Viveahealth hotels

privacy policy

As operator of the Vivea Hotels, Künig GmbH takes the protection of your privacy and your personal data very seriously. We have implemented technical and organisational measures in place in order to ensure that the provisions on data protection are complied with by us as well as by external service providers.  

Your personal data will of course be processed in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Data Protection Act.

In the following, we will inform you about us as the person responsible for data processing and the type, scope and purpose of data collection:

1. Controlling:

Künig GmbH (FN 216022f)
Maximilianstraße 7
6330 Kufstein

Telefon: +43 5372 90500
E-Mail-Adresse: info@vivea-hotels.com | datenschutz@vivea-hotels.com

If you have any questions about data protection in the Vivea health hotels or the processing of your personal data, please send an email to datenschutz@vivea-hotels.com. Of course, you can also contact the reception desk and the management of the Vivea health hotel at any time before, during or after a stay in one of our Vivea health hotels.

2. Data processing:

(1) This Data Protection Policy shows which data we collect and for which purpose we use such data. The Data Protection Declaration applies regardless of the domains, systems, platforms and end devices used (e.g. desktop computer, tablet, mobile phone etc.).

(2) The terms used, for example “personal data” or “processing” thereof, refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

(3) The personal data of the users processed in the course of this online offer includes inventory data (e.g. names and addresses of customers), contractual data (e.g. services used, names of clerks, payment information), usage data (e.g. the websites of our online offer visited, interest in our products) and content data (e.g. entries in the contact form). 

(4) The term “user” covers all categories of data subjects and includes all genders. “Users” include our customers, business partners and other visitors to our online offer. 

(5) We process personal data of the users in strict compliance with the relevant data protection provisions. This particularly concerns the data processing for the provision of our services and online services. 

(6) We point out that the legal basis for consents is Art. 6(1) point (a) and Art. 7 GDPR, the legal basis for the processing for performance of our services and execution of contractual measures is Art. 6(1) point (b) GDPR, the legal basis for the processing for compliance with our legal obligation is Art. 6(1) point (c) GDPR and the legal basis for the processing in order to safeguard our legitimate interests is Art. 6(1) point (f) GDPR.

3. SSL Encryptions / Security

For security reasons and in the interests of protecting confidential content, such as any orders or enquires you may send to us as the website operator, this website uses an SSL encryption. You can recognise an encrypted connection by the address line in the browser changing from “http://” to “https://” and by the lock symbol in the browser line. Thus, the data you transmit to us cannot be accessed by third parties. Furthermore, in the course thereof, the personal data processed by us is to be protected against accidental or deliberate manipulation, destruction, loss or against access by unauthorised persons. 

4. Forwarding of data to third parties

(1) We will only use your personal data within our company.

(2) To the extent data is transferred to service providers in the course of data processing, we also oblige such service providers to comply with the GDPR. We disclose your data to bodies entitled to receive such information exclusively if we are obliged thereto by applicable laws or a court orders.

5. Provision of contractually-agreed services

(1) We process inventory data (e.g. names and addresses as well as our users’ contact information)) and contractual data (e.g. services used, names of contact persons, payment information) to comply with our contractual commitments and to provide our services in accordance with Art. 6() GDPR.

(2) Users can optionally set up a user account in certain areas of our website in which they can access their orders (e.g. vouchers, online bookings etc.). This user account is not public and cannot be retrieved by search engines. If you cancel your user account, the data relating to your account are deleted unless their retention is required based on commercial or tax law according to Art. 6(1) point (c) GDPR.

(3) In case of registration and subsequent log-ins as well as the use of our online services, we save the IP address and the time of the user action. Data processing is based on Art. 6(1) point (b) GDPR, which allows the processing of data for the performance of a contract or pre-contractual measures.

(4) These data are generally not transmitted to any third party unless it is required for the pursuit of our claims or there is a legal obligation acc. to Art. 6(1) point (c) GDPR.

6. Contacting us

(1) If you contact us (via online contact form or email), your user information shall be processed for the purpose of handling the contact request in accordance with Art. 6(1) point (b) GDPR.

7. Access data and log files

(1) We collect and store information based upon our legitimate interests as defined in Art. 6(1) GDPR in server log files which your browser automatically transmits to us. This information includes the following: browser type and version, operating system used, referrer URL, host name of the accessing computer, time of the server request as well as your IP address.

(2) Log file information shall be stored for a maximum of seven days for security reasons (e.g. clarification of acts of misuse or fraud) and shall be erased afterwards. Data which must be retained for longer periods for the purpose of providing proof are exempted from erasure until the respective incident has been definitively resolved.

(3) This data is not combined with other data sources. 

(4) The data processing is based on Art. 6(1) point (b) GDPR, which allows the processing of data for the performance of a contract or pre-contractual measures.

8. Cookies

(1) Some of our websites use of “cookies”. Cookies are small text files which allow for storing specific device-related information on the access device of the users (PC, smartphone or the like). On the one hand, their purpose is to improve the user-friendliness of our websites, thus providing a better experience to the users (e.g. storage of log-in data). On the other hand, they are used to allow for storing statistical data on the use of our website and analysing it in order to improve the offer. Cookies do not harm your computer and do not contain any viruses. Cookies serve the purpose of making our website more user-friendly, effective and secure.

(2) Most cookies used by us are “session cookies”. These are deleted automatically at the end of your visit. Other cookies are stored on your end device until you delete them. These cookies allow us to recognise your browser upon your next visit to our website.

(3) You can set your browser to inform you about cookies being placed and to only allow cookies on a case-by-case basis, to refuse cookies in certain cases or in general, and to activate the automatic deletion of cookies when you close the browser. Deactivating cookies may limit the full functionality of this website.

(4) Cookies that are required for execution of the electronic communication process or for the provision of certain features requested by you (e.g. shopping cart in the voucher shop) are saved based on Art. 6(1) point (f) GDPR. We have a legitimate interest in the storage of cookies for the technically smooth and optimised provision of our services.

(5) You can manage or deactivate many online display cookies of companies via the US-American page www.aboutads.info/choices/ or the EU page www.youronlinechoices.com/uk/your-ad-choices/.

9. Analysis Tool – Google Analytics

(1) This website uses functions of Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. (“Google”). Google Analytics uses "cookies”, small text files that are stored on the users’ computers which enable an analysis of how they use our website.  Information generated by the cookies on the usage of the online services by users is generally transferred to Google servers in the USA where it is saved. The Google Analytics cookies are stored on the basis of Art. 6(1) point (f) GDPR.

(2) We have a legitimate interest in the analysis of the user behaviour in order to optimise both web offers and advertisements.

(3) Google will use this information on our behalf to analyse the usage of our online services by the users, compile reports on the activities within these online services and to provide further services to us which are connected to the usage of these online services and Internet usage.

(4) We use Google Analytics to show ads which are provided by Google web services and their partners only to those users who have shown interest in our online services or have certain characteristics (e.g. interest in contents or products which is determined based on visited web pages) which we transmit to Google (referred to as “remarketing” or “Google Analytics audiences”). With the help of remarketing audiences, we would also like to ensure that our ads correspond to users’ potential interest and do not constitute an annoyance.

(5) We have activated the IP anonymisation function on this website. This means that your IP address is abbreviated by Google within European Union member states or other states party to the Agreement on the European Economic Area before it is transmitted to the US. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

(6) On behalf of the provider of this website, Google uses this information to analyse your use of the website, to compile reports about the website activity and to provide further services which are connected to the use of this website and of the Internet for its operator. The IP address transmitted by your browser in the context of Google Analytics is not combined with other data from Google.

(7) You can prevent the storage of cookies by changing the settings of your browser software accordingly (browser plug-in: tools.google.com/dlpage/gaoptout. Please note, however, that if you do so, you may not be able to use all of the functions of this website to their fullest extent.

(8) Further information on Google’s use of data as well as possible ways of objection can be found at the following Google links:
www.google.com/intl/de/policies/privacy/partners (Data usage by Google if you use the websites or apps of our partners)
www.google.com/policies/technologies/ads (Data usage for marketing purposes)
www.google.de/settings/ads (Manage information used by Google to display advertising to you).

(9) Google is certified according to the Privacy Shield Agreement and thus guarantees compliance with the European Data Protection Legislation www.privacyshield.gov/participant

10. Marketing Tool – Google Remarketing

(1) Our websites use the functions of Google Analytics Remarketing in connection with functions of Google AdWords across devices. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. (“Google”)

(2) These functions enable us to display advertising to our users on our website in a more targeted manner so that, for example, interest-based, customised advertising messages which were adjusted based upon your use and surfing behaviour using one device in the past (e.g. mobile phone) can be displayed on another end device used by you (e.g. tablet or PC). 

(3) If e.g. ads are displayed for products in which a user has already shown interest in on other webpages, this is called remarketing. For these purposes, a web beacon (Google code) is executed and embedded within the website directly by Google when our or other websites on which Google tools are active are accessed. With the help of these tags, an individual cookie, i.e. a small file, is saved on the users’ device (instead of cookies other comparable technologies may also be used). 

(4) Every Google AdWords customer gets a different cookie. These cookies cannot be tracked via the websites of AdWords customers. The information collected in the course thereof (by means of conversion cookies) are used to create conversion statistics. I.e. we only learn the total number of users who clicked on an ad. These statistics, however, do not receive any information which can be used to identify users personally. 

(5) In addition, the users’ IP address is recorded. In this regard, we inform you within the scope of Google Analytics that the IP address is abbreviated in EU member states or other states party to the Agreement on the European Economic Area and is only transmitted as a whole to a Google server in the USA and abbreviated there in exceptional cases. The IP address will not be combined with any user data within other services provided by Google. Google may connect the above information to corresponding information from other sources. If the user subsequently visits other web pages, ads which are adjusted to their interests can be displayed.

(6) If you do not want to participate in the tracking, you can object to this use at any time by simply deactivating the Google conversion tracking cookie via your Internet browser under user settings. Thus, you will not be included in the conversion tracking statistics.

(7) For further information on data use for marketing purposes by Google, please refer to the overview page at: www.google.com/policies/technologies/ads, Google’s Privacy Notice can be viewed at https://www.google.com/policies/privacy.

(8) If you wish to object to interest-related advertising by Google Marketing Services, you can use the setting and opt-out options provided by Google at: www.google.com/ads/preferences.

(9) Google is certified according to the Privacy Shield Agreement and thus guarantees compliance with the European Data Protection Legislation
www.privacyshield.gov/participant

11. Facebook plug-ins (Like & Share buttons)

(1) This website uses plug-ins of the social network Facebook (provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA). You can recognise these Facebook plug-ins by the Facebook logo or the “Like button” on our website. An overview of the Facebook plug-ins is available at: developers.facebook.com/docs/plugins/.

(2) When you visit our websites, the plug-in establishes a direct connection between your browser and the Facebook server. In this way, Facebook receives the information that you visited our website with your IP address. When you click the Facebook “Like button” while you are logged into your Facebook account, you can link the contents of our websites to your Facebook profile. If you do so, Facebook will be able to assign the visit of our websites to your user account. Please note that as provider of the websites, we have no knowledge of the content of the data transmitted to or of its use by Facebook. For more information, please refer to the Facebook privacy policy at: de-de.facebook.com/policy.php.

(3) If you do not want Facebook to be able to assign the visit to our websites to your Facebook user account, please log out of your Facebook user account and please delete your cookies.

(4) Facebook is certified according to the Privacy Shield Agreement and thus guarantees compliance with the European Data Protection www.privacyshield.gov/participant

(5) Further settings and objections to the use of data for marketing purposes are possible in the Facebook profile settings at:  https://www.facebook.com/settings?tab=ads

12. Instagram plug-in (Instagram Button) 

(1) This website uses Instagram functions. These functions are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. You can recognise the Instagram button by the Instagram camera symbol.

(2) If you are logged into your Instagram account, you can link the content of our pages with your Instagram profile by clicking this Instagram button. If you do so, Instagram will be able to assign the visit of our pages to your user account. Please note that as provider of the website, we have no knowledge of the data transmitted to or of its use by Instagram.

(3) For further information, please refer to the Instagram privacy policy at: instagram.com/about/legal/privacy/.

13. Linktree (linking on Instagram)

(1) This site uses features of Linktree. These features are provided by Linktree Pty Ltd, 37 Islington St, Collingwood VIC 3066, Australia. You can recognize the Linktree button by the Linktree tree icon.

(2) If you are logged into your Instagram account, you can click on the Linktree link on our Instagram profile to go to an overview page. The links listed there will take you to our website. This allows link.tree to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, can only see the number of general page views via link.tree. However, we have no knowledge of the further content of the transmitted data or its use by Linktree.

(3) For further information, please refer to the privacy policy of Linktree https://linktr.ee/s/privacy/ 

14. Facebook pixel

(1) Within our online offer, we use the “Facebook pixel” of the Facebook social network based upon our legitimate interests in analysing and optimising our online offer. Facebook is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are an EU resident, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook”).

(2) Facebook is certified according to the Privacy Shield Agreement and thus guarantees compliance with the European Data Protection Legislation: www.privacyshield.gov/participant

(3) In this way, the behaviour of website visitors can be monitored after they were forwarded to the provider’s website by clicking on a Facebook advert. Thus, the effectiveness of the Facebook adverts can be evaluated for statistical and market research purposes and future marketing measures can be optimised.

(4) We as operator of this website receive the data collected in an anonymous form, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection with the respective user profile is possible and Facebook can use the data for its own marketing purposes in accordance with Facebook’s data use policy. Thus, Facebook is enabled to show adverts on Facebook pages as well as outside Facebook. We as operator of this website cannot influence such data use.

(5) Facebook processes data based on their data use policy. You can find further information on the protection of your privacy in the Facebook data protection notices at: www.facebook.com/about/privacy/. 

(6) For specific information and details on the Facebook pixel and its function, please refer to the Facebook help area at: www.facebook.com/business/help/651294705016616.

(7) You can object to the data collection by the Facebook pixel and to the use of your data for the displaying of Facebook ads at: www.facebook.com/settings;

15. Newsletter

(1) By subscribing to our newsletter offered on our website, you agree to receive the newsletter and to the described procedure.

(2) We send newsletters, emails and other electronical notifications which include advertising information exclusively with the consent of the recipients or with statutory permission. Furthermore, our newsletters contain information about our current offers, news and promotions of our companies.

(3) Subscriptions to our newsletter are solely based on a double opt-in procedure. This means that after subscription via the contact form, you will receive an email in which you are asked to confirm your subscription. This confirmation is required so that no person can register with another person’s email address or impersonate you. Newsletter subscriptions will be logged to be able to provide proof of the subscription process according to the legal requirements. This includes the saving of the subscription and confirmation time as well as the IP address. In addition, changes to your data which are stored with the marketing service are logged.

(4) Marketing service: Newsletters are sent by “mailingwerk”, an Austrian newsletter distribution platform. The data protection provisions of the distribution service provider can be viewed at: www.netwerk.at/datenschutz/ 

(5) Our newsletters contain web beacon (a small file which is requested by the server of the distribution service provider when you open the newsletter). Technical information such as information on your browser and system as well as your IP address and the time of retrieval is recorded therein. This information is used for technical improvement of the services. These statistical purposes also include the determination whether the newsletter is opened, when it is opened and which links within the newsletter are clicked.

(6) The use of the distribution service provider, the performance of the statistical determinations and analyses as well as logging of the subscription process take place on the basis of our legitimate interests in accordance with Art. 6(1) point (f) GDPR. Our interest is oriented towards the use of a user-friendly and secure newsletter system which serves our business interests and meets the expectations of the users.

(7) Unsubscription/withdrawal – you can unsubscribe from our newsletter at any time. Thus, your consents to distribution thereof by the distribution service provider and to the statistical analyses become invalid at the same time. Unfortunately, separate withdrawal of distribution by the distribution service provider or statistical evaluation is not possible. A link to end your subscription to the newsletter can be found at the end of each newsletter. After unsubscribing, your personal data will be deleted.

16. Distribution of brochures

(1) You can subscribe for free distribution of brochures on our website via a corresponding contact form. Subscriptions for the distribution of brochures will be logged to be able to provide proof of the subscription process according to the legal requirements. This includes the saving of the subscription and confirmation time as well as the IP address.

(2) The data you provide will be used exclusively for the distribution of brochures as requested by you and not disclosed to third parties.

(3) After expiry of the guarantee, warranty, limitation and statutory retention periods to which we are subject, and, where applicable, until conclusion of any legal disputes for which such data is needed as legal evidence, your data will be erased.

17. Non-binding requests or the like

(1) You can send a non-binding request to the Vivea health hotel you are interested in via our website using a corresponding contact form. The requests will be logged to be able to provide proof of the registration process according to the legal requirements. This includes the saving of the registration and confirmation time as well as the IP address.

(2) The data you provide will be used exclusively for the request made by you and not disclosed to third parties.

(3) After expiry of the guarantee, warranty, limitation and statutory retention periods to which we are subject, and, where applicable, until conclusion of any legal disputes for which such data is needed as legal evidence, your data will be erased.

18. Third-party contents & services

(1) Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online services in accordance with Art. 6(1) point (f) GDPR), service offers of third-party providers are embedded on our website. As a prerequisite, the third-party providers of this content need to know the users’ IP address since they would otherwise not be able to send the content to the users’ browser. The IP address is therefore required to display the content. Third parties may use, inter alia, pixel tags (web beacons) for statistical or marketing purposes. Using such pixels, information such as visitor traffic on the pages of this website can be analysed. The pseudonymous information can also be saved as cookies on the users’ device; among other data, they may contain technical information on the browser and operating system, referring web pages, access time and other information on the use of our online services and it can be linked to such information from other sources.

(2) Below, you find an overview of the third-party providers engaged by us as well as their contents and the corresponding links to the respective data protection declarations:
External payment service providers:

  • External fonts by Google Inc., www.google.com/fonts (“Google Fonts”). Google Fonts are embedded by a server call at Google (usually in the USA).
    Privacy Notice: www.google.com/policies/privacy/
    Opt-out: https://www.google.com/settings/ads/
  • Maps provided by the “Google Maps” service of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
    Privacy Notice: www.google.com/policies/privacy/ 
    Opt-out: www.google.com/settings/ads/ 
  • Videos provided by the “YouTube” platform of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. 
    Privacy Notice: www.google.com/policies/privacy/
    Opt-out: https://www.google.com/settings/ads/
  • LinkedIn: The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Whenever you access one of our websites that contains functions of LinkedIn, a connection will be established to the LinkedIn servers. LinkedIn is informed that you visited our websites with your IP address. If you click on the “Recommend button” of LinkedIn and are logged into your account with LinkedIn, LinkedIn is able to assign your visit to our website to you and to your user account. Please note that as provider of this website, we have no knowledge of the content of the data transmitted to or of its use by LinkedIn.
    Privacy Notice: www.linkedin.com/legal/privacy-policy
    Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
  • XING: The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Whenever you access one of our websites that contains functions of XING, a connection will be established to the XING servers. According to our knowledge, no personal data will be stored in this process. In particular, no IP addresses will be stored and no analysis of the usage behaviour will take place. 
    Privacy Notice: https://www.xing.com/app/share?op=data_protection.
  • Web analysis and optimisation by means of the Hotjar service (third-service provider Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe). By means of Hotjar, we can track movements on the websites on which Hotjar is used (“heatmaps”). Thus, for example, we can see how far the users scroll and how often they click on which buttons. Furthermore, technical data such as language chosen, system, screen resolution and browser type are collected. In the course thereof, profiles of the users can be created at least temporarily during the visit to our websites. Furthermore, Hotjar also enables us to obtain feedback directly from the users of the website. In this way, we obtain valuable information in order to make our website even faster and more customer-friendly.
    Data protection declaration: www.hotjar.com/privacy. Opt-out: www.hotjar.com/opt-out 

19. User rights

(1) Upon request, users are entitled to obtain free access to information on the personal data we store about them.

(2) With reference to such request for access, we point out that the right to request information on the data processed about you as data subject in accordance with Art. 15 GDPR is a personal right. Accordingly, we are obliged to obtain and document proof of your identity. This shall particularly ensure that only you as data subject are provided with information on your data, thus, helping us in preventing misuse of the right of access.

(3) After receiving your proof of identity, we will comply with your request without undue delay. The legal period under Art. 12 GDPR of one month for the provision of information only starts upon receipt of a valid proof of identity.

(4) In addition, users are entitled to rectification of inaccurate data, restriction of processing and erasure of their personal data, where applicable, assert their rights to data portability and, if unlawful data processing is assumed, lodge a complaint with the competent supervisory authority.

(5) Moreover, users can, generally with effect for the future, withdraw consents.

20. Erasure of data

(1) The data stored by us will be erased as soon as it is no longer required for its purpose and the erasure does not conflict with any legal storage obligations. If the users’ data is not erased, since it is required for other purposes which are permitted by law, its processing will be restricted. I.e. the data is blocked and not processed for any other purposes. This applies e.g. to data which has to be retained due to commercial law or tax law.

(2) According to statutory provisions, data is retained for 6 years as per Art. 257, para. 1 HGB [Austrian Commercial Code] (trading books, inventories, opening balance sheets, annual financial statements, business letters, accounting records, etc.), for 10 years as per Art. 147, para. 1 AO [Austrian Fiscal Code] (books, records, management reports, accounting records, commercial and business letters, documents which are relevant for taxation, etc.)

21. Right to object

Users can object to the future processing of their personal data according to the legal requirements at any time. The right to object refers in particular to the processing for direct marketing purposes.

22. Changes to the Data Protection Declaration

(1) We reserve the right to amend this Data Protection Declaration in order to adapt it to amended legal provisions or to changes to the service as well as data processing. However, this only applies with regard to statements on data processing. To the extent consents of the users are required or parts of the Data Protection Declaration contain provisions of the contractual relationship with the users, the changes are exclusively made subject to the consent of users.

23. Disclaimer

(1) Liability for contents 
The contents on our websites were prepared with utmost care. However, we cannot assume any liability for the correctness, completeness and topicality of the contents. As service provider, we are responsible for our own contents on these websites according to the general legislation. Nonetheless, service providers are not obliged to monitor third-party information transferred or retained by them or to search for circumstances indicating any illegal activity. Obligations to remove or block the use of information in accordance with general legislation remain unaffected hereof. However, any liability in this respect can only be assumed as from the date of knowledge of a specific infringement. Once we become aware of such infringements, we will remove these contents immediately.

(2) Liability for links
Our offer contains links to external third-party websites, on the contents of which we do not have any influence. We therefore cannot accept any liability for such third-party content. The provider or operator of linked websites is responsible for their content. The linked websites were reviewed for potential legal violations at the time of linking. No unlawful content was identifiable at the time of linking. However, we cannot reasonably be expected to permanently monitor the content of linked websites without concrete indications of an infringement. If we become aware of infringements, we will remove such links immediately.