Data protection & Cookies


Company Rashidov OG, address: Kirchbichl 49, A-6352 Ellmau
Location: Ellmau, commercial register no. 398905a, commercial court of registration: Innsbruck, VAT ATU68125334

We use the following data when you enter into an agreement with us:

Personal data
First and last name, full address, all contact information (e.g., email address, telephone number), information about the type of agreement and its contents.

Other personal data you provide or a third party provides with your consent, or data that is otherwise permitted at the time you initiate the agreement, throughout the contractual relationship (e.g., when the guest card is issued), or for the purpose of complying with statutory regulations:
Date of birth or age, marital status, gender, profession, identification card details, bank account information, signatory or representative authority, contractual obligation, cancellation deadlines, or other personal information you have provided yourself.

Use of processors
Protecting your data is very important to us. Even if we use a processor (Feratel – guest register in accordance with § 19 of the Austrian Registration Law (MeldeV), zadego GmbH (easybooking) – our reservation program, Europäische Reiseversicherung AG - travel insurance provider), we ensure that the data is processed within the European Union.

Data storage
Please note that data recorded for the purpose of contract processing is stored with us. The data provided by you is required for contractual performance and/or for carrying out precontractual measures. Without these data we cannot conclude the contract with you.
No data will be passed on to third parties, with the exception of the transmission of the credit card details to the processing bank institutes and the payment service provider for the purpose of direct debiting of the purchase price, as well as to our tax consultant for complying with our obligations under fiscal law. In the event of a contract being concluded, all data from the contractual relationship will be stored until the expiry of the tax retention period (7 years).

1. Registration data

1.1 Registration obligation
According to the Austrian Registration Law, you are required to register with us and provide us with the data specified in § 5 and § 10 of the Austrian Registration Law. This applies to the following data:
Name, date of birth, gender, nationality, country of origin, and address with postal code.
Foreign guests are also required to provide the type of travel document they are traveling with, its number, place of issue and issuing authority, as well as date of arrival and departure.

1.2. Guest register
We are required by law to keep this data in a guest register as stipulated by § 19 of the Austrian Registration Law and save it for seven (7) years unless it is processed for a longer period of time for other reasons specified by this privacy policy.
We administer the guest register electronically and forward the data to an IT processor, where the data is saved locally. The data is not transferred to a third country.

1.3. Forwarding of data
Arrival and departure data, together with country of origin, is forwarded in accordance with § 6 of the Regulation on Tourism Statistics (Tourismus-Statistik-Verordnung) to the municipality in which our tourist accommodation establishment is located. Aggregated data about the total number of overnight stays and the names of persons required to pay a local tourist tax are also forwarded to the respective tourism association Wilder Kaiser to which we belong.
This is done in accordance with § 9 of the Tyrolean Regulation on Local Tourist Tax (Tiroler Aufenthaltsabgabegesetz).

1.4 Legal basis for data processing
The processing of data as specified above in items 1.1 to 1.3 is based on Art. 6, para. 1, lit. c GDPR (fulfillment of legal obligation).

1.5 Additional data forwarded to the tourism association/municipality
We also forward your postal code and year of birth (in pseudonymized and anonymized form) to our municipality and our tourism association. This is done for statistical purposes so that the tourism association can create and evaluate statistics on country of origin and age.
The data is forwarded in accordance with Art. 6, para. 1, lit. e (public interest) and lit. f (legitimate prevailing interests) GDPR. You can file an objection at any time for reasons resulting from your particular situation (Art. 21, para. 1 GDPR).

2. Guest card

2.1 General information
You can make use of a guest card. A guest card offers discounts and/or services provided by various regional businesses (e.g., discounted admission). The guest card is valid for the duration of your stay with us.

2.2 Issuing of guest cards
Guest cards are issued by the accommodation provider upon request only. Depending on the guest card system used by the tourist association and/or tourist accommodation establishment, you will be issued one of the following:
• Electronically generated guest card, • Manually created guest card • Carbon copy of the registration form.

2.3 Processed personal data
For both the electronically generated and manually created guest card, the following personal data, which is taken from the registered data (see item 1 above), is processed:
First name, last name, date of birth and duration of stay (arrival/departure), country of origin, postal code.
If the guest card is issued as a carbon copy of the registration form, it includes information as stipulated in § 5 in conjunction with § 9 of the Austrian Registration Law (see 1.1 Registration data). In this case, the data is not processed electronically for guest card purposes.
The following additional personal data is processed when the guest card is used: data about the card's usage frequency, services used, bookings, transaction logging, billing data, reference to registered data and the tourist accommodation establishment.
This data is required to determine, on the one hand, your identity, and on the other hand, to determine the guest card's duration of validity at the respective service provider's establishment. It also facilitates the settlement of discounts between the service providers, the tourism association, and if need be, the tourist accommodation establishments.

2.4 Legal basis for data processing
Data is processed for guest card purposes, based either on your consent (Art. 6, para. 1, lit. a GDPR) or, for the purpose of contractual performance (Art. 6, para. 1, lit. b GDPR), if the guest card is part of service provisioning as specified in the accommodation agreement.
You may revoke your consent at any time by notifying the accommodation provider verbally or by sending an email to the following address: haus@bambi.tirol.

2.5 Guest card system administration
The guest card system is managed by the local tourism association. Other parties involved are the local tourist accommodation establishments and local companies (service providers).
Data that is processed for guest cards is deleted after forty-eight (48) months.

2.6 Data recipients
Data processed for guest card purposes is forwarded to the local tourism association to facilitate the billing of service providers and/or tourist accommodation establishments.
Individual service providers, who honor the guest card and offer discounted services, also receive this data when you use services provided by these establishments that are offered through the guest card.
To claim discounts, you must present the card containing this data to the service provider.
The establishment then checks if the card is (still) valid, usually by scanning the barcode on the guest card and then by transferring the barcode data to our IT processor. At this time, personal data is also transfered to the establishment, in particular, data about your identity (to verify identity and date of birth).
If the guest card is a carbon copy of the registration form, the establishment verifies its validity by means of the carbon copy of the registration form.

3. Other processing of your data
As a rule, we process only data that is absolutely necessary to conclude and execute the agreement. However, upon your consent and until revoked, we will also provide you with information about our services. We will send you information via the following communication channels if you have given us the respective data:
Telephone, email, mobile number for texts, address, social media information

4. Deleting data
Your personal data and other personal data are deleted if it is no longer required for compliance with retention laws, typically after seven (7) years, or if saving the data is not permitted according to the law.
In lieu of deleting the data, it is also possible to anonymize it, which means that any reference to a person is irrevocably removed.

5. Cookies
Our website uses cookies. Cookies are small text files that are stored on your device via your browser. They are not malicious.
We use cookies to customize our offers to your needs and interests. Some cookies remain on your device until you delete them. They make it possible for us to recognize your browser the next time you visit.
If you do not want cookies to be placed on your device, you can change the settings in your browser so that you are informed when cookies appear and allow them in individual instances only.
Our website functionality can be limited by the deactivation of cookies.

6. Web analytics
Our website uses functions provided by zadego GmbH (easybooking), Tschamlerstraße 4, 6020 Innsbruck, Austria for a web analytics service. The service uses cookies to analyze your use of a particular website. Information collected is transferred to and saved on the provider's server.
You can prevent this by making settings in your browser so that no cookies are saved. We have concluded a corresponding data processing agreement with the provider.

7. Social media plug-ins
The establishment uses embedded social media plug-ins on its website (interfaces to social networks). When you visit its website, the system uses the plug-ins to automatically establish a connection to the respective social network and transfers the data (IP address, website visit, etc.).
The establishment does not assist with the data transfer and is not responsible for the transfer.
The user can prevent the transfer of this data by logging out of his social networks before visiting the website. The social network is able to link specific data to the activity profile of the user through automatic data transfer only when the user is logged in.
The automatically transferred data is used exclusively by the social network providers and not by the tourist accommodation establishment. More information, including information about the content of the data being collected by social networks, can be found directly on the website of the respective social network. Changes to social media privacy settings can also be made there.

Social networks connected to the website are:

• Facebook ("like")
Facebook Inc., 1601 S California Ave, Palo Alto, CA, 94304, USA
For more information, see: https://www.facebook.com/policy.php

• Google („+1“)
Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA
For more information, see: https://policies.google.com/terms?hl=en

• Instagram
Instagram, LLC Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA
For more information, see: https://help.instagram.com/155833707900388

8. You have the following rights in regards to the processing of your data:

8.1. Right to information You have the right to know if we are processing your data and to what extent.
Contact/person responsible: Tanya Rashidova

8.2. Your rights
You have the fundamental right to information, correction, deletion, limitation, data portability, revocation, and objection. If you believe that the processing of your data violates the Data Protection Law, or if your right to protected data has been violated in any way, you may report this to the regulatory authority. In Austria this is the Data Protection Authority (Datenschutzbehörde).

8.3. Right of appeal If you believe the processing of your personal data violates the Austrian or European Data Protection Law, please contact us to clarify any questions you may have. Of course you have the right to file a complaint with the Austrian Data Protection Authority or a regulatory authority within the EU.

9. Confirmation of identity
To protect your rights and your privacy, we may request that you provide proof of identity in case of doubt.

10. Claim to rights for a fee
If the complaint is deemed manifestly unfounded or is lodged particularly often, we have the right to charge a reasonable processing fee or to reject complaint processing.

11. Responsibility to cooperate
As part of our responsibility to cooperate, we are obligated to provide data as stipulated by statutory regulations (e.g., Austrian Federal Fiscal Code (BAO), Austrian Registration Law (Meldegesetz), Austrian Code of Civil Procedure (ZPO), Austrian Code of Criminal Procedure (StPO), etc.) upon request.

12. Period of validity
This privacy policy shall take effect May 25, 2018, and replaces existing data protection regulations.