of the credit card
Expiration date of the credit card
Credit card number and check digit

When you enter your payment information in an online reservation request, the information is automatically anonymized by aleno. As a result, the payment information is not personal data in the sense of the Swiss Federal Data Protection Act (DSG) or the EU Data Protection Regulation (DSGVO). The payment information is also transmitted directly to the hosting provider of aleno AG. For this reason, we do not have access to the anonymized payment information and do not store it on our system.

Creation of guest profiles
The guest data collected for the purpose of accepting and making an online reservation is used by us to create a personal profile for our guests in the aleno restaurant management system ("guest profile"). This allows us to use the guest data to personalize our services. After your visit to our restaurant, we reserve the right to add additional personal data to the guest profile to enable us to further personalize it ("profile data"). This profile data is the following information: Personal Data used to personalize Guests, including preferred language, allergies and special requests, birthday, customer category and status. Information about past restaurant visits, including time and date of visit, length of stay, number of guests, type and location of table, amount spent, and any no-shows. Consolidated information about all past restaurant visits, including total number of visits, total amount spent, and total number of no-shows.

The creation of a guest profile and the collection of profile data allows us to tailor our services to you and thereby ensure that you feel at home with us and that we can respond to your individual wishes. The legal basis for the use of aleno to create a guest profile is the protection of our legitimate interests pursuant to Art. 6 (1) lit. f DSGVO. The guest data and profile data contained in the guest profile are deleted or anonymized as soon as they are no longer used for their original purpose. You have the right to request deletion of your guest profile and the guest data and profile data contained therein at any time.

Responsibility and further information
When collecting and processing guest data, payment information and profile data in connection with the use of the restaurant management system aleno, we are deemed to be the responsible party within the meaning of Art. 4 No. 7 DSGVO, which decides on the purposes and means of processing the personal data collected and is responsible for ensuring and fulfilling the rights of the data subjects. The guest data, payment information and profile data are transmitted to and processed by aleno AG after they have been collected. aleno AG qualifies as a processor within the meaning of Art. 4 No. 8 DSGVO, which processes personal data on behalf of the controller. For this reason, we have concluded a contract with aleno AG for commissioned data processing and thus fully implement the requirements of the DSGVO when using aleno. Further information on the collection and handling of your personal data in connection with the use of aleno can be found in the privacy policy of aleno AG, which can be accessed via the following link.