1. General information
We attach great importance to protecting your privacy and processing your personal data in accordance with the law. In our capacity as controller we would like to make processing transparent and use this privacy statement as a means of advising you on how your personal data are processed when you use this website, on how to contact us, on how to express interest in one of our real estate offers and request information on this or other offers and/or on how to conclude a contract with us.
2. Name and contact details of the data controller and of the data protection coordinator
Controller of your personal data:
In addition to the controller, you can also contact the relevant data protection coordinator via the below contact details:
Data Privacy Officer, 1010 Wien, Freyung 3, Tel.: +43 1 532 9848 2875, E-Mail.: firstname.lastname@example.org
3. Categories of personal data we process in relation to you
Personal data are any items of information concerning an identified or identifiable natural person, meaning they can be attributed to you personally. Examples are your name, address, phone number, email address or IP address. As set out below, we process various items of personal data that we have received from you in the course of our (business) relations. We also process data we have legitimately received from brokers and consultants or from publicly accessible sources, such as the commercial register or land register. We collect certain items of information when you use our website (see section on server log files for more details). Moreover, we collect data automatically by means of cookies (see below for more details). If you display interest in our offers by filling out the contact form, we will process your first and last name, email address, phone number and any comments you send us via the free text field. We also process any additional (personal) data that you send us voluntarily. To execute a contract that has or will be concluded between us, we will process your contact details in particular, as well as data required for identification and for executing the contract (contract and real estate data, correspondence about account and payment data, etc.). Villa Eden Hotel GmbH is primarily responsible for processing and further action.
4. Relevant legal framework
If the privacy statement does not specify the legal framework, the following shall apply. Point (a) of Article 6(1) GDPR and Article 7 GDPR provide the legal framework for obtaining consents, point (b) of Article 6(1) GDPR provides the legal framework for processing to fulfil our services, implementing contractual measures and responding to enquiries, point (c) of Article 6(1) GDPR provides the legal framework for processing to fulfil our legal obligations and point (f) of Article 6(1) GDPR provides the legal framework for processing to safeguard our legitimate interests.
5. Use of our contact form for the purpose of making contact and periodically mailing event invitations and items of information
When you send the contact form your personal data in the contact fields (first and last name, email address, phone number and any comments you send us) are processed for the purpose of making contact and periodically mailing items of information and event invitations for offers. The processing of data entered in the contact form and disclosure of such data to third parties are based on your consent given (in accordance with point (a) of Article 6(1) GDPR) for the purposes stated in each particular case. There is no obligation to actually provide the data we request from you on our website. You may withdraw your consent completely or partially at any time at email@example.com, having effect for the future. In its capacity as controller and joint point of contact, Villa Eden Hotel GmbH shall take receipt of the withdrawal, even if the withdrawal concerns data handling by the co-controller. Each mailing also contains an option of withdrawal. Thewithdrawal shall not affect the lawfulness of processing based on consent before its withdrawal. The personal data you provide via the contact form will be processed until we stop offering you the service described above for our office offers if no withdrawal is made. Provided there are no statutory retention requirements, your personal data will be erased three years after the last use.
6. Provision of contractual services
In cases where a contract is concluded, your personal data (in particular, your contact details and data required for identification and executing the contract, such as contract and real estate data or correspondence about account and payment data) shall be processed for the preparation, conclusion and execution of rental or purchase contracts and the execution of your orders, as well as any other activities or actions that are related and necessary (in accordance with point (b) of Article 6(1) GDPR).
The data shall be kept for the duration of the contract and thereafter for at least as long as statutory retention periods or limitation periods for potential legal claims apply.
You must provide the items of personal data necessary for proper execution of the contract and that we are legally obliged to collect. We will normally be forced to refuse conclusion of the contract if you do not wish to provide us the data. We can no longer execute an existing contract in such cases. Data not needed for proper execution of the business relationship or required by law need not be provided, however. Disclosure of such data is voluntary
7. Server log files
The provider of the website automatically collects and stores items of information (browser type and version, operating system used, referrer URL, host name of the accessing computer, time of the server inquiry and IP address) in server log files, which your browser transmits automatically.
The data collected are used to ensure the website can connect in the manner intended, that it is easy to use and to evaluate the security and stability of the system. We reserve the right to examine these data retrospectively if there is concrete evidence of illegal activity. These data will not be combined with data from other sources
Point (f) of Article 6(1) GDPR provides the legal framework for the data processing. The legitimate interest arises from the data collection purposes listed above.
Server log files are stored for a period of 180 days and then erased. Data whose further retention is required for evidentiary purposes are excluded from such erasure until the incident concerned is finally resolved. The recording of data to provide the website and the storage of these data in log files are absolutely essential for operation of the website. There is therefore no option to object to such usage in this case.
Die Erfassung der Daten zur Bereitstellung der Website und die Speicherung der Daten in Logfiles ist für den Betrieb der Website zwingend erforderlich. Es besteht im vorliegenden Fall daher keine Widerspruchsmöglichkeit gegen die Nutzung.
This website uses transient and persistent cookies whose scope and function are explained below:
Transient cookies are erased automatically when you close the browser. These include session cookies, in particular. These store a session ID, which can be used to assign various requests from your browser to a common session. This makes it possible to recognise your computer if you return to our website. Session cookies are erased when you log out or close the browser.
Persistent cookies are erased automatically after a set period of time, which can vary depending on the cookie. You can erase cookies in your browser’s security settings at any time.
You can prevent the installation of cookies at any time by adjusting the settings of the browser used accordingly. In addition, you can erase already installed cookies at any time using your browser. This can be done in all standard browsers. However, please note that if you disable the installation of cookies in the internet browser you are using or if you have erased already installed cookies, you may not be able to use all the features of our website in full.
9. Social Media
On the basis of Art. 6(1)(f) GDPR, we place buttons on our website that belong to the social networks Facebook, Twitter and Instagram in order to increase awareness of our website and projects via these channels. To increase the protection of your data when you visit our website, these buttons are not unrestricted; they are merely embedded in the site using an HTML link. This embedding ensures that when you access a page of our website that contains such buttons, a connection is not established with the servers of the provider of the respective social network. By clicking on the respective icon, you consent to communication with the respective platform and to the transmission of information (e.g. IP address) to the respective service provider. The provider of the social network can be identified by the marking on the box, i.e. its initial letter or logo.
The purpose and scope of data collection and the further processing and use of the data by the providers on their sites, as well as your rights in this regard and the settings you can configure to protect your privacy, are set out in the data privacy policies of these providers. Please note that, as the provider of this website, we have no knowledge of the content of the data transmitted or of the use thereof by the respective providers. Addresses of the respective providers with their data privacy policies:
- Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, bzw. falls Sie in der EU ansässig sind, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland; Datenschutzerklärung von Facebook: https://www.facebook.com/policy. Facebook ist unter dem Privacy-Shield-Abkommen zertifiziert und garantiert hierdurch, das europäische Datenschutzniveau einzuhalten.
- Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA; Datenschutzerklärung von Instagram: http://instagram.com/about/legal/privacy/.
13. Disclosure of data
In particular, your personal data will be sent to the following companies that provide services for us in connection with the provision of information and event invitations for our office offers:
- IT Serviceprovider (especially the SIGNA Informationstechnologie GmbH).
- It may be necessary to transmit your data to the following recipients if the processing of your personal data is connected with performance of the contract (rental contract):
- third parties involved in the transaction (including individuals who inevitably participate in the transaction and potential contractors, financing companies, insurance companies, etc.);
- service providers (including tax advisers, building management, insurance, external service providers such as cleaning companies, safety officers, accounting, facility management, service companies, chimney sweeps, public authorities, lawyers, etc.);
- local tax office and other public authorities, tax advisers and legal representatives (for enforcing rights, defending claims or in the context of administrative proceedings), and
- Unternehmen, die im Rahmen der Betreuung unserer unternehmensinternen IT-Infrastruktur (Software, Hardware) beauftragt sind (insbesondere die SIGNA Informationstechnologie GmbH).
Ihre Daten werden selbstverständlich nur in dem Maße weitergegeben, wie es nach dem jeweiligen Zweck der Verarbeitung erforderlich ist.
Apart from the automated delivery of emails via MailChimp, which has entered into the EU Privacy Shield, we do not intend to transfer data to any recipient in a third country (outside the EU) or international organisation.
Article 28 GDPR provides the basis should we contract any third party to process data on our behalf.
14. Data security
We take appropriate technical and organisational measures to ensure data processing is secure and to process your (personal) data such that unauthorised third parties cannot access it.
Despite our security measures, there is a possibility that other individuals will view and use information you share with us over the internet, especially in unencrypted emails.
15. Changes to this data privacy statement
We reserve the right to amend any information provided in this privacy statement in accordance with changes in legislation or case-law without prior notice. The version published here is valid.
16. Your rights in relation to personal data
You have the right of access to information about your personal data (see Article 15 GDPR for more details), as well as to request the rectification (see Article 16 GDPR for more details), erasure (see Article 17 GDPR for more details), restriction of processing (see Article 18 GDPR for more details) and the portability (see Article 20 GDPR for more details) of your personal data.
Furthermore, under certain circumstances you may object to the processing of your personal data (in cases where your personal data are processed based on legitimate interests according to point (f) of Article 6(1) GDPR – see Article 21 GDPR for more details).
If processing is based on your consent, you also have a permanent right to withdraw the consent (see Article 7(3) GDPR for more details), where this shall not affect the legality of any processing prior to withdrawal on the basis of the consent.
You may address such requests to Villa Eden Hotel GmbH in its capacity as controller and joint point of contact (see contact details above in Section 3.) or to the data protection coordinator with an indication of your request.
To protect your privacy and security, we reserve the right to verify your identity before taking any of the measures listed above.
We attach great importance to protecting your personal data and processing it in accordance with the law. Please send any questions or concerns regarding the processing of your personal data to Villa Eden Hotel GmbH in its capacity as joint point of contact for the joint controller (see contact details above in Section 3.) or to the data protection coordinator. You also have the option of contacting Italy’s data protection authority if you believe your personal data is being processed unlawfully.