Privacy Policy

Consent to Data Use

Thank you for visiting our homepage and for your interest in our company. Our dealings with our customers and prospective customers are a matter of trust. Your trust is of great value to us. As such, we recognise the importance and obligation of handling your data carefully and protecting it from misuse.

In order to make you feel safe and secure when visiting our website, we take the protection of your personal data and its confidential treatment very seriously. Therefore, we act in accordance with applicable personal data protection and data security legislation. In this notice on data protection, we would like to inform you about which data we store and when, and how we use it – of course, in compliance with applicable laws.

ARCOTEL Hotels complies in particular with the EU General Data Protection Regulation (GDPR) and with all current national data projection legislation. To protect your personal data while using the Internet, we take guidance from the Telecommunications Act (Telekommunikationsgesetz, TKG) of the Republic of Austria. Below, we explain which information we collect during your visit to our website and how it is used.

I. Name and address of the controller

The controller within the meaning GDPR and other national data protection laws of the Member States as well as other data protection regulations is:
ARCOTEL Hotels & Resorts GmbH, Konstantingasse 6-8, A-1160 Vienna
Austria, tel: +43 (1) 485 5000, fax: +43 (1) 485 5000-12, email: office@arcotel.com

II. Name and address of the Data Protection Officer

The controller’s Data Protection Officer is:
Andreas Thurmann, DataSolution Thurmann GbR, Isarstr. 13, D-14974 Ludwigsfelde, Germany, tel.: +49 (0) 3378 202513, fax: (0) 3378 202514, email: mail@hoteldatenschutz.de

III. General information about data processing

1. Scope of processing of personal data

In principle, we collect and use personal data of our users only to the extent necessary for the provision of a functional website and our content and services. The collection and use of personal data of our users regularly takes place only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) GDPR serves as the legal basis. For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures. Insofar as the processing of personal data is required to fulfil a legal obligation that our company is subject to (e.g. national reporting laws), Art. 6 (1) (c) GDPR serves as the legal basis. If the processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 (1) (f) GDPR serves as the legal basis for processing.

3. Deletion of data and duration of storage

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage ceases to exist. In addition, storage may be provided for by European or national legislators in EU regulations, laws or other provisions to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the provisions mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

IV. Contact/email contact

1. Description and scope of data processing

A contact option is available on our website which can be used for electronic contact. If a user makes use of this option, they can contact the relevant contact person via the email address provided. In this case, the user’s personal data transmitted by email is stored in the email system.
In this context, there is no disclosure of data to third parties. The data is used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for the processing of these data is Art. 6 (1) (a) GDPR if the user has granted its consent.
The legal basis for the processing of the data is, moreover, Art. 6 (1) (f) GDPR. If contact is established in order to conclude a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

3. Purpose of data processing

For the processing of personal data as part of email contact, the required legitimate interest in the processing of data is given.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been definitively clarified.
If the contact is a pre-contractual relationship (offer or reservation request), the data transferred is also stored in our hotel software and used for contract performance. If no contractual relationship arises, we will delete the data after one year effective at the end of the year.

5. Objection and removal options

The user has the option to object to the processing of their personal data at any time. We have set up the email address datenschutz@arcotel.com for this purpose.
Please note that in the case of an objection, the conversation cannot be continued and we cannot create offers etc.
All personal data stored in the course of making contact will be deleted in this case.

V. Online booking through the website

1. Description and scope of data processing

On our website, you have the option to book rooms and arrangements for each ARCOTEL Hotel. If a user makes use of this option, the data entered in the input form will be transmitted to us and stored. This data includes: first name, surname, email address, phone number, address, number of accompanying travellers, expected arrival time, requests, payment data (credit card), date, time.
If you make an online booking from our website, this is done through the bookassist online booking system provided by Automatic Netware Ltd, 35 Fitzwilliam Place, Dublin 2, Ireland. All booking data entered by you will be encrypted. bookassist has committed itself to the handling of your transmitted data in accordance with data protection law. It takes all organisational and technical measures to protect your data.
In this context, no further transfer of the data to third parties will take place. The data is used exclusively to process the booking and for communication.

2. Legal basis for data processing

The legal basis for the processing of the data is the conclusion of an accommodation contract with the user in accordance with Art. 6 (1) (b) GDPR.

3. Purpose of data processing

The processing of personal data from the input form is solely for the purpose of processing the booking request and payments.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention requirements are met.

5. Objection and removal options

The user has the option to object to the processing of their personal data at any time. We have set up the email address datenschutz@arcotel.com for this purpose.
Please note that in the case of an objection, the booking cannot be completed and the conversation cannot be continued.

VI. Online booking through other websites

1. Description and scope of data processing

ARCOTEL Hotels & Resorts gives interested parties the option to book rooms and arrangements for each ARCOTEL Hotel through hotel reservation portals (third-party providers). If a user makes use of this option, the data entered in the input form will be transmitted to us and stored to the extent permitted by the respective hotel reservation portal in accordance with its own privacy policy. The data may include: first name, surname, email address, phone number, address, number of accompanying travellers, expected arrival time, requests, payment data (credit card).
The data provided is transferred to our hotel software via a so-called channel manager. All booking data received is transferred in encrypted form. As the provider of the channel manager, HotelNetSolutions GmbH, Genthiner Str. 8, D-10785 Berlin, Germany, has committed itself to the handling of the personal data transmitted in accordance with data protection law. It takes all organisational and technical measures to protect your data.
In this context, no further transfer of the data to third parties will take place. The data is used exclusively to process the booking and, if necessary, for communication.

2. Legal basis for data processing

The legal basis for the processing of the data is the conclusion of an accommodation contract with the user in accordance with Art. 6 (1) (b) GDPR.

3. Purpose of data processing

The processing of personal data from the input form is solely for the purpose of processing the booking request and payments.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention requirements are met.
ARCOTEL has no influence on the storage periods at the respective hotel reservation portal.

5. Objection and removal options

The user has the option to object to the processing of their personal data at any time. We have set up the email address datenschutz@arcotel.com for this purpose.
Please note that in the case of an objection, the booking cannot be completed and the conversation cannot be continued.

VII. Table reservations

1. Description and scope of data processing

On our website, you have the option to book a table for our restaurant. If a user makes use of this option, the data entered in the input form will be transmitted to us. This data includes: title, first name, surname, email address, phone number, table reservation details (day, time, number of persons, restaurant).
If you make table reservations from our website, this is done through the online reservation system of Bookatable GmbH & Co. KG, Deichstraße 48-50, D-20459 Hamburg, Germany. All order data entered by you will be transferred in encrypted form. Bookatable has committed itself to the handling of your transmitted data in accordance with data protection law. Bookatable takes all organisational and technical measures to protect your data.
In this context, no further transfer of the data to third parties will take place.

2. Legal basis for data processing

The legal basis for the processing of the data is firstly our legitimate interest in the processing of data as well as the consent of the user by recognition of our conditions for data processing.

3. Purpose of data processing

The processing of personal data is solely for table reservation purposes.

4. Duration of storage

The data will be deleted as soon as it is no longer required for the purpose of its collection.

5. Objection and removal options

The user has the option to object to the processing of their personal data at any time. We have set up the email address datenschutz@arcotel.com for this purpose.

VIII. Online service for corporate customers

1. Description and scope of data processing

On our website, corporate customers have the option to register via “Fastlane” in a protected corporate customer area where they can make their bookings. If a corporate customer makes use of this option, the following data is stored in the customer profile: company, title, first name, surname, email address, phone number, company and/or invoice address and login data. During a booking, the title, first name, surname, email address and wishes for the employee regarding the general booking data are stored on the website. If you make an online booking from our website via the “Login Fastlane”, this is done through the protel web booking engine from protel hotelsoftware GmbH, Europaplatz 8, D-44269 Dortmund, Germany. All order data entered by you will be transferred in encrypted form. Protel has committed itself to the handling of your transmitted data in accordance with data protection law and takes all organisational and technical measures to protect your data.

2. Legal basis for data processing

The legal basis for the processing of the data is the conclusion of a sales contract with the corporate customer.
The transferred data is stored in our hotel software and used for contract performance.

3. Purpose of data processing

The processing of the personal data from the user account and the related orders is solely for the purpose of processing the booking and the payment transactions.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention requirements are met.

5. Objection and removal options

The user has the option to object to the processing of their personal data at any time. We have set up the email address datenschutz@arcotel.com for this purpose.

IX. Purchase of vouchers through the website

1. Description and scope of data processing

On our website, you have the option to purchase vouchers. If a user makes use of this option, the data entered in the input form will be transmitted to us and stored. This data includes: title/company name, first name, surname, date of birth, email address, address, phone/fax number, voucher value, requests, payment data, password for individual user account. If you purchase a voucher from our website, this is done through the online ordering platform of INCERT eTourismus GmbH & Co KG, Leonfeldner Straße 328, A-4040 Linz, Austria. All order data entered by you will be transferred in encrypted form. INCERT has committed itself to the handling of your transmitted data in accordance with data protection law. INCERT takes all organisational and technical measures to protect your data. In this context, no further transfer of the data to third parties will take place. The data is used exclusively to process the booking and for communication.

2. Legal basis for data processing

The legal basis for the processing of the data is the conclusion of a sales contract with the user in accordance with Art. 6 (1) (b) GDPR.

3. Purpose of data processing

The processing of the personal data from the input form is solely for the purpose of processing the voucher purchase and payment transactions.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention requirements are met.

5. Objection and removal options

The user has the option to object to the processing of their personal data at any time. We have set up the email address datenschutz@arcotel.com for this purpose.

X. Sending of e-mails before arrival

1. Description and scope of data processing

We would like to send a welcome mail to those of our guests from whom we have received an email address as part of the booking or where we can connect with the guest through a hotel reservation site. A few days before arrival, the guest will receive an email with a reservation summary and information about the reservation and any additional services that are available. If we send these e-mails, this happens via the platform Revinate from Revinate Inc., 1 Letterman Drive Building C, Suite CM 100, San Francisco, California 94129, USA. Revinate has committed itself to the handling of your transmitted data in accordance with data protection law. Revinate takes all organisational and technical measures to protect your data. More information about the subject of data protection is available at https://www.revinate.com/privacy/.

2. Legal basis for data processing

The legal basis for the processing of the data is firstly our legitimate interest in the processing of data in the context of the booking, i.e. the contract initiation relationship.

3. Purpose of data processing

We want to contact the guests to give them the option to book additional services quickly and comfortably.

4. Duration of storage

The data will be deleted as soon as it is no longer required for the achievement of the purpose.

5. Objection and removal options

The user has the option to object to the processing of their personal data at any time. We have set up the email address datenschutz@arcotel.com for this purpose.

XI. Consulting and support of corporate customers

1. Description and scope of data processing

For the support, consulting and advertising of corporate customers, we collect and use data on the contact person, phone number and postal address in addition to the business partner or potential business partner. The information is obtained from various sources, either through a request (email or phone), but also through events, fairs, business cards received by our sales staff etc.
In this context, there is no disclosure of data to third parties. The data is used exclusively for the purposes mentioned.

2. Legal basis for data processing

The legal basis for the processing of the data is, moreover, Art. 6 (1) (f) GDPR. If contact is established in order to conclude a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

3. Purpose of data processing

We use this contact information exclusively for our own purposes and for the needs-based design of our own sales activities.

4. Duration of storage

No general deletion period is provided. However, should our sales department have had no contact with the company within three years, the sales department will decide whether to delete the contact person for the company. If the contact is a pre-contractual relationship (offer or reservation request), the data transferred is also stored in our hotel software and used for contract performance. If no contractual relationship arises, we will delete the data after one year effective at the end of the year.

5. Objection and removal options

The company contact has the option to object to the processing of their personal data at any time. We have set up the email address datenschutz@arcotel.com for this purpose. All personal data of the contact person saved for the business partner will be deleted in this case.

XII. Newsletter service

1. Description and scope of data processing

On our website, you have the option to subscribe to our newsletter service in different ways. If a user makes use of this option, the data entered in the input form will be transmitted to us and stored. This data includes: email address as well as voluntary information such as title, first name, surname, language, desired destinations or themes.
If you subscribe to a newsletter from our website, the data is stored in our newsletter tool from Eyepin GmbH, Billrothstrasse 52, A-1190 Vienna, Austria. Eyepin GmbH has committed itself to the handling of your transmitted data in accordance with data protection law. It takes all organisational and technical measures to protect your data.
Should we otherwise receive an email address, where the recipient clearly tells us that they would like to receive our newsletter, we will collect their data via the input form on our website. In this context, no further transfer of the data to third parties will take place. The data is used exclusively to send newsletters.

2. Legal basis for data processing

The legal basis for the processing of the data is the consent of the recipient in accordance with Art. 6 (1) (a) GDPR. This is ensured by a double-opt-in procedure.

3. Purpose of data processing

The processing of personal data serves us only to send individual newsletters.

4. Duration of storage

The data will be deleted as soon as the newsletter service is unsubscribed.

5. Objection and removal options

The recipient has the option to object to the processing of their personal data at any time. With each newsletter, the recipient can unsubscribe from the newsletter service. We have also set up the email address datenschutz@arcotel.com for this purpose. Please tell us the email address here.

XIII. Online review

1. Description and scope of data processing

Former guests can leave a review of our hotel after check-out. For this purpose, we would like to send you an email within 14 days of departure to ask you for a hotel review. In addition, there is the option of submitting the review in a paper questionnaire. In this case, we will enter the opinion submitted into the online review system. Each review may be published anonymously on request. If you did not feel comfortable in one of our hotels, we would like to take the opportunity to contact you.
If you submit an online review on our website, the data will be stored in the rating tool of TrustYou GmbH, Agnes-Pockels-Bogen 1, D-80992 Munich, Germany. TrustYou GmbH has committed itself to the handling of your transmitted data in accordance with data protection law. It takes all organisational and technical measures to protect your data.
If a former guest makes use of this online review option, data from the former guest is stored in the evaluation form. This data includes: email address as well as voluntary information such as first name, surname, language and information provided in the review. In this context, no further transfer of the data to third parties will take place. The data will only be used to publish the rating and to mediate poor ratings.

2. Legal basis for data processing

The legal basis for the processing of data is, moreover, Art. 6 (1) (f) GDPR, i.e. the legitimate interest of ARCOTEL.

3. Purpose of data processing

The purpose of the hotel review is to communicate and summarise the opinions of hotel guests through our website so that interested parties can form their own impression about our services. In addition, the results assist with our internal quality management.

4. Duration of storage

The data is not deleted.

5. Objection and removal options

There is always the option to have the publication of the review deleted (right to be forgotten). We have set up the email address datenschutz@arcotel.com for this purpose. Please let us know what review you would like to have deleted.

XIV. Running of prize contests and surveys

1. Description and scope of data processing

To allow you to participate in prize contests, we collect certain personal data (first name, surname, email address, possibly address).
If we conduct surveys in combination with prize contests, then we will send emails via our newsletter tool from Eyepin GmbH (see “Newsletter service”). The online survey is carried out by QuestionPro GmbH, Friedrichstraße 171, D-10117 Berlin, Germany. During the online survey, you can register with your first name, surname and your email address so that we can contact you in the event that you win a prize. Participation in the prize contest is voluntary. If you do not want to take part in the prize contest, you can also take the survey anonymously. QuestionPro GmbH has committed itself to the handling of your transmitted data in accordance with data protection law. It takes all organisational and technical measures to protect your data.

2. Legal basis for data processing

The legal basis for the processing of the data is the consent of the recipient in accordance with Art. 6 (1) (a) GDPR if we use our contacts in the newsletter tool. We use this data, for example, if we conduct surveys in combination with prize contests. The legal basis for the collection and processing of the data of participants in prize contests is our legitimate interest in the running of prize contests.

3. Purpose of data processing

Your data are only used for the running of the prize contest or for the analysis of our survey and not for other purposes unless you have also opted to receive a newsletter and have expressly consented to this purpose. Your data are only transferred to third parties if is necessary for the running of the prize contest (e.g. system operator for online surveys). No transfer to other third parties takes place.

4. Duration of storage

As soon as the business purpose of the prize contest has been fulfilled and you have not been identified as a winner, we will delete your data within one month of the end of the prize contest. If you were identified as a winner, national, fiscal and commercial retention requirements apply.

5. Objection and removal options

The participant has the option to object to the processing of their personal data at any time. We have set up the email address datenschutz@arcotel.com for this purpose.

XV. Online application for a job vacancy

1. Description and scope of data processing

If you send us personal data during an application process, this data is divided into the following data types and data categories for collection, processing and/or use:
Personal data (first name, surname, date of birth, address, educational history)

• Communication data (phone number, mobile number, email address)
• Data concerning your assessment and evaluation in application procedures
• Data concerning your past training/education (school, professional training, civil/military service, studies, degrees)
• Data concerning your past professional experience, educational and employer references
• Information about other qualifications (e.g. language skills, computer skills, volunteer work)
• Application photo
• Application history

If you make an online application from our website, this is done through the online application system d.vinci from d.vinci HR-Systems GmbH, Nagelsweg 37-39, D-20097 Hamburg, Germany. All order data entered by you will be transferred in encrypted form. d.vinci has committed itself to the handling of your transmitted data in accordance with data protection law. It takes all organisational and technical measures to protect your data.

We will use the personal data transmitted by you solely for the processing of your application for the advertised vacancy. Only persons involved in the application process will have knowledge of your personal data. All employees entrusted with the data processing are required to preserve the confidentiality of your data. We do not transfer your personal data to third parties unless you have consented to the data transfer or if legal requirements and/or an official or court order obligates us to do so.
In the event that an applicant matches the profile of a different job vacancy advertised by a company associated with ours, we will gladly pass on the application documents. We would obtain the consent of the applicant before doing so. Otherwise, the data is exclusively used for the processing of the application by the relevant department and for communication purposes.

2. Legal basis for data processing

The legal basis for the processing of the data is the contract initiation relationship or the conclusion of a contract with the applicant. To pass on the application documents to an associated company, we will first obtain the applicant’s consent.

3. Purpose of data processing

The processing of the personal data from the input form is solely for the purpose of processing the application.

4. Duration of storage

Your data is automatically deleted within six months after conclusion of the respective application procedure. This does not apply if legal requirements exist that necessitate a further storage for evidentiary purposes or if you expressly consented to a longer storage period. A message to the deletion of the data is not sent.

5. Objection and removal options

The user has the option to object to the processing of their personal data at any time. We have set up the email address datenschutz@arcotel.com for this purpose. In the event of an objection, we must point out that the application cannot be concluded and the conversation cannot be continued.

XVI. Provision of the website and creation of log files

1. Description and scope of data processing

Every time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:

• (1) Information about the browser type and version used
• (2) The user’s operating system
• (3) The user’s IP address
• (4) Date and time of access
• (5) Websites from which the user’s system reaches our website
• (6) Websites accessed by the user’s system from our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. Personal user profiles cannot be formed. The stored data is used only for statistical purposes.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this the IP address of the user must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
Our legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR also lies in these purposes.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or obscured, so that an assignment of the calling client is no longer possible.

5. Objection and removal options

The collection of the data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

XVII. Use of cookies

1. Description and scope of data processing

Cookies are small files that allow us to store specific information related to you, the user, on your computer while you visit one of our websites. Cookies help us to determine the frequency of use and the number of users on our websites, as well as to make our offers as comfortable and efficient as possible for you. We use ‘session cookies’, which are cached exclusively for the duration of your use of our website. The session cookies are stored on your data carrier to ensure certain settings and functionalities on our websites via your browser. The cookies we use are deleted after the end of the browser session, i.e. once you close your browser. Below, we describe which cookies we use on the site in more detail. These cookies allow us to tailor the features and content of the site to your needs by storing your preferences. For example, these cookies may be used to store your user data in our forum or to make a language selection. In addition, they can be used to provide interactive information, such as watching our virtual catalogues or videos.
Cookie name Valid Purpose of the cookie

• exp_last_activity 1 year This cookie tells us the date of your last activity on our website. If it is your first visit, it will be set to the current time.
• exp_last_visit 1 year This cookie is only relevant to registered users. If you are browsing the site as a guest, it will be set to a date in the past.
• exp_tracker until the end of the session This cookie stores the last 5 pages that you visited on our site. We use this information to redirect you to the page where you were located.
• SSL_JSessionID until the end of the session bookassit cookie

In addition, we use cookies on our website that enable an analysis of users’ browsing behaviour. In this way, the following data can be transmitted: search terms entered, frequency of page views, use of website functions. The users’ data collected in this way is pseudonymised by way of technical precautions. As such, the data can no longer be associated with the visiting user. The data is not stored together with other personal data of the users. When accessing our website, the user is informed about the use of cookies for analytics purposes and their consent to the processing of the personal data used in this context is obtained. In this context, reference is also made to this privacy policy.

2. Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) (f) GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes is the consent of the user in accordance with Art. 6 (1) (a) GDPR.

3. Purpose of data processing

The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some features of our website cannot be offered without the use of cookies. For them, the browser needs to be recognised even after changing pages. The user data collected through technically necessary cookies is not used to create user profiles.
Analysis cookies are used to improve the quality of our website and its contents. Through the analysis cookies, we learn how the website is used, allowing us to constantly optimise our service. For these purposes, our legitimate interest in the processing of personal data is in accordance with Art. 6 (1) (f) GDPR.

4. Duration of storage, objection and deletion options

Cookies are stored on the computer of the user and transferred by it to our site. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transfer of cookies. Previously saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to their full extent. The use of our services is also possible without cookies and scripts. You can disable the storage of cookies and scripts in your browser, restrict them to certain websites or set your browser to notify you when a cookie is sent. You can also delete cookies from your computer’s hard drive at any time. You can install browser add-ons to block scripts. NoScript for Firefox and ScriptSafe for Google Chrome are examples of such browser add-ons. These not only block any kind of JavaScript, they also block selected trackers, Java, Flash and other plugins on websites.
If you are concerned about third-party cookies, you can reject them specifically and still receive the cookies that make our website work properly.
This is how you can reject cookies in any of the main browsers:

• Mozilla Firefox: http://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
• Google Chrome: https://support.google.com/chrome/bin/answer.py?hl=de&answer=95647&p=cpn_cookies
• Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
• Safari: http://support.apple.com/kb/PH11913

Please note, however, that in these cases you will have to expect a limited presentation of the page and a limited user interface.

5. Additional information

In addition to the above information about the use of cookies, please note the following:
Use of Google Analytics, Google Convers Tracking and Google Remarketing. Our website uses Google Analytics, Google Convers Tracking and Google Remarketing. These are services of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’). This service uses Google Analytics, a web analytics service of Google Inc. (‘Google’). Google Analytics uses ‘cookies’, text files that are stored on users’ computers and enable the analysis of website use. The information generated by the cookie about the use of this website by the users is usually transmitted to a Google server in the US and stored there. However, if IP anonymisation is activated on this website, Google will truncate the users’ IP addresses beforehand within Member States of the European Union or other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and truncated there. IP anonymisation is active on this website. On behalf of the operator of this website, Google will use this information to evaluate users’ use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Users can prevent the storage of cookies by configuring their browser software accordingly; however, please note that you may not be able to use all features of this website to their full extent in this case. In addition, users may prevent the collection of the data generated by the cookie and relating to their use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. As an alternative to the browser add-on or within browsers on mobile devices, please click this link to prevent Google Analytics from collecting data on this website in the future. This will store an opt-out cookie on your device. If you delete your cookies, you will have to click this link again. In addition, the explanations in Section XI (1) to (4) above apply.
Disabling Google advertising
(http://www.google.com/privacy_ads.html) or on the deactivation page of the Network Advertising Initiative (http://www.networkadvertising.org/managing/opt_out.asp)

• Use of social media plugins

Our website uses social plugins (‘plugins’) of the social network facebook.com, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (‘Facebook’). The plugins are marked with a Facebook logo or the words ‘Facebook Social Plugin’. When you visit a page on our website that contains such a plugin, your browser will establish a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and incorporated by it into the website. By incorporating the plugins, Facebook is informed that you have accessed the corresponding page on our website. If you are logged in to Facebook, Facebook can assign the visit to your Facebook account. If you interact with the plugins, for example by clicking the ‘Like’ button or leaving a comment, the information is transferred from your browser directly to Facebook and stored there. For more information about the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your related rights and settings options for the protection of your privacy, please refer to Facebook’s privacy policy. If you do not want Facebook to collect data about you through our website, you must log out of Facebook before visiting our website.

• Use of +1 buttons/Google +1 buttons

Our website uses the ‘+1’ button of the Google Plus social network, which is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (‘Google’). The button is recognisable by the ‘+1’ sign on a white or coloured background. When you visit a page on our website that contains such a button, your browser will establish a direct connection to Google’s servers. The content of the ‘+1’ button is transmitted by Google directly to your browser and incorporated by it into the website. We therefore have no control over the scope of data Google collects using the button. According to Google, no personal data is collected without clicking on the button. Such data, including IP addresses, is only collected and processed from members who are logged in. For more information about the purpose and scope of the data collection and the further processing and use of the data by Google, as well as your related rights and settings options for the protection of your privacy, please refer to Google’s privacy policy concerning the ‘+1’ button: (http://www.google.com/intl/de/+/policy/+1button.html) and the FAQs: (http://bit.ly/r3Qmer.)
If you are a Google Plus member and you do not want Google to collect information about you from our website and link it to your member data stored on Google, you must log out of Google Plus before visiting our website.

• Use of Pinterest button

On our website, we have added a button from the social network of Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). The Pinterest button takes the user to our Pinterest page via a link. No data is transferred from our website to Pinterest when the user visits our website. If you click the Pinterest button while you are logged in to your Pinterest account, you can link the content of our pages on your Pinterest profile. Pinterest can thus attribute the visit to our pages to your user account if the plugin is activated. We hereby point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data and their use by Pinterest. More information as to the purpose, scope and further processing and use of the data by Pinterest, as well as your rights and options to protect your privacy in this regard, can be found in the privacy policy of Pinterest at https://about.pinterest.com/de/privacy-policy

• Use of Twitter button

On our website, we have added a button from the social network of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”). The Twitter button takes the user to our Twitter page via a link. No data is transferred from our website to Twitter when the user visits our website. If you click the Twitter button while you are logged in to your Twitter account, you can link the content of our pages on your Twitter profile. Twitter can thus attribute the visit to our pages to your user account if the plugin is activated. We hereby point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data and their use by Twitter.
More information can be found in the privacy policy of Twitter at http://twitter.com/privacy.

• Use of LinkedIn

Our website uses plugins from the social network LinkedIn, operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”). The plugins from LinkedIn are recognisable by their logo or by the “Recommend” button and are activated directly by the user. When you visit our website, your browser will establish a direct connection to the LinkedIn servers via the plugin. LinkedIn then receives the information that you have visited our site with your IP address when the plugin is activated. If you click on the LinkedIn button while you are logged in to your LinkedIn account, you can link the content of our pages on your LinkedIn profile. LinkedIn can thus attribute the visit to our pages to your user account. We hereby point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data and their use by LinkedIn.
More information can be found in the privacy policy of LinkedIn at http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv

XVIII. Protection of minors

This service is primarily for adults. We do not currently market special areas for children. As a result, we do not knowingly collect information to determine age, nor do we knowingly collect personal information from children under the age of 16. However, we advise all visitors to our website under the age of 16 not to disclose or provide any personal information through our service. In the event that we find that a child under the age of 16 has provided us with personal data, we will delete the personal data of the child from our files, insofar as this is technically possible, in compliance with the Children’s Online Privacy Protection Act (see the Federal Trade Commission website at www.ftc.gov/kidzprivacy for more information about this law).

XIX. Rights of data subjects

If your personal data is processed, you are a data subject within the meaning GDPR and you have the following rights with respect to the controller.
You have a right to information about the personal data stored about you, the purpose of the processing, possible transfers to other entities and the duration of storage.
If data is inaccurate or no longer required for the purposes for which it was collected, you may request that the data be corrected, deleted or the processing restricted. Insofar as provided for in the processing procedures, you may also view and correct your data yourself if necessary. Should your particular personal situation give rise to reasons against the processing of your personal data, you may object to this insofar as the processing is based on a legitimate interest. The controller will no longer process the personal data relating to you unless it can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending against legal claims. If the personal data relating to you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing. If you object to processing for direct marketing or profiling purposes, your personal data will no longer be processed for these purposes.
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the time of revocation.

If you have questions about your rights and the assertion of your rights, please contact:

ARCOTEL Zentrale Data Protection Officer
ARCOTEL Hotels & Resorts GmbH
Konstantingasse 6-8
A-1160 Vienna
Austria
Tel: +43 (1) 485 5000
Fax: +43 (1) 485 5000-12
Email: datenschutz@arcotel.com

DataSolution Thurmann GbR
Mr Andreas Thurmann
Isarstr. 13
D-14974 Ludwigsfelde
Germany
Tel.: +49 (0) 3378 202513
Fax: (0) 3378 202514
Email: mail@hoteldatenschutz.de

XX. Right to complain to a supervisory authority

As a data subject, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your residence or the place of the alleged breach, without prejudice to any other administrative or judicial remedy, if you are of the opinion that the processing of the personal data relating to you is in breach of data protection laws. The supervisory authority with whom the complaint is lodged will notify you of the status and outcome of your complaint, including the possibility of a judicial remedy. More information can be found on the website of the Federal Data Protection Authority.
For Austria, please follow this link.
For Germany, please follow this link.

XXI. Security

ARCOTEL Hotels & Resorts employs technical and organisational security measures in accordance with Art. 32 GDPR in order to protect your data managed by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are continuously improved in line with technological developments. Access to them is only possible for a small number of authorised persons and persons committed to special data protection obligations who are involved in the technical, administrative or editorial support of data.

XXII. Declaration of consent of the user

By using our website and the offers contained therein, you agree that we can store the personal data you have voluntarily submitted to us and process and use this data in compliance with this privacy policy.
We reserve the right to change, update or supplement this privacy policy at any time. Any revised privacy policy shall only apply to personal data that has been collected or changed since the revised policy entered into force.

Version | November 2018