Data Privacy Statement

General Information

The protection of your data is important to us. We will therefore only process your data within the limits of current data privacy laws and protect them using the latest technology. More information about the processing of your personal data and your rights in accordance with data privacy laws is provided below. You will find further information about the processing of your customer data at https://www.vilavitapannonia.at/en/dataprivacystatement

1. Controller and data protection officer

VILA VITA Pannonia Betriebsgesellschaft mbH
Storchengasse 1
´7152 Pamhagen, Austria
T +43 2175 2180 - 0
F +43 2175 2180 - 444
E info@vilavitapannonia.at

You can also contact our data protection officer at the address provided above, citing the reference "Data Protection Officer" or at datenschutz@vilavitapannonia.at.

DATA PROTECTION NOTICE

Last updated: December 2023

In the following, we would like to inform you about the processing of your personal data

  • when visiting our websites or using our other online services,
  • in the context of your stay in one of our hotels or the provision of our services,
  • as a job applicant and
  • as a service provider or supplier.

 

1. Controller

The controller within the meaning of Article 4 (7) GDPR (General Data Protection Regulation) is

VILA VITA Pannonia Betriebsgesellschaft mbH
Storchengasse 1
´7152 Pamhagen, Austria
T +43 2175 2180 - 0
F +43 2175 2180 - 444
E info@vilavitapannonia.at

 

You can also reach our data protection officer at the above addresses – making sure your correspondence is addressed to “Data Protection Officer” – or at datenschutz@vilavitapannonia.at.

 

2. General information on data processing and your rights

2.1. Relevant legal bases for data processing

If the legal basis is not expressly stated in this Data Protection Notice, the following legal bases apply:

  • If we have obtained your consent for data processing, Article 6 (1) (a) and Article 7 GDPR serve as the legal basis for data processing. If data processing takes place for the fulfilment of our services and the implementation of contractual measures and to respond to enquiries, Article 6 (1) (b) GDPR is the legal basis for the data processing. If data processing serves to fulfil a legal obligation, Article 6 (1) (c) GDPR is the legal basis. Examples of this are the fulfilment of storage periods under commercial law or the fulfilment of tax (archiving) obligations. 
  • If the processing of personal data is necessary to protect the legitimate interests of our company or a third party, Article 6 (1) (f) GDPR serves as the legal basis. Legitimate interests particularly include the guaranteeing of IT security and IT operation, the assertion of legal claims and defence in legal disputes, the creation of user statistics, advertising for our own services and products, as well as market and opinion research by the aforementioned, provided that direct advertising has not been objected to.

2.2. Your rights

You have the right

  • of access in accordance with Article 15 GDPR, 
  • to rectification in accordance with Article 16 GDPR, 
  • to erasure in accordance with Article 17 GDPR,
  • to restriction of processing in accordance with Article 18 GDPR and
  • to data transfer in accordance with Article 20 GDPR.

In addition, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Article 77 GDPR.

You can withdraw your consent to the processing of your personal data at any time with future effect.

2.3. Duration of storage

Where not otherwise stated in this Data Protection Notice, personal data will only be stored for as long as is necessary to fulfil the relevant purpose, or to fulfil our contractual or legal obligations. We are subject to various storage and documentation obligations. These result in particular from the German Handelsgesetzbuch (Commercial Code), the Abgabenordnung (Fiscal Code), the Geldwäschegesetz (Money Laundering Act) and the Meldegesetz (Registration Act). The periods stipulated in these cases may be up to 10 years.

2.4. Transfer of personal data

If we transfer personal data to other persons or companies, this will only be done on the basis of your consent, legal permission, a legal obligation (for example to public bodies and institutions such as supervisory or financial authorities) or an agreement on order processing in accordance with Article 28 GDPR. Further recipient categories can be found in this Data Protection Notice.

2.5.  Transfer of data to third countries

Personal data is only processed outside the European Economic Area if a third country has been confirmed by the European Commission as having an adequate level of data protection pursuant to Article 44 et seqq. GDPR or other appropriate guarantees for the protection of personal data are in place.

2.6. Automated decision making

Your data is partially automatically processed in order to evaluate certain personal aspects (profiling), for marketing and advertising purposes and to send you personalised advertising by email or post.

 

3. Information on the processing of your data when using our online services

3.1. Online services

For the purposes of this Data Protection Notice, “online services” means all 

  • websites,
  • software applications (apps) and
  • social media sites

that are operated by us or for which we are responsible and from which you access this Data Protection Notice.

3.2. Cookies

Our online services make use of cookies, which are small text files that are stored on the user’s terminal device. In addition to so-called session cookies, which are automatically deleted as soon as you log out or close the browser, so-called permanent cookies that recognise a returning user are also used. These cookies are automatically deleted after a specified period of time.

It is always possible to object to the storage of cookies by making the appropriate setting changes in your internet browser. You can delete cookies that have already been stored at any time. If you deactivate cookies, you may not be able to use all the functions of our website fully. Some cookies are necessary for the operation of a website, for example, for shopping baskets in the online shop or to save logins or user settings. Some cookies are also used for security purposes. The legal basis for storing these so-called essential or absolutely necessary cookies is the protection of the aforementioned legitimate interests in accordance with Article 6 (1) (f) GDPR. 

In addition, there are statistics, marketing and personalisation cookies. These are used, for example, to measure reach or to display personalised content that corresponds to the potential interests of a user. If we use statistical, marketing and personalisation cookies, we will inform you about this when you access our website and in this Data Protection Notice. The legal basis is your consent in accordance with Article 6 (1) (a) GDPR. 

3.3. Collection of general data and creation of log data

When our online services are accessed, general data and information are automatically collected and stored in a server log. The following data may be collected:

  • Information on the browser type and version
  • Information on the user’s operating system
  • Information on the user’s service provider
  • The internet protocol (IP) address of the user or the calling system
  • Date and time of access
  • The site you reached us from (referrer URL)
  • Websites accessed by the user’s system via our website

The processing of this data is used for the provision of our website, to ensure the functionality of our information technology systems and to optimise our website. We statistically evaluate this data and information, which is always collected anonymously, with the aim of ensuring data protection and data security. The data of the log files is always stored separately from other personal data that may be collected and is generally not disclosed to third parties. The erasure of the data takes place automatically after the expiry of the deadline. The legal basis for the temporary processing of the data is the protection of the aforementioned legitimate interests pursuant to Article 6 (1) (f) GDPR.

3.4. Contact form and email contact

Some of our websites provide a contact form and an e-mail address that enables you to contact us electronically. If you use one of these options to contact us, the personal data you send us will be automatically stored. The storage and further processing of this data is solely for the purpose of processing your contact request and subsequently contacting you. Data will never be disclosed. The data forwarded by you will be erased after completion of the process, provided that its erasure is not subject to any contractual or legal storage periods. In such a case, the data for which storage is required will be erased after expiry of the storage period. The legal basis for the processing of this data is Article 6 (1) (f) GDPR.

3.5. Newsletter and email advertising

Our newsletter provides information about current products, offers, events and news. To subscribe, it is generally sufficient to enter your email address. Providing further data is voluntary. If you have subscribed to our newsletter, we will use your email address and, where appropriate, any other data you have voluntarily provided to send the newsletter. If you successfully subscribe to the newsletter, we store the date of your registration and, in the case of registration via a website, also your IP address. This storage serves as proof in the event that a third party makes fraudulent use of an email address and subscribes to the newsletter without the knowledge of the authorised person. The newsletter is sent on the basis of your consent in accordance with Article 6 (1) (a) GDPR. If consent is not required to advertise our own similar goods or services, this is done on the basis of legitimate interests in accordance with Article 6 (1) (f) GDPR in advertising our goods and services, provided that this is legally permitted – for example in the case of advertising to existing customers – and you have not objected to this. We also store the data collected in the subscription process on the basis of legitimate interests in order to, where appropriate, be able to prove your consent if necessary. You can cancel your newsletter subscription at any time by clicking on the unsubscribe link found in each newsletter. Alternatively, you can also contact us directly at the above-mentioned postal or email address. Upon termination, we may store the unsubscribed email addresses for up to three years in order to be able to prove any consent previously given. 

In order to continuously optimise our newsletter and to be able to offer you a user-oriented and secure newsletter, we evaluate individual user activities. We measure how often the newsletter is opened and which links users click on. For this purpose, the newsletter contains a so-called “web beacon”; a file that is retrieved from our server once the newsletter has been opened. This initially collects technical information (for example browser type, operating system, time of retrieval). Whether and when a newsletter was opened and which links were clicked on can also be determined. This information helps us to recognise the usage and reading habits as well as interests of our subscribers in order to adapt content and improve the user experience. The evaluation is based on your consent as well as on our legitimate interests in providing a user-friendly and informative newsletter. 

3.6. Analysis and targeting tools, optimisation of our online services and online marketing

3.6.1. Google Analytics (GA4)

We use Google Analytics 4 (GA4), a user analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google Ireland). The user analysis is carried out using a pseudonymous user identification number. This is used to assign information to an end device. The information collected helps us to evaluate visitor flows and to better understand how visitors use the website. In this way, we can design and improve our website to meet the needs of our visitors. To this end, GA4 collects information on what content you have accessed, how long the visit lasted, from where you came to us, and what search terms you may have used or which sources link to our site. We can also recognise a renewed visit to our website in this way. The IP address is shortened by the last two digits by default and is not logged. In addition to the above information, GA4 may also collect geo-information, e.g. on the user's location, from where our online services were used or accessed (city, including latitude and longitude, country, continent). Even if Google processes the user data on servers within the EU, processing of the data in third countries, in particular the USA, cannot be completely ruled out, as data from Google Ireland may be passed on to the parent company, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Processing of data for the purpose of user analysis only takes place with your consent. The legal basis is therefore Art. 6 para. 1 lit. a DSGVO. If no consent is obtained, the processing is based on the legitimate interests described above in accordance with Art. 6 (1) lit. f DSGVO. The order processing agreed upon with Google as well as standard contractual clauses to ensure the level of data protection in the case of processing in third countries, can be viewed at https://business.safety.google/adsprocessorterms/. Additional information on the types of processing and the data processed can be found here: https://privacy.google.com/businesses/adsservices. Google's terms of use and privacy notices for Google Analytics can be found at https://policies.google.com/terms?hl=en and https://policies.google.com/privacy. Further information on Google Analytics can also be found at https://marketingplatform.google.com/intl/en_uk/about/analytics/. You can find an objection option here: https://tools.google.com/dlpage/gaoptout?hl=en.

3.6.2. Google Analytics (Universal)

We use the analysis tool Google Analytics, a web analysis service of Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Web analytics involves the collection, collation and analysis of information about the behaviour of website users. This includes for example information about which site you reached us from, the sub-pages you accessed and the length of time spent on those sub-pages. Cookies are used for this purpose. Cookies are text files that are placed and stored on a computer system via an internet browser. The information collected by the cookie is transmitted to a Google Inc. server in the USA. In addition to information on website usage, this also includes your IP address. However, we use Google Analytics with the, “AnonymizeIP” add-on. This means that your IP address will be truncated and anonymised by Google if you access our site within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. The transmitted IP address will also not be merged with other Google data. The purpose of the data processing is the evaluation of visitor flows and website usage by visitors in order to design and improve our website in line with requirements. Google creates online reports on our behalf for this purpose. We use the information obtained from this to optimise our website. The legal basis for data processing is your consent in accordance with Article 6 (1) (a) GDPR. If consent is not obtained, processing is based on the legitimate interests described above in accordance with Article 6 (1) (f) GDPR.

The applicable terms of service and terms of use of Google Analytics can be found at https://marketingplatform.google.com/about/analytics/terms/us/ and https://policies.google.com/?hl=en.
You can also prevent the placement of cookies by our site by making the appropriate setting changes in your internet browser, in doing so permanently objecting to the placement of cookies. In addition, the cookies already stored by Google can be deleted at any time using an internet browser or other software programmes.

Furthermore, you have the option of objecting to and preventing the collection of the data generated by the cookie and related to the use of this site, as well as to the processing of this data by Google. To do this, you must download and install a browser add-on. You can download it here: https://tools.google.com/dlpage/gaoptout?hl=en. The add-on will prevent your data from being collected and processed in the future.

3.6.3. Google marketing services

We use marketing and remarketing services provided by Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Google’s marketing services (including Google Adwords, Google Conversion Tracking, Google Optimize and Google Double Click) allow us to display more targeted ads, for example to show users on our website or on other websites with only those advertisements that potentially match their interests.

If you access an online service that uses Google’s marketing services, a cookie will be stored on your terminal device, through which cookies from various domains can be set (including google.com, doubleclick.net, etc.). The stored cookie saves which websites you have visited, which content you were interested in and which offers you clicked on. In addition, technical details about the browser and operating system, referring websites, the duration of the visit and other details about the use of the online offer are collected. Your IP address will also be collected, but will be truncated within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will it be transferred in full to a Google server in the USA and truncated there. The IP address will not be merged with other data from other Google services. Google may combine the aforementioned information with such information from other sources. If you subsequently visit other websites, ads tailored to your interests may be displayed in this way. User data is processed in pseudonymised form as part of Google’s marketing services, i.e. without storing and processing the name or email address of the user. This does not apply if a user has expressly allowed Google to process the data without pseudonymisation. The information collected about users by Google’s marketing services is transmitted to Google and stored on Google’s servers in the USA.

The Google marketing services we use include, among other things, the online advertising programme Google AdWords. Every AdWords customer receives a so-called conversion cookie. The information obtained with the help of the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers are informed of the total number of users who have clicked on their ad and have been redirected to a site equipped with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. 

The legal basis for data processing is your consent in accordance with Article 6 (1) (a) GDPR. If consent is not obtained, processing is based on the legitimate interests described above in accordance with Article 6 (1) (f) GDPR.

The applicable terms of service and terms of use of Google Marketing Services can be found at policies.google.com/technologies/ads.

You can prevent the storage of cookies by our site at any time by making the appropriate setting changes in your internet browser, in doing so permanently objecting to the storage of cookies. In addition, cookies already placed by Google can be deleted at any time via an internet browser or other software programmes.

If you wish to object to targeted advertising by Google’s marketing services, you can use the options provided by Google at https://myadcenter.google.com/?hl=de&sasb=true.

3.7. Plugins and embedded functions and content from third-party providers

Some of our online services use services and content from third-party providers. This applies in particular to so-called “social plugins”, videos or fonts. This content is obtained directly from the server of the respective third-party provider either when you access our online service or pending your consent (for example by separately activating a plug-in). Your IP address is also transmitted in the process. If this doesn’t happen, the third-party provider cannot deliver the content to your browser or offer the desired function. 

If we ask for your consent to activate embedded functions and content, the legal basis is your consent in accordance with Article 6 (1) (a) GDPR. Otherwise, the data is processed on the basis of our legitimate interests in providing and disseminating our content and a user-friendly as well as optimal user experience in accordance with Article 6 (1) (f) GDPR. We may, where appropriate, use the following services or service providers with embedded functions and content:

3.8. Presence in social networks

We use social networks to make direct contact with customers. The possibility of also getting in contact with customers via social networks and providing a corresponding platform for this purpose is a legitimate interest in accordance with Article 6 (1) (f) GDPR. If you visit our sites, your data will also be processed by the respective social network, where appropriate also outside the European Union, for example in the USA. The respective social network is responsible for this processing and for the processing operations that go beyond it, such as the analysis of user behaviour by social networks. We have no influence on this. We are represented on the following social networks:

3.9. Booking rooms online

We offer you the possibility to book rooms online. For this purpose, the data required for the reservation as well as for the further initiation and conclusion of the contract are collected, in particular your name, the names of any accompanying persons, address, telephone number and e-mail address, booking or travel dates, as well as details of the selected payment method. The data required for your booking are marked accordingly. All other data is voluntary. Your online booking is made via online reservation systems of third-party providers. We may use the following providers: 

  • TravelClick, a service of TravelClick, Inc, address: 7 Times Square, 38th Floor, New York, USA. All booking data entered by you is transmitted in encrypted form. For more information on the processing of your data by TravelClick, please visit: https://www.travelclick.com/legal/privacy-policy/.
  • Booking Engine 360, a service of Profitroom GmbH, Potsdamer Platz 10/2, 10785 Berlin. Further information can be found at https://www.profitroom.com/de/. 

After completing the booking, you will receive a booking confirmation to the e-mail address you provided. The legal basis for the processing of your data is Art. 6 para. 1 lit. b DSGVO. We store your address, payment and booking data for a period of ten years due to the commercial and tax law regulations for which we are responsible.

3.10. Online restaurant and bar reservations

If you would like to reserve a table online in one of our restaurants or bars, we require details from you on the date, time, number of persons as well as your name and, if applicable, your email address or telephone number. For this purpose, we use the online reservation system "TheFork", a service provided by La Fourchette SAS, Registered Office: 70, rue Saint-Lazare, 75009 Paris, France, RCS PARIS 494 447. Further information on the processing of your data can be found here: https://www.thefork.de/legal#datenschutzerklarung-und-cookie-linien. Alternatively, we use a service from Crqlar GmbH, Hallerstraße 65, 6020 Innsbruck for reservations at individual restaurants. Information on processing can be found at https://www.iubenda.com/privacy-policy/96241115/legal. Your details will be stored and processed for the purpose of processing your enquiry or reservation. The legal basis is Article 6 (1) (b) GDPR. Your reservation data will be erased upon cancellation of the reservation or on the day following the reservation, unless we still need your data for billing and other questions in the follow-up to your reservation.

 

 

4. Information on the processing of your data in the context of your stay in one of our hotels or the provision of our services

4.1.   Processing purposes and legal bases

In the context of your stay in one of our hotels or the provision of our services, we process your data for the following purposes: 

  • Booking and guest registration – the legal basis being the performance of the contract or the implementation of pre-contractual measures in accordance with Article 6 (1) (b) GDPR – with the booking guest and, where appropriate, any other accompanying persons.
  • Accommodation and related on-site services, such as check-in and check-out, personalised services including consultation on these, bookings/reservations on behalf of the guest with third parties (tours, excursions, reservations, taxi and shuttle services, etc.), room service (for example intolerances communicated by the guest, etc.), housekeeping (for example expressed preferences regarding amenities such as requested pillows, duvets, etc.) and the handling of complaints, requests and enquiries. The legal bases for this are the performance of the contract or the implementation of pre-contractual measures in accordance with Article 6 (1) (b) GDPR, legitimate interests in accordance with Article 6 (1) (f) GDPR, in particular the fulfilment of guest requests and preferences.
  • The provision of information and entertainment systems in the hotel and in the guest room (for example Wi-Fi, TV, infotainment systems, AppleTV, game consoles). The legal bases for this are the performance of the contract or the implementation of pre-contractual measures in accordance with Article 6 (1) (b) GDPR and legitimate interests in accordance with Article 6 (1) (f) GDPR, in particular ensuring the functionality of our information technology systems, secure processing and IT security and the prevention and investigation of criminal offences
  • Providing consultation about and implementing the spa and wellness offers you may have booked (such as the making of appointments and the recording of restrictions and intolerances for a safe and customer-oriented service provision or treatment), creating treatment documentation, providing defence in legal disputes, providing personalised consultation and offer preparation, and processing complaints, requests and enquiries. The legal bases for this are the performance of the contract or the implementation of pre-contractual measures in accordance with Article 6 (1) (b) GDPR, legitimate interests in accordance with Article 6 (1) (f) GDPR (in particular in customer-oriented consultation and treatment and for defence in legal disputes) as well as the consent of the guest in accordance with Article 6 (1) (a) GDPR and, insofar as special categories of data are processed, in accordance with Article 9 (2) (a) GDPR. 
  • Marketing campaigns, customer relationship management and bonus programmes and comparable campaigns of VILA VITA Ferienanlage Pannonia and, if applicable, the VILA VITA Group, for example sending information about products, offers and servicesthat may be of interest to you, including personalised advertising, personalised services and benefits based on the preferences communicated by the guest. The legal basis is consent in accordance with Article 6 (1) (a) GDPR, legitimate interests in accordance with Article 6 (1) (f) GDPR, in particular in a customer-oriented service.
  • The planning and implementation of events and conferences – in particular support in the organisation, coordination, invitation, communication and accommodation of guests or attendees and the processing of enquiries and complaints – the provision, organisation and coordination of media technology and invoicing. Legal bases are the performance of the contract or the implementation of pre-contractual measures in accordance with Article 6 (1) (b) GDPR, insofar as the data of guests/attendees must be processed within the scope of legal obligations, Article 6 (1) (c) GDPR, and legitimate interests in accordance with Article 6 (1) (f) GDPR – in particular in a safe and customer-oriented event/event implementation. 
  • The fulfilment of legal requirements pursuant to Art. 6 (1) lit. c DSGVO; the fulfilment of contractual or legal storage obligations, for example pursuant to the Austrian Fiscal Code.
  • If you provided your e-mail address when booking, you will receive an e-mail from us before your arrival with information about your stay. After your check-in, you will receive another e-mail with information about your booking and information about our hotel and our offers. On the day of your departure, you will also receive an e-mail with the option to check out online. If applicable, you will also receive the option to check out with this email. After your stay, you will be given the opportunity to send us feedback and rate your stay. If applicable, you will also receive an invoice in electronic form. In each e-mail you have the option to object to the sending of further e-mails. The legal basis is Art. 6 para. 1 lit. f DSGVO. We use an online service from straiv GmbH, Eichwiesenring 4f, 70567 Stuttgart, Germany, to send the emails.

4.2. Type of data

We process different types of personal data to fulfil the respective purposes. In particular: 

  • Personal master data
  • Data on accompanying persons/family members
  • Address and contact details
  • Details on guest preferences and requests
  • Credit and debit card numbers, bank account details and other payment data
  • Passport, identity card and other identification data
  • Booking and reservation data
  • Travel data and data on itineraries and activities
  • Treatment information and documentation in the spa & wellness area
  • Contract master data/contract billing data and payment data
  • Photographs and video data

4.3.   Data transfer to payment service providers

In connection with the processing of orders and bookings, we transfer personal data to service providers who support us with this processing. This applies in particular to providers of credit card billing services, insofar as the transfer of data is necessary to process the payment. In this respect, we collaborate with the company SIX Payment Services (Germany) GmbH, Global Data Protection Support, Langenhorner Chaussee 92-94, 22415 Hamburg, Germany. You can view the company’s privacy statement at https://www.six-payment-services.com/en/home.html. Where applicable, individual online services offer the possibility of using the online payment service of PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. If you choose PayPal as your payment method, the data required for the payment process will automatically be transferred to PayPal. Under certain circumstances, PayPal may transfer data to credit agencies for the purpose of checking your identity and creditworthiness. Further information on data processing by PayPal can be found here: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full. If you use Apple Pay, Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment is made via the “Apple Pay” function of your iOS terminal device (for example iOS, watchOS, macOS) and by charging the payment card deposited with Apple Pay. For the purpose of payment processing, the information you provide during the payment or ordering process, including information about your order, is disclosed to Apple in encrypted form. Further information on data processing by Apple and data protection can be found at: https://support.apple.com/en-gb/HT203027

The legal basis for the above processing activities is Article 6 (1) (b) GDPR.

4.4. Disclosure of personal data

In certain cases, we also disclose personal data to third parties, but only if you have consented, if there is a legal basis for the disclosure or if we are legally obliged to do so. Recipients may in particular be other companies within the VILA VITA Group, for example in order to make bookings and reservations, to plan and hold events, to process enquiries and complaints or to invoice services provided by us. Furthermore, we also pass on personal data to external service providers, in particular in the context of the provision of IT systems and services, payment and order processing or event organisation. To the extent that we are legally required or in the context of law enforcement, we also disclose personal data to public authorities. 

 

5. Data protection notice for job applicants

VILA VITA Ferienanlage Pannonia Betriebsgesellschaft mbH is pleased that you are interested in a position with one of our companies. We would like to inform you below about the processing of your personal data in connection with your application.

5.1. Controller

The controller within the meaning of Article 4 (7) GDPR is the respective company of

VILA VITA Ferienanlage Pannonia Betriebsgesellschaft mit beschränkter Haftung 
Storchengasse 1 
7152 Pamhagen, Österreich 
Telefon: + 43 2175 2180-0 
Telefax: + 43 2175 2180-444 
E-Mail: info@vilavitapannonia.at

You can also reach our data protection officer at the address given in the job advertisement – making sure your correspondence is addressed to “Data Protection Officer” – or at datenschutz@vilavitapannonia.at.

5.2. Processing purposes and legal bases

The data you provide as part of your application will be processed solely for the purpose of selecting job applicants or for the application process. This is particularly true in the case of checking your suitability for the advertised position. We use the data you have provided us with for this purpose. This may also include information that you make available in professional online networks or job boards. 

We will only disclose your job applicant data to other companies in the VILA VITA Group if you have expressly consented to this.

The legal basis for data processing is Article 6 (1) (b) GDPR. Should data be required for legal defence after completion of the application process, this data processing is based on legitimate interests in accordance with Article 6 (1) (f) GDPR. Our legitimate interest in the further processing is then the assertion of or defence against claims.

5.3. Type of data

We only process the data you provide us with, usually:

  • Personal master data
  • Address and contact details
  • CV, professional background and other details from the application
  • Training and qualification data
  • Photographs and video data

In the course of the application process, further data may be added, for example from interviews or from generally accessible sources such as professional online networks or former employers. In certain cases, for example for management positions, we may conduct assessments or potential analyses. 

5.4. Duration of storage

Applicant data will be erased six months after completion of the application process, unless there is a legal reason for erasure or you have expressly consented to longer storage. 

If we conclude an employment contract with you, we will store your application documents in your personnel file or in our personnel information system for the purpose of implementing the employment relationship on the basis of Article 6 (1) (b) GDPR.  

5.5. Disclosure of personal data

As a matter of principle, only persons who need this data to carry out the application process will have access to your data. This includes employees of the HR department. They will view and process your application as soon as they receive it. In addition, department heads for the vacant position will have access to your application data.

5.6. Location of data processing

Application data is generally processed in data centres within the Federal Republic of Germany or the European Economic Area (EEA). Should data be processed outside the EEA, this will only be done if a third country has been confirmed by the European Commission as having an adequate level of data protection pursuant to Article 44 et seqq. GDPR or other appropriate guarantees for the protection of personal data are in place.

5.7. Your rights

You have the right

  • of access in accordance with Article 15 GDPR, 
  • to rectification in accordance with Article 16 GDPR, 
  • to erasure in accordance with Article 17 GDPR,
  • to restriction of processing in accordance with Article 18 GDPR and
  • to data transfer in accordance with Article 20 GDPR.

In addition, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Article 77 GDPR.

You can withdraw your consent to the processing of your personal data at any time with future effect.

5.8. Automated decision making

An automated individual case decision will be not be made in connection with your application. 

 

6. Data protection notice for service providers and suppliers

With the following Data Protection Notice, we would like to inform you about the processing of your personal data pursuant to Article 13 of the General Data Protection Regulation if you are a service provider or supplier in a business relationship with VILA VITA Ferienanlage Pannonia Betriebsgesellschaft mit beschränkter Haftung.
 

6.1. Controller

The controller within the meaning of Article 4 (7) GDPR is the respective company of

VILA VITA Ferienanlage Pannonia Betriebsgesellschaft mit beschränkter Haftung 
Storchengasse 1 
7152 Pamhagen, Österreich 
Telefon: + 43 2175 2180-0 
Telefax: + 43 2175 2180-444 
E-Mail: info@vilavitapannonia.at 

You can also reach our data protection officer at the above addresses – making sure your correspondence is addressed to “Data Protection Officer” – or at datenschutz@vilavitapannonia.at.

6.2. Processing purposes and legal bases

The processing of personal data is carried out for the fulfilment of our obligations arising from the respective contract or for the implementation of pre-contractual measures such as, in particular, the request for individual offers for work, services or the delivery of products, calculating fees, contractual correspondence and complaints. The legal basis is Article 6 (1) (b) GDPR. Furthermore, we process personal data on the basis of legitimate interests in accordance with Article 6 (1) (f) GDPR. This includes, in particular, obtaining creditworthiness information and exchanging data with credit agencies, asserting legal claims and defending ourselves in legal disputes, ensuring IT security and IT operations, preventing and investigating criminal offences and measures to ensure house rules. In addition, we process your data if this is necessary for the fulfilment of legal obligations, in particular for compliance with commercial and tax law.

6.3. Type of data

We usually collect the following data:

  • Personal master data
  • Address and contact details
  • Payment and invoice data
  • Order and performance data
  • Information from third parties

6.4. Duration of storage

Where not otherwise stated in this Data Protection Notice, personal data will only be stored for as long as is necessary to fulfil the relevant purpose, or to fulfil our contractual or legal obligations. We are subject to various storage and documentation obligations. These result in particular from the Austrian Fiscal Code and the Geldwäschegesetz (Money Laundering Act). The periods stipulated in these cases may be up to 10 years.

6.5. Disclosure of personal data

If we transfer personal data to other persons or companies, this will only be done on the basis of your consent, legal permission, a legal obligation (for example to public bodies and institutions such as supervisory or financial authorities) or an agreement on order processing in accordance with Article 28 GDPR. Further recipient categories can be found in this Data Protection Notice.

6.6. Location of data processing

Your data will generally be processed at locations within the Federal Republic of Germany or the European Economic Area (EEA). Should data be processed outside the EEA, this will only be done if a third country has been confirmed by the European Commission as having an adequate level of data protection pursuant to Article 44 et seqq. GDPR or other appropriate guarantees for the protection of personal data are in place.

6.7. Your rights

You have the right

  • of access in accordance with Article 15 GDPR, 
  • to rectification in accordance with Article 16 GDPR, 
  • to erasure in accordance with Article 17 GDPR,
  • to restriction of processing in accordance with Article 18 GDPR and
  • to data transfer in accordance with Article 20 GDPR.

In addition, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Article 77 GDPR.

You can withdraw your consent to the processing of your personal data at any time with future effect.