Privacy policy

As part of our online offering, we process personal data of users, namely inventory data (e.g. names and addresses of customers), contract data (e.g. services used, names of clerks, payment information), usage data (e.g. the websites visited on our online offering, interest in our products) and content data (e.g. entries in the contact form).

The term "user" includes all persons affected by the data processing and is to be understood as gender-neutral. In particular, "users" include our customers, business partners and other visitors to our online offering.

Legal basis for data processing:

- Consent (Article 6(1)(a) GDPR);
- Conclusion and fulfilment of a contract (Article 6(1)(b) GDPR);
- Fulfilment of a legal obligation (Article 6(1)(c) GDPR);
- Processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject (Article 6(1)(f) GDPR)

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in the address line. This means that the data you transmit to us cannot be read by third parties. Furthermore, this is intended to protect the data processed by us against accidental or intentional manipulation, destruction, loss or access by unauthorised persons.

We only use your personal data within our company.

If data is passed on to service providers as part of commissioned data processing, we also oblige them to comply with our data protection provisions. We only pass on your data to bodies authorised to receive information if we are obliged to do so by law or by court order.

Users can voluntarily create a user account in some areas of our online offering, where they can view their orders (e.g. vouchers, online bookings, etc.). This user account is not public and cannot be read by search engines. If you cancel your user account, your data relating to the user account will be deleted, unless its retention is necessary for commercial or tax law reasons.

We store the IP address and the time of the respective user action as part of the registration and renewed logins as well as utilisation of our online services.

When contacting us (via online contact form or email), the user's details are processed in order to process the contact enquiry and respond to it.

Based on our legitimate interests, we also collect and store information in server log files that your browser automatically transmits to us. These are Browser type and version, operating system, referrer URL, host name of the accessing computer, time of the server enquiry and your IP address.

Log file information is stored for a maximum of seven days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data whose further storage is required for evidence purposes is excluded from deletion until the respective incident has been finally clarified.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address

This data is not merged with other data sources.

This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website - the server log files must be recorded for this purpose.

(1) This website uses functions of the web analysis service Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. ("Google"). Google Analytics uses so-called "cookies", text files which are stored on the user's computer and which enable the use of the website to be analysed. The information generated by cookies about the use of the online offer by users is usually transmitted to a Google server in the USA and stored there. The storage of Google Analytics cookies is based on Art. 6 para. 1 lit. f GDPR.

(2) We have a legitimate interest in analysing user behaviour in order to optimise both the website and advertising.

(3) Google will use this information on our behalf to analyse the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services associated with the use of this online offer and the use of the Internet.

(4) We use Google Analytics to display the adverts placed by Google and its partners within advertising services only to those users who have also shown an interest in our online offering or who have certain characteristics (e.g. interest in content or products determined on the basis of the websites visited) that we transmit to Google (so-called "remarketing" or "Google Analytics audiences"). With the help of remarketing audiences, we also want to ensure that our adverts correspond to the potential interest of users and are not annoying.

(5) We have activated the IP anonymisation function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

(6) On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

(7) You can prevent the storage of cookies by setting your browser software accordingly (so-called browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=de). We would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

(8) You can find further information on the use of data by Google as well as objection options under the following Google links:

https://www.google.com/intl/de/policies/privacy/partners (Data usage by Google when you use our partners' websites or apps)

http://www.google.com/policies/technologies/ads (Use of data for advertising purposes)

http://www.google.de/settings/ads (manage information that Google uses to show you adverts).

(9) Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

(1) Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. ("Google")

(2) These functions enable us to display advertisements to our users on our website in a more targeted manner; so that, for example, interest-related, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) are also displayed on another of your end devices (e.g. tablet or PC).

(3) If, for example, a user is shown adverts for products that they have already shown an interest in on other websites, this is referred to as remarketing. For these purposes, when our and other websites on which the Google tools are active are called up, a so-called web beacon (code from Google) is executed directly by Google and integrated into the website. With its help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies).

(4) Each Google AdWords customer receives a different cookie. These cookies cannot be tracked via the websites of AdWords customers. The information collected accordingly (using conversion cookies) is used to create conversion statistics. This means, for example, that we only find out the total number of users who have clicked on an advert. However, these statistics do not contain any information with which users can be personally identified.

(5) The IP address of users is also recorded, whereby we inform Google Analytics that the IP address is shortened within member states of the European Union or in other signatory states to the Agreement on the European Economic Area and only in exceptional cases is it transmitted in full to a Google server in the USA and shortened there. The IP address is not merged with the user's data within other Google services. Google may also combine the aforementioned information with such information from other sources. If the user subsequently visits other websites, they can be shown adverts tailored to their interests.

(6) If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google Conversion Tracking cookie via your Internet browser under user settings. This means that you will not be included in our conversion tracking statistics.

(7) For more information on Google's use of data for marketing purposes, please visit the overview page: https://www.google.com/policies/technologies/ads, Google's privacy policy is available at https://www.google.com/policies/privacy.

(8) If you wish to object to interest-based advertising by Google marketing services, you can use the setting and opt-out options provided by Google: http://www.google.com/ads/preferences.

(9) Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

(1) Plugins of the social network Facebook (provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA) are integrated on this website. You can recognise these Facebook plugins by the Facebook logo or the "Like" button on our site. You can find an overview of which Facebook plugins are available at: developers.facebook.com/docs/plugins/.

(2) When you visit our pages, a direct connection is established between your browser and the Facebook server via the plugin. Facebook receives the information that you have visited our site with your IP address. If you click on the Facebook "Like" button while you are logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to associate your visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information on this can be found in Facebook's privacy policy at: de-de.facebook.com/policy.php.

(3) If you do not want Facebook to be able to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account and delete your cookies.

(4) Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law www.privacyshield.gov/participant

(5) Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: www.facebook.com/settings

(1) This website uses Instagram functions. These functions are offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA 94025, USA. You can recognise the Instagram button by the Instagram camera symbol.

(2) If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on this Instagram button. This allows Instagram to associate your visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.

(3) Further information on this can be found in Instagram's privacy policy: instagram.com/about/legal/privacy.

(1) This site uses functions of Linktree. These functions are offered by Linktree Pty Ltd, 37 Islington St, Collingwood VIC 3066, Australia. You can recognise the Linktree button by the Linktree tree symbol.

(2) If you are logged into your Instagram account, you can access an overview page by clicking on the Linktree link on our Instagram profile. The links provided there will take you to our website. This allows link.tree to assign the visit to our pages to your user account. We would like to point out that, as the provider of the pages, we can only view the number of general page views via Linktree. However, we have no knowledge of the further content of the transmitted data or its use by Linktree.

(3) Further information on this can be found in Linktree's privacy policy https://linktr.ee/s/privacy/

(1) Within our online offer, we use the so-called "Facebook pixel" of the social network Facebook due to our legitimate interests in analysing and optimising our online offer. This is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are based in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").

(2) Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law: www.privacyshield.gov/participant

(3) This allows the behaviour of site visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimised.

(4) The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy. This enables Facebook to place adverts on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the operator of this website.

(5) The processing of data by Facebook takes place within the framework of Facebook's data usage policy. You can find further information on protecting your privacy in Facebook's privacy policy: www.facebook.com/about/privacy/.

(6) Specific information and details about the Facebook pixel and how it works can be found in Facebook's help section: www.facebook.com/business/help/651294705016616.

(7) You can object to the collection by the Facebook pixel and use of your data to display Facebook ads www.facebook.com/settings.

(1) By subscribing to our newsletter offered on our website, you agree to receive it and to the procedures described.

(2) We only send newsletters, emails and other electronic notifications containing advertising information with the consent of the recipient or with legal authorisation. Our newsletters also contain information about our current offers, news and promotions from our companies.

(3) Registration for our newsletter takes place exclusively in a so-called double opt-in procedure. This means that after registering using the contact form, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no-one can register or impersonate you using a third-party e-mail address. Registrations for the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the mailing service provider are also logged.

(4) Dispatch service provider: The newsletter is sent by "mailingwerk", an Austrian newsletter dispatch platform. You can view the data protection provisions of the mailing service provider here: www.netwerk.at/datenschutz/

(5) Our newsletters contain a so-called web beacon (a small file that is retrieved from the mailing service provider's server when the newsletter is opened). This contains technical information, such as information about the browser and your system, as well as your IP address and time of retrieval. This information is used for the technical improvement of the services. These statistical purposes also include recording whether the newsletter is opened, when it is opened and which links within the newsletter are clicked on.

(6) The use of the mailing service provider, the performance of statistical surveys and analyses and the logging of the registration process are based on our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. We are interested in using a user-friendly and secure newsletter system that serves both our business interests and the expectations of users.

(7) Cancellation/revocation - You can cancel the receipt of our newsletter at any time. At the same time, your consent to its dispatch by the dispatch service provider and the statistical analyses will expire. Unfortunately, it is not possible to cancel the sending of the newsletter by the mailing service provider or the statistical analyses separately. You will find a link to unsubscribe from the newsletter at the end of each newsletter. Your personal data will be deleted after cancellation.

(1) You have the option of registering on our website for free brochure dispatch via a corresponding contact form. The registrations for brochure dispatch are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes storing the time of registration and confirmation as well as the IP address.

(2) The data you provide will only be used for the purpose of sending you the brochure you have requested and will not be passed on to third parties.

(3) Your data will be deleted after expiry of the guarantee, warranty, limitation and statutory or contractual retention periods applicable to us or, if applicable, after the end of any legal disputes in which the data is required as evidence.

(1) You have the option of sending a non-binding enquiry to the desired Vivea Hotel via a corresponding contact form on our website. The enquiries are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes storing the time of registration and confirmation as well as the IP address.

(2) The data you provide will be used exclusively for the enquiry you have made and will not be passed on to third parties.

(3) Your data will be deleted after the expiry of the guarantee, warranty, limitation and statutory or contractual retention periods applicable to us or, if applicable, after the end of any legal disputes in which the data is required as evidence.

(1) On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR. GDPR), service offers from third-party providers are integrated. This always presupposes that the third-party providers of this content recognise the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content. Third-party providers can use pixel tags (web beacons) for statistical or marketing purposes, among other things. These pixels can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as being linked to such information from other sources.

(2) Below you will find an overview of the third-party providers commissioned by us and their content as well as the corresponding links to the respective data protection declarations:

External payment services:

- Sofort AG / Klarna: https://www.klarna.com/at/datenschutz/
- NEXI: In the area of card payment (direct debit/girocard/credit cards), we work together with Nexi GmbH (Nexi), Helfmann Park 7, D-65760 Eschborn, represented by its managing directors Mark Freese, Jens Mahlke and Luca Zanotti. In this context, in addition to the purchase amount and date, card data is also transmitted to the above-mentioned company. All payment data and data on any chargebacks will only be stored for as long as they are required for payment processing (including the processing of possible chargebacks and debt collection) and to combat misuse. As a rule, the data is deleted no later than 13 months after it is collected. In addition, further storage may take place if and as long as this is necessary to comply with a statutory retention period or to pursue a specific case of misuse. The legal basis for data processing is Article 6(1)(f) of the General Data Protection Regulation. You can request information and, if necessary, correction or deletion as well as the restriction of the processing of your data and/or, if necessary, object to the processing of your data. If you have any questions about data processing by Concardis or to assert your aforementioned rights, you can contact the data protection officer at the address provided or by email at Datenschutzbeauftragter@concardis.com. You also have the right to lodge a complaint with a supervisory authority. We would like to point out that the provision of payment data is neither legally nor contractually required. If you do not wish to provide your payment details, you can use another payment method.
Privacy Policy: https://www.concardis.com/at-de/datenschutzerklaerung

- External fonts from Google Inc, https://www.google.com/fonts ("Google Fonts"). Google Fonts are integrated by accessing a Google server (usually in the USA).
Privacy Policy: https://www.google.com/policies/privacy/
Opt-Out: https://www.google.com/settings/ads/

- Maps of the "Google Maps" service of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy Policy: https://www.google.com/policies/privacy/
Opt-Out: https://www.google.com/settings/ads

- Videos from the "YouTube" platform of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy Policy: https://www.google.com/policies/privacy/
Opt-Out: https://www.google.com/settings/ads/

- LinkedIn: The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our pages containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click on the LinkedIn "Recommend" button and are logged into your LinkedIn account, LinkedIn is able to associate your visit to our website with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn.
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

- XING: The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time one of our pages containing Xing functions is accessed, a connection to Xing servers is established. To the best of our knowledge, no personal data is stored in the process. In particular, no IP addresses are stored or usage behaviour evaluated.
Privacy policy: https://www.xing.com/app/share?op=data_protection.

- Web analysis and optimisation with the help of the Hotjar service (third-party provider Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe). With the help of Hotjar, we can track movements on the websites on which Hotjar is used (so-called heat maps). For example, we can see how far users scroll and which buttons users click and how often. Technical data such as the selected language, system, screen resolution and browser type are also recorded. User profiles can be created, at least temporarily, during a visit to our website. Hotjar can also be used to obtain feedback directly from website users. In this way, we obtain valuable information to make our websites even faster and more customer-friendly.
Privacy Policy: https://www.hotjar.com/privacy Opt-Out: https://www.hotjar.com/opt-out

- Web widgets of HolidayCheck AG Bahnweg 8 CH-8598 Bottighofen Switzerland
Web widgets (widgets -> things) are small programmes that are integrated into the website and display information from other websites. The content that is displayed on our website (ratings/recommendation rate) is always retrieved from the HolidayCheck servers. For this to work technically, data must be exchanged between the two servers involved. This includes the date and time of the visit; the page from which the request is made; the Internet Protocol address (IP address) used, browser type and version, device type, operating system and similar technical information. The legal basis is our legitimate interest pursuant to Art. 6 para. 1 f) GDPR. By providing this service, we deliver up-to-date and correct content on our website. The processed data is only used to provide the content or to transmit data that you provide when you submit a review directly on our website. They are not processed in any other way, in particular not to analyse user behaviour. We do not store the above-mentioned data as part of this processing. We use Google Fonts to design the widgets. For this purpose, your IP address is transmitted to Google servers in the USA. The EU-US Privacy Shield serves as a guarantee in accordance with Art. 45 GDPR. The legal basis is our legitimate interest in accordance with Art. 6 para. 1 f) GDPR. By using the fonts, we ensure the consistent display of the widgets. Information on data processing by HolidayCheck AG can be found in the privacy policy at www.holidaycheck.de/datenschutz

- Web widgets of Customer Alliance GmbH, Ullsteinstr. 118 | Turm B, DE-12109 Berlin, Germany
Privacy policy: https://www.customer-alliance.com/de/datenschutzbestimmug

(1) Users have the right to request information free of charge about the personal data that we have stored about them.

(2) With reference to this request for information, we would like to point out that the right formulated in Art. 15 GDPR to request information about the data processed by you as a data subject is a highly personal right. Accordingly, we are obliged to obtain and document proof of your identity. This is in particular to ensure that only you as the data subject receive information about your data. In this way, you help us to prevent misuse of the right to information.

(3) After receiving your proof of identity, we will fulfil your request immediately. The statutory period of one month under Art. 12 GDPR for providing information only begins upon receipt of valid proof of identity.

(4) In addition, users have the right to rectification of inaccurate data, restriction of processing and erasure of their personal data, if applicable, to assert their rights to data portability and, in the event of the assumption of unlawful data processing, to lodge a complaint with the competent supervisory authority.

(5) Users can also revoke their consent, in principle with effect for the future.

(1) The data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the user's data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax law reasons.

(2) In accordance with legal requirements, data is stored for 6 years in accordance with Section 257 (1) HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.), for 10 years in accordance with Section 147 (1) AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).

Users can object to the future processing of their personal data in accordance with the legal requirements at any time. The objection can be made in particular against processing for direct marketing purposes.

(1) We reserve the right to amend the privacy policy in order to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this only applies with regard to declarations on data processing. If user consent is required or parts of the privacy policy contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.