In the following we explain how we handle your personal data scope
This data protection declaration applies to all websites that are published under the domain kilizma.at, with the exception of the sub-areas where our accommodation partners who use our booking technology are responsible for data processing.
Responsible in terms of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:
- KILIZMA HC 22 DOOEL
- Ul. Galicica 18 Peshtani
- 6000 Ohrid
- Email: firstname.lastname@example.org
What data do we collect and why?
We collect the following types of data:
- Contact details (e.g. names, addresses, email addresses, telephone numbers)
- Content data (e.g. text entries, photos)
- Payment data (e.g. IBAN)
- Access data (e.g. websites visited, access times, device information, IP addresses)
- We collect your data for the following purposes:
- Answering inquiries and communicating with our customers and interested parties
- Execution of the contract and performance of services
- Compliance with legal obligations
- Guaranteeing the security of our IT systems
- Provision and improvement of the online offer
- Analysis of usage behavior
- Relevant legal bases
- The legal basis for obtaining consent is Article 6 Paragraph 1 lit. a and Art. 7 GDPR
- The legal basis for processing in order to fulfill our services and carry out contractual measures as well as answering inquiries is Art. 6 Para. 1 lit. b GDPR
- The legal basis for processing in order to fulfill our legal obligations is Article 6 Paragraph 1 lit. c GDPR
- The legal basis for processing to safeguard our legitimate interests is Art. 6 Para. 1 lit. f GDPR
- Transfer of data to third parties
We process your personal data only for the purposes stated in this data protection declaration. A transfer of your personal data to third parties for purposes other than those listed below does not take place. We will only pass on your personal data to third parties if:
- You have given your express consent
- this is legally permissible and necessary for the transfer to process a contract with you,
- the disclosure is necessary to fulfill a legal obligation,
- the disclosure is necessary to protect legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data.
- Your rights
- You can exercise the following rights at any time using the contact details given above (responsible body):
- Right to information about your data stored by us and their processing (in accordance with Article 15 GDPR),
- Right to rectification of incorrect personal data (in accordance with Article 16 GDPR),
- Right to deletion of your data stored by us (in accordance with Art. 17 GDPR),
- Right to restriction of data processing (according to Art. 18 GDPR) if we are not yet allowed to delete your data due to legal obligations,
- Right to object to the processing of your data by us (according to Article 7 Paragraph 3 GDPR) and
- Right to data portability (according to Art. 20 GDPR), provided you have consented to the data processing or have concluded a contract with us.
- If you have given us your consent, you can revoke it at any time with effect for the future.
- You can contact the supervisory authority responsible for you at any time with a complaint.
- Collection of access data when you visit our website
When you access our website, access data is automatically recorded and stored in “server log files”, including the URL visited, date and time of access, operating system, browser, IP address and Internet service provider of the user as well as websites from which the user’s system reaches our website (referrer). The storage in log files takes place to ensure the functionality of the website. In addition, we use the data to optimize the website and to guarantee the security of our information technology systems (defense, analysis and tracking of attacks). An evaluation of the data for marketing purposes does not take place in this context. We do not use your data to draw conclusions about you personally. The processing of your personal data is based on our legitimate interest from the aforementioned purposes of data collection (Art. 6 Paragraph 1 lit. f GDPR). The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. If the data is stored in log files, this is the case after 60 days at the latest.
If you have any questions or concerns of any kind, we offer you the opportunity to contact us using a form provided on the website. It is necessary to provide a name and an email address so that we know who sent the request and we can answer it quickly. Further information (such as a telephone number) can be provided voluntarily. The processing of the data entered in the contact form takes place on the basis of a legitimate interest (Art. 6 Para. 1 lit. f GDPR). By providing the contact form, we would like to make it easy for you to contact us. The personal data collected by us when using the contact form will be deleted after your request has been dealt with.
Registration (“Test for free”)
If you register to use our services or to try them out as part of the test phase offered, we need the name of the accommodation and its address, the website on which our booking tool is to be integrated, as well as a contact person with an email address Setting up our system, a customer account and sending the access data. You can also provide a telephone number where we can reach you if you have any questions. In order to provide chargeable services, we may ask for additional data, such as Payment details to process your order. If the user has given his / her consent, the legal basis for processing the data is Article 6 (1) (a) GDPR. If the registration serves to fulfill a contract or to carry out pre-contractual measures, the legal basis for processing the data is Article 6 (1) (b) GDPR. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case when you arrange for your customer account to be deleted. However, there may also be a need for further storage in order to be contractual or legal.
To meet obligations. In this case, the data will be deleted when all contractual and legal retention periods have expired.
Demo version of our booking tool
Part of our website is also a sample version of the booking system in our booking system, which can be used to carry out test bookings. During the booking process, our system collects and processes the data necessary to carry out a reservation, in particular a name, a telephone number, an email address and an address as well as the date of arrival and departure and the booked accommodation, meetings, incentives and conventions , Events and additional services. You are free to use fictitious data and pseudonyms instead of real data when entering your data. When the test booking is completed, the contact details provided and the associated booking data are temporarily stored on our web servers on the Internet. The test booking serves to simply demonstrate the functionality of the booking system we offer, in which we have a legitimate interest (Art. 6 Para. 1 lit. f GDPR). The personal data collected during the test booking will not be used by us and will then be deleted.
Use of Google services
We use various services from the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. It is possible that personal data will also be transferred to the USA and processed there. Google is certified under the EU-US Privacy Shield and thus offers a guarantee that it will comply with the European level of data protection. You can find Google’s data protection declaration at: https://policies.google.com/privacy. You can find more information about other certifications and security measures from Google at: https://privacy.google.com/intl/de_ALL/businesses/compliance.
The following Google services can be used on our website:
Use of Google Fonts
“Google Fonts” (https://fonts.google.com) are used on some parts of our website to display texts with legible and visually appealing fonts, which can also be loaded quickly and reliably and displayed correctly across all browsers. Loading the font libraries automatically triggers a connection to the server of the operator Google, whereby access data such as your IP address and the browser used are transmitted. Google Fonts are used in the interest of a uniform and appealing presentation and reliable provision of our online offers.
Use of Google Maps
At some points on our website, we include maps from the “Google Maps” map service. When the cards are called up, access data (such as IP addresses) and location data of the users can be transmitted to Google. Google Maps is used in the interest of an appealing presentation and user-friendliness of our online offers and to make it easy to find the places we have specified on the website. You can deactivate location functions for determining your location in the settings of your device
Use of Google Adwords Conversion Tracking
We use the online advertising program “Google AdWords” and conversion tracking as part of Google AdWords. If you click on an advertisement placed via Google, a conversion tracking cookie will be placed on your computer. These cookies lose their validity after 30 days, contain no personal data and are therefore not used for personal identification.
If you visit certain Internet pages on our website and the cookie has not yet expired, we and Google can see that you clicked on the ad and were forwarded to this page. Every Google AdWords customer receives a different cookie. This means that there is no way that cookies can be tracked via the websites of AdWords customers.
The information that is obtained using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Here, customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.
We use the statistics obtained in this way to optimize our online marketing activities.
If you do not want to participate in tracking, you can prevent cookies from being set by setting your browser accordingly. You can find more information and Google’s data protection declaration at https://policies.google.com/technologies/adsundhttps: //policies.google.com/privacy and in the settings for the display of advertisements by Google (https://adssettings.google .com).
When you visit our website, you can determine which cookies we store on your device.
Event organization (optional, if a client takes the view that an order processing relationship can be assumed)
If you register for an event, your contact and master data will be processed by us. These are e.g. the address, telephone number or email address.
We also process technical data that arise when using our registration website. These are essentially the following categories of data:
- IP address,
- Date and time of the request,
- Time zone difference to Greenwich Mean Time (GMT),
- Content of the request (specific page),
- Access status / HTTP status code,
- amount of data transferred in each case,
- Website from which the request comes
- Operating system and its interface,
- Language and version of the browser software.
- If you pay for the event yourself, we will also process all associated bank and payment data.
- The following service providers must be used to organize events:
- Transport service provider for sending event material and for carrying out postal communication;
- Service providers for the provision of logistic services;
- Service providers who provide printed matter;
- IT infrastructure service providers (hosters) who provide and maintain servers and server services that are necessary to carry out data processing;
- Communication service providers who provide and maintain the infrastructure for carrying out voice communication or email communication;
- Payment service providers and banking companies to carry out payment transactions;
- Photographers who take photographs during the event;
- Lawyers and debt collection service providers for the assertion of claims;
- Accommodation establishments for the provision of overnight accommodation;
- Hospitality establishments for the provision of food and drink.
- The service providers only receive your data insofar as they need it to provide the service.
The data processing is carried out in order to meet the contractual obligations arising from the contractual relationship between the event participant and the person responsible. The legal basis for this is Art. 6 I lit. b GDPR.
If the event is carried out to hold company parties, conferences or employee training, the data processing takes place in the own legitimate interest of the person responsible i.S.d. Art. 6 I lit. f GDPR instead.
The photographs are created for internal documentation purposes. The legal basis for this is Art. 6 I lit. f GDPR.
The data processing is carried out in order to be able to communicate with you by email. We carry out this processing in order to fulfill our agreed obligations from Art. 6 I S.1 lit b. To comply with GDPR. Furthermore, the operation of the email server and the communication possible with it is also our own interest in accordance with. Art. 6 I p.1 lit. f) GDPR.
When operating the email system, both the data necessary to carry out communication (e.g. email addresses, names, etc.) and the communication content are collected.
The data is transmitted to the operator (Microsoft) of our email infrastructure. It is possible that Microsoft employees can take note of the data as part of the error analysis. Although Microsoft is a company from other EU countries (USA), it has submitted to the Privacy Shield and thus guarantees a data protection standard that corresponds to the European one. For more information, see the following link: http://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=13871
In order to prevent unauthorized third party access to your personal data, our email servers support transport-encrypted transmissions. Synchronizations are only carried out in encrypted form. Furthermore, our contact form is provided with an encrypted website.
In order to protect the security of your data during transmission, we use state-of-the-art encryption methods. You can tell whether a single page of our website is being transmitted in encrypted form by the closed key or lock symbol in the lower status bar of your browser.
We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.