• Endlich den Gipfel erreicht

Name and contact of the Data Controller pursuant to Article 4 Abs. 7 GDPR

Company: Fam. Gernot and Johanna Sturm
Address:
Nölbling 11
A-9635 Dellach / Gail
Telephone: 0043 (0) 650 77 13 073 | 0043 (0) 699 19 92 0107
E-Mail: Office@ferienhof-Sturm.at
www.ferienhof-sturm.at

Security and protection of your personal data

We consider it our priority task, Maintain the confidentiality of the personal data you provide and protect it from unauthorized access. That is why we apply the utmost care and state-of-the-art safety standards, to ensure maximum protection of your personal data.

As a company under private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the provisions of the Federal Data Protection Act (BDSG). We have taken technical and organizational measures, that ensure, that the regulations on data protection are to be implemented by us, as well as by our external service providers.

Definitions

The legislator demands, that personal data is processed in a lawful manner, processed fairly and in a manner that is comprehensible to the data subject ("Legality, Processing in good faith, Transparency"). To ensure this, we inform you about the individual legal definitions, which are also used in this Privacy Policy:

•Personal data

"Personal data" means all information, that refers to an identified or identifiable natural person (hereinafter referred to as the "Data Subject") cover; an identifiable natural person is considered to be, that directly or indirectly, in particular by assigning it to an identifier such as a name, to an identification number, to location data, can be identified by an online identifier or by one or more special characteristics, the expression of physical, Physiological, Genetic, Mental, Economic, cultural or social identity of that natural person.

•Processing

"Processing" is everyone, with or without the help of automated processes, or any set of operations carried out in connection with personal data, such as the collection of personal data., Recording, the organization, Ordering, Storage, the adaptation or change, the readout, Querying, the use, disclosure by transmission, Distribution or other form of provision, matching or linking, the restriction, the deletion or destruction.

• Restriction of processing

"Restriction of processing" means the marking of stored personal data with the aim of:, Restrict their future processing.

•Profiling

"Profiling" means any form of automated processing of personal data, which consists of, that this personal data will be used, about certain personal aspects, relating to a natural person, to be evaluated, in particular aspects relating to work performance, Economic situation, Bless you, personal preferences, Interests, Reliability, Behaviour, Analyze or predict the location or location of that natural person.

• Pseudonymization

"Pseudonymization" is the processing of personal data in a manner, that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organisational measures, which ensure, that the personal data cannot be attributed to an identified or identifiable natural person.

•File system

"File system" means any structured collection of personal data, that are accessible according to certain criteria, Regardless of the, whether this collection is centrally, is managed in a decentralised manner or according to functional or geographical aspects.

•Person in charge

"Controller" means a natural or legal person, Agency, Institution or other body, who, alone or jointly with others, determines the purposes and means of the processing of personal data; the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for in accordance with Union law or the law of the Member States.

•Processor

"Processor" means a natural or legal person, Agency, Institution or other body, who processes personal data on behalf of the Controller.

•Receiver

"Recipient" means a natural or legal person, Agency, Institution or other body, to whom personal data is disclosed, Regardless of the, whether it is a third party or not. Authorities, who may receive personal data in the context of a specific investigative mandate under Union or Member State law, but are not considered recipients; the processing of this data by the aforementioned authorities will be carried out in accordance with the applicable data protection legislation in accordance with the purposes of the processing.

•Third

"Third party" means a natural or legal person, Agency, Institution or other body, except for the data subject, the controller, the processor and the persons, authorised under the direct responsibility of the controller or the processor, Process personal data.

•Consent

A "consent" of the data subject is any voluntary for the specific case, an informed and unambiguous expression of intent in the form of a declaration or other unambiguous affirmative action, with which the data subject makes it clear, that they consent to the processing of personal data concerning them.

Lawfulness of processing

The processing of personal data is only lawful, if there is a legal basis for the processing. The legal basis for the processing may be in accordance with Article 6 Abs. 1
Lit. a – f GDPR in particular:

  • The data subject has given consent to the processing of personal data concerning him or her for one or more specific purposes;
  • the processing is necessary for the performance of a contract, to which the data subject is a party, or necessary for the implementation of pre-contractual measures, at the request of the data subject;
  • the processing is necessary for compliance with a legal obligation, to which the controller is subject;
  • processing is required, to protect the vital interests of the data subject or of another natural person;
  • the processing is necessary for the performance of a task, which is in the public interest or in the exercise of official authority, which has been assigned to the controller;
  • the processing is necessary for the purposes of the legitimate interests pursued by the Controller or a third party, unless the interests or fundamental rights and freedoms of the data subject are, that require the protection of personal data, outweigh, especially when, if the person concerned is a child.

Information on the collection of personal data

(1) In the following, we provide information about the collection of personal data when using our website. Personal data includes, for example:. Name, Address, Email addresses, Behavior.

(2) If you contact us by e-mail or via a contact form, the data you provide will be (Your email address, if necessary. Your name and phone number) Stored by us, to answer your questions. We delete the data generated in this context, after storage is no longer required, or processing is restricted, if there are legal retention obligations.

Collection of personal data when you visit our website

When using the website for informational purposes only,, i.e. if you do not register or otherwise submit information to us, we only collect personal data, that your browser transmits to our server. If you want to view our website, we collect the following data, that are technically necessary for us, To show you our website and to ensure stability and security (The legal basis is Art. 6 Abs. 1 S. 1 Lit. f GDPR):

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (concrete side)
  • Access Status/HTTP Status Code
  • amount of data transferred in each case
  • Website, from which the requirement comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

Use of cookies

(1) In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files, stored on your hard drive associated with the browser you are using and by which the, that sets the cookie, certain information. Cookies cannot run programs or transmit viruses to your computer. They serve to, Make the Internet offer more user-friendly and effective overall.

(2) This website uses the following types of cookies, the scope and functioning of which are explained below:

  • Transient cookies (see a.)
  • Persistent cookies (see b.).
  • Transient cookies are automatically deleted, when you close the browser. These include, in particular, session cookies. These store a so-called session ID, which can be used to assign different requests from your browser to the shared session. This allows your computer to be recognized, when you return to our website. Session cookies are deleted, when you log out or close the browser.
  • Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete cookies at any time in the security settings of your browser.
  • You can configure your browser settings according to your preferences and e.g. Refuse to accept third-party cookies or all cookies. Undertow. "Third party cookies" are cookies, that were set by a third party, consequently not through the actual website you are currently on. We would like to draw your attention to this, that by disabling cookies you may not be able to use all the functions of this website.

Other features and offers of our website

(1) In addition to the purely informational use of our website, we offer various services, which you can use if you are interested. To do this, you usually have to provide further personal data, which we use to provide the respective service and to which the aforementioned data processing principles apply.

(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.

(3) We may also share your personal information with third parties, if participation in the promotion, Sweepstakes, Conclusion of contracts or similar services are offered by us together with partners. You will receive more information on this by providing your personal data or in the description of the offer below.

(4) Insofar as our service providers or partners are based in a country outside the European Economic Area (EEA) have, we inform you about the consequences of this circumstance in the description of the offer.

Children

Our offer is basically aimed at adults. Persons under 18 years should not transmit any personal data to us without the consent of their parents or guardians.

Rights of the data subject

(1) Withdrawal of consent

If the processing of personal data is based on consent given, you have the right at any time, withdraw consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent before the revocation.

To exercise the right of withdrawal, you can contact us at any time.

(2) Right to confirmation

You have the right, to request confirmation of this from the controller, whether we process personal data concerning them. You can request confirmation at any time using the contact details mentioned above.

(3) Right

Where personal data is processed, you can request access to this personal data and the following information at any time:

  • the purposes of processing;
  • the categories of personal data, that are processed;
  • the recipients or categories of recipients, to whom the personal data has been or will be disclosed, in particular for recipients in third countries or international organisations;
  • if possible, the planned duration, for which the personal data is stored, or, if this is not possible, the criteria for determining this duration;
  • the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by the controller or a right to object to such processing;;
  • the existence of a right of appeal to a supervisory authority;
  • if the personal data is not collected from the data subject, all available information about the origin of the data;
  • the existence of automated decision-making, including profiling, in accordance with Article 22 Heels 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.

Is personal data transferred to a third country or to an international organisation, you have the right, on the appropriate safeguards referred to in Article 46 GDPR in connection with the transfer. We provide a copy of the personal data, which are the subject of the processing, Available. For all further copies, person you are applying for, we can charge a reasonable fee based on administrative costs. Submit the application electronically, the information must be made available in a common electronic format, unless he states otherwise. The right to obtain a copy in accordance with paragraph 3 must not interfere with the rights and freedoms of other persons.

(4) Right to rectification

You have the right, to request that we rectify any inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to:, request the completion of incomplete personal data, including by means of a supplementary statement.

(5) Right to erasure ("Right to be forgotten")

You have the right, to demand from the controller, that personal data concerning you be deleted without undue delay, and we are committed, delete personal data without undue delay, if one of the following reasons applies::

  • The personal data is used for the purposes of, for which they were collected or otherwise processed, no longer necessary.
  • The data subject withdraws his or her consent, to which the processing referred to in Article 6 Paragraph 1 Point (a) or article 9 Paragraph 2 (a) GDPR, and there is no other legal basis for the processing.
  • In accordance with Article 21 Paragraph 1 GDPR objection to the processing and there are no overriding legitimate grounds for the processing, or the data subject submits in accordance with Article 21 Paragraph 2 GDPR objection to processing.
  • The personal data has been processed unlawfully.
  • The erasure of the personal data is necessary for compliance with a legal obligation under Union law or the law of the Member States, to which the controller is subject.
  • Personal data have been processed in relation to information society services offered in accordance with Article 8 Paragraph 1 GDPR.

If the controller has made the personal data public and is obliged to comply with paragraph 1 obliged to delete them, it shall take appropriate measures, taking into account the available technology and the costs of implementation, also of a technical nature, to data controllers, who process the personal data, to inform about it, that a data subject has requested that they delete all links to, or copies or replications of, that personal data.

The right to erasure ("Right to be forgotten") does not exist, insofar as the processing is necessary:

  • on the exercise of the right to freedom of expression and information;
  • to comply with a legal obligation, that requires processing in accordance with Union or Member State law,, to which the controller is subject, requires, or to perform a task, which is in the public interest or in the exercise of official authority, which has been assigned to the controller;
  • for reasons of public interest in the field of public health in accordance with Article 9 Paragraph 2 Letters h and i and articles 9 Paragraph 3 GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes as referred to in Article 89 Paragraph 1 GDPR, insofar as this is provided for in paragraph 1 is likely to render impossible or seriously impair the achievement of the purposes of such processing, or
  • to assert, Exercising or defending legal claims.

(6) Right to restriction of processing

You have the right, to request that we restrict the processing of their personal data, if one of the following conditions is met:

  • the accuracy of the personal data is contested by the data subject, for a period of time, that allows the controller to, Verify the accuracy of the personal data,
  • the processing is unlawful and the data subject opposes the erasure of the personal data and instead requests the restriction of the use of the personal data;
  • the controller no longer needs the personal data for the purposes of the processing,, the data subject, however, may have them invoked, Exercise or defence of legal claims required, or
  • the data subject objects to the processing pursuant to Article 21 Paragraph 1 GDPR, as long as it has not yet been determined, whether the legitimate reasons of the controller outweigh those of the data subject.

Has the processing been restricted in accordance with the above conditions, this personal data – apart from their storage – will only be processed with the consent of the data subject or for the purpose of asserting, the exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State;.

To exercise the right to restriction of processing, the data subject can contact us at any time using the contact details provided above.

(7) Right to data portability

You have the right, the personal data concerning you, that you have provided to us, in a structured, common and machine-readable format, and you have the right, transfer these data to another controller without hindrance from the controller, to whom the personal data was provided, zu übermitteln, if:

  • the processing on the basis of consent pursuant to Article 6 Paragraph 1 Point (a) or article 9 Paragraph 2 point (a) or on a contract pursuant to Article 6 Paragraph 1 (b) GDPR and
  • the processing is carried out using automated procedures.

When exercising the right to data portability pursuant to paragraph 1 you have the right, to obtain, that the personal data is transferred directly from one controller to another controller, as far as this is technically feasible. Exercising the right to data portability does not imply the right to erasure ("Right to be forgotten") untouched. This right does not apply to processing, necessary for the performance of a task, which is in the public interest or in the exercise of official authority, which has been assigned to the controller.

(8) Right to object

You have the right, for reasons, arising from your particular situation, at any time object to the processing of personal data concerning you, which are based on Article 6 Paragraph 1 (e) or (f) GDPR, to lodge an objection; this also applies to profiling based on these provisions. The Controller no longer processes the personal data, unless, he can prove compelling legitimate grounds for the processing, which, The rights and freedoms of the data subject prevail, or the processing serves to assert, Exercising or defending legal claims.

Personal data is processed, To conduct direct marketing, you have the right to, object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is related to such direct marketing. Object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

In connection with the use of information society services, you can exercise your right to object by means of automated procedures, notwithstanding Directive 2002/58/EC, where technical specifications are used.

You have the right, for reasons, arising from your particular situation, against the processing of personal data concerning you, which are used for scientific or historical research purposes or for statistical purposes in accordance with Article 89 Paragraph 1 Is, to lodge an objection, unless, the processing is necessary for the performance of a task carried out in the public interest.

You can exercise the right to object at any time, by contacting the relevant controller.

(9) Automated decision-making in individual cases, including profiling

You have the right, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or similarly significantly affects you. This does not apply, if the decision:

  • is necessary for the conclusion or performance of a contract between the data subject and the controller,
  • on the basis of Union or Member State legislation, to which the controller is subject, and that legislation contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, or
  • with the express consent of the data subject.

The Controller shall take appropriate measures, to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of a person on the part of the controller, to present its own position and to contest the decision.

The data subject may exercise this right at any time, by contacting the respective controller.

(10) Right to lodge a complaint with a supervisory authority

They also have, without prejudice to any other administrative or judicial remedy, the right to lodge a complaint with a supervisory authority, in particular in the Member State of their residence, of their place of work or the place of the alleged infringement, if the data subject is of the opinion, that the processing of personal data concerning them infringes this Regulation.

(11) Right to an effective judicial remedy

Without prejudice to any available administrative or extrajudicial remedy, including the right to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR requires the right to an effective judicial remedy, if she is of the opinion, that their rights under this Regulation have been infringed as a result of the processing of their personal data that is not in accordance with this Regulation;.

Use of social media plugins

(1) We currently use the following social media plug-ins: [Facebook, Google , Twitter, Xing, T3N, LinkedIn, Flattr]. We use the so-called. Two-click solution. That is, when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in by the mark on the box by its first letter or logo. We give you the opportunity, communicate directly with the provider of the plug-in via the button. Only if you click on the highlighted field and thereby activate it, the plug-in provider receives the information, that you have accessed the corresponding website of our online offer. In addition, the provisions of § 3 data referred to in this statement. In the case of Facebook and Xing, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, personal data of yours is transmitted to the respective plug-in provider and stored there (with U.S. providers in the U.S.) stored. Since the plug-in provider collects data in particular via cookies,, we recommend you, delete all cookies before clicking on the greyed out box via the security settings of your browser.

(2) We have no influence on the data collected and data processing operations, we are still aware of the full scope of the data collection, the purposes of the processing, the storage periods are known. We also have no information on the deletion of the collected data by the plug-in provider.

(3) The plug-in provider stores the data collected about you as user profiles and uses them for advertising purposes, Market research and/or needs-based design of your website. Such an evaluation shall be carried out in particular (also for users who are not logged in) To provide tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this. Through the plug-ins, we offer you the opportunity to, Interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 Abs. 1 S. 1 Lit. f GDPR.

(4) The data is passed on independently, whether you have an account with the plug-in provider and are logged in to it. If you are logged in to the plug-in provider, your data collected by us will be directly assigned to your existing account with the plug-in provider. If you press the activated button and e.g. link to the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you, Log out regularly after using a social network, but especially before activating the button, as this allows you to avoid being assigned to your profile with the plug-in provider.

(5) Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the privacy policies of these providers provided below. There you will also find further information about your rights in this regard and setting options to protect your privacy.

(6) Addresses of the respective plug-in providers and URL with their privacy notices:

  • Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, United States; http://www.facebook.com/policy.php; Further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
  • Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, United States; https://www.google.com/policies/privacy/partners/?hl=en. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. #
  • Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, United States; https://twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
  • Xing AG, Goose Market 43, 20354 Hamburg, EN; http://www.xing.com/privacy.
  • T3N, yeebase media GmbH, Kriegerstr. 40, 30161 Hanover, Germany; https://t3n.de/store/page/datenschutz.
  • LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, United States; http://www.linkedin.com/legal/privacy-policy. LinkedIn has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
  • Flattr Network Ltd. based at 2nd Floor, White bear yard 114A, Clerkenwell Road, London, Middlesex, England, EC1R 5DF, Great Britain; https://flattr. com/privacy.]

Integration of Google Maps

(1) On this website we use the offer of Google Maps. This allows us to show you interactive maps directly on the website and allows you to use the map function conveniently.

(2) By visiting the website, Google receives the information, that you have accessed the relevant subpage of our website. In addition, the provisions of § 3 data referred to in this statement. This is done independently, whether Google provides a user account, through which you are logged in, or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not want to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses it for advertising purposes, Market research and/or needs-based design of your website. Such an evaluation shall be carried out in particular (even for users who are not logged in) To provide tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this.

(3) Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider's privacy policy. There you will also find further information about your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Processor

We use external service providers (Processor) z. B. for the shipment of goods, Newsletter or payment processing. A separate order data processing was concluded with the service provider, To ensure the protection of your personal data.

We work with the following service providers:

World4You
Google
Facebook