DATA PROTECTION DECLARATION
This privacy statement is addressed to all parties using this website in accordance with the regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 (General Data Protection Regulation - GDPR).
The declaration only applies to the mentioned page and not to any other pages that may be accessible to the user by clicking on a hyperlink.
The operator of this site guarantees that, in accordance with the law, personal data will be processed in compliance with the basic rights and freedoms and with the dignity of the person concerned, in particular for the purposes of confidentiality, personal identity and the right to the protection of personal data.
1. Name and address of the responsible person and of the data protection officer
Responsible person in the sense of GDPR:
Via Sant’Osvaldo 2
South Tyrol – Italy
+39 0471 616504
Data Protection Officer:
2. Location of data processing
Hotel Ganischgerhof Mountain Resort & SPA
Rio Nero 22
39050 Nova Ponente (BZ)
South Tyrol – Italy
3. Extent and legal basis of the processing of personal data
We generally only process personal data of our users as far as this is necessary for the provision of a functional website as well as of our contents and services. Processing of personal data is carried out only with the consent of the user. An exception applies in those cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted or provided for by legal regulations.
The legal basis for the processing of personal data is Art. 6 GDPR and, if necessary, specific contractual agreements with the user and associated obligations.
4. Data deletion and storage period
Unless specifically stated, we store personal data only for as long as necessary to fulfil the purposes pursued.
In some cases, the law prescribes the retention of personal data. In these cases, we only store the data for these legal purposes, but do not process it elsewhere and delete it after the legal retention period has expired.
5. General purposes of the processing
We use personal data for the purpose of providing this website and for the purposes set out below.
6. What data we use and why
Access data / server log files
When you use this website, information about your usage behaviour and your interaction with the site, as well as data about your computer or mobile device, is automatically collected (so-called server log files). This data includes:
- Name and URL of the website accessed
- Date and time of access
- Browser type and version
- Operating system
- Referer URL (i.e. the previously visited page)
- IP address of the client/user
All log files listed above are automatically deleted from our server after 365 days. The IP address of the user is only stored partially anonymised during this period. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. We use this log data without assigning it to you personally or otherwise profiling it for statistical evaluations for the purpose of the operation, security and optimisation of our website, but also for the anonymous recording of the number of visitors to our website (traffic) and the extent and type of use of our website and services, as well as for accounting purposes in order to measure the number of clicks received from cooperation partners. This information allows us to provide personalised and location-based content and to analyse traffic, find and fix errors and improve our services.
This is also our legitimate interest in data processing according to Art 6 (1) f) GDPR.
In addition, accesses with the full IP address are administratively logged by the website operator, among other things, for the purpose of detecting and defending against cyber-attacks. This data is deleted after a maximum of seven days.
Further information on the use, management and deletion of cookies can be found under the following link: [Click here]
According to its own information, Google has submitted to the Privacy Shield Agreement concluded between the European Union and the USA and has been certified for this purpose. Google thereby agrees to comply with the standards and regulations of European data protection law. You can find more information in the following linked entry: [Click here]
We have activated IP anonymisation on this website (anonymizeIp). This means that your IP address is shortened beforehand by Google within member states of the European Union or in other contractual states of the Agreement on the European Economic Area. Only in exceptional cases the full IP address is transmitted to a Google server in the USA and shortened there.
Further information on the use, administration and deletion of cookies can be found under the following link: [Click here]
You can also prevent the transmission of data generated by cookies and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: [Click here]
As an alternative to the browser plug-in or within browsers on mobile devices, you can click on the following link to set an opt-out cookie that will prevent the collection by Google Analytics within this website in the future (this opt-out cookie only works in this browser and only for this domain. If you delete the cookies in your browser, you must click this link again): [Click here]
Google Web Fonts
This site uses so-called web fonts provided by Google for the uniform display of fonts. When you open a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google's servers. This informs Google that our website has been accessed via your IP address. Google Web Fonts are used in the interest of a consistent and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 (1) f) GDPR.
If your browser does not support web fonts, a standard font from your computer will be used.
Data for the fulfilment of our contractual obligations (module: webshop/order form)
If orders are placed via this site, we process the personal data that we need to fulfil our contractual obligations, such as name, address, tax number, e-mail address, ordered products, billing and payment data. The collection of this data is necessary for the conclusion of the contract.
The deletion of the data takes place after the expiry of warranty periods and legal retention periods. Data linked to a user account shall in any case be retained for the duration of the management of this account.
The legal basis for the processing of this data is Art. 6 (1) b) GDPR, because this data is required for us to be able to fulfil our contractual obligations towards a customer.
Registration/User Account (module: user account)
On our website, we offer users the opportunity to register by providing personal data. The data is entered in an input form and transmitted to us and stored. The data will not be passed on to third parties.
For new registrations, we collect the master data provided in the input form as well as the access data (user name and password).
In order to ensure your proper registration and to prevent unauthorised logins by third parties, you will receive an activation link by e-mail after your registration to activate your account.
During the registration process, the user's consent to the processing of this data is obtained and reference is made to this data protection declaration.
Once you have created a user account, you can have it deleted at any time without incurring any costs. A notification in text form to the responsible person (e.g. by e-mail, fax, letter) is sufficient for this purpose. We will then delete your stored personal data, unless we still need to store it for the processing of orders or due to statutory retention obligations.
The legal basis for the processing of this data is your express consent in accordance with Art. 6 Para. 1 a) GDPR and, if applicable, Art. 6 Para. 1 b) GDPR if mutual contractual obligations still exist.
Newsletter (Modul: "Newsletter")
On our website, you have the option of subscribing to a free newsletter. When registering for the newsletter, the data from the form is transmitted to us. This involves the e-mail address and, if available, the first name and surname of the user.
For the processing of the data, your consent is obtained during the registration process and reference is made to this data protection declaration. The legal basis for the processing of the data is therefore your explicit consent in accordance with Art. 6 Para. 1 a) GDPR.
You can revoke your consent to receive the newsletter at any time and thus unsubscribe from the newsletter and request the cancellation of the stored data.
Contact form and e-mail contact
Our website contains a contact form that can be used for electronic requests. If a user makes use of this option, the data entered in the form will be transmitted to us and stored.
For the processing of the data, your consent is obtained during the sending process and reference is made to this data protection declaration. The legal basis for the processing of the data is therefore your explicit consent in accordance with Art. 6 Para. 1 a) GDPR.
As an alternative, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. The legal basis for the processing of the data is therefore your explicit consent in accordance with Art. 6 Para. 1 a) and b) GDPR.
In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.
The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process (server log files) serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The user has the option to revoke his or her consent to the processing of personal data at any time.
Use of social plugins
Social plugins are integrated on this website using the so-called 2-click solution. By default, these buttons do not transmit any data to third parties. By manually activating them, the user agrees that data is transmitted to the respective operator of the social network and that third-party cookies are installed. But only for this one page and for the selected service. Preferences in this regard can be saved and changed at any time via the gear wheel icon.
If you activate the social plugins, please read the following explanations on how they work and what data is transferred.
Plugins of the social network Facebook (Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA) are integrated on these internet pages. You can recognise the Facebook plugins by the Facebook logo or the "Like" button on our site. You can find an overview of the Facebook plugins here: [Click here]
Widget Google Maps
We integrate maps (Google Maps) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, in one or more places on this website. These are integrated via a script, whereby your IP address and your location data are sent to Google (but not without your consent, usually in the context of the settings made on your end device). The data may be processed in the USA.
Google is certified under the Privacy Shield agreement (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active) and thereby offers a guarantee of compliance with European data protection law.
Google AdWords and Google Conversion-Tracking
This website uses Google AdWords. AdWords is an online advertising programme of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (Google).
Within the framework of Google AdWords, we use the so-called conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking.
Each Google AdWords customer receives a different cookie. The cookies cannot be tracked through the websites of AdWords customers. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted in to conversion tracking. The customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that personally identifies users. If you do not wish to participate in the tracking, you can revoke this use by easily deactivating the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics.
The storage of conversion cookies is based on Art. 6 para. 1 f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.
You can configure your browser to be informed about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general and to activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
Our website uses the website visitor action pixel from Facebook, Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (Facebook) for conversion measurement.
This makes it possible to track the behaviour of page visitors after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimised.
The data collected is anonymous for us as the operator of this website, and we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the corresponding user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage policy. This enables Facebook to serve advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator.
You can also disable the Custom Audiences remarketing feature in the Ad Settings section at http://it-it.facebook.com/policy.php. To do this, you must be logged in to Facebook.
If you do not have a Facebook account, you can disable Facebook's usage-based advertising on the European Interactive Digital Advertising Alliance website: [Clicca qui]. A tal fine deve però effettuare il login su Facebook.
- Users can prevent the installation of cookies from Google AdSense in various ways:
- by adjusting the browser software appropriately;
- by deactivating Google's interest-based ads Google;
- by deactivating the interest-based ads of the providers that are part of the self-regulation campaign "About Ads" sind;
- by permanent deactivation through a browser plug-in. The settings under b) and c) are deleted when cookies are deleted in the browser settings.
- For more information on data protection and cookies for advertising on Google AdSense, please see https://policies.google.com/privacy?hl=it.
7. Your rights as a person affected by data processing
If your personal data is processed, you are a person concerned within the meaning of the GDPR and you have the following rights towards the responsible person:
- the right to confirmation and information
- the right to rectification
- the right to erasure ("right to be forgotten")
- the right to restriction of processing
- the right to be informed
- the right to data transferability
- the right to object
- the right to revoke the declaration of consent under data protection law
- the right not to be subject to automated decision-making, including profiling
- the right to lodge a complaint with the supervisory authority.
Detailed information on the individual rights can be found under the following link: [Click here]
8. Data security
We are very concerned about the security of your data within the framework of the applicable data protection laws and technical possibilities.
Your personal data is always transmitted in encrypted form. This applies in particular to your orders and also to the customer login. You can recognise an encrypted connection by the fact that the address line of the browser changes from http:// to https:// and by the lock symbol in your browser line. We use the SSL (Secure Socket Layer) coding system, but we would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.
To protect your data, we maintain technical and organisational security measures in accordance with Art. 32 GDPR, which we continuously adapt to the state of the art.
We also do not guarantee that our service will be available at certain times; disruptions, interruptions or failures cannot be excluded. The servers we use are carefully backed up on a regular basis.
9. Disclosure of data to third parties
Generally, we only use your personal data within our company. However, we cannot exclude that when data is transferred to third parties, it may be transferred to another EU or non-EU country or to an international organisation, provided that this is in accordance with the purpose of the data processing.
If and to the extent that we involve third parties in the performance of contracts (such as logistics service providers), they will only receive personal data to the extent that the transfer is necessary for the relevant service.
In the event that we outsource certain parts of data processing (commissioned processing), we contractually oblige commissioned processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.
10. Further information
If you have any questions or concerns about data protection, please contact our controller/data protection firstname.lastname@example.org
Competent supervisory authority (Italy): Garante per la Protezione dei Dati Personali, Piazza di Monte Citorio 121, 00186 ROME, Tel: (+39) 06.696771, Fax: (+39) 06.69677.3785, E-mail: email@example.com, Website: http://www.garanteprivacy.it/.
For further information and GTC’s of Ganischger GmbH, please refer to our General Terms and Conditions.
Bolzano, 01 February 2021