GUARANTEE OF LAWFUL AND SECURE PROCESSING OF PERSONAL DATA
Privacy is paramount
We – Austrian Alpine Chalets GmbH– are committed to protecting your privacy. That is why we want to inform, respect and give you as much controlas possible over what happens to your personal data. We want to manage and use your personal data safely and respectfully with due care and diligence. In this way, we can serve you better and offer you the best possible experience. We start from the principle that everyone should have control over their personal data, and that everyone is entitled not to share everything with us.
We have implemented technical and organisational measures to receive secure processing of your personal data. These measures correspond to the nature of the personal data and are proportionate to the seriousness of the potential risk. Unfortunately, not every risk can be completely avoided. If Austrian Alpine Chalets GmbH’s IT systems are accessed illegally, we will immediately implement all possible measures to minimise data corruption and/or theft.
WHAT DOES THE ‘PROCESSING’ OF DATA MEAN
We understand the ‘processing’ of data to mean all processing of personal data. The term ‘processing’ includes the collection, recording, organisation, storage, updating, alteration, retrieval, consultation, use, dissemination or otherwise making available, pooling, combining, archiving, erasure and destruction of personal data.
WHO PROCESSES THE PERSONAL DATA?
Austrian Alpine Chalets is therefore the controller and determines which personal data is collected, as well as the purposes and means of collection.
WHOSE PERSONAL DATA DO WE PROCESS?
‘Personal Data’ are data that relate to an identifiable person. You may have provided these data yourself, for example by filling in a form on our website. We may also assign data to you obtained through our cooperation, including data received through third parties.
The following types of personal data may be processed in this regard:
- identification data, such as your first name, surname, e-mail address, telephone number and address details;
- data on your training, occupation and position;
- the identification and financial data of the company for which you work.
HOW DO WE COLLECT PERSONAL DATA?
We may collect personal data in various ways, including during or in relation to:
- a visit to our website;
- downloading information from our website;
- filling in and submitting a contact form;
- subscribing to our newsletter (whether or not via the website);
- sending an e-mail;
- the exchange of business cards;
- carrying out a prospecting assignment;
- the preparation and/or conclusion of an agreement.
FOR WHICH PURPOSES DO WE USE YOUR PERSONAL DATA?
We process personal data for various purposes, each time processing only the data that are necessary to achieve the intended purpose.
For example, we use personal data:
- when we have received consent to do so;
- in the context of the preparation or performance of a contract;
- in order to comply with the statutory or regulatory provisions to which we are subject.
If Austrian Alpine Chalets has a legitimate interest, we always strive to balance that interest with respect for the data subject’s privacy.
Subject to consent, insofar as required, we collect personal data for the following specific purposes:
- the performance of an agreement;
- conducting targeted marketing campaigns (based on your interests);
- sending invoices and collecting payments;
- optimising the quality, content and management of the website;
- statistical purposes;
- drafting a sales agreement;
- answering a specific question and/or providing information;
- conducting customer satisfaction surveys, polls and other market studies.
When you visit our website, data are collected for statistical purposes. These data are used to optimise our website. These data include the IP address, probable location of visit, time and day of visit, and which pages were visited. When you visit the website, you declare that you agree to this data collection, which is intended for statistical purposes only.
DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
We will not disclose your personal data to third parties, unless this is necessary for the provision of our services and their improvement (including but not limited to maintenance, processing of payments, database management, application for financing, the execution of a deed, etc.).
We may also disclose your personal data:
- to the competent authorities, when we are obliged to do so by law or in the context of current or future legal proceedings, and in order to safeguard and defend our rights;
In all other cases, we willnot transfer, rent or sell your personal data to third parties unless we have your explicit consent to do so.
We will always enter into aprocessing agreementwith a third party, which includes the necessary guarantees of confidentiality and privacy conformity with regard to your personal data.
SECURITY OF PERSONAL DATA
We undertake to implement technical and organisational measures to prevent unlawful access to your personal data and the loss, misuse or alteration of such data.
Despite our safety policy, the checks that we perform and the actions that we take in this respect, an infallible level of security cannot be guaranteed. No method of transfer or transmission over the internet or of electronic storage is 100% secure. As a result, we cannot guarantee absolute security.
However, we do everything we can to protect your personal data and privacy, both within our network and in our office.
Our employees are trained to handle confidential data correctly. We use specialist companies to ensure the security of our ICT network and cloud services.
We also use a variety of technical measures to protect your personal data, such as firewalls, anti-virus software, encryption and access controls.
If a data leak occurs with adverse consequences for your personal data, you will be informed in the circumstances provided for by law.
Our employees are granted access to your personal data insofar as they need that information for the proper performance of their duties.
STORAGE OF PERSONAL DATA
The retention period may therefore differ for each purpose. For example, in order to comply with our statutory obligations, we are required to keep financial records for seven years. These archived data are obviously only accessible to a limited extent.
After the end of the applicable retention period(s), personal data are anonymised or deleted.
You may always invoke the following privacy rights:
- the right to access your personal data that we have at our disposal;
- the right to rectification, completion or adaptation of your personal data;
- the right to delete your personal data;
- the right to restrict the processing of your personal data;
- the right to portability of your personal data;
- the right to object to/oppose the processing of your personal data.
If you wish to invoke your privacy rights, as set out above, please send an e-mail to firstname.lastname@example.org
We will respond to your request within four weeks of receipt.
If you no longer wish to receive newsletters or information about our services, you can unsubscribe at any time by clicking on the ‘unsubscribe’ link at the bottom of each of our newsletters.
CROSS-BORDER PROCESSING OF PERSONAL DATA
Any transfer of personal data outside the European Economic Area (EEA) to a recipient residing or established in a country that is not covered by an adequacy decision, as issued by the European Commission, will be governed by provisions of a data transfer agreement that will contain the standard contractual clauses, as set out in the ‘Commission Decision of 5 February 2010 (Decision 2010/87/EC)’, or any other mechanism under privacy legislation or other regulations governing the processing of personal data.
Latest update: 7/5/2018