We are pleased that you visit our website! Data protection is a matter of trust and your trust is important to us.
The protection of personal data is therefore a particularly important concern for us. We would therefore like to inform you at this point which of your personal data we collect when you visit our website, for what purposes it is used and to whom we may make it available.
We declare compliance with the legal provisions on data protection and data security. In particular, data will only be used for the purposes stated below and measures will be taken to ensure data security by ensuring that data is used properly and not made available to unauthorized persons. Clients, service providers and their employees are bound to secrecy and confidentiality of the data disclosed by us, unless there is a legally permissible reason for transferring or disclosing the data entrusted or made accessible.
This data protection declaration applies to the Internet offer of the responsible party which can be accessed under the domain https://www.hrg-hotels.com/ as well as the various subdomains (hereinafter referred to as "our websites"). We reserve the right to adapt the data protection declaration with effect for the future, in particular in the event of further development of the website, the use of new technologies or changes to the legal basis or the corresponding jurisdiction.
For better readability, the masculine form is used for personal names and personal nouns on this website. Corresponding terms apply in principle to all genders for the purpose of equal treatment. The abbreviated form of language is used exclusively for better readability and does not imply any valuation.
1 Name and address of the responsible person
The responsible party pursuant to Art. 4 Z. 7 EU General Data Protection Regulation (DSGVO) is:
HRG Hotels Wien Management GmbH
Dresdner Street 87
Phone: +43 1 333 737317
2 Contact for data protection inquiries
HRG Hotels Vienna Management GmbH
Dresdner Street 87
Phone: +43 1 333 737317
3 General Information on Data Processing
3.1 Scope of the processing of personal data
Personal data is any information relating to an identified or identifiable natural person. As a matter of principle, we collect and use personal data of our users only to the extent that this is necessary for the provision of a functional website and for the presentation and performance of our content and services. The collection and use of personal data of our users is only carried out with the consent of the user. An exception applies in those cases where it is not possible to obtain consent in advance and the processing of the data is permitted by a legal provision.
3.2 Legal basis for the collection and processing of your personal data
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) lit. a DSGVO serves as the legal basis for the processing of personal data.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as processing of personal data is necessary for compliance with a legal obligation to which the controller is subject, Art. 6 (1) c DSGVO serves as the legal basis.
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) DSGVO serves as the legal basis.
If the processing is necessary to protect a legitimate interest of the controller or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.
3.3 Collection of data from third parties
We may obtain your personal data through third parties. This is particularly the case when a reservation is made for you by a travel agency, online booking portal or other third party, which may be a family member, travel companion, or other agent or intermediary acting on your behalf. For business travel, we obtain the information from your employer or other third parties acting on your behalf or for you. The legal basis for the processing of this data is Art. 6 (1) lit. b DSGVO, as this is initially required for the implementation of pre-contractual measures as well as for the subsequent performance of a contract.
3.4 Data deletion and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the responsible party is subject. A deletion or blocking of the data also takes place if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the further storage of the data for the conclusion or fulfillment of a contract.
4 Provision of the website and creation of log files
When you call up and use our website, we collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a so-called log file. When you use our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:
Information about the browser type and version used.
The user's operating system
The user's Internet service provider
The IP address of the user
Date and time of access
Websites from which the user's system accesses our website
Web pages that are accessed by the user's system via our website
This data is also stored in the log files of our system. Not affected by this are the IP addresses of the user or other data that enable the data to be assigned to a user.
The website is hosted on servers by a service provider contracted by us.
Our service provider is:
Hubspot 25 First Street, 2nd Floor, Cambridge, MA 02141 USA.
This data is not merged with other data sources. The collection of this data is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - for this purpose, the server log files must be collected.
We have concluded an order processing contract with the relevant service provider, in which we oblige the relevant service provider to protect user data and not to disclose it to third parties.
The location of the website's server is geographically in Germany.
For the processing of your personal data in third countries, we have provided suitable guarantees in the form of standard data protection clauses pursuant to Art. 46 (2) lit. c DSGVO. We have concluded these standard data protection clauses with the above-mentioned provider.
4.1 Legal basis
Art. 6 para. 1 lit. f DSGVO serves as the legal basis for the aforementioned data processing. The processing of the aforementioned data is necessary for the provision of a website and thus serves to protect a legitimate interest of our company.
4.2 Storage period
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
Various cookies are used on our websites, the type and function of which differ.
5.1 Session cookies and persistent cookies
A session cookie is a form of cookie that is deleted as soon as the user closes the browser after their current session. We use technically necessary session cookies, which store a session ID that can be used to assign various requests from your browser to the common session. Some elements of our website require that the calling browser can be identified even after a page change.
Persistent cookies are stored on the user's device to provide login information, settings or preferences of a user the next time they visit the website. They are used to provide a more convenient and faster use of the website. This storage of these cookies is limited to a certain duration, after which they are automatically deleted. Please note that the storage period may vary depending on the cookie. You can also delete these cookies from your system ahead of time by using the usual functionality of your browser.
The legal basis for this processing is Art. 6 (1) lit. f DSGVO.
5.2 Technically necessary cookies
Technically necessary cookies are required for the use of the website. In particular, they allow us to recognize the terminal device used when you return to the website. The legal basis for this processing is Art. 6 (1) lit. f DSGVO. We use technically necessary cookies to ensure the basic functions of our website. The technically necessary cookies are deleted as soon as you log out or close the browser.
The user data collected through technically necessary cookies are not processed to create user profiles.
5.3 Technically unnecessary cookies
These cookies are used to make the use of the website more efficient and attractive. They are not necessary to use basic functions of our website. The legal basis for this processing is Art. 6 (1) lit. a DSGVO and is based on your consent in the cookie banner. The technically unnecessary cookies are automatically deleted after a specified duration, which may differ depending on the cookie.
5.3.1 Statistics cookies
Statistics cookies help website owners understand how visitors interact with websites by collecting information anonymously.
5.3.2 Marketing Cookies
Third-party advertising cookies allow us to show you various offers that match your interests. Through these cookies, users' web activity can be tracked over time. You may recognize these cookies on different end devices used by you.
5.4 Legal basis for data processing
5.5 Storage period
As soon as the data transmitted to us via the cookies is no longer required to achieve the purposes described above, this information is deleted, in particular when the cookies are deactivated. Further storage may take place in individual cases if this is required by law.
5.6 Configuration of browser settings
The management of cookie settings is possible for you via the configuration options of your browser settings listed below.
Most browsers are preset to automatically accept cookies. By changing the settings in your Internet browser, you can completely disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. However, we would like to point out that you may no longer be able to fully use all the functions of our website if cookies are deactivated by your browser settings on our website. You can also delete cookies already stored in your browser via your browser settings or have the storage duration displayed. Furthermore, it is possible to set your browser to notify you before cookies are stored. The various browsers differ in their respective modes of operation, so please refer to the respective help menu of your browser for configuration options.
6 Execution of bookings on our website
If you make bookings directly on our website, we process personal data that is required for the performance of a contract pursuant to Art. 6 (1) lit. b DSGVO. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
As part of the booking process on our website, we collect the following data:
Booking details (destination, dates of arrival and departure, number of guests per room, information on the payment method you have selected)
As well as any comments or information you provide to us in the comments section provided.
Legal bases for processing are the fulfillment of a contract, the fulfillment of legal obligations, and in connection with the voluntary information, your consent. Data processed for the stated reason will be stored for the duration of the legal retention period and then deleted, unless there is a special retention reason in the individual case that justifies or requires a longer storage period. The following third parties process data on our behalf: external accounting.
Consent to the processing of data categories voluntarily provided by you can be revoked at any time. An informal communication to firstname.lastname@example.org is sufficient for the revocation. Receipt of the revocation will make further processing of your data based on the consent inadmissible, but will not affect the admissibility of the processing prior to the revocation.
Your data subject rights can be found in the chapter "Data subject rights".
7 Contact form and e-mail contact
Contact forms are available on our websites, which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. The following data will be collected in the context of our contact form:
Details of the request
Any communication of this information is voluntary and initiated by you. If the data you provide are contact details, we will use these channels to contact you in accordance with your request. For the processing of the data, your consent is obtained during the sending process and reference is made to this data protection declaration. Alternatively, it is possible to contact us via the provided e-mail address email@example.com. In this case, the user's personal data transmitted with the e-mail will be stored. The data will be deleted as soon as the purpose of the processing has been achieved and provided that no other legal retention period is opposed. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified. In this context, the data will not be passed on to third parties. The data is used exclusively for processing your request or for the purpose of contacting you.
The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f DSGVO. If the e-mail contact aims at the conclusion of a contract, Art. 6 para. 1 lit. b DSGVO is additionally relevant as the legal basis for the processing.
8.1 Scope of data processing
On our website there is the possibility to subscribe to a free newsletter. When registering for the newsletter, only the e-mail address you provide in the input mask is transmitted to us.
The registration for our e-mail newsletter takes place in the double opt-in procedure. We will then send you a confirmation e-mail to the e-mail address you provided, in which we ask you to explicitly confirm your subscription to the newsletter. You can agree by clicking on the button received. In this way, we can ensure that this is your e-mail address and that you wish to receive our e-mail newsletter.
Furthermore, the following data is processed at the time of newsletter registration:
Date/time of the registration to the newsletter
Time of your confirmation of the button
Information provided in the course of your registration
8.2 Legal basis for data processing
The legal basis for the processing of data after registration to receive the newsletter by the user is, if the user has given his consent, Art. 6 (1) lit. a DSGVO.
8.3 Purpose of the data processing
The collection of the user's e-mail address serves to deliver the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.
8.4 Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user's e-mail address is stored for as long as the subscription to the newsletter is active.
8.5 Revocation of consent
Revocation of your consent to the processing of the e-mail address for the receipt of the newsletter is possible at any time by directly pressing the unsubscribe link contained in the newsletter. In this case, the legality of the processing carried out on the basis of the consent until the revocation is not affected by the revocation.
9 Registration on our website
On our website, we offer users the opportunity to register free of charge by providing personal data. The data is entered in an input mask and transmitted to us and stored. The data is not passed on to third parties. Within the scope of registration on our website, you have the possibility to manage your reservation information.
9.1 Scope of data processing
The following data is collected as part of the registration process:
The following data is also stored at the time of registration:
The IP address of the user
Date and time of registration
9.2 Legal basis of data processing
As part of the registration process, the user's consent to the processing of this data is obtained. The legal basis for processing the data, if the user has given his consent, is Art. 6 (1) lit. a DSGVO.
9.3 Purpose of data processing
Registration of the user is necessary for the provision of certain content and services on our website. These contents and services are linked to the registration. An identification of the user is therefore necessary to provide these contents and services.
9.4 Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the data collected during the registration process when the registration on our website is cancelled or modified.
9.5 Revocation of consent
As a user, you have the option to cancel your registration at any time. You can have the data stored about you changed at any time.
10 Use of web analysis tools
In order to make our website as pleasant and comfortable as possible for you as a user, we occasionally use the services of external service providers. In the following, you have the opportunity to inform yourself about the use of the services and functions used, in order to be able to exercise your rights, if necessary, also with the service providers.
If you have declared your consent in the cookie banner, our website uses functions of web analysis services. Cookies are used for this purpose, which enable an analysis of the use of the website by its users. The information thus generated is transferred to the provider's server and stored there.
The use of statistics as well as marketing cookies requires your consent pursuant to Art 6 (1) lit. a DSGVO. When you first visit our website, a cookie banner opens where you can give your explicit consent to the use of statistics and marketing cookies.
10.1 Google Analytics
The information generated by these cookies, for example about the time, place and frequency of your use of this website, is transmitted to a server operated by us in the EU and stored there. Please note that Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.
Google will use the information generated by cookies on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. You can generally prevent cookies from being stored by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
To ensure the best possible protection of your personal data, Google Analytics has been extended on this website by the code "anonymizeIp". This code causes the last 8 bits of the IP addresses to be deleted and your IP address is thus recorded anonymously (so-called IP masking). Your IP address is shortened by Google before transmission within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and thus anonymized.
In the context of the use of Google Analytics, personal data may be transmitted to countries outside the EU/EEA, in particular to the USA. The USA is assessed by the European Court of Justice as a country with an inadequate level of data protection according to EU standards. Due to the lack of an adequacy decision and without appropriate safeguards, there is in particular a risk that your data may be processed by US authorities for control and for monitoring purposes, possibly also without any legal remedy. In this respect, we would like to point out that suitable safeguards may not currently exist for data transfers to the USA.
You can find more information on this at http://tools.google.com/dlpage/gaoptout or at https://policies.google.com/ (general information on Google Analytics and data protection).
1.1.1 Legal basis
The legal basis for the use is your expressly given consent pursuant to Art. 6 (1) lit. a DSGVO. You can revoke this consent at any time by deactivating cookies in your browser settings for the future.
1.1.2 Storage period
The website operators have limited the storage period of the data in Google Analytics to 14 months.
10.2 Facebook Custom Audience Pixel
We use the "Facebook Custom Audience Pixel" from Meta/Facebook on our website to optimize our advertising. The operator is Facebook, Inc. 1 Hackerway, Menlo Park, CA 94025, USA. For people living outside the United States or Canada, the controller is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Habour, Dublin 2, Ireland. We use Facebook Custom Audience Pixel to show personalized ads to people who visit our website while they are logged into Facebook. Furthermore, we can use it to measure the effectiveness of our advertising by analyzing actions that users perform on our website. No personal data is provided to us in this process. Facebook itself stores and processes the data at the same time, so that it is possible for Facebook to connect to the respective Facebook user profile.
The legal basis for the storage of the cookies and integration of the Facebook pixel is your consent pursuant to Art. 6 (1) lit. a DSGVO, provided you have given us this in the course of visiting our website (cookie banner). You have the option of preventing the storage of cookies and the integration of the web analysis service by making the appropriate setting.
For information on the processing and use of personal data by Facebook, please refer to the "Data Policy" published by Facebook. This can be found at: https://www.facebook.com/about/privacy/
Facebook may use your data for its own advertising purposes in accordance with the Data Policy.
11 Use of HubSpot
11.1 Scope of the processing of personal data
We use functions of the CMS Hubspot of HubSpot Inc, 2nd Floor, 25 First Street, Cambridge, MA 02141, USA (hereinafter referred to as: HubSpot). This is an integrated software solution that we use to cover various aspects of our online marketing. These include: Email marketing (newsletters as well as automated mailings, e.g. for the provision of downloads), social media publishing & reporting, reporting (in particular traffic sources, accesses, etc. ...), contact management (in particular user segmentation & CRM), landing pages and contact forms. HubSpot sets a cookie on your computer. Personal data can be stored and evaluated, especially the activity of the user (in particular, which pages have been visited and which elements have been clicked on), device and browser information (in particular, the IP address and the operating system), data about the advertisements displayed (in particular, which advertisements were displayed and whether the user clicked on them) and also data from advertising partners (in particular, pseudonymized user IDs).
Other recipients of the data processed by Hubspot are in particular:
- Amazon Web Services, Inc.
- Google, Inc.
- Cloudflare, Inc.
- Twilio, Inc.
- Message Systems, Inc.
- SendGrid, Inc.
- Snowflake, Inc.*
- HubSpot, Inc.
- HubSpot Ireland, Ltd.
- HubSpot Germany GmbH
- HubSpot Australia Pty. Ltd.
- HubSpot Asia Pte. Ltd.
- HubSpot Japan KK
- HubSpot Latin America, S.A.S.
- HubSpot Sweden
For more information on how HubSpot processes your data, please click here:
In the course of contact management, company data submitted by Albacross (e.g. website domain, company address, company size) is matched with the generated HubSpot data. For more information, please refer to Section XVIII. Use of Albacross).
11.2 Purpose of data processing
The use of the HubSpot plug-in serves us to optimize our website and marketing activities.
11.3 Legal basis for the processing of personal data
The legal basis for the processing of the users' personal data is basically the user's consent according to Art. 6 para. 1 p.1 lit. a DSGVO.
11.4 Duration of storage
11.5 Possibility of revocation, objection and elimination
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
You can prevent the collection as well as the processing of your personal data by HubSpot by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, disabling the execution of script code in your browser or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
For more information about objection and removal options vis-à-vis HubSpot, please visit: https://legal.hubspot.com/de/privacy-policy.
12 Rights of the data subject
According to Art.15 DSGVO in conjunction with. § 34 BDSG, you have the unrestricted right to free information about your data stored by us and, pursuant to § 35 BDSG, the right to delete or block inadmissible data or the right to correct incorrect data.
If personal data is processed by you, you are a data subject within the meaning of the GDPR and you are entitled to the rights listed below vis-à-vis the controller.
12.1 Right to information
You may request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you may request information from the controller about the following:
the purposes for which the personal data are processed
the categories of personal data which are processed
the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed
the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage duration
the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing
the existence of a right of appeal to a supervisory authority
any available information about the origin of the data, if the personal data are not collected from the data subject
the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information about whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 DSGVO in connection with the transfer.
12.8 Right to revoke consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
12.9 Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
is necessary for the conclusion or performance of a contract between you and the controller
is permitted by legislation of the Union or the Member States to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or
is carried out with your explicit consent
However, these decisions must not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.
With regard to the cases referred to in (1) and (3), the Controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the Controller, to express your point of view and to contest the decision.
12.10 Right to complain to a supervisory authority.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been violated in some way, you can complain to the competent supervisory authority.
In Germany, the supervisory landscape under data protection law is structured on a federal basis. The non-public sector is generally supervised by the state data protection authorities. For an overview of the responsible supervisory authorities and current contact information, please see here:https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html;jsessionid=5F55BBA3E8CEAE0B6033C0E593DEFEE1.intranet231.
13 Hyperlinks to external websites
On our websites we use so-called hyperlinks to the websites of other providers. When activating these hyperlinks, you will be redirected from one of our websites directly to the website(s) of the other provider. You will recognize this, among other things, by the change of URL. We cannot accept any responsibility for the confidential handling of your data on the websites of third parties, as we have no influence on whether these companies comply with data protection regulations. Please inform yourself about the handling of your personal data by these companies directly on their websites.
13.1 Notice - processing operations with joint responsibility
On our Facebook "Fanpage", we process personal data jointly with Facebook, which provides information about the interaction of users and serves to optimize the usability of the website and marketing activities. For this, we may refer to a joint responsibility agreement, available at https://www.facebook.com/legal/controller_addendum or https://www.facebook.com/legal/terms/page_controller_addendum. Further information on the joint processing of personal data can be found in Facebook's privacy notices at https://www.facebook.com/policy.php and at https://www.facebook.com/legal/terms/information_about_page_insights_data. We use this information in accordance with Art. 6 (1) f ("legitimate interest") DSGVO to create aggregated evaluations of the use of our social media presence and to optimize our marketing activities. This data is stored by Facebook in accordance with the periods presented at https://www.facebook.com/policy.php, chapter: "Data storage, deactivation and deletion of accounts".
14 Data security
We are committed to protecting your privacy and keeping your personal data confidential. To prevent manipulation, loss or misuse of your data stored with us, we take extensive technical and organizational security precautions, which are regularly reviewed and adapted to technological progress.
However, we would like to point out that, due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures are not observed by other persons or institutions not within our sphere of responsibility. In particular, data disclosed unencrypted - e.g. if this is done by e-mail - can be read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data he or she provides against misuse by encrypting it or in any other way.
1 Name and address of the responsible person
The responsible person according to Art. 4 Z. 7 EU General Data Protection Regulation (DSGVO) is:
HRG Hotels Wien Management GmbH
Dresdner Street 87
Phone: +43 1 333 737317
2 Contact for data protection inquiries
HRG Hotels Vienna Management GmbH
Dresdner Street 87
Phone: +43 1 333 737317
3 Data processing in the context of application procedures
3.1 Scope of processing of personal data
In the context of the application process, we only process the personal data of you that is related to your application and that is necessary to determine your professional as well as personal skills in relation to the position to be filled. We only use information that you have provided directly to us. This may also include information you have provided in online career networks or other job portals.
3.2 Type of personal data
We only collect personal data that is relevant to the application process. This may be general data about you, information about your professional qualifications and training, information about further professional training or your professional career, or other information that you wish to provide to us in connection with your application. If you are a citizen of a country outside the EU, you will need a work permit. Therefore, we will also ask you for your nationality during the application process. We only collect other information about you, in particular in the form of your preferred form of address, in order to be able to contact you accordingly.
3.3 Legal basis for the processing of personal data
We process the aforementioned data for the purpose of deciding on the establishment of an employment relationship and, if applicable, for the implementation or termination of the employment relationship, as well as for the exercise or fulfillment of legal rights and obligations on the basis of Section 26 BDSG. In addition, we may process personal data about you to the extent necessary to assert or defend legal claims arising from the application process. We process your aforementioned personal data in order to carry out the application process with you and to ensure optimal staffing within our entire organization (including specialist organizations). We do this on the legal basis of our overriding legitimate interest to conduct an efficient application process (Art. 6(1)(f) DSGVO) and on the basis of the need to carry out pre-contractual measures pursuant to Art. 6(1)(b) DSGVO. We collect this data as part of the application process either by you providing it to us (for example, by sending us your resume via email) or by us collecting it ourselves (for example, by taking notes during the interview). You are not required to provide us with your personal information. However, if you do not do so, it will not be possible for us to carry out the application process with you.
3.4 To whom is the data transmitted?
At our company, only those persons have access to your personal data who need it for the stated purposes. We will only pass on your personal data to external recipients if we are legally permitted to do so or if we have your consent to do so. Your personal data will be treated as strictly confidential and will only be made available to the persons responsible for the application process.
3.5 Collection of data from third parties
If you do not submit your application directly to us, but via an external online portal, we will first collect your data via this third party.
3.6 Storage period and deletion
We delete your personal data after the end of the application process, unless a legal permission or your consent allows a longer storage. In these two cases, we delete your personal data after the legal permission no longer applies or after revocation of consent.
4 Rights of the data subject
According to Article 15 GDPR in conjunction with Section 34 BDSG, you have the unrestricted right to free information about your data stored by us and, according to Section 35 BDSG, the right to delete or block inadmissible data or the right to correct incorrect data.
If personal data is processed by you, you are a data subject within the meaning of the GDPR and you are entitled to the rights listed below vis-à-vis the person responsible.
4.1 Right to Information
You can request confirmation from the person responsible as to whether personal data relating to you is being processed by us. If such processing is present, you can request information from the person responsible for the following information:
the purposes for which the personal data are processed
the categories of personal data being processed
the recipients or categories of recipients to whom your personal data has been or will be disclosed
the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage duration
the existence of a right to correction or deletion of the personal data concerning you, a right to restriction of processing by the person responsible or a right to object to this processing
the existence of a right of appeal to a supervisory authority
all available information about the origin of the data if the personal data are not collected from the data subject
the existence of automated decision-making including profiling in accordance with Article 22 Paragraphs 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject
You have the right to request information as to whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees in accordance with Article 46 GDPR in connection with the transmission.
4.2 Right to Rectification
You have a right to correction and/or completion to the person responsible if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.
4.3 Right to restriction of processing
Under the following conditions, you can request the restriction of the processing of your personal data:
if you dispute the accuracy of the personal data concerning you for a period that enables the person responsible to check the accuracy of the personal data
the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted
the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims
if you have lodged an objection to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the person responsible outweigh your reasons
If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State are processed.
If the restriction of processing has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.
4.4 Right to Erasure
4.4.1 Obligation to Erasure
You can request the person responsible to delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:
The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
You revoke your consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR and there is no other legal basis for the processing.
You object to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Article 21 (2) GDPR
The personal data concerning you have been processed unlawfully.
The deletion of the personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject
The personal data concerning you was collected in relation to information society services offered in accordance with Article 8 (1) GDPR
4.4.2 Information to Third Parties
If the person responsible has made the personal data relating to you public and is obliged to delete it in accordance with Art. 17 (1) GDPR, he shall take appropriate measures, including technical measures, to protect the person responsible for data processing, taking into account the available technology and the implementation costs , who process the personal data, that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.
The right to erasure does not exist if processing is necessary:
to exercise the right to freedom of expression and information
to fulfill a legal obligation that requires processing under Union or Member State law to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been delegated to the controller
for reasons of public interest in the area of public health in accordance with Art. 9 (2) lit. h and i and Art. 9 (3) GDPR
for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the law mentioned under the section "Obligation to delete" is likely to make it impossible or seriously impair the achievement of the goals of this processing
to assert, exercise or defend legal claims
4.5 Right to Information
Do you have the right to rectification, erasure or restriction of processing against.
4.6 Right to data portability
You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. You also have the right to transmit this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that the processing is based on consent pursuant to Article 6 Paragraph 1 Letter a GDPR or Article 9 Paragraph 2 lit. a GDPR or on a contract in accordance with Article 6 Paragraph 1 lit. b GDPR and the processing is carried out using automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one person responsible to another person responsible, insofar as this is technically feasible. The freedoms and rights of other people must not be impaired by this. The right to data portability does not apply to processing of personal data that is required to perform a task that is in the public interest or in the exercise of official authority that has been assigned to the controller.
4.7 Right to Object to Processing
You have the right, for reasons that arise from your particular situation, to object at any time to the processing of your personal data, which is based on Art.6 Para.1 lit.e or f DSGVO, this also applies to profiling based on these provisions.
The person responsible no longer processes the personal data relating to you unless he can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising, this also applies to profiling insofar as it is connected with such direct advertising.
If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.
4.8 Right to withdraw consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.
4.9 Automated individual decision-making including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
is necessary for the conclusion or performance of a contract between you and the person responsible
is permitted on the basis of legal provisions of the Union or the Member States to which the person responsible is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests or
takes place with your express consent
However, these decisions must not be based on special categories of personal data according to Art.9 Para.1 GDPR, unless Art.9 Para.2 lit.a or g applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the person responsible, to express his or her point of view and to challenge the decision.
4.10 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data is contrary to violates the GDPR.
The supervisory authority to which the complaint was lodged will inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in any way, you can complain to the responsible supervisory authority.
In Germany, the data protection supervisory landscape has a federal structure. The non-public area is generally managed by the state data protection authorities. An overview of the responsible supervisory authorities and current contact information can be found here: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html;jsessionid=5F55BBA3E8CEAE0B6033C0E593DEFEE1.intranet231.
5 Data Security
We are committed to protecting your privacy and treating your personal information confidentially. In order to avoid manipulation, loss or misuse of your data stored by us, we take extensive technical and organizational security precautions, which are regularly checked and adapted to technological progress.
However, we would like to point out that due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned Safety measures are not observed by other persons or institutions that are not within our area of responsibility. In particular, unencrypted data - e.g. B. if this is done by e-mail - read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data they have provided against misuse by encryption or in some other way.
Vienna, April 4th, 2023