Data privacy note

Last updated: May 16th 2023

The protection of your personal data is very important to us, so we would like to provide you herein with all the information about the processing and storage of your data when you visit our website.

In order to use all functions and services of our site, it is necessary to collect your personal data. However, the processing and storage is only carried out in accordance with the legal guidelines and requirements of the DSGVO and the TKG 2021.

In the following, you will receive an overview of which data we collect about you, why this is necessary and what rights you have in relation to your data. With all providers listed in the last chapter “List of our processors and further links” there is a data processing agreement in accordance with Art. 28 DSGVO, unless this privacy note refers to a joint responsibility. A data processing agreement is a contract required by data protection law that ensures that our processors only handle the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

1. General information on the responsibility and duty of confidentiality in our house

Zeitgeist Hotelbetriebs GmbH acts as the responsible party for the following data protection notes

Zeitgeist Hotelbetriebs GmbH
Sonnwendgasse 15
1100 Vienna
Phone: +43 1 90 265-0
Fax: +43 1 90 265-800
E-mail:

All employees of Zeitgeist Vienna are bound to secrecy and to the proper handling as well as the correct input of your data into our data processing systems.

2. Collecting and processing personal data on this website and in the context of bookings

In order to protect your data as extensively as possible from unwanted access, we apply technical and organizational measures and use an encryption technique on our website. Your data is thus transmitted over the Internet by means of so-called TLS encryption from your terminal device to our terminal device and vice versa. TLS means “Transport Layer Security” and is an encryption protocol for data transmission on the Internet. You can usually recognize “TLS” by the fact that the lock symbol in the status bar of your browser is closed and the address starts with https://.

3. Collection of access and log data

The provider of this website is our contract processor, Raidboxes GmbH (Germany).

This website automatically collects and stores server log files information that your browser transmits to us.

These are:
• IP address of the user
• Date and time of access
• Type of request
• Customer information (type and version)
• User’s operating system (device, OS version of the device)
• Referrer information (i.e. the source of the access)

The collected data is transmitted and stored for seven days in server log files that your browser automatically encrypts for us. We only store the server log files for longer than seven days in the event of attacks on our server infrastructure or other legal violations. This longer storage period is based on our legitimate interest according to Art. 6 para. 1 lit. f) DSGVO and serves only to preserve evidence.

The legal basis for the data processing is the legitimate interest according to Art. 6 para. 1 lit. f) DSGVO, which is based on identifying indications of illegal use of our website and being able to ensure a smooth connection setup.

4. Contact form

Any personal information that you voluntarily provide to us via our contact form will be treated confidentially. We use the contact forms especially for our seminar guests and interested clients. We use your data exclusively to process and respond to your inquiry.

For the contact forms we use web forms of Salesforce SFDC Ireland Limited (Ireland). All instances processed by Salesforce in the EU are hosted in Frankfurt (Germany) and Paris (France). Furthermore, our data processor, allUpp GmbH (Austria), can access our databases in Salesforce. Our emails are hosted by the data processor Microsoft Ireland Limited (Ireland).

All personal data that you send to us will be deleted or anonymized by us no later than two years after the final response to you, unless a contract is concluded. The retention period of two years is due to the fact that it may occasionally happen that you contact us again about the same matter after a reply and refer to the previous correspondence. From our experience, we have noticed that after two years, no further inquiries follow our replies. In the case of a booking or the conclusion of a contract, we are obliged to retain your data beyond this period for reasons of tax law. You can read more about this in the section “Storage period in the context of overnight stays”.

In the course of the contact form, you also have the option to register for our newsletter. If you give us your consent to the newsletter, you will find more information about this in the chapter “Sending newsletters”.

The legal basis for data processing is our legitimate interest according to Art. 6 (1) f) DSGVO, which results from responding to inquiries from our customers, business partners and interested parties, as well as promoting and maintaining customer satisfaction. Further legal basis is Art. 6 para. 1 lit. b) DSGVO.

6. Sending e-mail advertisements as part of the “existing customer privilege” (“Bestandskundenprivileg”)

Irrespective of a registration for the newsletter, we regularly send our existing customers product recommendations by e-mail, if the legal requirements according to § 174 para. 4 TKG (Telecommunications Act) are fulfilled, for which they could still be interested based on their already made last purchases of goods or services from us.

The e-mails are sent by Smart Host GmbH (Germany) or by straiv by Code2Order GmbH (Germany). For more information, please refer to the section “Information e-mails in connection with your booking”.

The legal basis therefore is our legitimate interest to inform our existing customers about additional goods or services according to Art. 6 para. 1 lit. F) DSGVO in conjunction with § 174 para. 4 TKG 2021.

In doing so, we strictly adhere to the legal requirements and regularly carry out checks of the § 7 e-commerce law list. You can opt out of this at any time (Art. 21 DSGVO). You will find a corresponding unsubscribe link in every e-mail.

7. Use of cookies

We use cookies to facilitate and improve the experience of using our website. Cookies are small pieces of text information that can be stored on your computer or smartphone via your browser when you visit a website. This is used to recognize the website visitor. Cookies can also provide us with information about how you use our website so that we can continuously improve the design of the website.

Cookies themselves do not contain any personal data about users. They only serve to clearly identify what our customers find interesting and useful on our website. We also use so-called “web beacons” (small graphic images, also known as “pixel tags” or “clear GIFs”) on our website. They are used together with cookies to track general user behavior on the website.

The legal basis for the processing of personal data using cookies and other technologies is your consent according to Art. 6 (1) lit. a) DSGVO, which you give us via our so-called “Cookie Consent Banner” as soon as you access our website for the first time.

We use the cookie consent technology WebToffee from the company Mozilor Limited (United Kingdom) to obtain your consent under data protection law to store certain cookies on your terminal device and to document this in accordance with data protection law.

The legal basis therefore is our legitimate interest according to Art. 6 para. 1 lit. f) DSGVO, which is based on the legally compliant documentation and verifiability of consents (Art. 6 para. 1 lit. c) DSGVO) as well as to fulfill our accountability according to Art. 5 para. 2 DSGVO. We use cookies for the following categories:

• Technically necessary: These are cookies and similar methods without you cannot use our services, for example, to properly view our website or use features you have requested.

• Comfort: These techniques allow us to take into account your actual or presumed preferences for the comfortable use of our website. For example, we may display our website in a language that is appropriate for you based on your preferences.

• Analytics: These techniques allow us to compile anonymous statistics on the use of our services. This allows us to determine, for example, how we can better adapt our website to the habits of our users.

• Advertisement: This allows us to show you advertising content tailored to you based on the analysis of your usage behavior. Your usage behavior can also be tracked across different websites, browsers or end devices using a user ID (unique identifier).

The data processed by necessary cookies are required for the purposes listed below to protect our legitimate interests, as well as those of third parties in accordance with Art. 6 (1) lit. f) DSGVO. Any use of cookies that is not strictly technically necessary constitutes data processing that is only permitted with your explicit and active consent. Via our so-called “Cookie Consent Tool”, you can define yourself which cookie categories you wish to consent to when visiting our website. You also have the option of subsequently rejecting cookies in the overview below. However, rejecting some of these cookies may affect your browsing experience:

More information

Necessary

Always Enabled

These are cookies and similar methods without which you will not be able to use our services (e.g. to properly display our website/ features you request).

Cookie	Duration	Description
cL_xxx		Revmac LTD / AVVIO (Irland) cookie consent level
crm		Revmac LTD / AVVIO (Ireland) Encrypted data relating to an avvio CRM session (logged in status, visits, etc)
CSSID		Revmac LTD / AVVIO (Ireland) consumer-side sessionID. Mandatory for the correct functioning of the booking engine

Comfort

These techniques allow us to take into account your actual or presumed preferences for comfortable use of our website. For example, based on your preferences, we can display our website in a language that is appropriate for you.

Cookie	Duration	Description
avvio_lisearch		Revmac LTD / AVVIO (Ireland) Plaintext cookie updated with each checkin search. Used to personalise quickbooks and other aspects of the booking engine for returning customers that have previously indicated a preferred date
avvioadmin		Revmac LTD / AVVIO (Ireland) Avvio/1\|0 indicating if you are a user that is browsing the consumer-side after having visited the admin-side (hotel users only - used to allow access to otherwise protected rates without extra authentication)
incap_ses_869_2454396		The Hotel Network (Spain) Incapsula Distributed-Denial-of-Service attack Protection and Web Application Firewall: cookie for linking certain sessions to a specific visitor (visitor representing a specific computer). In order to identify clients that have already visited Incapsula.
nlbi_2454396		The Hotels Network (Spain) Incapsula DDoS Protection and Web Application Firewall: load-balancing cookie from Hotelsnetwork to ensure that requests by a client are sent to the same origin server.
visid_incap_2454396		The Hotels Network (Spain) Incapsula Distributed-Denial-of-Service attack Protection and Web Application Firewall: cookie from Hotelsnetwork for linking certain sessions to a specific visitor (visitor representing a specific computer). In order to identify clients that have already visited Incapsula. The only cookie that is persistent for the duration of 12 months.
wp-wpml_current_language		WPML/ Stores the users current language setting

Analytics

These techniques allow us to compile anonymous statistics on the use of our services. This allows us to determine, for example, the ways in which we can better adapt our website to the habits of our users.

Cookie	Duration	Description
__thn_ss		The Hotels Network (Spain) Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes.
_ga		Google Analytics / Google Ireland Limited (Ireland/USA) The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_objectObject		Google Analytics / Google Ireland Limited (Ireland) This cookie from Google Analytics is used to throttle the request rate and it expires after one minute
_gcl_au		Google Tag Manager / Google Ireland Limited (Ireland) Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid		Google Analytics / Google Ireland Limited (Ireland/USA) Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
avvio_libooked		Revmac LTD / AVVIO (Ireland) Plaintext cookie updated with each booking

Advertising cookies are used to provide visitors with relevant advertising and marketing campaigns. These cookies track visitors on various websites and collect information to provide tailored advertising.

Cookie	Duration	Description
_fbp		Meta Platforms Inc. (Ireland) This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
avvio_persp		Revmac LTD / AVVIO (Ireland) Used for Personalisation V2 (recommender engine) tracking to personalise and tailor a guests website / booking engine experience. Only a cookie ID is stored in the cookie which points to a matching record of user activity on the hotels booking engine for personalisation purposes. As a user interacts with the hotel (searches for availability on certain dates, makes booking, etc.) Avvio updates the information it has on that user for that property. This information is then used to personalise the website experience for that user if they return to the website again. Personalisation options include remembering the preferred dates of stay in the event that the user has not yet made a booking, or remembering their name and arrival date if they are a pre-stay customer seeking additional information (e.g. directions, upgrades) on the website. The data contained in avvio_persp and the data associated with that cookieID is not shared with any third parties and is used exclusively for Personalisation.
fr		Meta Platforms Inc. (Ireland) Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
test_cookie		doubleclick.net/ The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
thn_id		The Hotels Network (Spain) This cookie from Hotelsnetwork is created to identify the users with an unique ID formed by a hexadecimal carriage of characters. This cookie is used to be able to identify the users in their next visit to the hotels websites in the network. This cookie allows to personalize the user experience.

Are you under 14 years old? Then you cannot consent to optional services. Ask your parent or guardian to consent to these services with you. You can find our imprint here.

Transfer of data to countries without an adequate level of data protection: If the settings you have made also include providers who transfer data to countries without an adequacy decision and without appropriate safeguards, your consent expressly applies to this as well (Art. 49(1)(a) DSGVO). There is a risk that your data may be subject to access by authorities in these third countries for control and monitoring purposes and that no effective legal remedies are available against this. Once cookies have been stored, you can delete them at any time via the settings of your web browser. You can also adjust the settings of your web browser so that no cookies are stored. In this case, not all functions of our website may be available. Please refer to our cookie notes for the storage duration for cookies. If “Never” is entered in the “Duration” column, the cookie will be stored permanently until the corresponding consent is revoked.

Cookie	Type	Duration	Description
__thn_ss			The Hotels Network (Spain) Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes.
_fbp			Meta Platforms Inc. (Ireland) This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
_ga			Google Analytics / Google Ireland Limited (Ireland/USA) The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_objectObject			Google Analytics / Google Ireland Limited (Ireland) This cookie from Google Analytics is used to throttle the request rate and it expires after one minute
_gcl_au			Google Tag Manager / Google Ireland Limited (Ireland) Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid			Google Analytics / Google Ireland Limited (Ireland/USA) Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
avvio_libooked			Revmac LTD / AVVIO (Ireland) Plaintext cookie updated with each booking
avvio_lisearch			Revmac LTD / AVVIO (Ireland) Plaintext cookie updated with each checkin search. Used to personalise quickbooks and other aspects of the booking engine for returning customers that have previously indicated a preferred date
avvio_persp			Revmac LTD / AVVIO (Ireland) Used for Personalisation V2 (recommender engine) tracking to personalise and tailor a guests website / booking engine experience. Only a cookie ID is stored in the cookie which points to a matching record of user activity on the hotels booking engine for personalisation purposes. As a user interacts with the hotel (searches for availability on certain dates, makes booking, etc.) Avvio updates the information it has on that user for that property. This information is then used to personalise the website experience for that user if they return to the website again. Personalisation options include remembering the preferred dates of stay in the event that the user has not yet made a booking, or remembering their name and arrival date if they are a pre-stay customer seeking additional information (e.g. directions, upgrades) on the website. The data contained in avvio_persp and the data associated with that cookieID is not shared with any third parties and is used exclusively for Personalisation.
avvioadmin			Revmac LTD / AVVIO (Ireland) Avvio/1\|0 indicating if you are a user that is browsing the consumer-side after having visited the admin-side (hotel users only - used to allow access to otherwise protected rates without extra authentication)
cL_xxx			Revmac LTD / AVVIO (Irland) cookie consent level
crm			Revmac LTD / AVVIO (Ireland) Encrypted data relating to an avvio CRM session (logged in status, visits, etc)
CSSID			Revmac LTD / AVVIO (Ireland) consumer-side sessionID. Mandatory for the correct functioning of the booking engine
fr			Meta Platforms Inc. (Ireland) Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
incap_ses_869_2454396			The Hotel Network (Spain) Incapsula Distributed-Denial-of-Service attack Protection and Web Application Firewall: cookie for linking certain sessions to a specific visitor (visitor representing a specific computer). In order to identify clients that have already visited Incapsula.
nlbi_2454396			The Hotels Network (Spain) Incapsula DDoS Protection and Web Application Firewall: load-balancing cookie from Hotelsnetwork to ensure that requests by a client are sent to the same origin server.
test_cookie			doubleclick.net/ The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
thn_id			The Hotels Network (Spain) This cookie from Hotelsnetwork is created to identify the users with an unique ID formed by a hexadecimal carriage of characters. This cookie is used to be able to identify the users in their next visit to the hotels websites in the network. This cookie allows to personalize the user experience.
visid_incap_2454396			The Hotels Network (Spain) Incapsula Distributed-Denial-of-Service attack Protection and Web Application Firewall: cookie from Hotelsnetwork for linking certain sessions to a specific visitor (visitor representing a specific computer). In order to identify clients that have already visited Incapsula. The only cookie that is persistent for the duration of 12 months.
wp-wpml_current_language			WPML/ Stores the users current language setting

8. Use of online marketing and web analysis tools

We use the following applications, for example, to analyze usage behavior on our website and thus to be able to play out target group-specific online advertising campaigns.

8.1 Google Tag Manager

We use the Google Tag Manager of the provider Google Ireland Limited (Ireland). This is used to manage website tags via an interface. A tag is a small section of code that can, for example, record your activities on our website. The Google Tag Manager itself does not set any cookies, but ensures that other tags, which in turn may collect data, are activated.

The storage period of the integrated tracking tools depends on the respective application used, which is loaded via the Google Tag Manager.

In the account settings of the Tag Manager, we have set that Google only receives anonymized data.

8.2 Google Analytics

This website uses Google Analytics, an application of Google Ireland Limited (Ireland), if you grant your consent within the meaning of Art. 6 (1) a) DSGVO and Art. 49 (1) a) DSGVO.

Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and allow an analysis of the use of the website by the user. The information acquired through the cookies about your usage behavior of this website is usually transferred to a Google server in the USA and stored there. Furthermore, the data processing is essentially carried out by Google. Both Google and, under certain circumstances, government authorities in the USA have access to this data. We have configured your IP address to be anonymized. The IP address anonymization is carried out by Google, but within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

The anonymized IP address transmitted by your browser as part of Google Analytics is linked to other data about you, such as search history, personal accounts, usage data from other devices and any other data Google has about you.

We do not store any user or event data.

Those cookies that are set in connection with Google Analytics can be viewed in the list above. You can revoke your consent at any time by making the appropriate settings directly via our “Cookie Consent Tool”. The user and event data will be deleted after 50 months.

8.3 Google Ads

With your consent, we use Google Ads in accordance with Art. 6 (1) a) DSGVO to show you advertising on websites of Google Ireland Limited (Ireland) and other third-party providers.

We aim to show you advertising that is of interest to you and to make our website more relevant to you. With conversion tracking, we can identify how successful the individual advertising campaigns are. For this purpose, we use cookies that can be used to measure certain parameters, such as display of the ads or clicks by users. If users reach our website via a Google ad, a cookie is stored by Google Ads on the corresponding end device.

We only receive aggregated data on user behavior, on the basis of which we can determine which of the advertising campaigns used are particularly effective. We do not receive any further data from the use of the advertising media.

You can find more information about cookies in the cookie list above.

8.4 The Hotels Network

With your consent, we use the service of the service provider The Hotels Network (Spain) in accordance with Art. 6 para. 1 lit. a) DSGVO. This allows us to display personalized pop-up messages to our website visitors.

The Hotels Network uses cookies in the form of a hexadecimal character set to identify users on their next visit and also to personalize the user experience. This content can differentiate for certain user groups based on, for example, geographic location, search behavior, or device. For more information about cookies, please see the cookie list above.

8.5 Social Media and Social Ads

We regularly post information about our company and our services on various social media platforms, such as Facebook and Instagram, which are products of Meta Platforms Inc. (formerly “Facebook Inc”), as well as LinkedIn and YouTube.

The personal data you enter on social media sites, such as comments, videos, pictures, likes and public messages, are published by the respective social media platform. You are not obliged to provide your personal data. We reserve the right to delete content on our site if necessary. We are happy to answer inquiries via the corresponding messenger services.

In addition, we regularly run advertisements (“Ads”) via our social media pages. The legal basis for this data processing is the legitimate interest according to Art. 6 (1) f) DSGVO in the interest of our public relations and communication.

The social media platforms provide anonymized statistics that help us gain insights into usage behavior on the corresponding social media pages (so-called “page insights”).

The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1) f) DSGVO.

The processing of personal data is carried out by the social media platform and us as so-called joint controllers according to Art. 26 DSGVO. This means that in addition to us, the operator of the social media platform is also regarded as another controller from a data protection perspective, which carries out its own data processing. However, we have only limited influence on the data processing by the operator. The respective operator will inform you about this processing in its own privacy policy. The web tracking methods may also take place regardless of whether you are logged in or registered with the social media platform. It cannot be ruled out that the provider of the social media platform uses your profile and behavioral data, for example, to evaluate your habits, personal relationships and preferences.

Facebook Pixel of META Platforms Inc. With your consent, cookies (with the abbreviation “fr” or “fbp”) of the provider “Facebook” or “Meta Platforms Inc.” are set on our website by the so-called Facebook pixel. For the data processing associated with the pixel, Facebook Ireland Limited (Ireland) is also the joint controller in accordance with Art. 26 DSGVO in addition to us: https://www.facebook.com/legal/controller_addendum Through the pixel, data about your use of our website is collected and matched with data from Facebook. This is in order that you can be shown advertising from us that is tailored to you on Facebook’s websites. Facebook also uses the data for its own web purposes, as well as for third-party advertising purposes in accordance with the Facebook data policy.

9. Embedding of fonts – Google Fonts

Our website uses Google Fonts for consistent visualization, which we have stored locally on our server. This means that no data is transmitted to Google Inc. servers in the USA.

10. Data processing in connection with bookings in our hotel

You can make bookings, inquiries and reservations by telephone, e-mail, web form or via third-party hotel platforms. We only collect the data required for the booking. The legal basis for data processing is Art. 6 para. 1 lit. b) DSGVO.

Personal bookings and inquiries by e-mail: Any personal information that you provide to us on a voluntary basis will be treated confidentially. Please do not provide any sensitive data (such as religious affiliation, health, ethnic origin). We will only use your data to process and respond to your request. You will receive the offer for your enquiry by e-mail or as a personalised web offer with information and additional services. The dispatch of the web offer as well as the subsequent messages (such as a reminder about the offer, booking confirmation, etc.) is carried out by our order processor Smart Host GmbH (Germany).

Bookings through our website: If you click on the “Book Now” button when browsing our website, you will be redirected to a separate booking page of our contractor Revmac Ltd / AVVIO (Ireland). As part of the booking process, you will be taken to a web form where you will be asked to enter your booking-related information. If you do not complete the booking, no data will be stored. Only after successful booking, this data is transferred via the interface of Hotelpartner YM GmbH (Austria) to our hotel management software “Protel” of Protel Hotelsoftware GmbH (Germany).

To complete the booking, you will be redirected to a page of the payment service provider STRIPE Payments Europe Limited (Ireland). Only the credit cards listed on the website are accepted and transmitted in encrypted form PSD2 compliant.

Bookings by web form via third party hotel platforms: Furthermore, you can also make bookings via our web presences on various platforms, such as booking.com. In addition, there may be the possibility that bookings are also offered via other platforms. However, we have only limited influence on this.

The legal basis for data processing is our legitimate interest according to Art. 6 (1) f) DSGVO. This results from our interest in answering inquiries from our customers, business partners and interested parties and in promoting and maintaining customer satisfaction. Further legal basis is Art. 6 para. 1 lit. b) DSGVO.

11. Fulfillment of the registration law and maintaining a guest register as well as processing reservations via straiv by CODE2ORDER GmbH

As an accommodation provider we have to keep a so-called guest register. In order to comply with this registration law, you are obliged to provide us with the following data in the event of a stay at our hotel: Name, address, date of birth, identification, nationality as well as number of fellow travelers.

In order to comply with this legal obligation, we offer the collection of data on site or in electronic form. Furthermore, we store your data in our hotel management software Protel (Germany).

For the electronic collection of your data we use the web app straiv by CODE2ORDER (Germany). You can also conveniently enter the mandatory data before your arrival, for example via our website www.zeitgeist-vienna.com/en/checkin/. There is no obligation to provide your data in advance. You can also provide your data directly at check-in at the hotel reception.

If for technical reasons it is not possible to collect the data electronically, we can collect them in paper form.

The registration office and the organs of the public security service must be granted access to the guest register at any time upon their request (§ 10 Para. 2 Meldegesetz). We transmit the number of our guests and their nationality in electronic form to the City of Vienna for nationality statistics on a monthly basis. The legal basis for the data collection and transmission is Art. 6 para. 2 lit. c) DSGVO in conjunction with § 19 “Meldeverordnung” (incl. Annex A) and § 10 “Meldegesetz”. We are legally obliged to keep the data of the guest registers for seven years (§ 10 para. 2 “Meldegesetz”) extended by the duration of a procedure by the tax authority, as well as § 19 para. 5 of the “Meldegesetz – Durchführungsverordnung”.

12. Informative e-mails in relation to your booking

If you provided your e-mail address when booking, you will receive a so-called “pre-stay e-mail” with further information about your stay before your arrival. You can indicate your wishes and interests regarding your upcoming stay via a survey. Participation in the survey is on a voluntary basis. The information from the survey will be used to coordinate wishes and interests with you during your stay and to be able to offer you services in line with your interests in the future.

Furthermore, you will find a link to our web app straiv by CODE2ORDER. The use is on a voluntary basis and allows you to submit your data to us in advance in accordance with the registration law. In addition, you can call up information about our hotel digitally and, if necessary, pay for your stay online and check out yourself.

For the payment you will be redirected to a page of saferpay of SIX Payment Services AG (Zurich). There you can choose between payment by Visa or MasterCard. If you enter your credit card data, the storage is encrypted and PSD2-compliant. Upon successful payment you will receive a payment confirmation and upon check-out an e-mail. The data processing is based on our contract according to Art. 6 para. 1 lit. b) DSGVO.

In addition, you have the option at any time to make the payment via one of our provided credit card terminals.

In addition, you will receive a so-called “Post Stay E-Mail” shortly after your departure with the opportunity to evaluate your stay with us. The results obtained through the survey are used to improve the hotel’s services. In addition, you can publish your feedback via a rating link on external portals such as Google and TripAdvisor. If you have an account with TripAdvisor, you can rate your stay here on a voluntary basis. We ask you not to provide any sensitive data, such as health data, within the survey. You have the option to cancel the survey at any time by closing the browser window. The answers given up to that point will be deleted. With the submission of your overall rating, the collected data will flow into our rating on www.tripadvisor.com and your rating will be published on TripAdvisor, for which TripAdvisor itself is responsible and explains the data processing in its privacy policy: https://tripadvisor.mediaroom.com/de-privacy-policy.

The sending of the e-mails as well as the implementation of the surveys is carried out by our order processor Smart Host (Germany).

13. Storage duration in the context of overnight stays

In order to fulfill tax law retention obligations, your data will be stored according to § 132 para. 1 BAO for at least seven years and extended by the duration of a procedure by the tax authority, as well as § 19 para. 5 of the Meldegesetz-Durchführungsverordnung. All billing-relevant data is also transmitted to our tax consulting firm, PBW Wirtschaftsprüfungs- und Steuerberatungs GmbH (Austria) and entered into our accounting program BMD NTCS of BMD SYSTEMHAUS GesmbH (Austria). The legal basis for this is in each case Art. 6 Para. 1 lit. c) DSGVO, for the transmission to external tax and legal advisors our legitimate interest applies according to Art. 6 Para. 1 lit. f) DSGVO, which is based on providing our company with appropriate legal advice.

14. Data processing in the context of application procedures

You are welcome to send us your application directly or via corresponding job postings on various career platforms. The processing of the transmitted data takes place for the purpose of a (possible) employment. The legal basis for this data processing is Art. 6 para. 1 lit. b) DSGVO.

You can also send us your application data via an online questionnaire that we have embedded on our website. Please do not provide any sensitive data (such as religious affiliation, health, ethnic origin). We will only use your data to process and respond to your application. For this online form, we use our order processor aidaform.com (Germany).

In the context of the application process, we only collect those data from you that are necessary for the fulfillment of the employment relationship with us. Within our company, only those persons who are involved in the decision-making process will have access to your personal data.

In the event of a successful recruitment, your personal data will be stored for the duration of your employment relationship in order to fulfill all wage tax & duty obligations for at least seven years in accordance with § 132 Abs 1 BAO. After termination of your employment, we are obliged to archive your tax-relevant data for 30 years within the framework of the statutory retention periods pursuant to § 1478 ABGB.

In the event of an unsuccessful application, your personal data will be deleted in accordance with data protection regulations no later than seven months after rejection. We will gladly keep your application documents on file at your request and ask you to give us your express consent in writing. In doing so, you give us your voluntary consent to continue to store your applicant data and to consider and contact you for future vacancies. In this case, we will store your data for a maximum of 1.5 years from the date of your consent or until you revoke it. Your data will be deleted automatically after the 1.5 years.

15. Processing in relation to the assertion of rights under data protection law

Insofar as your data has been provided on the basis of consent pursuant to Art. 6 (1) a), Art. 9 (2) a) or Art. 49 (1) a) DSGVO, we will process your data exclusively for the intended purpose. Within the scope of Art. 5 (2) DSGVO, we must be able to prove that you have consented to the data processing in question.

If you revoke your declaration of consent, your data will be deleted within the period prescribed by law – please note, however, that data covered by the obligation to retain data under tax law pursuant to Section 132 (1) BAO must be stored for at least seven years and extended by the duration of any proceedings by the tax authority.

Data subject rights Pursuant to Art. 15 (1) DSGVO, you have the right to receive, upon request and free of charge, information about the personal data stored about you. Furthermore, you have a right to correction (Art. 16 DSGVO), deletion (Art. 17 DSGVO) and restriction of processing (Art. 18 DSGVO) of your personal data if the legal requirements are met. If you yourself have provided the processed data, you have a right to data transfer according to Art. 20 DSGVO.

If the data processing is based on Art. 6 (1) e) or f) DSGVO, you have the right to object according to Art. 21 DSGVO. If you object to data processing, this will not take place in the future, unless the controller can demonstrate compelling legitimate grounds for further processing that outweigh the data subject’s interest in objecting.

Please contact us in the aforementioned cases, in case of open questions or in case of complaints by e-mail to . In addition, you have a right to complain to a data protection supervisory authority. In particular, the complaint may be lodged with a supervisory authority in the EU member state of your place of residence, your place of work or the place of the alleged infringement. If you have concerns that your data protection rights have been violated or that the processing of the data violates the GDPR, you may submit your complaint directly to the competent data protection authority at Wickenburggasse 8, 1080 Vienna via .

Unless otherwise stated in the previous chapters, the provision of personal data is neither legally nor contractually required or necessary for the conclusion of a contract. Failure to provide your personal data may mean that we are unable to respond to your inquiries, for example.

In the course of preparing these data protection notes, we were legally advised by SCALELINE LTD. The legal texts are subject to copyright.

List of our data processors and further links

aidaform.com / Alexander Grigorev
Im Uckerfeld 14, 53127 Bonn, Germany

allUpp GmbH (Austria) Ungargasse 9/5, 1030 Vienna, Austria

BMD SYSTEMHAUS GesmbH (Austria) Sierninger street 190, 4400 Steyr, Austria

CODE2ORDER GmbH / straiv by Code2Order GmbH (Germany) Eichwiesenring 4F, 70567 Stuttgart, Germany

Facebook Ireland Limited / Meta Platforms Inc. 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

You can access the agreement underlying the cooperation with Facebook here: https://www.facebook.com/legal/controller_addendum

Here you can find more information, for example, about your data subject rights regarding your processed data on Facebook: https://de-de.facebook.com/policy.php https://www.facebook.com/privacy/explanation

Further information about Facebook cookies: https://cookiedatabase.org/cookie/facebook/_fbp/

Google Ireland Limited (Ireland) Google Ireland Limited is a company incorporated and operated under the laws of Ireland (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland

Google Tag Manager, Google Analytics and Google Ads are services provided by Google Ireland Limited and Google LLC (USA). We have concluded a contract with Google for data processing in accordance with Art. 28 DSGVO; the transfer of data to third countries, such as the USA, is based on standard contractual clauses.

For more information on the data protection of Google services, please visit: https://policies.google.com/privacy?hl=de

Hotel Partner YM GmbH (Austria) Eberhard-Fugger-Str. 5, 5020 Salzburg, Austria

PBW Wirtschaftsprüfungs- und Steuerberatungs GmbH (Austria) Wolfholzgasse 1, 2345 Brunn am Gebirge, Austria

protel Hotelsoftware GmbH (Germany) Europaplatz 8, 44269 Dortmund, Germany

Raidboxes GmbH (Germany) Hafenstraße 32, 48153 Münster, Germany https://raidboxes.io/legal/privacy

Revmac Ltd / AVVIO (Ireland) Avvio House, National Technology Park, Castletroy, Co. Limerick, Republic of Ireland

Salesforce SFDC Ireland (Ireland) The Atrium, Level 1, Block A Sandyford Business Park Dublin, Ireland

SIX Payment Services AG / Worldline Schweiz AG (Switzerland) Hardturmstrasse 201, 8005 Zurich, Switzerland

Smart Host GmbH (Germany)
Am Kupfergraben 6A, 10117 Berlin, Germany

STRIPE Payments Europe Limited (Ireland) C/O A & L Goodbody, Ifsc, North Wall Quay, Dublin, D01 H104, Ireland For more information about the privacy policy of Stripe Payments, please visit: https://stripe.com/at/privacy.

The Hotels Network (Spain) S.L., Av. Diagonal, 439, 3º-1ª, 08036 Barcelona, Spain

WebToffee / Mozilor Limited (UK) 3 Warren Yard, Wolverton Mill Milton Keynes, England United Kingdom – MK12 5NW

We maintain company pages on the following platforms:

karriere.at: https://www.karriere.at/f/hotel-zeitgeist-vienna

hotelcareer: https://www.hotelcareer.com/jobs/zeitgeist-vienna-hauptbahnhof-37002?intcid=autosuggest-company-37002
Hotelcareer is a StepStone Deutschland GmbH company based in Germany.

Booking.com: https://www.booking.com/hotel/at/zeitgeist-vienna

Expedia: https://www.expedia.com/Vienna-Hotels-Hotel-Zeitgeist-Vienna-Hauptbahnhof.h6488601.Hotel-Information

HRS: https://www.hrs.com/en/hotel/zeitgeist-vienna-hauptbahnhof/a-583890/

Hotelbeds: https://corporate.hotelbeds.com/privacy-policy

We maintain the following social media presences:

LinkedIn: https://www.linkedin.com/company/hotel-zeitgeist-vienna/about/
Information about LinkedIn’s privacy policy: https://de.linkedin.com/legal/privacy-policy
Further information about responsibilities of LinkedIn and you in relation to the processing of Page Insights: https://legal.linkedin.com/pages-joint-controller-addendum

YouTube: https://www.youtube.com/c/HotelZeitgeistViennaWien
You can find more information about how Google handles your data here: https://policies.google.com/privacy

Facebook: https://www.facebook.com/ZeitgeistVienna
Here you can find information about your advertising preferences on Facebook: www.facebook.com/help/568137493302217

Instagram: https://www.instagram.com/hotelzeitgeistvienna/
For information about Instagram’s data policy, please visit: https://help.instagram.com/519522125107875/?maybe_redirect_pol=0

Instagram and Facebook are products of Meta Platforms Inc. (formerly Facebook Inc.) Instagram is a Facebook product: https://www.facebook.com/help/1561485474074139/?helpref=related

In addition to us, Facebook Ireland Limited (Ireland) is also a joint controller pursuant to Art. 26 DSGVO. You can find more information here: https://www.facebook.com/legal/controller_addendum

Page Insights information from Facebook: https://www.facebook.com/legal/terms/page_controller_addendum