Data Protection Declaration

The contact data of our data protection officer are as follows:
Mag. Per-Oliver Gustavson
Sterngasse 5, 1230 Vienna, Austria
Tel.: +43 1 60127-0

1. Processing of person-related data when visiting our website

1.1. Processing of access data

When you visit our website, we store the access data in so-called web server log files. We record the following data of yours:

• IP-address
• Date and time of access
• Browser
• Operating system
• Your Internet service provider

Purpose of data processing
These data are statistically evaluated to continue to improve the offer on the website and to make it more user-friendly, to find and eliminate any errors faster as well as to control server capacities. We will only use these data in a person-related form for the purpose of legal prosecution if there is a concrete indication of an illegal usage of our website.

Duration of storage
Your data will not be stored for longer than 5 years.

Legal basis
The legal basis for the processing of the access data is GRB´s justified interest (online service offer & data security) according to 6 para. 1 lit f GDPR.

1.2. Cookies

1.2.1. Google Analytics

This website uses Google Analytics, a web analysis service by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics also uses cookies that make an analysis of the use of the website by you possible. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and abbreviated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for the website operator and providing other services relating to website activity and Internet usage. The IP address transmitted by your browser in the context of Google Analytics will not be associated with other data held by Google. In addition, you can refuse the collection of the data generated by the cookie and your utilisation of the data related to the website (incl. your IP address) to Google as well as the processing of these data by Google by downloading and installing the browser plug-in available at the following link

Legal basis
The legal basis for the use of Google Analytics is GRB´s justified interest (Art. 6 para. 1 lit f GDPR), which lies in the analysis of the website and website activities.

Recipient of the data
These data are forwarded to Google for the purposes described.

Duration of storage
The person-related data are stored for a period of maximum 14 months and then deleted.

2. Links
The website contains links to other websites. These links to websites of other Internet users are provided as a service to cover the additional need for information of the accessing user. GRB has no influence on the content of these external websites. GRB assumes no liability for their content. Only the person operating the respective website is responsible for the contents and correctness of the information provided there.

3. Facebook

GRB operates a Facebook fan page on which your person-related data are processed. As the operator of this fan page, GRB is also responsible in the sense of the data protection law.

Data about you can be gathered using cookies on the fan page irrespective of whether you have a Facebook account. Only Facebook decides about the use of these cookies. GRB has no influence on this. Details about the use of cookies by Facebook can be found in Facebook’s data guideline (https://www.facebook.com/privacy/explanation) and the cookie guideline (https://www.facebook.com/policies/cookies/). You can also download your own Facebook data directly from Facebook (download the so-called “expanded archive” in your account settings).

Your data can be passed on to Facebook Inc. in the US via the cookies. Facebook is certified for the EU-US Privacy Shield, which means that Facebook must maintain a data protection standard for users in Europe that has been found to be comparable to the European standard by the European Commission. Facebook can also make use of cookies by third-party providers. These are listed under https://www.facebook.com/policies/cookies/. Their cookie guidelines can be found on their respective web pages.

The declaration of consent to store, process and use your data through cookies in the context of the use of the fan page can be recalled at any time with effect for the future. The processing that has taken place until the time the consent was retracted remains legal in this case

4. Contact form

We look forward to hearing from you.

Data processing
In the context of establishing contact through the contact form, GRB will process your following person-related data:

• Appellation
• First name
• Surname
• Company (optional)
• Address (optional)
• Postal code (optional)
• City (optional)
• Country (optional)
• E-mail address
• Phone number (optional)
• Selected services
• Selected business areas
• Your individual message

Purpose of the processing
The person-related data made available by you in the context of establishing contact are used for the following purposes:

• establishing contact and
• possibly initiating business relationships

Legal basis
The processing of your person-related data in the context of establishing contact is based on the execution of pre-contractual measures according to Art. 6 para. 1 lit b GDPR.

Duration of storage
The data being processed for the purposes named above are processed for the duration of the contractual relationship or beyond until the expiration of relevant legal retention periods.

5. Data security

The safety of your person-related data is very important to us.

GRB will carry out technical and organisational measures suitable to protect the rights and freedoms of natural persons in the context of Art. 32 GDPR while taking into account the standard of technology, the costs of implementation and the type, extent, circumstances and purposes of the processing as well as the probability of occurrence and the severity of the risk.

In this context, the following measures among others are taken to protect your data and protect them against loss, destruction, access, alteration and distribution by unauthorised persons:

• Ensuring the confidentiality, integrity, availability and capacity of the systems and services in connection with the processing;
• Ensuring a quick recovery of the availability of person-related data in case of a physical or technical incident;
• Implementation of procedures for the regular verification, assessment and evaluation of the effectiveness of technical and organisational measures to ensure the safety of the processing.

Please note that we assume no liability for the disclosure of information due to errors in data transmission and/or unauthorised access by third parties that are not caused by us or attributable to us.

6. Your rights
As a user of our website, you have the following rights:

The right to information (Art. 15 GDPR): You have the right to ask GRB for a confirmation regarding whether your person-related data are being processed. Beyond this, you have the right to request additional information about the concrete processing purposes, categories of person-related data, recipients or categories of recipients of person-related data, storage duration, the existence of right to deletion or correction of your person-related data or restriction of the processing and the right of objection, the existence of a right of appeal as well as with regard to all available information about the origin of your data.

Right to correction (Art. 16 GDPR): You have the right to demand that GRB correct your person-related data immediately. This right comprises the correction of incorrect data and the completion of incomplete person-related data.

Right to deletion (Art. 17 GDPR): You have the right to demand that GRB immediately delete your person-related data, as far as the reasons specified in Art. 17 para. 1 lit a to f GDPR (e.g. the purpose for the processing is no longer applicable) and the processing of their person-related data is not required.

Right to restriction of processing (Art. 18 GDPR): Among the cases named in Art. 18 GDPR (e.g. incorrectness of processed person-related data, illegality of processing, etc.), you also have the right to demand that GRB limit the processing.

Right to data portability (Art. 20 GDPR): You have the right to receive the person-related data that affect you and that you have made available to GRB in a structured, current format and to demand that GRB transfer these data to another responsible party (e.g. another law firm).

Right of objection (Art. 21 GDPR): You have the right to object to the processing of your person-related data that is processed in the context of this website at any time.

Retraction of declaration of consent (Art. 7 GDPR): You have the possibility to retract approval from GRB after you have granted it.

Right of appeal: At any time, you can also lodge a complaint with the

Österreichische Datenschutzbehörde (Austrian Data Protection Authority)
Wickenburggasse 8
1080 Vienna, Austria
Tel.: +43 1 52152-2569
E-mail: dsb@dsb.gv.at

You can assert the rights named above – with the exception of complaints addressed to the Austrian Data Protection Authority – with respect to Gesundheitsresort Gars BetriebsgmbH (GRB) at the following address:

• by e-mail to: