Datenschutz und Allgemeine Geschäftsbedingungen

Data Processing Information

We are pleased that you are visiting our homepage and thank you for your interest in our restaurant. Handling the data of our guests, customers, and interested parties is a matter of trust. The trust placed in us is of very high value to us and therefore represents a significance and obligation to handle your data carefully and to protect it from misuse and unauthorized use.

To ensure that you feel secure and comfortable when visiting our websites, we take the protection of your personal data and its confidential treatment very seriously. Therefore, we act in accordance with applicable legal regulations for the protection of personal data and data security. With the following information on data protection, we would like to inform you about when we store which data and how we use it—naturally in compliance with current jurisprudence.

ARCOTEL Wimberger specifically aligns itself with the EU General Data Protection Regulation (GDPR) as well as current national data protection laws. When using the internet, we orient ourselves towards the Telecommunications Act (TKG) of the Republic of Austria for the protection of your personal data. Below, we explain which information we collect during your visit to our websites and how it is used.

Name and Address of the Controller

The controller within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:

Handwerk Restaurant
Hotel Wimberger GmbH, Neubaugürtel 34-36, 1070 Vienna, Austria
Tel.: +43 1 521 65-840
Email: info@handwerk-restaurant.at

Name and Address of the Data Protection Officer

The Data Protection Officer of the controller is:

Mr. Andreas Thurmann
DataSolution LUD GmbH, Isarstr. 13, D-14974 Ludwigsfelde, Germany
Tel.: +49 (0) 3378 202513
Email: mail@hoteldatenschutz.de

General Information on Data Processing

Scope of Processing Personal Data

In principle, we collect and use the personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The collection and use of personal data of our users regularly take place only after the user's consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of data is permitted by legal regulations.

Legal Basis for the Processing of Personal Data

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) lit. a; Art. 7 GDPR serves as the legal basis. When processing personal data that is necessary for the fulfillment of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures. Insofar as processing personal data is necessary to fulfill legal obligations to which our hotels are subject (e.g., national registration laws), Art. 6 (1) lit. c GDPR serves as the legal basis. If the processing is necessary to protect a legitimate interest of our hotel group or a third party, and the interests, fundamental rights, and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) lit. f GDPR serves as the legal basis for processing.

Data Deletion and Storage Duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Furthermore, storage may occur if provided for by European or national legislators in EU regulations, laws, or other provisions to which the controller is subject. Blocking or deletion of data also takes place when a storage period prescribed by the mentioned norms expires, unless there is a necessity for further storage of the data for the conclusion or fulfillment of a contract.

Contact Form/Email Contact

Description and Scope of Data Processing

Our website provides a contact option that can be used for electronic communication. If you take advantage of this option, you can contact the respective contact person via the provided email addresses. In this case, the user's personal data transmitted with the email will be stored in the email system.

Alternatively, you have the option of sending us your inquiry via the contact form. This data includes: Salutation, title, first and last name, email address, and your request.

No data is passed on to third parties.

Legal Basis for Data Processing

The legal basis for processing the data is initially our legitimate interest in processing the data in the context of the contact initiated by the inquirer. If the contact aims at the conclusion of a contract, the additional legal basis for processing is within the scope of a pre-contractual relationship.

Purpose of Data Processing

The processing of personal data from the input mask or from an email serves solely to handle the contact.

Other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of Storage

The data will be deleted as soon as it is no longer required to achieve the purpose of its collection.

For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant matter has been conclusively clarified.

Possibility of Objection and Removal

You have the possibility to object to the processing of your data at any time. For this purpose, we have set up the email address datenschutz@arcotel.com . We point out that in the event of an objection, the conversation cannot be continued, or we may not be able to make a reservation.

Table Reservation

Description and Scope of Data Processing

On our website, there is the possibility to reserve a table for our restaurants. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us. This data includes: First name, last name, email address, phone number, details of the table reservation (day, time, number of people, restaurant).

When you make a table reservation, this is also done for selected restaurants in our hotels through the online reservation system of Quandoo GmbH, Sonnenburger Str. 73, 10437 Berlin, Germany. All order data entered by you is transmitted in encrypted form. Quandoo has committed itself to the data protection-compliant handling of your transmitted data. Quandoo takes all organizational and technical measures to protect your data.

Legal Basis for Data Processing

The legal basis for processing the data is initially our legitimate interest in data processing as well as the existence of the user's consent through recognition of the Data Protection and Terms of Use of Quandoo for data processing.

Purpose of Data Processing

The processing of personal data serves solely for table reservation.

Duration of Storage

The data in our restaurants will be deleted as soon as it is no longer required to achieve the purpose of its collection. For storage periods at Quandoo, please refer to their Privacy Policy .

Possibility of Objection and Removal

You have the possibility to object to the processing of your data at any time. For this purpose, we have set up the email address datenschutz@arcotel.com .

Online Ordering via the Website

Description and Scope of Data Processing

On our website, there is the possibility to order menus. If you take advantage of this option, the data entered in the input mask will be transmitted to and stored by us. This data includes: First name, last name, email address, phone number, order details, day and time of pickup, payment data (cash or credit card).

When you make an online order from our websites, this happens, among other things, through the Wix Restaurants online ordering system of Wix.com Inc., 40 Nemal Tel Aviv St., Tel Aviv, Israel. All booking data entered by you is transmitted in encrypted form.

The data is used exclusively for processing the order and for communication.

Legal Basis for Data Processing

The legal basis for processing the data is the conclusion of a contract.

Purpose of Data Processing

The processing of personal data from the input mask serves solely to handle the order and to process the payment transaction.

Duration of Storage

The data will be deleted or anonymized as soon as it is no longer required to achieve the purpose of its collection. In the case of a contractual relationship, we will delete the received data as soon as national, commercial, statutory, or contractual storage regulations are fulfilled.

Possibility of Objection and Removal

You have the possibility to object to the processing of your data at any time. For this purpose, we have set up the email address datenschutz@arcotel.com . We point out that in the event of an objection, the booking cannot be completed, or the conversation cannot be continued.

Newsletter Service

Description and Scope of Data Processing

On our website, there is the possibility to subscribe to our newsletter service in different ways. If you take advantage of this option, the data entered in the input mask will be transmitted to and stored by us. This data includes: Email address as well as voluntary information such as salutation, first name, last name, language, desired destination, or topics.

When you register for a newsletter from our websites, the data is stored in our newsletter tool from Revinate Inc., 1 Letterman Drive Building C, Suite CM 100, San Francisco, California 94129, USA. Revinate has committed itself to the data protection-compliant handling of your transmitted data. They take all organizational and technical measures to protect your data. Further information on data protection can be found on their website.

Should we receive an email address elsewhere, where the recipient clearly informs us that they wish to receive our newsletter, we will record their data via the input mask on our website or also import it into the Revinate platform (see also "Sending emails before arrival").

Legal Basis for Data Processing

The legal basis for processing the data is the existence of the recipient's consent. This is ensured by a double-opt-in procedure.

Purpose of Data Processing

The processing of personal data serves solely for sending individual newsletters.

Duration of Storage

The data will be deleted or blocked if necessary as soon as the newsletter service is unsubscribed.

Possibility of Objection and Removal

As a recipient of the newsletter, you have the possibility to object to the processing of your data at any time. With every newsletter, you can unsubscribe from the newsletter service at any time via a link. Additionally, we have set up the email address datenschutz@arcotel.com . Please inform us of the email address here.

Provision of the Website and Creation of Logfiles

Description and Scope of Data Processing

With every call to our website, our system automatically collects data and information from the computer system of the calling computer. The following data is collected here:

• Information about the browser type and the version used
• The user's operating system
• The user's IP address
• Date and time of access
• Websites from which the user's system reaches our website
• Websites called up by the user's system via our website

The data is also stored in the logfiles of our system. Storage of this data together with other personal data of the user does not take place. Personal user profiles cannot be formed. The stored data is evaluated only for statistical purposes.

Legal Basis for Data Processing

The legal basis for the temporary storage of data and logfiles is our legitimate interest in processing the data for the specified purpose.

Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this, the user's IP address must remain stored for the duration of the session.

Storage in logfiles takes place to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Duration of Storage

The data will be deleted as soon as it is no longer required to achieve the purpose of its collection. In the case of collecting data for the provision of the website, this is the case when the respective session is ended.

In the case of storing data in logfiles, this is the case after seven days at the latest. Further storage is possible insofar as legal requirements force us to do so. In this case, the IP addresses of the users are deleted or distorted so that an assignment of the calling client is no longer possible.

Possibility of Objection and Removal

The collection of data for the provision of the website and the storage of data in logfiles is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

Use of Cookies and Scripts

Description and Scope of Data Processing

Cookies are small files that allow us to store specific, user-related information on your PC while you visit one of our websites. Cookies help us to determine the frequency of use and the number of users of our websites, as well as to make our offers as convenient and efficient as possible for you.

Depending on the type of script, DOS and Visual Basic Scripts (VB) can support processes under Windows, Apple Scripts can automate tasks on Macintosh computers, scripts under Active Server Pages (ASP) or Javascripts can be used to generate dynamic web pages, and Unix scripts record all inputs and outputs of a terminal.

Further information can be found in our Cookie Declaration .

We use cookies on our website that allow an analysis of the users' surfing behavior. In this way, the following data can be transmitted: Entered search terms, frequency of page views, use of website functions. The data of the users collected in this way is pseudonymized by technical precautions. Therefore, an assignment of the data to the calling user is no longer possible. The data is not stored together with other personal data of the users. When calling up our websites, the user is informed about the use of cookies for analysis purposes and their consent for the processing of personal data used in this context is obtained. In this context, a reference to this privacy policy is also made.

Legal Basis for Data Processing

The legal basis for the use of technically necessary cookies is our legitimate interest in the proper operation of our website.

The legal basis for the processing of personal data using cookies for analysis purposes is the existence of the user's consent.

Purpose of Data Processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. The user data collected by technically necessary cookies is not used to create user profiles.

The use of analysis cookies is for the purpose of improving the quality of our website and its content. Through analysis cookies, we learn how the website is used and can thus continuously optimize our offer.

Duration of Storage, Possibility of Objection and Removal

Cookies are stored on the user's computer and transmitted from there to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

Use of a Cookie Banner

The consent manager of the company Cybot A/S, Havnegade 39, 1058 Copenhagen (hereinafter: cookiebot.com) is loaded on our website. We use this service to ensure the full functionality of our website on the one hand, and the data protection-compliant use of marketing and tracking tools on our website on the other. In this context, your browser may transmit personal data to cookiebot.com.

The legal basis for data processing is Art. 6 (1) lit. f GDPR. The legitimate interest consists in the error-free function of the website. The deletion of data occurs as soon as the purpose of its collection has been fulfilled. Further information on the handling of transmitted data can be found in the Privacy Policy of cookiebot.com. You can prevent the collection and processing of your data by cookiebot.com by deactivating the execution of script code in your browser or by installing a script blocker in your browser.

The following information is stored in our Cookiebot account:

• The user's IP address in anonymized form (the last three digits are set to "0").
• Date and time of consent.
• User's browser.
• The URL from which the consent was sent.
• An anonymous, random, and encrypted key value.
• The user's consent status, which serves as proof of consent.

The key and the consent status are also stored in the user's browser in the "CookieConsent" cookie, so that the website can automatically read and respect the user's consent for all subsequent page requests and future user sessions for up to 12 months. You have the possibility to view and change your level of consent at any time. You can find this further down on this page.

By law, we can store cookies on your device if they are strictly necessary for the operation of this site. For all other cookie types, we need your permission. This site uses different cookie types. Some cookies are placed by third parties that appear on our pages. You can change or withdraw your consent from the Cookie Declaration on our website at any time.

Change your consent here | Withdraw your consent here

Script Blocker in Your Browser

Use of our offers is also possible without cookies and scripts. You can deactivate the storage of cookies and scripts in your browser, restrict them to certain websites, or set your browser so that it notifies you as soon as a cookie is sent. You can also delete cookies from your computer's hard drive at any time.

To block scripts, you can install browser add-ons. NoScript for Firefox and ScriptSafe for Google Chrome are examples of such browser extensions. These not only block any kind of JavaScript, but they also block selected trackers, Java, Flash, and other plugins on websites.

If you are concerned about third-party cookies, you can reject only these and still receive the cookies that allow our website to function properly.

How to reject cookies in each of the main browsers:

Mozilla Firefox: Link

Google Chrome: Link

Internet Explorer: Link

Safari: Link

Please note, however, that in these cases you must expect a limited presentation of the site and limited user guidance.

Use of Analysis Tools

Use of Google Analytics, Google Conversion Tracking, and Google Remarketing

Our website uses Google Analytics, Google Conversion Tracking, and Google Remarketing. These are services of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google").

This offer uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses cookies and scripts that are stored on users' computers and allow an analysis of the use of the website by them. The information generated by the cookie about the use of this website by the users is usually transmitted to a Google server in the USA and stored there. In the case of activation of IP anonymization on this website, the IP address of users will, however, be shortened beforehand by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information to evaluate the use of the website by users, to compile reports on website activities, and to provide further services associated with website use and internet use to the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.

Users can prevent the storage of cookies by a corresponding setting of their browser software; however, this offer informs users that in this case, they may not be able to use all functions of this website to their full extent. Furthermore, users can prevent the collection of data generated by the cookie and related to their use of the website (including your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the Link .

Google Tag Manager

This website uses Google Tag Manager to deploy the cookies mentioned above. Google Tag Manager is a solution with which marketers can manage website tags via an interface. The tool itself (which implements the tags) is a cookie-less domain and does not collect personal data. The tool ensures the triggering of other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in effect for all tracking tags implemented with Google Tag Manager.

Use of Social Media Plugins

The use of social media plugins is carried out in the interest of an appealing presentation and expansion of our online offers. This constitutes a legitimate interest.

Use of Facebook

Plugins of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated into our pages. You can recognize the plugins by the logo on our site. An overview of the plugins can be found here .

We have no influence on the data collection and further processing by Facebook. Furthermore, it is not recognizable to us to what extent, at what location, and for what duration the data is stored, to what extent Facebook complies with existing deletion obligations, which evaluations and links are made with the data, and to whom the data is passed on. If you want to avoid Facebook processing personal data transmitted from you to us, please contact us by other means.

Further information on this can be found in the Privacy Policy of Facebook. If you do not wish for Facebook to be able to assign the visit to our pages to your user account, please log out of your respective user account!

Facebook Fanpage

On our Facebook fanpage at: https://www.facebook.com/handwerkrestaurant , we use plugins of the provider Facebook.com, which are provided by the company Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304 in the USA.

Through the use of the fanpage, data is forwarded to the Facebook servers, which contain information about your visits to our fanpage. For logged-in users, this has the consequence that usage data is assigned to their personal Facebook account. As soon as you as a logged-in Facebook user actively use the Facebook plugin, e.g., by clicking on the "Facebook" logo or using the comment function, this data is transmitted to your Facebook account and published. You can only avoid this by logging out of your Facebook account beforehand.

It is not exactly known to us which data Facebook stores and uses. As a user of the fanpage, you must therefore expect that Facebook also completely stores your actions on the fanpage.

In all other respects, the General Terms of Use of Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland apply.

The legal basis for this data processing is Art. 6 (1) lit. a, f) GDPR.

Every depicted person as well as other third parties have the possibility to object to the publication of their personal data (photos) at any time. For this purpose, we have set up the email address datenschutz@arcotel.com . The right to object applies in particular to the publication of images for the future.

It can always happen that we accidentally publish images of people where no consent is present. If publication is not desired, we will immediately do everything to comply with your right. For group photos, we reserve the right to blur faces.

Use of Google Maps

Description and Scope of Data Processing

This website uses Google Maps API, a map service of Google Inc. ("Google"), for displaying an interactive map and creating directions. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

By using Google Maps, information about your use of this website (including your IP address) can be transmitted to a Google server in the USA and stored there. Google will potentially transfer the information obtained through Maps to third parties, provided this is required by law or insofar as third parties process this data on behalf of Google.

Google will under no circumstances connect your IP address with other Google data. It is nevertheless technically possible that Google, based on the data received, could perform an identification of at least individual users. It would be possible that personal data and personality profiles of users of the website could be processed by Google for other purposes over which we have and can have no influence.

Legal Basis for Data Processing

The legal basis for the use of Google Maps is our legitimate interest in data processing.

Purpose of Data Processing

The purpose of using Google Maps is to show the user our location on the website and to give them the possibility to determine different directions via the services of Google Maps.

Duration of Storage, Possibility of Objection and Removal

You have the possibility to deactivate the service of Google Maps and thus prevent the data transfer to Google by deactivating JavaScript in your browser. However, we point out that in this case you will not be able to use the map display on our website.

Use of Google Web Fonts

Description and Scope of Data Processing

This website uses so-called Web Fonts provided by Google for the uniform display of fonts. When calling up a page, your browser loads the required Web Fonts into its browser cache to display texts and fonts correctly. For this purpose, the browser you use must connect to Google's servers. Through this, Google gains knowledge that our website was called up via your IP address.

Legal Basis for Data Processing

The legal basis for the use of Google Web Fonts is our legitimate interest in data processing.

Purpose of Data Processing

The use of Google Web Fonts occurs in the interest of a uniform and appealing presentation of our online offers. If your browser does not support Web Fonts, a standard font from your computer will be used.

Duration of Storage, Possibility of Objection and Removal

To avoid tracking based on installed fonts, one can, for example, deactivate the options "Allow websites to use their own fonts" and the CSS Font Loading API in Firefox. This means that websites will no longer be displayed in the format created by the operator.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's Privacy Policy .

Protection of Minors

Our service is primarily aimed at adults. We are currently not marketing special areas for children. Consequently, we do not knowingly collect information to determine age, nor do we knowingly collect personal data from children under 16 years of age. However, we point out to all visitors to our website under 16 years of age not to disclose or provide any personal data via our service. In the event that we determine that a child under 16 years has provided us with personal data, we will, in accordance with the Children's Online Privacy Protection Act (see the Federal Trade Commission website at www.ftc.gov/kidzprivacy for more information about this law), delete the child's personal data from our files to the extent technically possible.

Your Rights which you can exercise against us

If personal data of yours is processed by us, you are a data subject within the meaning of the GDPR and you are entitled to the following rights against the controller:

• You have a right to access information about the personal data stored about you, the purposes of processing, any transfers to other entities, and the duration of storage.
• Should data be incorrect or no longer necessary for the purposes for which it was collected, you can demand rectification, deletion, or restriction of processing. Insofar as provided for in the processing procedures, you can also view and if necessary correct your data yourself.
• Should reasons arise from your particular personal situation against the processing of your personal data, you can object to the processing insofar as it is based on a legitimate interest. The controller will no longer process the personal data concerning you unless they can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.
• If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is connected with such direct marketing. If you object to processing for purposes of direct marketing or profiling, the personal data concerning you will no longer be processed for these purposes.

You have the right to withdraw your declaration of consent under data protection law via our email address datenschutz@arcotel.com at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

For questions about your rights and the exercise of your rights, please contact the responsible body or our Data Protection Officers.

Right to Lodge a Complaint with a Supervisory Authority

As a data subject, without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority for data protection, in particular in the Member State of your habitual residence or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes data protection.

The supervisory authority with which the complaint has been lodged shall inform you of the status and results of your complaint, including the possibility of a judicial remedy.

More information can be found on the website of the Federal Data Protection Authority.

Please follow this Link .

Security

ARCOTEL Wimberger employs technical and organizational security measures in accordance with Art. 32 GDPR to protect your data managed by us against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security measures are continuously improved in line with technological development. Access to it is only possible for a few authorized persons and persons committed to special data protection who are involved with the technical, administrative, or editorial maintenance of data.

For security reasons and to protect the transmission of confidential content that you send to us as site operators, our website uses SSL or TLS encryption. This means that data you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the "https://" address line of your browser and by the lock symbol in the browser line.

Status | June 2020