Thank you for your interest in our website. As controller, Schloss Hernstein Hotelbetriebsgesellschaft mbH (“we”) attaches great importance to compliance with all legal provisions of applicable data protection laws, in particular the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG) and the Austrian Telecommunications Act (TKG).

According to the GDPR, personal data means any “information relating to an identified or identifiable natural person”. This includes, for example, information such as name, postal address, email address or phone number; if applicable, also usage data such as IP addresses.

The terms used in our privacy policy (eg “personal data”, “controller”, “principle of data minimisation”) are to be understood in accordance with their definition in Art. 4 GDPR.

Nature and purpose of the data processing

We need personal details of data subjects in order to provide our services. This applies above all to the answering of individual enquiries, sending out newsletters or processing contracts concluded with us.

We may collect the following data:

  • First name and last name 
  • Company name
  • Postal address
  • Date of birth
  • Contact details (phone number, email address) 
  • Bank details, credit card details 
  • Date and time of visit to our website
  • IP address of visitors to our website
  • Technical information such as name and version of the web browser used by visitors to our website, internet provider, device and screen resolution
  • Source (URL) of the visit
  • Visitor behaviour on our website
  • The approximate location of visitors to our website (country and city) 

The collected data will be processed for the following purposes:

  • Performing or processing services and/or contracts
  • Performing and processing events
  • Implementing disaster prevention measures
  • To provide, further improve and develop our website
  • To identify, investigate and prevent attacks on our website.

The collected data are processed on the basis of the following legal framework:

  • To fulfil contractual obligations (Art. 6(1) (b) GDPR)
  • On the basis of explicit consent of the data subject (Article 6(1) (a) GDPR)
  • On the basis of our legitimate interest (Art. 6(1) (f) GDPR), which consists of making our website user friendly and protecting it particularly against attacks, and performing requested services.

Data transfer

Where necessary for the purposes mentioned above, we will transmit data to the following recipients:

  • Vienna Economic Chamber
  • WKO Inhouse GmbH
  • External IT service providers (Siteminder, Quandoo, Opera Cloud) 

Apart from the recipients mentioned, the transfer of personal data to third parties will not take place without the explicit consent of the data subject. The transfer of data to government institutions and/or authorities shall take place only within the scope of the legal duty of disclosure or when disclosure is ordered by a court of law.


Visitors to our website may use the service of the booking platform Siteminder (Online Ventures Pty Ltd, a company registered in Australia - ABN 59 121 931 744 - with registered office at 88 Cumberland Street, The Rocks, NSW 2000, Australia). The use of Siteminder by visitors to our website is not mandatory and takes place on a voluntary basis. Rooms, Suites, etc can also be booked without Siteminder; to do so, visitors can contact us by email: reservierung@schloss-hernstein.at or phone: +43 2633 472 510. The privacy policy of Siteminder can be viewed at siteminder.com/de/legal/datenschutzrichtlinien


Visitors to our website may use the tool Quandoo (Quandoo Austria GmbH, Neubaugasse 21, Stair 2, Door 10, 1070 Vienna) to make table reservations. The use of Quandoo by visitors to our website is not mandatory and takes place on a voluntary basis. Table reservations can also be made without Quandoo; to do so, visitors can contact us by email:reservierung@schloss-hernstein.at or phone: +43 2633 472 510. The privacy policy of Quandoo can be viewed at quandoo.at/data_privacy.

Duration of data processing and data retention

In accordance with the principles of purposeful data processing and data minimisation, we process and retain personal data only for as long as statutory retention obligations exist and/or the retention is necessary for fulfilling the purposes listed above, and beyond that for as long as guarantee, warranty or statutory limitation periods have not yet expired.

Data security 

We take data protection and the associated data security very seriously. Digital security systems and other technical and organisational measures are used to protect collected personal data against damage, destruction and/or unauthorised access. In addition, our employees and the service providers appointed by us are bound to secrecy and must comply with applicable data protection laws and regulations.

Data subject rights in connection with personal data

In principle, data subjects have the rights to information, correction, erasure, restriction, data portability and objection. To assert any of these rights data subjects can get in touch with us (see contact details below).

Data subjects have the right to complain to the supervisory authority if they believe that the processing of their personal data violates applicable data protection laws, or their data protection rights have otherwise been violated or breached in any way. Responsible for this in Austria is the Austrian Data Protection Authority (data-protection-authority.gv.at).

Contact details

If you have any questions or concerns regarding the processing of your personal data, please contact us:

Schloss Hernstein Hotelbetriebsgesellschaft mbH
Berndorfer Strasse 32
2561 Hernstein
Email: datenschutz@schloss-hernstein.at
Tel.: +43 2633 472 51 0