We, Star Inn Hotels Hotelbetriebs GmbH, are responsible for this online service. As the provider of a teleservice, we must inform you at the beginning of your visit to our online service about the type, scope and purpose of our collection and use of personal data. Furthermore, we must do this in a precise, transparent, comprehensible and easily accessible form and in clear and simple language. The content of this information must be available to you at any time. We are therefore obliged to inform you which personal data we collect or use. Personal data is any information relating to an identified or identifiable natural person.
We attach great importance to the security of your data and compliance with data protection regulations. The collection, processing and use of personal data is subject to the provisions of European and national laws that are currently in force.
With the following data protection declaration, we would like to show you how we handle your personal data and how you can contact us.
Star Inn Hotels Hotelbetriebs GmbH
Linke Wienzeile 224
Represented by the Managing Director Kathrin Garai
Rechtsform: Gesellschaft mit beschränkter Haftung (GmbH)
Anwendbares Recht: Republik Österreich
Gerichtsstand: Handelsgericht Wien, FN 275593i
USt.-Id.-Nr.: ATU 62458236
If you have any questions, please contact our data protection officer:
Günter Schwab, enrex Strategies GmbH
Markthof 36, 2294 Markthof, Austria
A. General information
For better comprehensibility, gender-specific differentiation is waived in our data protection declaration. In the interests of equal treatment, corresponding terms apply to both sexes.
The meaning of the terms used, such as “personal data” or “processing”, can be found in Article 4 of the EU General Data Protection Regulation (GDPR).
The personal user data processed within the scope of this online offer include inventory data (e.g. customer names and addresses), contract data (e.g. services used, names of clerks, payment information), usage data (e.g. visited websites of our online offer, interest in our products) and content data (e.g. entries in the contact form).
“User” includes all categories of data subjects involved in data processing. This includes, for example, our business partners, customers, interested parties and other visitors to our online offering.
We guarantee that we will only collect, process, store and use your data in connection with the processing of your enquiries, for internal purposes as well as to provide you with the requested services or content.
The basics of data processing
We process users’ personal data only in compliance with the relevant data protection regulations. The user’s data will only be processed if the following legal grounds for permission exist:
- To provide our contractual services (e.g. processing of orders) and online services.
- Processing is required by law.
- With your consent.
- Due to our legitimate interests (i.e. interest in the analysis, optimisation and economic operation and security of our online offer in the sense of Art. 6 Para. 1 lit. f. GDPR, in particular regarding range measurement, the preparation of analysis for advertising and marketing purposes, as well as the collection of access data and the use of third-party services).
We would like to show you where the above legal bases are regulated in the GDPR:
Art. 6 para. 1 lit. a. and Art. 7 GDPR
Processing for the fulfilment of our services and implementation of contractual measures
Art. 6 para. 1 lit. b. GDPR
Processing for the fulfilment of our legal obligations
Art. 6 para. 1 lit. c. GDPR
Processing to safeguard our legitimate interests
Art. 6 para. 1 lit. f. GDPR
Data transfer to third parties
Data will only be passed on to third parties within the framework of legal requirements. We only pass on user data to third parties if this is necessary, for example, for contractual purposes or based on our justified interests in the economic and effective operation of our business.
If we use subcontractors to provide our services, we will take appropriate legal precautions as well as appropriate technical and organisational measures to ensure the protection of personal data in accordance with the relevant statutory provisions.
Transfer of data to a third country or an international organisation
Third countries are countries in which the GDPR is not a directly applicable law. This basically includes all countries outside the EU or the European Economic Area.
Data is transferred to a third country or an international organisation. It is taken into account that suitable/appropriate safeguards are in place and that enforceable rights and effective remedies are available to you.
A copy of the appropriate guarantees can be obtained from the following links:
Privacy Shield: https://www.privacyshield.gov/list
Standard contractual clauses: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
Storage period of your personal data
We adhere to the principles of data minimisation and data avoidance. This means that we only store the data you provide to us for as long as is necessary to fulfil the above-mentioned purposes or in accordance with the various storage periods stipulated by law. If the respective purpose ceases to apply or if the corresponding deadlines expire, your data will be routinely blocked or deleted in accordance with the statutory provisions.
To this end, we have developed an internal company concept to ensure this procedure.
If you contact us by e-mail or via the contact form, you agree to electronic communication. Personal data is collected within the scope of this contact. The data collected from a contact form is apparent from the respective form. Your data will be transmitted using SSL encryption. The information you provide will be stored exclusively for the purpose of processing your enquiry and for possible follow-up questions.
We would be pleased to provide you with the legal basis for this:
Processing for the fulfilment of our services and execution of contractual measures
Art. 6 para. 1 lit. b. GDPR
Processing to safeguard our legitimate interests
Art. 6 para. 1 lit. f. GDPR
We use software to maintain customer data (CRM system) or comparable software based on our legitimate interests (efficient and fast processing of user queries).
We would like to point out that e-mails can be read or changed during transmission without authorisation or detection. We would also like to draw your attention to the fact that we use software to filter unwanted e-mails (spam filters). The spam filter can reject e-mails that have been mistakenly identified as spam due to certain characteristics.
What rights do you have?
(a) Right to information
You have the right to obtain free information about your stored data. Upon request and in accordance with applicable law, we will inform you in writing which of your personal data we have stored. This also includes the origin and recipients of your data as well as the purpose of the data processing.
(b) Right to correction
You have the right to have corrections made to data we store on you if it is incorrect. You can demand a restriction of the processing, e.g. if you dispute the correctness of your personal data.
(c) Right of blocking
You can also have your data blocked. To ensure that the blocking of your data can be accounted for at all times, these data must be kept in a blocking file for control purposes.
(d) Right to deletion
You can also request the deletion of your personal data insofar as no legal storage obligations exist. To the extent that such obligation exists, we lock your data upon request. If the relevant legal requirements are met, we will delete your personal data even if you do not request us to do so.
e) Right to data transferability
You are entitled to demand the provision of personal data supplied to us in a format which allows its transmission to another location.
f) Right of objection
You can revoke the use of your data for internal purposes at any time, with effect for the future. For this purpose, it is sufficient to send an E-Mail to firstname.lastname@example.org. However, such revocation shall not affect the legality of the processing operations carried out by us up to that point. This does not affect data processing with regard to all other legal bases, or if laws, regulations, etc. require further processing.
(g) Right of appeal to a supervisory authority
You have the option to submit a complaint to the data protection supervisory authority:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Postal address: Postfach 10 29 32, D-70025 Stuttgart
Street address: Königstraße 10a, D-70173 Stuttgart
Phone +49 711 615541-0
Fax: +49 711 615541–15
E-Mail: post office[at]lfdi.bwl.de
Protection of your personal data
We take contractual, organisational and technical security measures in accordance with state-of-the-art technology to ensure that the provisions of the data protection laws are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons.
In particular, these security measures include the encrypted transmission of data between your browser and our server. This is done using 256-bit SSL encryption (AES 256) technology. This includes your IP address.
Your personal data is protected within the scope of the following points (excerpt):
a) Protection of the confidentiality of your personal data
To protect the confidentiality of your personal data that we have stored, we have taken various measures to control entry and access to it.
b) Safeguarding the integrity of your personal data
To preserve the integrity of your personal data that we have stored, we have taken various measures to control its disclosure and input.
c) Safeguarding the availability of your personal data
To maintain the availability of your personal data that we have stored, we have taken various measures concerning order and availability control.
We continuously improve our security measures in accordance with technological developments. Despite these precautions, due to the insecure nature of the Internet, we cannot guarantee the absolute and exclusive security of your data transmission to our website. As a result, any data transmission from you to our website takes place at your own risk.
Protection of minors
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources.
The basis for data processing is Art. 6 para. 1 lit. f GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
Our online offer uses: Browser cookies
Control of cookies by the user
Browser cookies: All browsers can be set to accept cookies only upon request. They can also be set to accept cookies from pages that are currently being visited. All browsers offer functions that allow the selective deletion of cookies. The acceptance of cookies in general can also be switched off, but in this case, the user may have to accept restrictions in the user-friendliness of this online offer.
Use of first-party cookies (Google Analytics Cookie)
Google Analytics Cookies log:
Unique users – Google Analytics Cookies collect and group your data. All activities during a visit are summarised. By setting Google Analytics Cookies, a distinction is made between users and unique users.
User activities – Google Analytics Cookies also store data about the start and end time of a visit to the online service and how many pages you have viewed. If the browser is closed or the user is inactive for a longer period of time (default 30 minutes), the user session is terminated and the cookie records the visit as terminated. The date and time of the first visit are also recorded. The total number of visits per unique user is also logged. External link: https://marketingplatform.google.com/about/analytics/terms/us/
You can prevent the collection and processing by Google of the data generated by the cookie and related to the use of the online service (including your IP address) by downloading and installing the following link in the browser plug-in:
External link: https://tools.google.com/dlpage/gaoptout?hl=en .
Further information can be found under “Web analysis service Google Analytics / Universal Analytics”.
Use of third-party cookies
In our online service, third-party providers set [additional] cookies (third-party cookies) by delivering editorial texts or advertisements. Third-party providers are also subject to strict data protection regulations regarding the obtainability of personal data.
Lifetime of the cookies used
Cookies are administered by the web server of our online offer. This online offer uses:
Transient Cookies/Session Cookies (one-time use)
Lifetime: Until the closure of this online offer
Persistent cookies (permanent browser recognition)
Lifetime: 30 days
Disable or remove cookies (opt-out)
Every web browser offers options for restricting and deleting cookies. For more information, visit the following websites:
Internet Explorer: http://windows.microsoft.com/en-GB/windows7/How-to-manage-cookies-in-Internet-Explorer-9
Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
Web analytics service Google Analytics / Universal Analytics
We use Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about the use of this online service is usually transferred to a Google server in the USA and stored there. Data is therefore transferred to a third country. This takes into account that suitable/appropriate safeguards are in place and that enforceable rights and effective remedies are available to you.
A copy of the appropriate guarantees can be obtained from the following links:
Privacy Shield: https://www.privacyshield.gov/list
Standard contractual clauses:
If IP anonymisation is activated in our online offer, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate the use of the online offer, to compile reports on the activities of the online offer and to provide us with further services associated with the use of the online offer and Internet use. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. You can prevent the storage of cookies by making the appropriate settings in your browser software. However, we would like to point out that in this case not all functions of this online offer may be fully usable.
We point out that this online service uses Google Analytics with the extension “_anonymizeIp()” and therefore IP addresses are only processed in abbreviated form in order to exclude direct personal references.
We also use Google Analytics reports to track demographic characteristics and interests.
In addition, you can prevent the collection by Google of the data generated by the cookie and related to the use of the online offer (including your IP address) as well as the processing of this data by Google by downloading and installing a browser plug-in via the following link: https://tools.google.com/dlpage/gaoptout?hl=en .
As an alternative to the browser plug-in or within browsers on mobile devices, the following link applies in order to set an opt-out cookie that will prevent Google Analytics from collecting cookies within this online service in the future (this opt-out cookie works only in this browser and only for this domain, delete cookies in this browser, click link again):Click here to opt-out of Google Analytics
Use of Facebook Connect (Single Sign On procedure)
On our website, if you have a Facebook profile, you can register for the creation of a customer account or for registration via the social plug-in “Facebook Connect” of the social network Facebook, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”), using the so-called Single Sign On procedure. You can recognise the social plug-ins of “Facebook Connect” on this website by the blue button with the Facebook logo and the inscription “Connect with Facebook” or “Log in with Facebook” or “Sign in with Facebook”.
If you access a page of this website that contains such a plug-in, your browser establishes a direct connection to the Facebook servers. The content of the plug-in is transmitted directly from Facebook to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of this website, even if you do not have a Facebook profile or are not logged in to Facebook. This information (including the IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there.
The data transmitted by Facebook will be stored and processed by us for the creation of a user account with the necessary data, if this has been approved by you on Facebook (title, first name, surname, address data, country, e-mail address, date of birth). Conversely, we may transfer data to your Facebook profile. This can be information on surfing or buying behaviour. If you use the “Facebook Connect” button, you will also be notified of the exchange of your data with Facebook when the button is activated. In addition, you will be given the opportunity to give your explicit consent to access your Facebook user information, as well as consent to the publication of information and activities in your Facebook profile.
This consent can be revoked at any time by sending a message to the contact person mentioned below. The purpose and scope of the data collection and the further processing and use of your data by Facebook as well as your rights in this regard and setting options to protect your privacy can be found in Facebook’s data protection information: http://www.facebook.com/policy.php
If you do not want Facebook to associate the data collected through your website directly with your Facebook profile, you must log out of Facebook before visiting our website. You can also completely prevent the loading of Facebook plug-ins with add-ons for your browser, e.g. with the “Facebook Blocker” (http://webgraph.com/resources/facebookblocker/).
Web analysis service DoubleClick by Google
We use the online marketing tool DoubleClick by Google of the operator Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“DoubleClick”).
In addition, DoubleClick may use cookie IDs to collect so-called conversions related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later uses the same browser to visit the advertiser’s website and buy something there. According to Google, DoubleClick cookies do not contain any personal information. Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google using this tool and are therefore informing you in accordance with our current state of knowledge: By integrating DoubleClick, Google receives information that you have opened the relevant part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can associate the visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may find out and store your IP address.
You may opt out of participating in this tracking process by disabling cookies for conversion tracking. To do this, set your browser to block cookies from the domain www.googleadservices.com, https://policies.google.com/privacy?hl=en . Please note that this setting is deleted when you delete your cookies. Alternatively, you can contact the Digital Advertising Alliance at the Internet address www.aboutads.info to find out about how and when cookies are set and configure your settings. Finally, you can set your browser so that you are informed whenever cookies are set and can decide individually to accept them or to exclude their acceptance in certain cases or generally. If cookies are not accepted, the functionality of our online offer may be restricted.
We use GA Audience, a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. GA Audience uses, among other things, cookies that are stored on your computer and other mobile devices (e.g. smartphones, tablets, etc.) and that enable an analysis of the use of the corresponding devices. Some of the data is evaluated across all devices. Google Audience gains access to the cookies created by Google AdWords and Google Analytics.
Within the scope of use, data, such as in particular the IP address and activities of the user, may be transmitted to a server of Google Inc. and stored there. Google Inc. may transfer this information to third parties if required to do so by law, or insofar as such information is processed by third parties.
You can prevent the collection and forwarding of personal data (in particular your IP address) and the processing of this data by deactivating the execution of Java Script in your browser or by installing a tool such as ‘NoScript’. You can also prevent Google from collecting the data generated by the Google cookie and related to your use of the website (including your IP address) and Google from processing this data by downloading and installing the browser plug-in available at the following link (https://tools.google.com/dlpage/gaoptout?hl=en). Further information on data protection when using GA Audience can be found under the following link: https://support.google.com/analytics/answer/2700409?hl=en&ref_topic=2611283
Use of Facebook Pixel
If you have given us your express consent by clicking on a button provided for this purpose, we will use the “Facebook Pixel” of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) within our website. This allows your behaviour to be tracked after you have seen or clicked on a Facebook ad.
This process is used to evaluate the effectiveness of Facebook advertisements for statistical and market research purposes and can help to optimise future advertising measures. The collected data are anonymous for us, so they do not provide any information about your identity. However, the data is stored and processed by Facebook so that it can be linked to the respective user profile and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Guidelines (https://www.facebook.com/about/privacy/ ). You can enable Facebook and its affiliates to place ads on and outside of Facebook. A cookie can also be stored on your computer for these purposes.
Consent to the use of the Facebook Pixel may only be given by users who are older than 13 years of age. If you are younger, your parents or guardians must be asked for permission.
In addition to this online service, we also maintain presences in various social media, which you can reach via the corresponding buttons on our website. When you visit such a presence, personal information may be transmitted to the social networking provider. It is possible that, in addition to the storage of the data you have specifically entered in this social medium, further information may also be processed by the provider of the social network.
In addition, the social networking provider may process the most important information about the computer system you are visiting from, including the IP address, type of processor, and the browser version and plug-ins you are using.
If you are logged into your personal account of the respective network when visiting such a presence, this network can associate the visit with this account.
The purpose and scope of the data collection by the respective medium and the further processing of your data there as well as your rights in this regard can be found in the respective provisions of the respective person responsible, e.g. at:
We would also like to point out that our website contains further links to external third-party websites, and that we have no influence on the processing of data on these third-party websites.
Use of Google Maps
Extensive details on the transparency and choice as well as the data protection provisions can be found in the Data Protection Centre of google.com to find: https://policies.google.com/privacy?hl=en&gl=en
Usage of Wordfence
This website uses the WordPress plugin Wordfence from Defiant, Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA for security purposes. For this purpose, cookies are set in your browser (only when logging in to this website) and your IP address is collected, stored and transmitted to a server of Defiant in the USA.
The provided DSGVO-compliant data processing agreement has been concluded. As a data processor, Wordfence complies with all requirements of the DSGVO. WordFence is used to increase the security of this website and thus also the security of the website users. This represents a legitimate interest within the meaning of Art. 6 ( 1 ) lit. f DSGVO.
WordFence is used to increase the security of this website and thus also the security of the website users. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO.
Note on the services used:
All descriptions concerning functions, data processing and links to the tools of the service providers mentioned here were conscientiously collected by us as a service and correspond to their status on June 14, 2018.
We have no influence on changes of any kind, which are set by the service providers – possibly also without the provision of any information – as well as on the topicality of the mentioned links and can therefore assume no liability for them.
You can find the most current information on the processing by these service providers on the websites or data protection declarations of the respective service providers.
We process your data exclusively in accordance with statutory provisions and release them only to the extent absolutely necessary and in compliance with statutory provisions.
Any company or trademark mentioned herein is the property of its respective owners. Trademarks and names are used for informational purposes only.
C. Russia-specific provisions
The following applies to users who reside in the Russian Federation:
The above services of our online offer are not intended for citizens of the Russian Federation residing in Russia.
If you are a Russian citizen residing in Russia, you are hereby expressly informed that any personal data you provide to us through this online service is at your own risk and responsibility. You further agree that you will not hold us responsible for any failure to comply with the laws of the Russian Federation.