The responsible body within the meaning of the data protection laws is

Claudia Handrick Senoner

General information

The company respects and protects the right to data protection and privacy and takes all legally required measures to protect the personal data of guests.

This data protection information provides you with a quick and easy overview of which of your personal data is processed as an interested party and/or guest, for what purposes and on what legal basis. Furthermore, you will be informed about your rights under data protection law, the so-called data subject rights.

Data processing on the website

With the booking manager, the company manages and processes in particular the data of its (potential) guests, namely name, address, services used and documents and correspondence relating thereto, date of birth, gender, nationality, country of birth, document data, accounting and payment data, disclosed interests, disclosed intolerances, disabilities or other health data, registration data and stay data. The business can also use it to process the payment of the local tax, the registration of persons accommodated in guest establishments (police registration) and the necessary statistics. If the relevant data is not disclosed, the services cannot generally be provided by the company.

The legal basis for the processing is, on the one hand, the necessity for the performance of the contract between the establishment and the guest or for the implementation of pre-contractual measures taken at the request of the guest (Art. 6 para. 1 lit. b GDPR) or – in particular with regard to any health data – the respective (express) consent (Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR), which can be revoked at any time vis-à-vis the establishment in accordance with the processes provided for in the respective consent. The revocation can also be declared to the Plotschhof – Claudia Handrick by e-mail to info@plotschhof.com. With regard to contractual data processing, processing will continue until the contractual purposes or statutory archiving obligations cease to apply, in particular under tax and/or company law, or with regard to the legal basis of consent until it is withdrawn.

The company uses the booking manager for technical operation and as part of the website – Domainfactory. The company has made the necessary data protection agreements with the Domainfactory so that the above-mentioned data is only processed lawfully and securely.

Collection of general information

When you access our website, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider and similar. This is exclusively information that does not allow any conclusions to be drawn about your person. This information is technically necessary in order to correctly deliver the website content requested by you and is mandatory when using the Internet. Anonymous information of this kind is statistically evaluated by us in order to optimize our Internet presence and the technology behind it.

SSL-Verschlüsselung

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

Contact by e-mail

If you contact us by e-mail or via the booking system, the information you provide will be stored for the purpose of processing the request and for possible follow-up questions.

Deletion or blocking of the data

We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as provided for by the various storage periods stipulated by law. After the respective purpose has ceased to exist or these periods have expired, the corresponding data is routinely blocked or deleted in accordance with the statutory provisions.

Use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (hereafter: Google). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, due to the activation of IP anonymization on these websites, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: Browser add-on to deactivate Google Analytics.

In addition or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our pages by clicking on this link. An opt-out cookie will be installed on your device. This will prevent Google Analytics from collecting data for this website and for this browser in the future as long as the cookie remains installed in your browser.

Use of Google Maps

This website uses Google Maps API to display geographical information visually. When using Google Maps, Google also collects, processes and uses data about the use of the map functions by visitors. You can find more information about data processing by Google in the Google privacy policy. You can also change your personal data protection settings there in the data protection center.

Detailed instructions on managing your own data in connection with Google products can be found here.

Use of “Real Cookie Banner”

We use the “Real Cookie Banner” consent tool to manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents.
Details on how “Real Cookie Banner” works can be found at
https://devowl.io/knowledge-base/real-cookie-banner-data-processing/

The legal basis for the processing of personal data in this context is Art. 6 para. 1 lit. c DS-GVO und Art. 6 Abs. 1 lit. f DS-GVO. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.

The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.

Data economy

In accordance with the principles of data avoidance and data economy, we only store personal data for as long as is necessary or prescribed by law (statutory retention period). If the purpose of the information collected no longer applies or if the storage period ends, we block or delete the data.

Your rights to information, rectification, blocking, erasure and objection

Right of withdrawal:

If the processing is based on (explicit) consent, the data subject has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. See above for the process

Right to information:

Every data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data (copy of the personal data undergoing processing) and the following information: (a) the purposes of the processing; (b) the categories of personal data that are processed; (c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; (d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; (f) the existence of a right of appeal to a supervisory authority; (g) where the personal data are not collected from the data subject, any available information as to their source; (h) the (non-)existence of automated decision-making, including profiling. The controller shall provide a copy of the personal data undergoing processing. For all further copies requested by the data subject, the controller may charge a reasonable fee based on the administrative costs. If the data subject submits the request electronically, the information must be provided in a commonly used electronic format, unless the data subject indicates otherwise.

Right to rectification and erasure:

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. Furthermore, the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: (a) The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. (b) The data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing. (c) The data subject objects to the processing (see immediately below). (d) The personal data have been processed unlawfully. (e) The deletion of personal data is necessary to fulfill a legal obligation to which the controller is subject. (f) The personal data was collected in relation to information society services offered (consent of a child). The right to erasure does not exist in particular if the processing is necessary for compliance with a legal obligation to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, and/or for the establishment, exercise or defense of legal claims.

Right to restriction of processing:

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies: (a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data, (b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; (c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; or (d) the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. A data subject who has obtained restriction of processing shall be informed by the controller before the restriction of processing is lifted.

Right to data portability:

Where the processing is based on consent or on a contract and the processing is carried out by automated means, the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the controller, in a structured, commonly used and machine-readable format. In exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

Right of objection:

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or which is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. The controller will then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. If the data subject objects to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

Right to lodge a complaint with the supervisory authority:

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this legal requirement. The Italian data protection authority is the “Garante per la protezione dei dati personali”.

Questions for the data protection officer

If you have any questions about data protection, please send us an e-mail or contact the person responsible directly:

Claudia Handrick Senoner