DATA PROTECTION DECLARATION
We appreciate your interest in our website.
In this data protection declaration, we wish to inform you of the processing activities in relation to your personal data via our website.
The protection of your personal data and private sphere is of great importance to us. Therefore we process your data exclusively in accordance with the statutory provisions [EU Regulation 2016/679 of the European Parliament and the Council dated 27 April 2016 for the protection of natural persons during the processing of personal data, for the free movement of data and the revocation of Directive 95/46/EC (GDPR), Data Protection Act 2018 (DSG 2018), E-Privacy Directive, Telecommunications Act 2021 (TKG 2021].
1. Responsible body and data protection officer:
The responsible body under data protection laws for this website under Article 4 Paragraph 7 GDPR is AQUA DOME – Tirol Therme Längenfeld GmbH & Co KG (VAMED).
Should you have any queries concerning the processing of your data by VAMED, please get in touch with us as follows:
- By letter to: AQUA DOME – Tirol Therme Längenfeld GmbH & Co KG, Oberlängenfeld 140, 6444 Längenfeld, Austria
- By telephone: +4352536400
- By email: datenschutz@aqua-dome.at
The contact details of the VAMED data protection officer are:
Data Protection Officer
Sterngasse 5, 1230 Vienna
Telephone: 01 60127 0
datenschutz@aqua-dome.at
2. Processing of personal data when visiting our website
When you visit our website, we save the access data in so-called webserver logfiles. Thereby the following data relating to you is recorded:
- Date and time of the access
- Browser
- Language setting
- Operating system
- Referrer URL
Purpose of the data processing
This data is statistically evaluated, in order to improve the website service and make it more user friendly, to discover and correct errors more speedily and to manage server capacities. Only if a concrete indicator concerning unlawful use of our website is present will we use this data in personal form for the purpose of criminal prosecution.
Duration of the saving
You data is only saved for 14 days.
Legal basis
The legal basis for the processing of the access data is the legitimate interest of VAMED (online service and data security) in accordance with Article 6 Paragraph 1 Letter f) GDPR.
2.2 Cookies
2.2.1 Use of cookies
In order to make the visit to our website as attractive as possible and to enable the use of certain functions, we use so-called cookies on various pages. These are small files that are stored on your device. They allow us to recognize your browser on your next visit. The cookies are set in accordance with EU and Austrian law (Art. 5 (3) E-Privacy Directive and Art. 165 (3) TKG 2021).
You can set your browser in the way that you are informed about the setting of cookies and individually decide on their acceptance or exclude the acceptance of cookies for specific cases or in general. However, disabling cookies may limit the functionality of our site.
Legal basis
The legal basis for setting cookies is for cookies that are required to display the website or to offer a service you have requested, pursuant to Article 6 (1) f GDPR, VAMED’s legitimate interest in providing this website to you and the corresponding offers (Section 96 (3) 3rd sentence of the Telecommunications Act). For all other cookies, the data processing is based on your express consent in the cookie banner (Article 6 (1) lit a GDPR; Section 165 (3) TKG), which you can change or revoke at any time using the link below entitled «My data protection settings». You can find more information about the cookies on our website here:
2.2.2 Individual data protection settings
3. Links
The website contains links to other websites. This reference to websites of other Internet participants takes place as a service to respond to the need of the user to obtain additional information. VAMED has no control over the content of these websites. VAMED cannot assume any liability for this content. The respective provider of the linked website is solely responsible for the content and correctness of the information which is provided there.
4. Newsletter
You have the option of subscribing to our newsletter.
Data processing
During the course of the newsletter registration process, VAMED processes the personal data you have provided:
- Address
- Title
- Surname, first name
- Email address
- Language of the registration
Purpose of the processing
The personal data provided by you during the registration process to receive the newsletter will be processed in order to
- send you the newsletter and information about new offers.
Legal basis
The processing of your personal data by VAMED is based exclusively on the consent issued by you to the sending of the newsletter (Article 6 Paragraph 1 Letter a) GDPR).
Duration of the saving
The data which is processed for the named purposes is generally saved until you revoke your consent to the sending of the newsletter. In addition, we will only save the data which is absolutely necessary under applicable statutory provisions and retention obligations in order to provide proof of your consent or revocation.
Recipient of the data
For the purpose of sending the newsletter, you data will be passed on to our service provider which handles the sending of the newsletter for us.
Revocation of your consent
You can revoke your consent to the sending of the newsletter at any time by sending an email to: office@aqua-dome.at In addition, you can also cancel the newsletter subscription at any time by clicking on the «cancel newsletter subscription» button at the end of every newsletter.
5. Contact Form
We appreciate you getting in touch with us.
Data processing
During the course of you getting in touch with us via the contact form, VAMED processes the personal data you have provided:
- Address
- Title (optional)
- Surname, first name
- Address
- Email address
- Telephone number (optional)
- Your individual message (optional)
- Newsletter registration (optional)
Purpose of the processing
The personal data provided by you when you get in touch will be processed in order to
- contact you.
Legal basis
The processing of your personal data when you get in touch is based on the performance of pre-contractual measures in accordance with Article 6 Paragraph 1 letter b) GDPR.
Data transfer
—
Additional contact forms
You can find additional forms at:
Duration of the saving
The data which is processed for the named purpose is saved permanently.
6. Online Shop – Prepaid Card
Data processing
As part of the business relationship when purchasing a VAMED Vitality World gift card/voucher, AQUA DOME – Tirol Therme Längenfeld GmbH & CO KG processes the following personal data (in short: “the data”):
- First name
- Last name
- Address
- E-Mail address
- Telephone number
- Company, if applicable
- Payment data (encrypted)
- Customer account data (orders placed (articles, prices, IP addresses)
- Any text or images or photos entered for print@home vouchers
- Prepaid card queries (voucher number, date, IP address)
Purpose of data processing
The purpose of processing data are
- the processing of the respective business case
- and – provided the CUSTOMER has agreed to it – the marketing of VVW Resorts’ products and services, special offers and events, including the VVW Resorts’ news (by means of marketing material sent by regular mail, e-mail, text message, and telephone calls).
Legal basis
Processing for the purpose of managing the business transaction is based on Art 6 (1) b) of the EU General Data Protection Regulation (“GDPR”) (performance of the contract). Data processing for the purpose of marketing is based on Art 6 (1) a) GDPR (consent).
Data transmission
On behalf of AQUA DOME – Tirol Therme Längenfeld GmbH & CO KG, the data is forwarded to VAMED Standortentwicklung und Engineering GmbH (Sterngasse 5, A-1230 Wien), INCERT eTourismus GmbH & Co KG (Leonfeldnerstraße 328, 4040 Linz), mediasupport GmbH (Lerchenfelder Straße 124/Top 6, 1080 Vienna), Usercentrics GmbH (Sendlinger Str. 7, 80331 Munich) and Datatrans AG (Kreuzbühlstrasse 26, CH-8008 Zurich) for the purpose of managing the business transaction, as well as to hi.one digital marketing OG (Gurkgasse 43/ Top 2, 1140 Vienna) for marketing purposes. The data is not passed on to other third parties.
Duration of storage
The data is only stored as long as there are statutory retention periods, legal claims from the contractual relationship can be asserted, or other legitimate reasons justify further storage.
7. Online Shop — Voucher
Data processing
The Customer agrees that all data generated on account of his / her business relationship, which are
- salutation
- title
- first name
- last name
- address
- e-mail address
- telephone number
- fax number
- password
- customer account data (orders placed, articles, prices, IP address)
- any texts entered in Print-at-Home vouchers
Purpose of data processing
The purpose of processing data are
- the handling of the respective business transactions
- and — if the Customer has agreed — the marketing of products, services and services of the AQUA DOME – Tirol Therme Längenfeld GmbH & Co KG special offers and events, as well as the distribution of AQUA DOME – Tirol Therme Längenfeld GmbH & Co KG news (including the dispatch of appropriate marketing materials by post, e-mails, text message, and contact by phone).
Legal basis
The processing of data for the handling of the respective business transaction is based on Art. 6 (1) (b) of the EU General Data Protection Regulation (performance of a contract). The processing of data for marketing purposes is based on Art. 6 (1) (a) of the Regulation (consent by data subject).
Data transmission
Upon instructions by the Seller, the data are processed and transferred to styleflasher GmbH (KR Martin Pichler-Str. 1, A-6300 Wörgl), Cards & Systems EDV-Dienstleistungs GmbH (Landstraßer Hauptstraße 5, 1030 Vienna) and mediasupport GmbH (Lerchenfelder Straße 124/Top 6, 1080 Vienna), and Wirecard Central Eastern Europe GmbH, Reininghausstraße 13a, 8020 Graz, Austria, SIX Payment Services (Austria) GmbH, Postfach 574, A-1011 Vienna for the purpose of handling the respective business case, as well as for marketing purposes to EMARSYS eMarketing Systems AG (Märzstraße 1, 1150 Vienna) und travelClick (Via Augusta, 117, Barcelona 08006). The data are not transferred to third parties other than the ones above.
Duration of storage
The data are saved for the processing of the respective business case, for marketing purposes, and exceeding this period, if there are legally required storage periods, or for the period during which any legal claims can be lodged in connection with the subject contractual relationship, or in the event of other reasonable circumstances justifying further storage of these data.
8. Data security
The security of your personal data is particularly important to us.
Taking the state of technology, implementation costs and the type, scope, circumstances and purposes of the processing, as well as the likelihood of the occurrence and severity of the risk to the rights and freedoms of natural persons into account, VAMED takes reasonable technical and organisational measures under Article 32 GDPR.
In this respect, the following measures are taken amongst others, in order to protect your data and safeguard it against loss, destruction, access, alteration and distribution by unauthorised persons:
- Ensuring the confidentiality, integrity, availability and durability of the systems and services in connection with the processing;
- Ensuring a speedy restoration of availability of personal date in case of a physical or technical event;
- Implementation of procedures in order to regularly monitor, assess and evaluate the effectiveness of the technical and organisational measures to ensure the security of the processing.
Please bear in mind that we cannot accept any liability for the disclosure of information due to errors in data transfer and/or unauthorised access by third parties which are not caused by us and cannot be attributed to us.
-
9. Your rights
As a user, you have the following rights:
- Right of information (Article 15 GDPR): You have the right to request confirmation from VAMED as to whether your personal data is being processed. In addition, you have the right to request further information concerning the concrete purposes of the processing, categories of personal data, recipients or categories of recipients of personal data, the duration of the saving, the existence of a right of deletion or correction your personal data or a right to have the processing restricted, as well as the right to raise an objection, the right to complain and the right to receive all available information concerning the origin of the data.
- Right of correction (Article 16 GDPR): You have the right to request that VAMED immediately corrects your personal data. This right includes the correction of incorrect data and the completion of incomplete personal data.
- Right of deletion (Article 17 GDPR): You have the right to request that VAMED immediately deletes your personal data, should the reasons set out in Article 17 Paragraph 1 Letters a) to f) be present (for example the purposes of the processing are no longer present) and the processing of your personal data is not necessary.
- Right to have the processing restricted (Article 18 GDPR): In the cases named in Article 18 GDPR (for example incorrectness of the processed personal data, unlawfulness of the processing etc.), you also have the right to request that VAMED restricts the processing.
- Right of data portability (Article 20 GDPR): You have the right to receive the personal data relating to you which you have provided to VAMED in a structured, up-to-date format and to request that VAMED transfers this data to other responsible bodies (for example to another law firm).
- Right of objection (Article 21 GDPR): You have the right to object to the processing of your personal data within the framework of this website at any time.
- Revocation of declarations of consent (Article 7 GDPR): You have the option of revoking consent which is been issued to VAMED at any time.
- Right to complain: In addition, you can raise a complaint at any time with:
Austrian Data Protection Authority
Austrian Data Protection Authority
Wickenburggasse 8
1080 Vienna
Telephone: +43 1 521 52-25 69
E‑Mail: dsb@dsb.gv.at
With the exception of the right to complain to the Austrian Data Protection Authority, you can claim your rights as an affected person against VAMED via the following address:
- By letter to: AQUA DOME – Tirol Therme Längenfeld GmbH & Co KG, Oberlängenfeld 140, 6444 Längenfeld, Austria
- By telephone: +4352536400
- By email: datenschutz@aqua-dome.at
Registration data and guest card
According to the Austrian Registration Law (Meldegesetz), you are obliged to register with us with the data stated in sections 5 and 10 of the Law. This applies to the following data: name, date of birth, gender, nationality, country of origin, address including postcode, and – for foreign guests – type, number, place of issue and issuing authority of a travel document, as well as the date of arrival and departure.
Due to the legal obligation imposed on us in accordance with section 19 of the Austrian Registration Law Ordinance (Meldegesetz-Durchführungsverordnung), we shall retain this data in a guest register and store it for the duration of 7 (seven) years unless it is processed for a longer period of time for other purposes stated in this privacy policy. If necessary, we shall maintain the guest register electronically and shall forward the data to an IT service provider to this end. The IT service provider shall store the data locally. No data shall be transmitted to a third country.
The data categories “arrival” and “departure”, linked with the country of origin, shall be forwarded to the municipality where our hospitality business is situated in accordance with section 6 of the Tourism Statistics Ordinance (Tourismus-Statistik-Verordnung). Aggregated data concerning the total number of overnight stays and the persons obliged to pay the residence tax must also be transmitted to the respective tourism association we belong to and/or the municipality pursuant to section 19 of the Tyrolean Residence Tax Law (Tiroler Aufenthaltsabgabegesetz).
All processing takes place on the basis of Article 6 (1) (c) of the GDPR.
In addition to this, we shall forward your (pseudonymised or anonymised) postcode and year of birth to our municipality and our tourism association for statistical purposes to enable the tourism association to create and evaluate origin and age statistics. This transmission is based on Article 6 (1) (e) (“task carried out in the public interest”) and (f) (“overriding legitimate interests”) of the GDPR. You have the right to object for reasons relating to your particular situation at any time (Article 21 (1) of the GDPR).
You have the option of taking advantage of a guest card. The guest card grants you discounts and/or services with various companies throughout the region (e.g. discounted admissions). The guest card is valid for the duration of your stay with us.
The guest card shall be issued and made available by the accommodation provider only at your request. It is issued as either
- an electronically generated guest card or
- a manually generated guest card or
- the carbon copy of the registration form
depending on the guest card system used by the tourism association and/or the hospitality business.
The following personal data taken from the registration data (see above) shall be processed for both the electronically generated and the manually generated guest card: first name, last name, date of birth, country of origin/postcode and duration of stay (arrival/departure).
If the guest card is issued as a “registration form”, it shall contain content pursuant to section 5 in conjunction with section 9 of the Austrian Registration Law (see “Registration data” above). In this case, no electronic processing for the purpose of the guest card shall occur.
The following personal data shall additionally be processed when using the guest card: data on the cycle of use of the respective card, services used, bookings, transaction loggings and reference to the registration data and hospitality business.
The data is required for identity verification and for determining the duration of validity of the guest card with the respective service provider, and also to facilitate the billing of discounts between the service provider, the tourism association and, as the case may be, the respective hospitality businesses.
Processing the data for the purpose of the guest card shall occur based on your consent (Article 6 (1) (a) of the GDPR). This consent may be withdrawn at any time.
The guest card system is operated by the local tourism association. Additional parties include the local hospitality businesses and companies (“service providers”). The data processed for the guest card shall be deleted after 40 (forty) months unless it is processed for other lawful purposes (e.g. registration).
The data processed for the purpose of the guest card shall be passed to the local tourism association for the purpose of billing with the service providers and/or hospitality businesses. The individual service providers granting discounted services on the basis of the guest card shall also receive the data in the event that you use guest card services offered by these companies. In order to claim the discounts offered by the respective guest card on which the data is displayed, you must present the guest card to the service provider. The company shall then check its validity, usually by reading the barcode on the guest card and by transmitting the barcode data to our IT service provider. Personal data shall also be transmitted to the company as part of this process, in particular your identity data (to check your identity and date of birth). If the guest card is issued as a registration form, the business operator shall check the validity on the basis of the carbon copy of the “registration form.”