Data protection declaration

privacy policy

Data protection declaration / privacy policy

As the provider of the website www.restaurant-apron.at and the responsible body, Am Konzerthaus Hotelbetriebs GmbH (hereinafter referred to as AKHB) takes the obligation to data protection very seriously and designs its website in such a way that only as little personal data as necessary is collected, processed and used will. Under no circumstances will personal data be rented or sold to third parties for advertising purposes. No personal data will be used for advertising or marketing purposes without the express consent of the visitor.

At AKHB, only those persons have access to personal data who need this data to carry out their tasks within the responsible body, who are informed about the statutory provisions on data protection and who comply with the applicable statutory provisions (Art. 5 of the EU General Data Protection Regulation (EU -DSGVO)) have committed to comply with them. The collection, processing, use and transmission of the collected personal data takes place, in accordance with Article 6 Paragraph 1 EU-GDPR, only to the extent necessary for the implementation of a contractual relationship between AKHB, as the responsible body, and the visitor, as the person concerned.

Changes in the purpose of processing and data use

Since the processing methods used may change / develop further due to technical progress and organizational changes, we reserve the right to further develop this data protection declaration in accordance with the new technical framework. We therefore ask you to check the AKHB’s data protection declaration from time to time. If you do not agree with the further developments that have occurred over the course of time, you can request in writing, in accordance with Art.17 EU-GDPR, that the data are deleted that are not stored on the basis of other legal requirements, such as retention obligations under commercial or tax law.

Anonymous data collection

In principle, you can visit the website of the responsible body without telling us who you are. We only find out the name of your Internet service provider, the website from which you are visiting us and the websites on our website that you are visiting. The legal basis for this data collection is Art. 6 Para. 1 lit b GDPR. This information is analysed for statistical purposes. As an individual user, you remain anonymous.

Collection and processing of personal data

Personal data is only collected if you provide it to us of your own accord, for example to register for the newsletter and give your consent to the use of the data (Art. 6 Para. 1 lit. a GDPR). The responsible body adheres to the requirements of Art 5 and 6 EU GDPR. As part of the personalized services of the responsible body, your registration data will be processed with your consent for the purpose of sending our newsletter or for the needs-based design of the electronic services offered. You can object to the storage of your personal data at any time. To do this, please send an email to datenschutz(at)lauser-nhk.de with the subject “Unsubscribe data” and please state the website.

The processing and use of your personal data take place in accordance with the requirements of the EU GDPR.

Storage period

We only save your personal data as long as we need it to provide the website you are using or to fulfil contractual relationships with you or as long as we have your consent or we have another legitimate interest in data processing. Any further storage is only carried out on the basis of legal regulations.

Rights of the persons affected

As far as we process your personal data, you have the following rights:

Right to withdraw a given consent

If the processing of personal data is based on consent given, you have the right to revoke this consent. The revocation is valid for the future.

Right to information

You can request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you can land the following information:

  • the purposes of the processing;
  • which personal data are processed;
  • the recipients of the data in the case of data transfer to third parties, as well as the name and country of domicile of the third party;
  • the storage period of the data;
  • the existence of a right to lodge a complaint with the competent supervisory authority;
  • If the data was not collected directly from you, all available information about the origin of the data.

The requested information will be given to you within one month of receipt of the written request for information. We would like to point out that information can only be given if the identity of the petitioner can be clearly established.

Right to rectification

You have the right to request us to correct your personal data immediately if it is incorrect.

Right to data erasure (“right to be forgotten”)

You have the right to ask us to delete your personal data if one of the following reasons applies:

  • The personal data are no longer necessary for the purposes for which they were collected or processed.
  • There is no legal obligation for us to save the data.
  • You revoke your consent on which the processing was based and there is no other legal basis for the storage.
  • You object to the processing and there is no legal basis for further storage.
  • The personal data was unlawfully collected and processed from the start.

Right to restriction of processing

You have the right to request that we restrict the processing of your personal data if one of the following conditions is met:

  • You dispute the correctness of the processing of your personal data for a period that enables us to check the correctness of the personal data;
  • the processing of your personal data is actually unlawful and instead of deleting it, you request that the use of the personal data be restricted;
  • We no longer need the personal data for the purposes of processing, but you need them to assert your legal claims, or
  • You have objected to the processing, but it has not yet been determined whether our legitimate interests outweigh your legitimate interests.

Right to data portability

You have the right to receive the personal data relating to you that we have stored in a common and machine-readable format, and you have the right to transmit this data to another person responsible without hindrance from us.

Right to object

You have the right to object at any time to the processing of your personal data, which is based on Art. 6 Para. 1 lit. e) or f) GDPR. We will then no longer process this data unless we can demonstrate legitimate reasons for processing that outweigh your interests.

Right to complain to a supervisory authority

You have the right to lodge a complaint with the data protection supervisory authority responsible for the responsible body.

Export and processing of data in countries outside the European Economic Area

In principle, there is no export of your personal data to countries outside the European Economic Area (hereinafter EEA). If, in exceptional cases, an export takes place, you will be informed about this on this data protection declaration under the relevant point. In the exceptional case of the transfer of data to a third country, AKHB ensures the guarantees required by the GDPR for an adequate level of data protection through the conclusion of standard contractual clauses, unless there is an adequacy decision by the Commission for the third country. In addition, when concluding standard contractual clauses, AKHB carried out additional checks to ensure compliance with the data protection level in the respective third country by the specific provider.

Nevertheless, as long as you are logged into Facebook or have a Twitter account, personal data can be exported to the USA. For more detailed explanations and ways to prevent this data export, please read the section “Use of Facebook Social Plugins” or “Use of Twitter” in this data protection declaration. When using analysis programs, your data may also be exported to the USA, for example. Please read the section “Use of analysis programs” here.

The service providers engaged by the responsible body have their headquarters and otherwise operate their IT infrastructure exclusively within the EEA. This also applies to any use of cloud-based services. There are contracts with the service providers that comply with the data protection and data security requirements of the EU GDPR. Even if external service providers are involved, the AKHB remains the body responsible for processing.

Use and disclosure of personal data

The personal data collected on the website of the responsible body will only be used to process contracts and your inquiries without your consent. In addition, your data will only be used for advertising and market research purposes by the responsible body if you have given your prior consent. You can of course revoke your respective consent at any time with effect for the future.

Incidentally, not passed on to any third parties. Insofar as the responsible body uses the support of service providers to provide its services, the necessary contracts have been concluded in accordance with Art. 28 GDPR. If you need more information regarding the contractors used, please contact the data protection officer.

External links

For your information, you will find links on our website that refer to third-party websites. If this is not clearly recognizable, we point out that it is an external link. The responsible body has no influence whatsoever on the content and design of these pages from other providers. The guarantees of this data protection declaration therefore do not apply to external providers.

Use of cookies

The responsible body uses so-called “cookies” to individually design and optimize the online experience and online time of the customer. A cookie is a text file that is either temporarily stored in the computer’s main memory (“session cookie”) or stored on the hard drive (“permanent” cookie). Cookies contain, for example, information about the user’s previous access to the corresponding server or information about which offers have been called up so far. Cookies are not used to run programs or load viruses onto your computer. The main purpose of cookies is rather to provide an offer specially tailored to the customer and to make the use of the service as convenient as possible.

The responsible party uses session cookies as well as permanent cookies.

Session cookies
The responsible body mainly uses “session cookies” which are not stored on the customer’s hard drive and which are deleted when the browser is exited. Session cookies are used for login authentication and load balancing (balancing the system load). These cookies are absolutely necessary for the provision of our website (Art. 6 Para. 1 lit. b GDPR).

Permanent cookies
In addition, the responsible body uses “permanent cookies” in order to save the personal usage settings that a customer enters when using the services of the responsible body and to be able to personalize and improve the service, provided you give your consent (Art. 6 Para. 1 lit. a GDPR). The permanent cookies ensure that the customer will find his personal settings again when he visits the website of the responsible body.

In addition, the service providers commissioned by the responsible body to analyse user behaviour use permanent cookies in order to be able to recognize returning users. These services only save the data transmitted by the cookie anonymously. An assignment to the customer’s IP address is not held.

You can find more detailed information on the permanent cookies used by the responsible body or their service providers under the following points of this data protection information:

  • Use of analysis programs
  • Use of social media buttons
  • Online offers on social media platforms
  • Use of Twitter plugins
  • Use of YouTube plugins
  • Use of Instagram social plugins
  • Use of Instagram plugins

Avoiding cookies
The visitor has the option to refuse the setting of cookies at any time. This is usually done by selecting the appropriate option in the browser settings or by using additional programs. More details can be found in the help function of the browser used by the customer. If the customer decides to switch off cookies, this can reduce the scope of the service and have a negative impact when using the services of those responsible.

Use of analysis programs

The responsible body carries out analyses of the behaviour of its customers in the context of the use of its service or has them carried out if they give us their consent. For this purpose, anonymized or pseudonymized usage profiles are created. The creation of the usage profiles is done for the sole purpose of continuously improving the service of the responsible body. The legal basis for processing your data is Article 6 1 lit. (a) GDPR.

As part of the web analysis, the responsible body also uses Google Analytics, a web analysis service from Google Inc. (“Google”), which the responsible body uses Google Analytics with the extension “_anonymizeIp ()” if you have given your consent. As a result, the IP addresses are only processed in abbreviated form in order to exclude direct personal reference. The legal basis for processing is Article 6 1 lit. (a) GDPR. The consent to the data collection and storage taking place in this context can be revoked at any time with effect for the future.
Please contact Google directly >> >>

Google instructs its users, such as the responsible body, to use the following instructions in their data protection declarations. AKHB complies with this request by reproducing the following text:

“Google Analytics uses so-called “cookies”, text files that are saved on your computer and that enable your use of the website to be analysed. The information generated by the cookie about your use of this website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information to evaluate your use of the website, to compile reports on website activity for the website operator and to provide other services relating to website activity and internet usage. Google may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google. Under no circumstances will Google associate your IP address with other Google data. You can prevent the installation of cookies by setting your browser software accordingly; we would like to point out, however, that in this case you may not be able to use all functions of this website to their full extent. By using this website, you declare that you consent to the processing of the data collected about you by Google in the manner described above and for the purpose stated above.”

Use of social media buttons

To share the content of our online offers via social networks, we offer so-called social media buttons. For this purpose, we use the “c’t Shariff” solution developed by Heise Medien GmbH & Co. KG, which provides data protection-compliant social media buttons.

The buttons offered directly by the operators of social networks inadmissibly transmit personal data such as the IP address or entire cookies when a website on which they are integrated is loaded and thus pass on precise information about your surfing behaviour to the social services without being asked. You do not have to be logged in or be a member of the respective network. In contrast, a Shariff button only establishes direct contact between the social network and the visitor when the latter actively clicks on the share button. In this way, Shariff prevents you from leaving a digital trace on every page you visit and improves data protection. By using Shariff, we can protect your personal data and still integrate buttons for social sharing. You can find more information about c’t Shariff at: https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

Further information can be found under the following information on the specific social media buttons used:

  • Facebook
  • Twitter
  • Youtube-Plugins
  • Instagram

Use of Facebook social plugins

The responsible body uses social plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, or Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”). The plugins are marked with a Facebook logo.

You can find Facebook’s privacy policy at: https://www.facebook.com/about/privacy/

Opposition option with effect for the future at: https://www.facebook.com/settings?tab=ads

Use of Twitter plugins

The responsible body uses functions of the Twitter service on its website. These functions are offered by Twitter Inc., Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and made known to other users. This data is also transmitted to Twitter.

We would like to point out that, as the provider of the website, we have no knowledge of the content of the data transmitted or how it is used by Twitter. You can find more information on this in Twitter’s data protection declaration at: twitter.com/de/privacy

https://twitter.com/de/privacy

Opposition option with effect for the future at: https://twitter.com/personalization

You can change your data protection settings on Twitter in the account settings at www.twitter.com/account/settings

Use of YouTube plugins

We use YouTube, among others, to integrate videos. YouTube is operated by YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. based in 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, or Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, provided you give us your consent. The provision of the videos is only possible if consent has been given. The legal basis for processing is Article 6 1 lit. (a) GDPR.

The data protection declaration, also for YouTube, can be found at:

https://policies.google.com/privacy or in German at: www.google.de/intl/de/policies/privacy/
The possibility of objection with effect for the future is possible at: https://adssettings.google.com/authenticated

Use of Instagram social plugins

Our website uses so-called social plugins (“plugins”) from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”. An overview of the Instagram plugins and their appearance can be found here:

http://blog.instagram.com/post/36222022872/introducing-instagram-badges

You can find the Instagram data protection declaration at: http://instagram.com/about/legal/privacy
The possibility of objection with effect for the future is possible at: http://instagram.com/about/legal/privacy

Online offers on social media platforms

We offer online offers on various social media platforms in order to have information available there and to be able to contact you. Here we are usually responsible together with the operator of the platform iSv. Art. 26 DSGVO.

We have no influence on the processing of personal data by the respective platform operator. As a rule, when you visit our social media offers, the platform operator saves cookies in your browser, in which your usage behaviour or your interests are saved for market research and advertising purposes. The user profiles obtained in this way – mostly across devices – are used by the platform operators to show you personalized advertising. Data processing can also affect people who are not registered as users on the respective social media platform. Your data may be processed outside of the European Union, which can make it more difficult to enforce your rights. When selecting such social media platforms, however, we make sure that the operators undertake to comply with EU data protection standards.

The processing of your personal data when you visit one of our social media offers is based on our legitimate interests in a diverse external presentation of our company and the use of an effective information option and communication with you. The legal basis for this is Article 6, 1 lit. Letter f of the GDPR. Under certain circumstances, you have given a platform operator your consent to data processing, in which case Article 6 1 lit. (a) GDPR is the legal basis.

You can obtain detailed information about data processing in connection with the use of our social media offers, possibilities of objection (opt-out) and the assertion of information rights via the data protection declaration of the relevant platform operator. The links to the data protection declarations of the platform operators can be found in our comments on the respective platforms.

If we are jointly responsible for another body, you can also exercise your above-mentioned data subject rights against their data protection officer and complain to the supervisory authority responsible for this body.

Further information and contacts

If you have any further questions on the subject of “data protection at the responsible body”, please contact our company’s data protection officer. You can find out which of your data is stored by us. In addition, you can send information, deletion and correction requests to your data and also suggestions at any time by letter or e-mail to the following address:

Dr. Charlotte Lauser
Data protection officer
Dr. Gerhard-Hanke-Weg 31
D-85221 Dachau

E-Mail: datenschutz(at)lauser-nhk.de