PRIVACY POLICY
GM Rocket Marketing GmbH, Laimgrubengasse 2/8, 1060 Vienna, Austria ("we") are the operator of the website https://www.uniqchalets.com/ ("Website") and the data controller for the data processing activities described below.
Thank you for your interest in our service. The protection of your personal data is of particular concern to us. We therefore process your data exclusively on the basis of the General Data Protection Regulation of the European Union ("GDPR") in conjunction with the Austrian Data Protection Act ("DPA"), the Telecommunications Act 2003 ("TKG") and other relevant legal provisions. Below we inform you comprehensively in the sense of Art 13 DSGVO to what extent we process your data and what rights you have in this respect. Information is collected either directly from you through corresponding entries and dispositions or from the circumstance of accessing one of our offers. You are in no way obliged to provide us with data - however, if you wish to make use of services from us, certain minimum details may be required in order to process the contract or provide the service. This data protection declaration serves to inform you about the type, scope and purpose of the collection and further processing of your data as well as the legal basis on which the specific processing of your data takes place.
Data protection regulations must always be observed when personal data is processed. The scope of this data protection declaration is based on the definition of the GDPR. Thus, the "processing" of personal data essentially includes any handling of the same. Insofar as data processed by us can be related to people and - even if only via third parties or by means of additional knowledge - make you identifiable as a person (in particular make it possible to find out your full name), this is basically personal data.
1. Data processing operations (website)
1.1 Processing of access data when calling up the website
-
Type and scope of data processing: You can visit our website without having to provide any personal information. When you call up our website, only general access data is automatically stored in so-called server log files. In particular, the following data is processed: (i) name of the website visited; (ii) browser type/browser version used; (iii) operating system used by the user; (iv) website previously visited (referrer URL); (v) time of the server request; (vi) amount of data transferred; (vii) host name of the accessing computer (IP address used). This information does not itself allow us to draw any conclusions about your person; however, IP addresses are considered personal data within the meaning of the DSGVO.
-
Legal basis and purpose: The purpose of this data processing is to establish and maintain the technical security of our website, to improve the website quality and to generate non-personal statistical information. The processing is based on our overriding legitimate interest (Art 6 para 1 lit f DSGVO), which is to achieve the aforementioned purposes.
-
Storage period: The server log files are generally stored for short periods of time and then automatically deleted, unless longer-term storage is specifically required to achieve the above-mentioned purpose (in particular in connection with security concerns regarding the website).
1.2 Contact
-
Type and scope of data processing: When contacting us via one of the contact options visible on our website (e.g. in the imprint) or within this data protection declaration, as well as in the case of contacting us via one of our social media presences (see point 3), the information you provide will be processed for the purpose of handling the contact request and its processing. You can also use the contact form offered on the website, whereby mandatory fields (in particular your e-mail address) are marked with an "*" symbol; any further information you provide is voluntary. The processing of your data is necessary to process and respond to your enquiry, as otherwise we would not be able to contact you.
-
Legal basis and purpose: The purpose of this data processing is to enable us to exchange information with users of the website or our offers (as well as with our corporate customers). We answer your enquiries on the basis of our legitimate interest (Art 6 para 1 lit f DSGVO) in a functioning contact system as a prerequisite for the provision of any service.
-
Storage period: We delete your enquiry(s) and your contact details once your enquiry has been finally answered. Your data will generally be stored for six (6) months and deleted after this period, unless you send us follow-up enquiries or we process the data (or parts thereof) for other purposes (in particular as part of a customer relationship). If you have contacted us via one of our social media sites, however, we may be bound by the conditions specified by the respective network operator with regard to the final deletion of your data.
1.3 Legal storage and documentation obligations
-
Type and scope of data processing: Even after termination of the business relationship, we cannot immediately delete certain data processed by corporate clients (in particular in accordance with point 1.3) due to legal requirements. This affects certain types of data to different extents in each case and may diverge in individual cases. This applies in particular to your accounting data, which must be retained by us on the basis of tax law and company law retention and documentation periods of the Austrian Federal Tax Code and the Austrian Company Code, among other things.
-
Legal basis and purpose: We process your data in this context on the basis of Art 6 para 1 lit c DSGVO (legal obligation). The processing of your data on this basis serves the purpose of fulfilling our own legal obligations.
-
Storage period: Accounting data is generally stored for a period of seven (7) years due to retention and documentation periods under tax law and company law. If the data is relevant for pending (tax) proceedings, it may be stored for a longer period.
1.4 Storage technologies - Cookies
A cookie is a small text file that is stored on your computer or mobile device by a website you visit with your browser.
We use cookies to operate and provide our services. For example, to provide our web-based services, improve your user experience, analyse how our services are used and customise our services or tailor our content to your interests and preferences.
In addition, we may use cookies to remember your preferences, such as your language preferences, to provide you with a safer user experience and to otherwise customise our services for you.
Important information on the use of cookies:
When you access our website, you will be informed about the use of cookies and give your consent to the processing of personal data obtained in this context, such as search terms entered, frequency of page views or clicks. In this context, a reference to this data protection declaration is also made. You can accept all cookies or specifically decide to reject individual or all services. This gives you the best possible control over the processing of your data and you only use what you really want.
The legal basis for the processing of personal data using cookies for analysis purposes is your consent in this regard pursuant to Art. 6 para. 1 lit. a) DSGVO.
You can switch off the collection of cookies and the use of the respective services in whole or in part by using the corresponding control element on the website, which we display at the very bottom as a service control. There you have the option of switching off all cookies or only the cookies you have selected.
The technically necessary cookies are automatically collected. You cannot switch them off, but no personal data is processed in the process. The data processing according to Art. 6 para. 1 lit. f) DSGVO is justified by our interest in the smooth operation of the website.
1.5 Links to third party pages
We use links to third-party sites on our website. These are in particular links to our appearances in social networks (e.g. Facebook) or to partners of ours. If you click on one of these links, you will be forwarded directly to the respective page. For the website operators, it is only apparent that you have accessed our website. Accordingly, we generally refer you to the separate data protection declarations of these websites. However, for more detailed information about our processing of your data in connection with our social media presences, please see point 3.
2. Transfer of your data; recipients
For the purposes explained in this privacy policy, we will transfer or make your (personal) data available to the following recipients:
Within our organisation, your data will be disclosed to those departments or employees who need it to fulfil contractual or legal obligations and for data processing based on our legitimate interests.
Furthermore, (external) processors commissioned by us receive your data if they require the data to provide their respective service (whereby access to personal data is sufficient). All processors are contractually obliged to treat your data confidentially and to process it only in the context of providing the service.
The processors currently used are specifically mentioned in the description of the various data processing operations under point 1. In addition, we use Wix.com Ltd, 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel, as our processor for the maintenance of our website and administration of various functions. The associated third-country transfer is based on an adequacy decision of the European Commission within the meaning of Article 45 of the GDPR, which designates Israel as having a level of data protection comparable to that of the European Union; the adequacy decision can be viewed here: https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32011D0061&from=DE.
All processors we use are bound by our data protection practices and your personal data will be kept strictly confidential. Under no circumstances will processors unlawfully disclose your data to third parties or use it for purposes other than to fulfil their obligations to us and as expressly instructed by us.
Ultimately, we transfer your data to independent responsible parties insofar as this is necessary within the scope of our business activities for the provision of our services. These may include our tax advisors and, in exceptional cases, public authorities or courts (within the scope of their legal jurisdiction). In the context of the Messenger services we offer, we are jointly responsible with Facebook Ireland for the processing of your personal data within the meaning of Article 26 of the GDPR, which is why Facebook Ireland also has or receives access to your data in principle.
3. Social media presences
For the purpose of promoting our business activities and advertising our range of services, we maintain presences on social networks. The processing of your data in this context is based on our overriding legitimate interests pursuant to Art 6 para 1 lit f DSGVO, which are to increase our reach and to provide users of social networks with additional information and communication channels. In order to best achieve these purposes, reach measurement (access statistics, recognition of returning users, etc.) may be carried out as part of the offer of the respective service provider.
In the course of accessing one of the online presences illustrated below, we process the general information that is evident from your profile with the respective provider and, if applicable, further inventory data, contact data or content data, insofar as you make these available to us by interacting with our respective online presence and its content. We do not store this data separately outside the respective social network.
Since we decide jointly with the respective provider (or the entity otherwise designated as responsible) on the purposes and means with regard to the data processing that takes place within the scope of our respective online presence, joint responsibility within the meaning of Art. 26 of the GDPR applies in each case. In this context, the provider of the respective social network is the central contact for all general as well as technical questions in connection with our online presence; this also applies to the fulfilment of data subject rights within the meaning of point 4.1. As far as enquiries concern the concrete operation of our online presence, your interactions with it as well as the information published/collected about it, we, on the other hand, are the primary contact; point 4.1 and the other explanations of this data protection declaration apply accordingly.
3.1 Facebook
The social network "Facebook" is operated by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA and its group companies. The data protection controller for the EEA region is Facebook Ireland. With regard to the operation of our Facebook fan page "@uniqchalets" (https://www.facebook.com/uniqchalets), we are jointly responsible with Facebook Ireland for the processing of your personal data carried out in this context within the meaning of Art 26 DSGVO. You can view our agreement with Facebook Ireland here:
https://www.facebook.com/legal/terms/page_controller_addendum.
Please note that we have no influence on the programming and design of the social network, but can only personalise and manage our Facebook fan page to the extent of the possibilities provided by Facebook. Please therefore observe the conditions that the service provider places on the use of the social network (https://www.facebook.com/terms), the separately provided data protection information (https://www.facebook.com/policy.php) and the existing setting options in your Facebook account. We are, of course, fully responsible for the information we provide through the mechanisms provided by Facebook (posts, shares, etc.).
3.2 Instagram
The social network "Instagram" is operated by Instagram Inc., 1601 Willow Road, Menlo Park, California 94025, USA, which is part of the Facebook group. The data protection controller for the EEA region is Facebook Ireland. With regard to the operation of our Instagram account "uniqchalets" https://www.instagram.com/uniqchalets/), we are jointly responsible with Facebook Ireland for the processing of your personal data carried out in this context within the meaning of Art 26 DSGVO.
Please note that we have no influence on the programming and design of the social network, but can only personalise and manage our Instagram account to the extent provided by Instagram. Therefore, please observe the conditions that the service provider places on the use of the social network (https://help.instagram.com/581066165581870), the separately provided data protection information (https://help.instagram.com/519522125107875) and the existing settings options in your Instagram account. We are, of course, fully responsible for the information we provide via the mechanisms provided by Instagram (posts, stories, etc.).
4 Data subjects' rights
4.1 Data subject rights in the narrower sense
One of the main concerns of data protection law is to give you certain options for disposing of your personal data even after data processing has already begun. For this purpose, a number of data subject rights exist, which we will comply with immediately upon your request, but in principle within one (1) month at the latest. To exercise your rights, please contact us via the following e-mail address: info@uniqchalets.com.
In detail, the following rights are provided for:
-
If you exercise your right of access and there are no legal restrictions to the contrary, we will confirm any processing of your data and provide you with comprehensive information. To this end, we will provide you with (i) copies of the data (emails, database extracts, etc.), as well as information on (ii) the specific data processed, (iii) the purposes of the processing, (iv) the categories of data processed, (v) the recipients, (vi) the retention period or criteria for determining it, (vii) the origin of the data and (viii) other information, if any, depending on the individual case. Please note, however, that we cannot hand over any documents that could affect the rights of other persons.
-
With the right to rectification, you can request that we correct data that has been recorded incorrectly, has become inaccurate or is incomplete (for the respective processing purpose). Your request will then be examined, and the data processing concerned may be restricted for the duration of the examination upon request.
-
The right to erasure may be exercised (i) in the absence of necessity with regard to the purpose of processing, (ii) in the event of withdrawal of consent given by you, (iii) in the event of objection on the basis of your particular situation to data processing carried out on the basis of our legitimate interests (balance of interests), (iv) in the event of unlawful data processing, (v) in the event of the existence of a legal obligation to erase and (vi) in the event of the processing of data of minors under sixteen (16) years of age or under the lower age threshold set by the EU/EEA Member State from which our website is accessed (Austria: fourteen [14] years). under the lower age threshold set by the EU/EEA member state from which our website is accessed (Austria: fourteen [14] years).
-
An accompanying right to restriction, after the exercise of which the data concerned may only be stored, exists in special cases. In addition to the possibility of limiting the duration of the examination of data corrections, (i) unlawful data processing (insofar as no deletion is requested) and (ii) the duration of the examination of an objection request are covered.
-
You also have a right of revocation at any time, insofar as we process data on the basis of your express, prior consent. Processing that was carried out on the basis of a valid consent that is later revoked does not become retroactively inadmissible; the revocation only has an effect for the future.
-
In addition, you have a fundamental right to object to data processing at any time for reasons arising from your particular situation (balancing of interests). This applies in all cases where the processing is based on our legitimate interests pursuant to Art 6 (1) f DSGVO.
-
You can also make use of your right to complain to the supervisory authority (see point 4.2).
-
Furthermore, you have the right to data portability, i.e. to receive the data concerned in a structured, common, machine-readable format from us upon request or to demand direct transfer to another responsible party. However, this only covers those of your personal data that we process after granting your consent on the basis of Art 6 (1) a DSGVO or within the framework of a contract with you on the basis of Art 6 (1) b DSGVO.
Please also note that we may not be able to comply with your request on the basis of compelling legitimate grounds for processing (balancing of interests) or processing on the basis of the assertion, exercise or defence of legal claims. The same applies in the case of excessive requests, whereby a fee may possibly be charged in this case as well as when complying with manifestly unfounded requests.
4.2 Right of appeal
If you believe that we are violating applicable data protection law in processing your data, you have the right to submit a complaint to a national supervisory authority. The detailed requirements for such a complaint in Austria are governed by Section 24 of the Data Protection Act. However, we request that you contact us beforehand in order to clarify any questions or problems.
The contact details of the Austrian data protection authority are as follows:
Österreichische Datenschutzbehörde, Barichgasse 40–42, 1030 Wien, Österreich
Telefon: +43 1 521 52-25 69
E-Mail: dsb@dsb.gv.at
5. Contact for data protection questions, notifications, requests
For questions, notifications or requests regarding data protection, please use the following contact address:
GM Rocket Marketing GmbH
Laimgrubengasse 2/8
1060 Vienna
Austria
Phone: +43 676 4921328
E-Mail: info@uniqchalets.com