Data protection statement
We are delighted you are interested in our website. This data protection statement informs you about how we process the personal data you provide in the context of the website. Protection of your personal data and your privacy are very important to us. We process your data exclusively in compliance with statutory rules [European Parliament and Commission Directive (EU) 2016/679 of the 27th April 2016 in reference to the protection of natural persons as regards the processing of personal data, the unrestricted forwarding of data and the revocation of Guideline 95/46/EC (GDPR), Data Protection Law 2018 (DPL 20018), E-Privacy Guideline, Telecommunications Law 2003 (TKG 2003)].
Responsibility and Data Protection Officer:
In accordance with Article 4 Z 7 GDPR, the Data Protection Officer for this website is TBG Thermenzentrum Geinberg BetriebsGmbH. If you have any questions about the processing of your data by Spa Resort Geinberg, feel free to contact us as follows:
- Postal letter: Bernhard Sänger, Thermenplatz 1, 4943 Geinberg, Austria
- E-mail: firstname.lastname@example.org
How to contact the VAMED Data Protection Officer: Bernhard Sänger, Thermenplatz 1, 4943 Geinberg, Austria. E: email@example.com
Processing personal data generated when visiting our website
Processing access data
When you visit our website, we save your access data in so-called web server log files. These contain the following information:
- The IP address
- the page from which the file was retrieved (referrer URL)
- the name of the file
- the date and time the file was retrieved (time stamp)
- the volume of data transferred
- the access status (file transferred; file not found etc.)
- the Internet Service Provider
- the type of device used to access the data (tablet/PC/smartphone)
- a description of the type of programme used to surf the net (web browser/browser: e.g. Mozilla Firefox, Google Chrome, Microsoft Internet Explorer, Microsoft Edge, Apple Safari, Opera etc.)
Purpose of data processing
These data are statistically evaluated to continually enhance the website’s online offering and improve user-friendly design, to identify and correct errors faster, and to manage server capacity. We will only use these data in a person-related form for the purpose of prosecuting wrong-doing if there is a clear indication our website has been used for illegal purposes.
Period of data storage
Your data will only be stored in a person-related form for a period of seven days, after which the log files will be deleted.
The legal basis for processing access data is the justified interest of VAMED (online service offering & data security) in accordance with article 6, paragraph 1, letter f of the GDPR.
In order to make a visit to the website as attractive as possible, and to facilitate the use of certain functions, we use ‘cookies’ on a variety of pages. Cookies are small text files we store on your device. On your next visit to the site they enable us to recognise your browser. Cookies are deposited in compliance with EU and Austrian jurisdiction (article 5, paragraph 3 E-Privacy RL and § 96 paragraph 3 TKG 2003). This applies to the following cookies:
- Google: To save user data utilised by Google’s website statistics software Google Analytics. For more information see Google Analytics.
The option of viewing and changing cookie settings
Users can set their browsers to inform them when cookies are deposited, to decide about whether to accept or deny each cookie individually – on a case-to-case or general basis. Deactivating cookies can restrict the functionality of our website.
The legal basis for depositing cookies is the justified interest of VAMED (online service offering & data security) in accordance with article 6, paragraph 1, letter f of the GDPR.
Once your contact form has been submitted, the data you provide is processed by the approved data protection employees and your inquiry is processed based on the permission provided by submitting the form. There is no statutory or contractual obligation to provide your personal data. If these data are not provided, we will not be able to forward or process your request. You are entitled to revoke permission in writing at any time, without affecting the legality of data processing conducted prior to revocation.
Processing your personal data when contact is established is done on the basis of precontractual measures in accordance with article 6, paragraph 1, letter b of the GDPR.
By marking the checkbox, you consent to the processing of the personal data you have entered in order to receive an e-mail newsletter containing information about our current offerings – from an employee with data protection authorisation – until you revoke consent or lodge an objection. There is no statutory or contractual obligation to provide your personal data. If these data are not provided, you will not receive the e-mail newsletter. Processing your personal data by VAMED is done solely on the basis of the consent you provide (article 6, paragraph 1, letter a of the GDPR) in order to be sent the newsletter.
Period of data storage
Generally, all data to be processed for the stated purposes will be stored until you revoke permission to send the newsletter. Furthermore, only the data absolutely necessary to prove consent has been given – or revoked – will be saved in compliance with the applicable legal guidelines and storage duties.
Your data will be sent to the service provider responsible for administering the distribution of the newsletter – for exactly this purpose.
Revocation of permission
You are entitled to revoke permission in writing at any time by mailing to: firstname.lastname@example.org or clicking the link to unregister in the e-mail newsletter, without affecting the legality of data processing conducted prior to revocation. You are also entitled to object to the use of your personal data for the purpose of our sending direct advertising via the same method. If you submit an objection, your personal data will no longer be processed for the purpose of sending direct advertising in the e-mail newsletter.
VAMED Vitality World
The current VAMED Vitality World customer club terms and conditions can be viewed here.
Protection of your personal data is very important to us. For the sake of the rights and freedoms of natural persons, VAMED ensures the implementation of suitable technical and organisational measures – as defined by article 32 of the GDPR – allowing for factors such as technical status, cost of implementation and similar factors, as well as the scope, circumstances and purposes of processing, and the probability and degree of risk entailed. With this in mind, the following are some of the steps taken to protect and secure your data from loss, destruction, undesired access, alteration and distribution by unauthorised people:
- We guarantee confidentiality, integrity, availability and resilience of the systems and services used in connection with processing activities
- We guarantee the rapid restoration of availability of person-related data in the case of a physical or technical incident
- We implement procedures ensuring regular checks, evaluation and rating of the efficacy of technical and organisational measures designed to ensure secure data processing
Please note, we do not accept liability for publication or distribution of information due to erroneous data transfer by third parties, errors not attributable to us, or that occurs due to unauthorised third-party access.
The legal basis for the use of Google Analytics is the justified interest of VAMED in accordance with article 6, paragraph 1, letter f of the GDPR, these reasons being the evaluation of the website and the analysis of website activities.
The information generated by cookies on your use of the website (including your IP address) is transmitted to, and stored on, a Google server in the USA. Subsequently, Google shortens the IP address to omit the final three digits, thus making it impossible to attribute it accurately. Google adheres to the data protection stipulations of the US Safe Harbor treaty and is a registered participant in the Safe Harbor programme of the US trade ministry.
Google uses this information to evaluate your use of the website, to compile reports on website activities and provide the website operators with other services connected with use of the website and the internet. If considered relevant, Google may also forward this information to third parties if statutorily bound to do so, or if third parties have been deployed to process these data on Google’s behalf.
Third-party providers, including Google, place advertisements on websites on the internet. Third-party providers, including Google, use embedded cookies to display adverts based on the user’s previous visits to the website.
Please note, this action may lead to a loss of some functionality on the website. By using this website, the user consents to Google’s processing of data collected on the user in the manners and for the reasons listed above.
Objections to any future data collection and storage can be submitted at any time. More of Google’s provisions can be viewed here.
Deactivate Google Analytics
- The general collection of user data can be blocked on this website by clicking the ‘Do Not Track’ setting in your web browser. Our website then registers the ‘Do Not Track’ signal your web browser sends to all websites.
- The general collection of user data by Google Analytics can be blocked on all websites by downloading and installing the browser plugin available at the following link: Download browser add-on.
- The collection of user data by Google Analytics can be blocked just for this website by clicking the following link to install an Opt-Out-Cookie that prevents your data from being collected on future visits to this website: Deactivate Google Analytics
This website uses Google Maps to present geographical information. When using Google Maps, data regarding website visitor utilisation of Maps functionality are collected, processed and used by Google. More information about how Google processes data can be read in Google’s data protection information. In the data protection centre here there is an option for changing settings, enabling you to manage and protect your data.
VAMED websites integrate Social Plugins, which link to the main social networks:
- Facebook – run by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, FN 462932 / Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025
- Instagram – run by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA
- Google Plus, - run by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
- You Tube – run by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA
- Twitter – run by Twitter International Company, 1 Cumberland Place, Fenian Street, Dublin 2 D02, Ireland
- AX07, Ireland, FN 503351 / Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Each plugin is labelled with an operator logo or title. When you call up a VAMED website containing one of these plugins, your browser establishes direct contact with the operator’s server. The content of the plugin is sent straight from the operator to your browser which then integrates it into the website. Integration of the plugin informs the operator that you have accessed the respective VAMED website. If you are logged in with the plugin operator, the operator is able to allocate your visit to your user account. If you interact with the plugins, e.g. by using a plugin button, the corresponding information will be sent straight from your browser to the operator and saved there. Logging out of your user account enables you to prevent the operator from linking the user info to the user account.
The purpose and scope of data collection, details of subsequent processing, use of data by the operator, and your concomitant rights and settings options as regards the protection of your privacy, can all be viewed in the respective data protection statements:
- Facebook: https://www.facebook.com/privacy/explanation
- Twitter: https://twitter.com/de/privacy
- Instagram: https://help.instagram.com/155833707900388
- YouTube: https://policies.google.com/privacy?hl=de&gl=de
- Google Plus: https://policies.google.com/privacy?hl=de
Some pages on this website use buttons to enable the sharing of page content on the Facebook, Google Plus, Instagram and Twitter social media platforms.
These buttons are ideally designed as regards the protection of the personal data pertaining to our website visitors, since the programme script behind the buttons does not collect or process personal data. Heise Verlag publishes the IT specialist magazine c’t. They developed these buttons and can provide exact information about their functions.
Website visitors who wish to share our site can click the buttons to connect straight to the ‘share’ pages of each respective Social Media platform. Finally, the script commands required to share page content are downloaded on the platform. The terms and conditions of use and data protection conditions agreed between the website visitor and the respective Social Media platform shall apply. For exact information, please consult the respective platform: Facebook, Google Plus, Instagram and Twitter.
TBG Thermenzentrum Geinberg BetriebsGmbH, Thermenplatz 1, A-4943 Geinberg (Austria) operates its own Facebook fan page upon which personal data are processed. As the fan page operator, TBG Thermenzentrum Geinberg BetriebsGmbH is legally responsible for the page according to the stipulations of the Data Protection Law.
In the USA your data may be passed on to Facebook Inc. via cookies. Facebook is certified with the EU-US Privacy Shield, hence Facebook must offer users in Europe a service that equates with the standards defined by the European Commission. Facebook can integrate the third-party cookies listed here: https://www.facebook.com/policies/cookies/ Their cookie guidelines stem from the respective websites.
The declaration of consent to the storage, processing and use of your data via cookies used on the fan page, can be revoked for the future at any time with immediate effect – without affecting the legality of data processing conducted prior to revocation.
Cookies from The Trade Desk
If you do not want data collection by The Trade Desk, you can object to the following link and deactivate the data collection, in which case an opt-out cookie is set on your computer:
This opt-out cookie may not be deleted as long as the storage of the data is contradicted and is always valid only for the browser used and thus for the device on which the browser is used.
Duration of data storage
The cookies lose their validity after 12 months.
This website contains links to other websites. Links to the websites of other internet participants are provided to ensure visitors enjoy a more comprehensive information service. VAMED has no influence on the content linked sites provide. VAMED does not accept any liability for their content. The respective provider of the website to which the link leads is solely responsible for its content, the information provided and the correctness thereof.
You have the following rights as a user of our website:
- Right to demand information (article 15 GDPR): You are entitled to demand confirmation from VAMED as to whether VAMED is processing your personal data. Furthermore, you are entitled to demand additional information on the specific purposes of data processing, categories of personal data, recipients – and categories of recipients of personal data, storage duration, and to ensure you are guaranteed the rights to deletion and correction of your personal data, restriction of data processing, the right to object, the right to complain and to be given all information on the origins of the personal data collected about you.
- Right to correction (article 16 GDPR): You are entitled to demand VAMED amends any personal data immediately. This right also encompasses the correction of erroneous data and the completion of incomplete personal data.
- Right to deletion (article 17 GDPR): You are entitled to demand VAMED deletes your personal data immediately for reasons listed in article 17 paragraph 1 letters a - f GDPR (e.g. the processing purpose no longer applies) and if processing personal data is no longer necessary.
- Right to restriction of data processing (article 18 GDPR): According to the cases listed in article 18 GDPR (e.g. processing personal data which is incorrect, processing is illegal etc.) you are also entitled to demand VAMED limit the scope of personal data processing.
- Right to data portability (article 20 GDPR): You are entitled to demand that personal data you provided to VAMED be sent to you in a structured and commonly-used format, and that VAMED also send these data to another person responsible for such matters (e.g. lawyer).
- Right of objection (article 21 GDPR): You are entitled, at any time, to object to the processing of personal data used by and for this website.
- Revocation of your statement of consent (article 7 GDPR): You are entitled to revoke the permission given to VAMED at any time.
- Right to complain: You are entitled to complain to the Austrian Data Protection Authority, Wickenburggasse 8, 1080 Vienna, Austria at any time.
Telephone: +43 1 521 52-25 69
Your rights as an affected person as regards VAMED’s use of your data, with the exception of the right of complaint, can be submitted to the Austrian Data Protection Authority. VAMED can be contacted at:
- Postal address: Spa Resort Geinberg Thermenplatz 1, 4943 Geinberg, Austria
- Telephone number: 0043 7723 8500
- E-mail: email@example.com