Data Protection Declaration for Germany

Privacy Policy and Consent to Data Use

Thank you for visiting our homepage and for your interest in our company. Our dealings with our customers and prospective customers is a matter of trust. Your trust is of great value to us. As such, we recognise the importance and obligation of handling your data carefully and protecting it from misuse.

In order to make you feel safe and secure when visiting our website, we take the protection of your personal data and its confidential treatment very seriously. Therefore, we act in accordance with applicable personal data protection and data security legislation. In this notice on data protection, we would like to inform you about which data we store and when, and how we use it – of course, in compliance with applicable laws.

ARCOTEL Hotels bases its practices in particular on the EU General Data Protection Regulation (GDPR). Below, we explain which information we collect during your visit to our website and how it is used.
 

I. Name and address of the controller

The controller within the meaning GDPR and other national data protection laws of the Member States as well as other data protection regulations is:

ARCOTEL Hotels & Resorts GmbH, Konstantingasse 6-8, A-1160 Vienna
Austria, tel: +43 (1) 485 5000, fax: +43 (1) 485 5000-12, email: office@arcotelhotels.com


II. Name and address of the Data Protection Officer

The controller’s Data Protection Officer is:
Andreas Thurmann, DataSolution Thurmann GbR, Isarstr. 13, D-14974 Ludwigsfelde, Germany, tel.: +49 (0) 3378 202513, fax: (0) 3378 202514, email: mail@hoteldatenschutz.de


III. General information about data processing

1. Scope of processing of personal data

In principle, we collect and use personal data of our users only to the extent necessary for the provision of a functional website and our content and services. The collection and use of personal data of our users regularly takes place only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) GDPR serves as the legal basis. For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures. Insofar as the processing of personal data is required to fulfil a legal obligation that our company is subject to (e.g. national reporting laws), Art. 6 (1) (c) GDPR serves as the legal basis. If the processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 (1) (f) GDPR serves as the legal basis for processing.

3. Deletion of data and duration of storage

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage ceases to exist. In addition, storage may be provided for by European or national legislators in EU regulations, laws or other provisions to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the provisions mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.


IV. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the system of the computer accessing it. The following data is collected:

  • (1) Information about the browser type and version used
  • (2) The operating system of the user
  • (3) The IP address of the user
  • (4) Date and time of access
  • (5) Websites from which the system of the user is rerouted to our website
  • (6) Websites accessed by the user’s system via our website

The data is also stored in our system’s log files. No storage of this data together with other personal data of the user takes place. Personal user profiles cannot be created. The stored data is only evaluated for statistical purposes.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to allow delivery of the website to the user’s computer. To do this, the user’s IP address must be kept stored for the duration of the session.

Storage in log files is carried out to ensure the functionality of the website. In addition, the data is used to optimise the website and ensure the security of our information technology systems. No evaluation of the data for marketing purposes takes place in this context.

These purposes also represent our legitimate interest in the processing of data according to Art. 6 (1) (f) GDPR.

4. Duration of storage

The data is deleted as soon as it is no longer necessary for the purpose of its collection. If the data is collected for the purpose of the providing the website, this is the case when the respective session is ended.

If the data is stored in log files, this is the case after no more than seven days. Further storage is possible. In this case, the IP addresses of the users are deleted or anonymised, thus preventing them from being associated with the visiting client.

5. Objection and removal options

The collection of data for the provision of the website and the storage of the data in log files is essential for the website’s operation. As a result, the user has no option to object.


V. Contact/email contact

1. Description and scope of data processing

A contact option is available on our website which can be used for electronic contact. If a user makes use of this option, they can contact the relevant contact person via the email address provided. In this case, the user’s personal data transmitted by email is stored in the email system.

In this context, there is no disclosure of data to third parties. The data is used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for the processing of these data is Art. 6 (1) (a) GDPR if the user has granted its consent.

The legal basis for the processing of the data is, moreover, Art. 6 (1) (f) GDPR. If contact is established in order to conclude a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

3. Purpose of data processing

For the processing of personal data as part of email contact, the required legitimate interest in the processing of data is given.

4. Duration of storage

The data is deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been definitively clarified.

If the contact is a pre-contractual relationship (offer or reservation request), the data transferred is also stored in our hotel software and used for contract performance. If no contractual relationship arises, we will delete the data after one year effective at the end of the year.

5. Objection and removal options

The user has the option to object to the processing of their personal data at any time. We have set up the email address datenschutz@arcotelhotels.com for this purpose.

Please note that in the case of an objection, the conversation cannot be continued and we cannot create offers etc.

All personal data stored in the course of making contact will be deleted in this case.


VI. Online booking through the website

1. Description and scope of data processing

On our website, you have the option to book rooms and arrangements for each ARCOTEL Hotel. If a user makes use of this option, the data entered in the input form will be transmitted to us and stored. This data includes: first name, surname, email address, phone number, address, number of accompanying travellers, expected arrival time, requests, payment data (credit card), date, time.

If you make an online booking from our websites, this is done through the bookassist online booking system provided by Automatic Netware Ltd, 35 Fitzwilliam Place, Dublin 2, Ireland. All booking data entered by you will be encrypted. bookassist has committed itself to the handling of your transmitted data in accordance with data protection law. It takes all organisational and technical measures to protect your data.

In this context, no further transfer of the data to third parties will take place. The data is used exclusively to process the booking and for communication.

2. Legal basis for data processing

The legal basis for processing the data is the conclusion of an accommodation contract with the user in accordance with Art. 6 (1) (b) GDPR.

3. Purpose of data processing

The processing of personal data from the input form is solely for the purpose of processing the booking request and payments.

4. Duration of storage

The data is deleted as soon as it is no longer necessary for the purpose of its collection. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention requirements are met.

5. Objection and removal options

The user has the option to object to the processing of their personal data at any time. We have set up the email address datenschutz@arcotelhotels.com for this purpose.

Please note that in the case of an objection, the booking cannot be completed and the conversation cannot be continued.


VII. Online booking through other websites

1. Description and scope of data processing

ARCOTEL Hotels & Resorts gives interested parties the option to book rooms and arrangements for each ARCOTEL Hotel through hotel reservation portals (third-party providers). If a user makes use of this option, the data entered in the input form will be transmitted to us and stored to the extent permitted by the respective hotel reservation portal in accordance with its own privacy policy. The data may include: first name, surname, email address, phone number, address, number of accompanying travellers, expected arrival time, requests, payment data (credit card).

The data provided is transferred to our hotel software via a so-called channel manager. All booking data received is transferred in encrypted form. As the provider of the channel manager, HotelNetSolutions GmbH, Genthiner Str. 8, D-10785 Berlin, Germany, has committed itself to the handling of the personal data transmitted in accordance with data protection law. It takes all organisational and technical measures to protect your data.

In this context, no further transfer of the data to third parties will take place. The data is used exclusively to process the booking and, if necessary, for communication.

2. Legal basis for data processing

The legal basis for processing the data is the conclusion of an accommodation contract with the user in accordance with Art. 6 (1) (b) GDPR.

3. Purpose of data processing

The processing of personal data from the input form is solely for the purpose of processing the booking request and payments.

4. Duration of storage

The data is deleted as soon as it is no longer necessary for the purpose of its collection. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention requirements are met.

ARCOTEL has no influence on the storage periods at the respective hotel reservation portal.

5. Objection and removal options

The user has the option to object to the processing of their personal data at any time. We have set up the email address datenschutz@arcotelhotels.com for this purpose.

Please note that in the case of an objection, the booking cannot be completed and the conversation cannot be continued.


VIII. Purchase of vouchers through the website

1. Description and scope of data processing

On our website, you have the option to purchase vouchers. If a user makes use of this option, the data entered in the input form will be transmitted to us and stored. This data includes: title/company name, first name, surname, date of birth, email address, address, phone/fax number, voucher value, requests, payment data, password for individual user account.

If you purchase a voucher from our websites, this is done through the online ordering platform of INCERT eTourismus GmbH & Co KG, Leonfeldner Straße 328, A-4040 Linz, Austria. All order data entered by you will be transferred in encrypted form. INCERT has committed itself to the handling of your transmitted data in accordance with data protection law. INCERT takes all organisational and technical measures to protect your data.

In this context, no further transfer of the data to third parties will take place. The data is used exclusively to process the booking and for communication.

2. Legal basis for data processing

The legal basis for processing the data is the conclusion of a sales contract with the user in accordance with Art. 6 (1) (b) GDPR.

3. Purpose of data processing

The processing of the personal data from the input form is solely for the purpose of processing the voucher purchase and payment transactions.

4. Duration of storage

The data is deleted as soon as it is no longer necessary for the purpose of its collection. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention requirements are met.

5. Objection and removal options

The user has the option to object to the processing of their personal data at any time. We have set up the email address datenschutz@arcotelhotels.com for this purpose.


IX. Newsletter service

1. Description and scope of data processing

On our website, there is the option to sign up for our newsletter service in different ways. If a user makes use of this option, the data entered in the input form will be transmitted to us and stored. This data includes: email address and voluntary information such as title, first name, surname, language, desired destination or topics.

If you sign up for a newsletter from our websites, the data will be stored in our newsletter tool provided by Eyepin GmbH, Billrothstrasse 52, A-1190 Vienna, Austria. Eyepin GmbH has committed itself to the handling of your transmitted data in accordance with data protection law. It takes all organisational and technical measures to protect your data.

Should we otherwise receive an email address where the recipient clearly notifies us that they would like to receive our newsletter, we will collect their data via the input form on our website.

In this context, no further transfer of the data to third parties will take place. The data is used exclusively for sending newsletters.

2. Legal basis for data processing

The legal basis for processing the data is the consent of the recipient in accordance with Art. 6 (1) (a) GDPR. This is ensured by a double-opt-in procedure.

3. Purpose of data processing

The processing of personal data is solely for the purpose of sending individual newsletters.

4. Duration of storage

The data will be deleted as soon as the newsletter service has been unsubscribed from.

5. Objection and removal options

The recipient has the option to object to the processing of their personal data at any time. In each newsletter, the recipient can unsubscribe from the newsletter service. We have also set up the email address datenschutz@arcotelhotels.com. Please tell us the email address here.


X. Consulting, advertising and market research

1. Description and scope of data processing

For the support, consulting and advertising of corporate customers, we collect and use data on the contact person, phone number and postal address in addition to the business partner or potential business partner. The information is obtained from various sources, either through a request (email or phone), but also through events, fairs, business cards received by our sales staff etc.

In this context, there is no disclosure of data to third parties. The data is used exclusively for the purposes mentioned.

2. Legal basis for data processing

The legal basis for the processing of the data is, moreover, Art. 6 (1) (f) GDPR. If contact is established in order to conclude a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

3. Purpose of data processing

We use this contact information exclusively for our own purposes and for the needs-based design of our own sales activities.

4. Duration of storage

No general deletion period is provided. However, should our sales department have had no contact with the company within three years, the sales department will decide whether to delete the contact person for the company.

If the contact is a pre-contractual relationship (offer or reservation request), the data transferred is also stored in our hotel software and used for contract performance. If no contractual relationship arises, we will delete the data after one year effective at the end of the year.

5. Objection and removal options

The company contact has the option to object to the processing of their personal data at any time. We have set up the email address datenschutz@arcotelhotels.com for this purpose.

All personal data of the contact person saved for the business partner will be deleted in this case.


XI. Online review

1. Description and scope of data processing

Former guests can leave a review of our hotel after check-out. For this purpose, we would like to send you an email within 14 days of departure to ask you for a hotel review. In addition, there is the option of submitting the review in a paper questionnaire. In this case, we will enter the opinion submitted into the online review system. Each review may be published anonymously on request. If you did not feel comfortable in one of our hotels, we would like to take the opportunity to contact you.

If you submit an online review on our website, the data will be stored in the rating tool of TrustYou GmbH, Agnes-Pockels-Bogen 1, D-80992 Munich, Germany. TrustYou GmbH has committed itself to the handling of your transmitted data in accordance with data protection law. It takes all organisational and technical measures to protect your data.

If a former guest makes use of this online review option, data from the former guest is stored in the evaluation form. This data includes: email address as well as voluntary information such as first name, surname, language and information provided in the review.

In this context, no further transfer of the data to third parties will take place. The data will only be used to publish the rating and to mediate poor ratings.

2. Legal basis for data processing

The legal basis for the processing of data is, moreover, Art. 6 (1) (f) GDPR, i.e. the legitimate interest of ARCOTEL.

3. Purpose of data processing

The purpose of the hotel review is to communicate and summarise the opinions of hotel guests through our website so that interested parties can form their own impression about our services. In addition, the results assist with our internal quality management.

4. Duration of storage

The data is not deleted.

5. Objection and removal options

There is always the option to have the publication of the review deleted (right to be forgotten). We have set up the email address datenschutz@arcotelhotels.com for this purpose. Please let us know what review you would like to have deleted.


XII. Use of cookies

1. Description and scope of data processing

Cookies are small files that allow us to store specific information related to you, the user, on your computer while you visit one of our websites. Cookies help us to determine the frequency of use and the number of users on our websites, as well as to make our offers as comfortable and efficient as possible for you.

We use ‘session cookies’, which are cached exclusively for the duration of your use of our website. The session cookies are stored on your data carrier to ensure certain settings and functionalities on our websites via your browser. The cookies we use are deleted after the end of the browser session, i.e. once you close your browser.

Below, we describe which cookies we use on the site in more detail.
These cookies allow us to tailor the features and content of the site to your needs by storing your preferences. For example, these cookies may be used to store your user data in our forum or to make a language selection. In addition, they can be used to provide interactive information, such as watching our virtual catalogues or videos.

Cookie name Valid Purpose of the cookie

  • exp_last_activity 1 year This cookie tells us the date of your last activity on our website. If it is your first visit, it will be set to the current time.
  • exp_last_visit 1 year This cookie is only relevant to registered users. If you are browsing the site as a guest, it will be set to a date in the past.
  • exp_tracker until the end of the session This cookie stores the last 5 pages that you visited on our site. We use this information to redirect you to the page where you were located.
  • SSL_JSessionID until the end of the session bookassit cookie

In addition, we use cookies on our website that enable an analysis of users’ browsing behaviour. In this way, the following data can be transmitted: search terms entered, frequency of page views, use of website functions. The users’ data collected in this way is pseudonymised by way of technical precautions. As such, the data can no longer be associated with the visiting user. The data is not stored together with other personal data of the users. When accessing our website, the user is informed about the use of cookies for analytics purposes and their consent to the processing of the personal data used in this context is obtained. In this context, reference is also made to this privacy policy.

2. Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) (f) GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is the consent of the user in accordance with Art. 6 (1) (a) GDPR.

3. Purpose of data processing

The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some features of our website cannot be offered without the use of cookies. For them, the browser needs to be recognised even after changing pages. The user data collected through technically necessary cookies is not used to create user profiles.

Analysis cookies are used to improve the quality of our website and its contents. Through the analysis cookies, we learn how the website is used, allowing us to constantly optimise our service.

For these purposes, our legitimate interest in the processing of personal data is in accordance with Art. 6 (1) (f) GDPR.

4. Duration of storage, objection and deletion options

Cookies are stored on the computer of the user and transferred by it to our site. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transfer of cookies. Previously saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to their full extent.

The use of our services is also possible without cookies and scripts. You can disable the storage of cookies and scripts in your browser, restrict them to certain websites or set your browser to notify you when a cookie is sent. You can also delete cookies from your computer’s hard drive at any time.

You can install browser add-ons to block scripts. NoScript for Firefox and ScriptSafe for Google Chrome are examples of such browser add-ons. These not only block any kind of JavaScript, they also block selected trackers, Java, Flash and other plugins on websites.

If you are concerned about third-party cookies, you can reject them specifically and still receive the cookies that make our website work properly.

This is how you can reject cookies in any of the main browsers:

Mozilla Firefox: http://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Google Chrome: https://support.google.com/chrome/bin/answer.py?hl=de&answer=95647&p=cpn_cookies

Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11

Safari: http://support.apple.com/kb/PH11913

Please note, however, that in these cases you will have to expect a limited presentation of the page and a limited user interface.

5. Additional information

In addition to the above information about the use of cookies, please note the following:

Use of Google Analytics, Google Convers Tracking and Google Remarketing
Our website uses Google Analytics, Google Convers Tracking and Google Remarketing. These are services of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’).

This service uses Google Analytics, a web analytics service of Google Inc. (‘Google’). Google Analytics uses ‘cookies’, text files that are stored on users’ computers and enable the analysis of website use. The information generated by the cookie about the use of this website by the users is usually transmitted to a Google server in the US and stored there. However, if IP anonymisation is activated on this website, Google will truncate the users’ IP addresses beforehand within Member States of the European Union or other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and truncated there. IP anonymisation is active on this website. On behalf of the operator of this website, Google will use this information to evaluate users’ use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Users can prevent the storage of cookies by configuring their browser software accordingly; however, please note that you may not be able to use all features of this website to their full extent in this case. In addition, users may prevent the collection of the data generated by the cookie and relating to their use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. As an alternative to the browser add-on or within browsers on mobile devices, please click this link to prevent Google Analytics from collecting data on this website in the future. This will store an opt-out cookie on your device. If you delete your cookies, you will have to click this link again. In addition, the explanations in Section XI (1) to (4) above apply.

Disabling Google advertising

(http://www.google.com/privacy_ads.html) or on the deactivation page of the Network Advertising Initiative (http://www.networkadvertising.org/managing/opt_out.asp)

Use of Facebook Social Plugins

Our website uses social plugins (‘plugins’) of the social network facebook.com, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (‘Facebook’). The plugins are marked with a Facebook logo or the words ‘Facebook Social Plugin’. When you visit a page on our website that contains such a plugin, your browser will establish a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and incorporated by it into the website. By incorporating the plugins, Facebook is informed that you have accessed the corresponding page on our website. If you are logged in to Facebook, Facebook can assign the visit to your Facebook account. If you interact with the plugins, for example by clicking the ‘Like’ button or leaving a comment, the information is transferred from your browser directly to Facebook and stored there. For more information about the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your related rights and settings options for the protection of your privacy, please refer to Facebook’s privacy policy. If you do not want Facebook to collect data about you through our website, you must log out of Facebook before visiting our website.

Use of +1 buttons/Google +1 buttons

Our website uses the ‘+1’ button of the Google Plus social network, which is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (‘Google’). The button is recognisable by the ‘+1’ sign on a white or coloured background.

When you visit a page on our website that contains such a button, your browser will establish a direct connection to Google’s servers. The content of the ‘+1’ button is transmitted by Google directly to your browser and incorporated by it into the website. We therefore have no control over the scope of data Google collects using the button. According to Google, no personal data is collected without clicking on the button. Such data, including IP addresses, is only collected and processed from members who are logged in.
For more information about the purpose and scope of the data collection and the further processing and use of the data by Google, as well as your related rights and settings options for the protection of your privacy, please refer to Google’s privacy policy concerning the ‘+1’ button: (http://www.google.com/intl/de/+/policy/+1button.html) and the FAQs: (http://bit.ly/r3Qmer.)

If you are a Google Plus member and you do not want Google to collect information about you from our website and link it to your member data stored on Google, you must log out of Google Plus before visiting our website.


XIII. Protection of minors

This service is primarily for adults. We do not currently market special areas for children. As a result, we do not knowingly collect information to determine age, nor do we knowingly collect personal information from children under the age of 16. However, we advise all visitors to our website under the age of 16 not to disclose or provide any personal information through our service. In the event that we find that a child under the age of 16 has provided us with personal data, we will delete the personal data of the child from our files, insofar as this is technically possible, in compliance with the Children’s Online Privacy Protection Act (see the Federal Trade Commission website at www.ftc.gov/kidzprivacy for more information about this law).

XIV. Rights of data subjects

If your personal data is processed, you are a data subject within the meaning GDPR and you have the following rights with respect to the controller.

You have a right to information about the personal data stored about you, the purpose of the processing, possible transfers to other entities and the duration of storage.

If data is inaccurate or no longer necessary for the purposes for which it was collected, you may request that the data be corrected, deleted or the processing restricted. Insofar as provided for in the processing procedures, you may also view and correct your data yourself if necessary.

Should your particular personal situation give rise to reasons against the processing of your personal data, you may object to this insofar as the processing is based on a legitimate interest. The controller will no longer process the personal data relating to you unless it can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending against legal claims. If the personal data relating to you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing. If you object to processing for direct marketing or profiling purposes, your personal data will no longer be processed for these purposes.

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the time of revocation.

If you have questions about your rights and the assertion of your rights, please contact:

ARCOTEL Zentrale Data Protection Officer
ARCOTEL Hotels & Resorts GmbH
Konstantingasse 6-8
A-1160 Vienna
Austria
Tel: +43 (1) 485 5000
Fax: +43 (1) 485 5000-12
Email: datenschutz@arcotelhotels.com


DataSolution Thurmann GbR
Mr Andreas Thurmann
Isarstr. 13
D-14974 Ludwigsfelde
Germany
Tel.: +49 (0) 3378 202513
Fax: (0) 3378 202514
Email: mail@hoteldatenschutz.de

XV. Right to complain to a supervisory authority

As a data subject, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your residence or the place of the alleged breach, without prejudice to any other administrative or judicial remedy, if you are of the opinion that the processing of the personal data relating to you is in breach of data protection laws.

The supervisory authority with whom the complaint is lodged will notify you of the status and outcome of your complaint, including the possibility of a judicial remedy.

More information can be found on the website of the Federal Data Protection Authority.

For Austria, please follow this link.

For Germany, please follow this link.

XVI. Security

ARCOTEL Hotels & Resorts employs technical and organisational security measures in accordance with Art. 32 GDPR in order to protect your data managed by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are continuously improved in line with technological developments. Access to them is only possible for a small number of authorised persons and persons committed to special data protection obligations who are involved in the technical, administrative or editorial support of data.

XVII. Declaration of consent of the user

By using our websites and the offers contained therein, you agree that we can store the personal data you have voluntarily submitted to us and process and use this data in compliance with this privacy policy.

We reserve the right to change, update or supplement this privacy policy at any time. Any revised privacy policy shall only apply to personal data that has been collected or changed since the revised policy entered into force.

Version | May 2018