Policy
1. Privacy Policy
Thank you for your interest in our online presence. Schloss Hernstein Hotelbetriebsgesellschaft mbH ("we") places great importance on complying with all legal provisions of data protection laws, particularly the General Data Protection Regulation (GDPR), the Data Protection Act (DSG), and the Telecommunications Act (TKG).
The subject of data protection is personal data. According to the GDPR, this refers to "information relating to an identified or identifiable natural person." This includes details such as name, postal address, email address, or phone number, as well as usage data like IP addresses.
The terms used in our privacy policy ("personal data," "controller," "principle of data minimization," etc.) are to be understood according to their definitions in Article 4 of the GDPR.
2. Type and Purpose of Data Processing
In order to provide our services, we require personal data. This is particularly relevant for responding to individual inquiries, sending newsletters, or processing contracts concluded with us.
The following data may be collected by us:
- First and last name
- Company name
- Postal address
- Date of birth
- Contact details (phone number, email address)
- Bank details, credit card information
- Date and time of access to our website
- IP address of visitors to our website
- Technical information, such as the name and version of the web browser used by website visitors, internet provider, device type, and screen resolution
- Source (URL) of the visit
- Visitor behavior on our website
- The approximate location of visitors (country and city)
The collected data is processed for the following purposes:
- To provide or process services and/or contracts
- Conducting and managing events
- Carrying out disaster protection measures
- Providing, improving, and developing our website
- Detecting, investigating, and preventing attacks on our website
The collected data is processed based on the following legal grounds:
- To fulfill contractual obligations (Article 6(1)(b) GDPR)
- Based on explicit consent (Article 6(1)(a) GDPR)
- Our overriding legitimate interest (Article 6(1)(f) GDPR), which includes making our website user-friendly and protecting it from attacks, as well as providing the requested services.
3. Data Sharing
If necessary for the purposes mentioned above, we will share data with the following recipients:
- Vienna Chamber of Commerce
- WKO Inhouse GmbH
- External IT service providers (Siteminder, Opera Cloud)
In addition, personal data will not be shared with third parties without the explicit consent of the individuals involved. Data will only be transmitted to state institutions and/or authorities within the scope of legal disclosure obligations or if we are required to do so by a court order.
4. Users of Our Website
In this section, we inform you about how we process your personal technical data. Additionally, in the following sections, you can learn about international data transfers and your rights regarding the processing of your data.
4.1 Categories and Purposes of Data Processing
The following personal technical data is automatically collected when visiting our website:
- Date and time of accessing a page
- IP address (in shortened form, so it cannot be uniquely assigned)
- Technical information (browser name and version, internet provider, device type, screen resolution)
- Source (URL of the website or advertising material that led you to us)
- Orders including the revenue of the ordered product
- Interactions with the website (contact requests, newsletter sign-ups)
- User behavior on the website (e.g., clicks, scrolling behavior, time spent)
- Approximate location (country and city)
- Cookies
To provide you with all our services, it may be necessary to enter personal data (e.g., name, email address).
You are not required to provide this information, but without it, you may not be able to use all the features of the website.
Your data will be processed for the following purposes:
- Optimizing the website and our services
- Creating usage statistics
- Displaying personalized content
- Detecting, investigating, and preventing attacks on our website
4.2 Legal Basis of Processing
We process your personal technical data based on:
- The necessity to fulfill legal obligations, particularly under the Austrian Chamber of Commerce Act 1998 ("WKG"), in accordance with Article 6(1)(c) of the General Data Protection Regulation ("GDPR")
- Our overriding legitimate interest under Article 6(1)(f) GDPR, which includes making our website user-friendly and protecting it from attacks, and
- In individual cases, your consent to the processing of your data (Article 6(1)(a) GDPR).
4.3 Transfer of Your Personal Technical Data
If necessary for the above purposes, your data will be shared with the following recipients:
- WKO Inhouse GmbH
- External IT service providers
4.4 Storage Duration
We generally store your data for a period of 12 months. This period is extended only if necessary to investigate detected attacks on our website and only until the expiration of relevant statutory limitation periods, retention obligations, or ongoing legal disputes where the data is needed as evidence.
Data required to maintain your user account is stored as long as the account exists.
4.5 Cookies (General)
A cookie is a small file that can be stored on your computer when you visit our website and accept our cookies. Cookies are generally used to provide additional functionality on the website. For example, they make navigation easier or allow you to resume where you left off on the site or recall your settings/preferences upon return.
Many cookies on our website are so-called session cookies, which are automatically deleted when you leave our website. Persistent cookies, on the other hand, remain stored in your browser until you manually delete them. We use persistent cookies to recognize you during future visits to our website.
If you wish to control the cookies set in your browser, you can adjust your browser settings to notify you when a website attempts to store cookies. You can delete or block cookies after they have been set in your browser. You can find instructions on how to adjust these settings in your browser's "Help" function.
Please note that deleting or blocking cookies may affect your online experience and prevent you from fully enjoying the functionality of this website.
4.6 Google Tag Manager
We use Google Tag Manager to deploy tags (small code elements) on our pages based on custom rules. Google Tag Manager does not set cookies itself and does not collect personal data.
The tools for which we deploy tags can be found within the cookie groups.
4.7 Necessary and Functional Cookies
The following cookies are essential for basic website functions and cannot be disabled.
Depending on the service used on one of our websites, the following cookies may be applied. These technically necessary cookies ensure the website’s basic functionality. An * indicates a possible prefix or suffix.
Necessary cookies | Applicability | Purpose | Retention period |
---|---|---|---|
PHPSESSID | 1st Party | Session Cookie: Automatically created cookie by the web server. | Session |
ASP.NET_SessionId | 1st Party | Session Cookie: Automatically created cookie by the web server. | Session |
wcf_cookieHash | 1st Party | Session Cookie: Automatically created cookie by the web server. | |
ASPSESSIONID | 1st Party | Session Cookie: Automatically created cookie by the web server. | |
JSESSIONID | 1st Party | Session Cookie: Automatically created cookie by the web server. | Session |
vera_session_id | 1st Party | Session Cookie: Automatically created cookie by the web server. | Session |
laravel_session | 1st Party | Session Cookie: Automatically created cookie by the web server. | Session |
YII_CSRF_TOKEN | 1st Party | Session Handling: Increases the security in the communication between server and client. | |
__CSRFCOOKIE | 1st Party | Session Handling: Increases the security in the communication between server and client. | |
__RequestVerificationToken | 1st Party | Session Handling: Increases the security in the communication between server and client. | |
XSRF-TOKEN | 1st Party | Session Handling: Increases the security in the communication between server and client. | Session |
cookiesAllowed | 1st Party | Saves the set cookie settings. | 1 year |
gcmdata_* | 1st Party | Saves the set cookie settings. | 1 year |
cookiehint.wkis.wko.at | 1st Party | Saves the set cookie settings. | 24 hours |
ADC_CONN_539B3595F4E | 1st Party | Session Cookie: Automatically created cookie by the Web Application Firewall. | Session |
ADC_REQ_2E94AF76E7 | 1st Party | Session Cookie: Automatically created cookie by the Web Application Firewall. | Session |
LB_SESSION_ID | 1st Party | Session Cookie: Automatically created cookie by the Web Application Firewall. | 24 hours |
consent | 1st Party | Saves the interaction with the cookie consent tool. | 1 year |
Depending on the services used on one of our websites, the following additional functional cookies may be applied. You can disable functional cookies through your browser; however, the following features may not function as expected. An * indicates a possible prefix or suffix.
Necessary cookies | Applicability | Purpose | Retention period |
---|---|---|---|
MSISAuth* | 1st Party | Login Handling: Enables access to protected pages. | Session/180 days |
MSISAuthenticated | 1st Party | Login Handling: Enables access to protected pages. | Session |
MSISContext* | 1st Party | Login Handling: Enables access to protected pages. | |
MSISIPSelectionSession | 1st Party | Login Handling: Enables access to protected pages. | |
MSISTtpDataReceivedCookie | 1st Party | Login Handling: Enables access to protected pages. | |
MSISIPSelectionPersistent | 1st Party | Login Handling: Enables access to protected pages. | |
LogoutReturnUrl | 1st Party | Login Handling: Enables access to protected pages. | |
msisloopdetectioncookie | 1st Party | Login Handling: Enables access to protected pages. | Session |
msissignout | 1st Party | Login Handling: Enables access to protected pages. | Session |
idpSelection | 1st Party | Login Handling: Enables access to protected pages. | 3 minutes |
.AspNetCore.Correlation.WsFederation.* | 1st Party | Login Handling: Enables access to protected pages. | Session |
webservices.framework.passport.logincookie | 1st Party | Login Handling: Enables access to protected pages. | Session |
Wkis | 1st Party | Login Handling: Enables access to protected pages. | Session |
WkisC* | 1st Party | Login Handling: Enables access to protected pages. | Session |
SelectedRoleIDCookie | 1st Party | Login Handling: Enables access to protected pages. | Session |
wkis-cuc*.wko.at | 1st Party | Login Handling: Enables access to protected pages. | 7 year |
GenticsSAMLSessionID | 1st Party | Login Handling: Enables access to protected pages. | Session |
GenticsSAMLAuthToken | 1st Party | Login Handling: Enables access to protected pages. | Session |
FedAuth* | 1st Party | Login Handling: Enables access to protected pages. | Session |
Rtc | 1st Party | Login Handling: Enables access to protected pages. | Session |
SamlLogout | 1st Party | Login Handling: Enables access to protected pages. | Session |
MOA_ID_SSO | 3rd Party | Login Handling: Enables access to protected pages. | Session |
SamlSession* | 1st Party | Login Handling: Enables access to protected pages. | Session |
transfer.wkis.wko.at | 1st Party | Login Handling: Enables access to protected pages. | Session |
WindowsAutoLogin | 1st Party | Login Handling: Enables access to protected pages. | 1 Jahr |
WindowsLoginAdfsCookie | 1st Party | Login Handling: Enables access to protected pages. | 1 Jahr |
__wkis_currenturl | 1st Party | Login Handling: Enables access to protected pages. | 20 Minuten |
__WKIS_ChangeRolePending | 1st Party | Login Handling: Enables access to protected pages. | 20 Minuten |
requestor* | 1st Party | Login Handling: Enables access to protected pages. | Session |
hrdchoice | 1st Party | Login Handling: Enables access to protected pages. | Session |
WSFedLogout | 1st Party | Login Handling: Enables access to protected pages. | |
AUTH | 1st Party | Login Handling: Enables access to protected pages. | Session |
AUTH_REFRESH | 1st Party | Storage of the refresh token to extend the user session. | 8 hours |
wklaka | 1st Party | Saves the selected federal state. | 1 year |
wknewslaka | 1st Party | Saves the selected federal state. | 1 year |
markaCookie | 1st Party | Attributes and categories of visited pages are saved to display personalized page suggestions. | 1 year |
language | 1st Party | Stores the selected language to serve as a fallback if a requested page is not available in that language. | Session/1 hour |
remember_industry | 1st Party | Used to save the search settings for industries. (advantageaustria.org) | 30 days |
saved_country | 1st Party | Used to store the selected country. | 30 days |
forms-data | 1st Party | Saves information when the form is not completed. | Session |
bundesland | 1st Party | Saves the active federal state. | 1 year |
4.8 Targeted Cookies
4.8.1 On-Site Tracking – Google Analytics 4
On-site tracking involves capturing and analyzing visitor behavior on a website using tools such as Google Analytics. The goal is to improve the user experience. Our website uses features of the web analytics service Google Analytics for this purpose. Google Analytics 4 cookies may be set for the analysis of our website. With the server-side tracking we employ, no IP addresses or other personal data are transmitted to Google. The server-side tracking is based on the use of a filter server that deletes the IP addresses and other personal data of users, thus only anonymized data is transmitted to Google. We use the collected data for optimization measures on our website.
On-site tracking will only be activated through your browser if you provide your consent.
For more information on Google’s terms of use, please visit Google Privacy Policy, and for the cookies used by Google, see Google Ads Cookies.
4.9 Marketing Cookies
4.9.1 Chamber of Commerce Attributes
If you accept the use of WK attributes through our cookie settings, visitor profiles will be enriched with attributes from the systems of the Chambers of Commerce.
Enriched data includes Chamber of Commerce membership and industry affiliation, official roles, interests, and information about regional affiliation.
This data is collected and integrated solely for the purpose of delivering targeted and interest-based website content and advertisements.
To facilitate both the enrichment of visitor profiles with these attributes and the delivery of targeted and interest-based content and advertising, an alphanumeric user ID that can be associated with the visitor is generated from the visitor's email address during a sign-up or page visit via newsletter. This user ID is stored within the cookie “pdata_*.” The attributes used are not employed by Google for other purposes.
WKO recommended cookies | Applicability | Purpose | Retention period |
pdata_* | 1st Party | Used for recognizing a previously registered/identified visitor for the allocation of chamber of commerce attributes and the delivery of interest-related page content. Saves a unique user ID after registration or newsletter visits. | 1 year |
4.9.2 Google Marketing – Campaign Manager
We use Google Campaign Manager to display ads to users and create campaign performance reports. Through Google Campaign Manager Floodlights, we can optimize ad delivery to show you only relevant ads (Re-Marketing Audiences) and track whether you have performed specific actions on our website (Conversions) after viewing one of our ads.
We do not have control over the extent and further use of the data collected by Google Campaign Manager.
For more information about Google’s privacy practices, visit Google Privacy Policy and the cookies used by Google at Google Ads Cookies.
4.9.3 Google Marketing – Google Ads
We use Google Ads to display ads to users and create campaign performance reports. By using Google Ads Remarketing Pixel, we can optimize ad delivery to ensure that only relevant ads are shown (Re-Marketing Audiences). To track whether you performed specific actions on our website after interacting with our ad, we use Google Ads Conversion Tracking.
For more information about Google’s privacy practices, visit Google Privacy Policy and the cookies used by Google at Google Ads Cookies.
4.9.4 Facebook (Meta)
We use Facebook to display important content to users and create campaign performance reports. By setting Facebook Pixel, we can optimize ad delivery to show you only relevant ads (Facebook Audiences). To track whether you have performed specific actions on our website after interacting with our ad, we use Facebook Events (Conversions). This cookie may transmit personal data to the USA or other third countries.
For more information about Facebook’s privacy policy, visit Facebook Privacy Policy.
4.9.5 LinkedIn
We use LinkedIn to display important content to users and create campaign performance reports. By using LinkedIn Insight Tag, cookies are set, and data processing may occur in the USA.
For detailed information on which data may be processed, visit LinkedIn Data Processing Agreement.
For more information about LinkedIn’s privacy practices, visit LinkedIn Privacy Policy and the cookies used by LinkedIn at LinkedIn Cookie Policy.
4.9.6 Hotjar
Hotjar allows us to understand user interactions on our website better through features like heatmaps, conversion funnel definitions, form analytics, and visitor recordings. These analyses help us learn about the usability of our website and implement optimization measures based on the feedback received.
For more information about Hotjar’s privacy policy, visit Hotjar Privacy Policy and the cookies used by Hotjar at Hotjar Cookies.
4.10 External Content (Plug-Ins/Embedded Content)
To make external content from the tools listed below available to you, you must consent via cookie settings or in the respective placeholder on the page for us to display this content. After consent, your browser exchanges personal technical data with the providers listed below.
These data may also be transmitted to US companies that do not comply with the EU-US privacy framework and thus are not subject to an appropriate level of data protection in the USA. Furthermore, you may have limited or no data protection rights, and in particular, the US government may gain access to this data.
The tags integrated into the portal do not collect data themselves. Data transmission can only occur after consent is given.
4.10.1 YouTube
We use YouTube, a Google service, to embed videos on our website. This provides you as a website visitor with a better user experience, as you do not have to leave our website to watch relevant content.
For more information about Google’s privacy practices, visit Google Privacy Policy and the cookies used by Google at Google Ads Cookies.
4.10.2 Google Maps
We use Google Maps to provide visualization and, if necessary, quick navigation to the respective location.
For more information about Google’s privacy practices, visit Google Privacy Policy.
4.10.3 23° GRAD (23DEGREE.IO)
23° is a platform from a Viennese company that serves data visualization and provides data in a current and interactive manner. In addition to general data available through this platform, you can upload and use your data.
This data can be visualized in the form of charts and graphics on the platform. The graphics and diagrams are interactively designed and can be operated by visitors.
For more information about their privacy policy, visit 23° Privacy Policy.
4.10.4 CAMBUILDR
Cambuildr is a platform from a Viennese company for creating drag-and-drop campaign pages, organizing data segments, and behavior-based targeting. It automates communication with supporters regarding voting, user stories, grassroots events, petitions, or simply gathering supporters.
Embedding the registration form requires the transmission of personal data.
For more information about their privacy policy, visit Cambuildr Privacy Policy.
4.10.5 DATAWRAPPER
This tool is used to represent data in interactive and responsive charts and maps. Various chart types from bar and line charts to arrow, area, and scatter charts, as well as map types from location maps to thematic choropleth and symbol maps. Responsive data tables also offer a variety of design options and allow the integration of bar, column, and line charts, heatmaps, images, a search bar, and pagination into websites.
For more information about their privacy policy, visit Datawrapper Privacy Policy.
4.10.6 FLOURISH
This is a responsive, mobile-friendly online tool for data visualization. It enables the creation of a wide range of static and dynamic visualizations without programming knowledge and embedding them on websites, including scatter plots, simple charts, projection maps, and network diagrams.
For more information about their privacy policy, visit Flourish Privacy Policy and Flourish Cookies.
4.10.7 INFOGRAM
This is a web-based visualization tool for creating infographics and data visualizations that help users create engaging and interactive infographics, reports, and dashboards with data-driven content and attractive graphics. The solution offers users a selection of maps and charts, ready-made design templates, various images and symbols, and a drag-and-drop editor.
For more information about their privacy policy, visit Infogram Privacy Policy.
4.10.8 INSTAGRAM
This is a social network focused on video and photo sharing. The core offering is a mix of microblogging and audiovisual platforms. Users can edit their photos and videos, apply filters, and share them with the world or friends. The content can be embedded on websites.
For more information about their privacy practices, visit Instagram Privacy Policy and Instagram Help.
4.10.9 ISSUU
This is a free publishing platform. The website accepts ready-made content and allows publishing in the reader on its platform. Features allow monetization or analysis of the content. Commonly published materials include catalogs, magazines, brochures, samples, and programs.
For more information about their privacy policy, visit Issuu Privacy Policy and Issuu Cookies.
4.10.10 JUICER.IO
This tool allows you to embed posts from a specific hashtag or social media profile as a feed on your website. It aggregates content from all desired social media channels (e.g., Facebook, Twitter, Instagram, YouTube, LinkedIn) and presents it in a modern, responsive view on your website. The website updates with each post on the social media channels.
For more information about their privacy practices, visit Juicer Privacy Policy and Juicer Cookie Policy.
4.10.11 LETSCAST.FM
This tool offers podcast hosting for shows and episodes. To reach a broader audience, it allows podcasts to be published on all major platforms (e.g., Spotify, Deezer, Amazon Music) and to create podcast websites while collecting statistics on your podcasts.
For more information about their privacy practices, visit Letscast Privacy Policy.
4.10.12 MAILWORX
This tool from an Austrian company facilitates work related to the creation, sending, and management of newsletters. Emails can be created quickly, and campaigns can be automated. Extensive metrics help gather information about the recipients' behavior. Artificial intelligence identifies the topics most relevant to readers.
Embedding the registration form requires the transmission of personal data.
For more information about their privacy policy, visit
Schloss Hernstein Hotelbetriebsgesellschaft mbH
Berndorfer Straße 32
2561 Hernstein
E-Mail: datenschutz@schloss-hernstein.at
Tel: +43 2633 472 510