Apartments Hotel
Telephone+43 3687 22077 Email icon
Search website
Close search
DE
Menu
Apartments Hotel
quick
booking
20.
December
21.
December
Request hotel room Book hotel room
quick
booking
20.
December
21.
December
Request apartments Book apartments
Online bookingBook now EnquiryEnquiry Percent IconLastminutes Voucher IconVoucher Hotel bar die BAR.bara die BAR.bara Weather IconWebcam
Online bookingBook now EnquiryEnquiry Last Minute IconLast minutes Voucher IconVoucher Hotel bar die BAR.bara die BAR.bara Weather IconWebcam
Book Inquiry

Privacy Policy

Information according to the EU General Data Protection Regulation (GDPR)

We are very pleased about your interest in our company. Data protection is of particularly high importance to Hotel Die Barbara GmbH. Using the websites of Hotel Die Barbara GmbH is generally possible without providing any personal data. However, if a data subject wishes to use special services of our company via our website, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and the country-specific data protection regulations applicable to Hotel Die Barbara GmbH.

With this privacy policy, our company intends to inform the public about the type, scope, and purpose of the personal data we collect, use, and process. Furthermore, this privacy policy informs data subjects about their rights.

1. Definitions

The privacy policy of Hotel Die Barbara GmbH is based on the terms used by the European legislator when enacting the GDPR. Our privacy policy is intended to be easily readable and understandable for the public, our customers, and business partners. To ensure this, we would like to explain the terminology used in advance.

In this privacy policy, we use, among others, the following terms:

a) Personal data
Personal data are all information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. b) Data subject
A data subject is any identified or identifiable natural person whose personal data are processed by the controller. c) Processing
Processing is any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing. e) Profiling
Profiling is any form of automated processing of personal data consisting of using personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. f) Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. g) Controller or responsible party
The controller or responsible party is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. h) Processor
A processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller. i) Recipient
A recipient is a natural or legal person, public authority, agency, or other body to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the context of a particular inquiry in accordance with Union or Member State law are not considered recipients. j) Third party
A third party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, or persons authorized to process the data under the direct authority of the controller or processor. k) Consent
Consent is any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.


2. Name & Address of the Controller
The controller within the meaning of the General Data Protection Regulation (GDPR), other data protection laws applicable in the member states of the European Union, and other regulations with a data protection character is:

Hotel Die Barbara GmbH
Coburgstraße 553
8970 Schladming
Austria
Tel.: +43 3687 22077
E-Mail: [info@diebarbara.at](mailto:info@diebarbara.at)
Website: [www.diebarbara.at](http://www.diebarbara.at)


3. Cookies



4. Website Analysis
This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses "cookies," which are text files stored on your computer that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. If IP anonymization is activated on this website, your IP address will first be truncated by Google within the member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the website operator, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by adjusting your browser software; however, please note that in this case, you may not be able to use all functions of this website to their full extent. Furthermore, you can prevent the collection of data generated by the cookie regarding your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: [https://tools.google.com/dlpage/gaoptout?hl=de-DE](https://tools.google.com/dlpage/gaoptout?hl=de-DE).
You can prevent the collection of your user data by Google Analytics on this website only by clicking the following link. An opt-out cookie will be set, preventing data collection during future visits to this website: Disable Google Analytics.
If you delete the cookies in this browser, you must set the opt-out cookie again.
More information about Google Analytics terms and data protection can be found here: [https://www.google.com/analytics/terms/de.html](https://www.google.com/analytics/terms/de.html).

5. Facebook Pixel
This website uses Facebook Pixel, a web analysis service of Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”), on the legal basis of legitimate interest (analysis of website usage). We have concluded a data processing agreement with Facebook. Data is partially transferred to the USA. The transfer of data to the USA is based on the Privacy Shield. When accessing our website, a connection to Facebook servers is established via software, and data is transmitted to servers, some of which are located in the USA. Facebook Pixel also uses cookies to store information about website users and to analyze their usage of the website. According to Facebook, the collected data is used to evaluate website usage, compile reports on website activity, and provide other services related to website and internet usage. Facebook may also transfer this information to third parties if legally required or if third parties process the data on behalf of Facebook. Detailed information about handling user data by Facebook can be found in the Facebook Data Policy. You can prevent the collection of your user data by Facebook Pixel on this website only by clicking the following link. An opt-out cookie will be set to prevent data collection on future visits to this website: Disable Facebook Pixel.

6. Collection of General Data and Information
The website of Hotel Die Barbara GmbH collects a range of general data and information with each visit by a data subject or automated system. These general data and information are stored in the server log files. Data collected may include: (1) browser types and versions used, (2) the operating system of the accessing system, (3) the website from which an accessing system reaches our website (referrer), (4) subpages accessed, (5) date and time of access, (6) IP address, (7) Internet service provider, and (8) other similar data used for security purposes in case of attacks on our IT systems.
Hotel Die Barbara GmbH does not draw conclusions about the data subject from the use of these general data and information. This information is needed to (1) correctly deliver website content, (2) optimize website content and advertising, (3) ensure the functionality of IT systems, and (4) provide information necessary for law enforcement in case of cyberattacks. These anonymized data are evaluated statistically and to improve data protection and security. Server log files are stored separately from personal data provided by the data subject.

7. Newsletter Subscription
Users can subscribe to the newsletter of Hotel Die Barbara GmbH on the website. The personal data transmitted during newsletter registration is determined by the input form used. The newsletter provides regular updates about the company’s offers. Subscription requires (1) a valid e-mail address and (2) registration for the newsletter. A confirmation e-mail is sent using the double opt-in procedure to verify consent. We also store the IP address of the registering computer and the date and time of registration to prevent misuse of the e-mail address. Data collected is used exclusively for sending the newsletter and is not shared with third parties. Newsletter subscription can be canceled at any time. Consent to personal data storage can be withdrawn at any time via the link in the newsletter or directly on the website.

8. Newsletter Tracking
Newsletters from Hotel Die Barbara GmbH contain tracking pixels. A tracking pixel is a tiny graphic embedded in HTML emails to allow log file recording and analysis. This allows statistical evaluation of the success of online marketing campaigns. The tracking pixel lets Hotel Die Barbara GmbH see if and when an email was opened and which links were clicked. Data collected via tracking pixels is used to optimize newsletter content and adapt future newsletters to subscriber interests. Data is not shared with third parties. Subscribers may revoke their consent at any time, which results in deletion of the related data. Unsubscribing from the newsletter automatically counts as revocation.

9. Contact via Website
The website provides contact details for quick electronic contact and direct communication, including an email address. If a data subject contacts the controller via e-mail or contact form, personal data transmitted are stored automatically. Personal data voluntarily provided are used exclusively for processing the inquiry or contacting the data subject and are not shared with third parties.


10. Routine Deletion & Blocking of Personal Data
The controller processes and stores personal data of the data subject only for the period required to achieve the storage purpose or as provided by EU or national legislation. Once the storage purpose no longer applies or a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.

11. Rights of the Data Subject
a) Right to Confirmation
Every data subject has the right to obtain confirmation from the controller as to whether personal data concerning them is being processed. To exercise this right, contact our data protection officer at any time.

b) Right of Access
Data subjects have the right to receive information free of charge about the personal data stored about them and a copy of this information. This includes:
  • Purposes of processing
  • Categories of personal data processed
  • Recipients or categories of recipients, including those in third countries or international organizations
  • Planned storage period or criteria for determining it
  • Right to rectification, erasure, restriction of processing, or objection
  • Right to lodge a complaint with a supervisory authority
  • If data is not collected from the data subject: the source of the data
  • Existence of automated decision-making, including profiling, and meaningful information about the logic, significance, and consequences
Data subjects can also request information about transfers to third countries or international organizations and associated safeguards. Contact the data protection officer to exercise this right.

c) Right to Rectification
Data subjects may request the correction of inaccurate personal data and completion of incomplete data. Contact the data protection officer to exercise this right.

d) Right to Erasure (“Right to be Forgotten”)
Data subjects may request deletion of personal data if one of the following applies and processing is not required:
  • Data is no longer necessary for the purposes collected
  • Consent is withdrawn and no other legal basis exists
  • Objection under Art. 21 DS-GVO and no overriding legitimate reasons exist
  • Data was unlawfully processed
  • Deletion is required by law
  • Data was collected under Art. 8 DS-GVO for information society services
Requests for erasure can be directed to the data protection officer, who will implement deletion promptly, including notifying other controllers if data has been made public.

e) Right to Restriction of Processing
Data subjects may request restriction if:
  • Accuracy of data is disputed
  • Processing is unlawful but deletion is refused
  • Controller no longer needs the data but it is needed for legal claims
  • Objection under Art. 21 DS-GVO and priority of reasons is unclear
Requests can be directed to the data protection officer.

f) Right to Data Portability
Data subjects can receive personal data they provided in a structured, commonly used, machine-readable format and request transmission to another controller. This applies when processing is based on consent or contract and automated. Contact the data protection officer to exercise this right.

g) Right to Object
Data subjects can object to processing based on Art. 6(1)(e) or (f) DS-GVO, including profiling, for reasons related to their situation. The controller will cease processing unless overriding legitimate reasons exist. Objection to direct marketing is possible at any time.

h) Automated Decisions and Profiling
Data subjects have the right not to be subject to decisions based solely on automated processing, including profiling, with legal or significant effects, unless it is necessary for a contract, legally authorized, or based on explicit consent. In such cases, the controller ensures rights to human intervention, explanation, and contesting decisions.

i) Right to Withdraw Consent
Data subjects may withdraw consent for data processing at any time. Contact the data protection officer to do so.

12. Data Protection in Job Applications
The controller processes applicant data for recruitment purposes, including electronically. If no employment contract is concluded, data is deleted two months after rejection unless other legitimate interests exist, such as legal obligations under AGG.

13. Legal Basis for Processing
Processing is based on:
  • Art. 6(1)(a) DS-GVO for consent
  • Art. 6(1)(b) DS-GVO for contract-related processing
  • Art. 6(1)(c) DS-GVO for legal obligations
  • Art. 6(1)(d) DS-GVO to protect vital interests
  • Art. 6(1)(f) DS-GVO for legitimate interests, provided rights do not override

14. Legitimate Interests
Legitimate interests include conducting business for the well-being of employees and shareholders.

15. Storage Duration
Data is stored according to legal retention periods. Afterward, data is routinely deleted unless needed for contract fulfillment.

16. Requirement to Provide Data
Providing personal data may be legally or contractually required. Failure to provide may prevent contract conclusion. Contact the data protection officer to clarify requirements and consequences.

17. Automated Decision-Making
The company does not use automated decision-making or profiling.

18. Competent Authority
Austrian Data Protection Authority
Wickenburggasse 8
1080 Vienna, Austria
[dsb@dsb.gv.at](mailto:dsb@dsb.gv.at)

This privacy statement was created using the DGD privacy generator in cooperation with lawyer Christian Solmecke.