Company KANDOV OG, address: Austria, Auwinkl 16, 6352 Ellmau
Location: Ellmau, commercial register no. 398905a, commercial court of registration:
Innsbruck, VAT ATU73435339
We use the following data when you enter into an agreement with us:
First and last name, full address, all contact information (e.g., email address, telephone
number), information about the type of agreement and its contents.
Other personal data you provide or a third party provides with your consent, or data that is
otherwise permitted at the time you initiate the agreement, throughout the contractual
relationship (e.g., when the guest card is issued), or for the purpose of complying with
Date of birth or age, marital status, gender, profession, identification card details, bank
account information, signatory or representative authority, contractual obligation,
cancellation deadlines, or other personal information you have provided yourself.
Use of processors
Protecting your data is very important to us. Even if we use a processor (Feratel – guest
register in accordance with § 19 of the Austrian Registration Law (MeldeV), zadego GmbH
(easybooking) – our reservation program, Europäische Reiseversicherung AG - travel
insurance provider), we ensure that the data is processed within the European Union.
Please note that data recorded for the purpose of contract processing is stored with us. The
data provided by you is required for contractual performance and/or for carrying out precontractual
measures. Without these data we cannot conclude the contract with you.
No data will be passed on to third parties, with the exception of the transmission of the credit
card details to the processing bank institutes and the payment service provider for the
purpose of direct debiting of the purchase price, as well as to our tax consultant for
complying with our obligations under fiscal law. In the event of a contract being concluded,
all data from the contractual relationship will be stored until the expiry of the tax retention
period (7 years).
1. Registration data
1.1 Registration obligation
According to the Austrian Registration Law, you are required to register with us and provide us
with the data specified in § 5 and § 10 of the Austrian Registration Law. This applies to the
Name, date of birth, gender, nationality, country of origin, and address with postal code.
Foreign guests are also required to provide the type of travel document they are traveling
with, its number, place of issue and issuing authority, as well as date of arrival and departure.
1.2. Guest register
We are required by law to keep this data in a guest register as stipulated by § 19 of the
Austrian Registration Law and save it for seven (7) years unless it is processed for a longer
We administer the guest register electronically and forward the data to an IT processor,
where the data is saved locally. The data is not transferred to a third country.
1.3. Forwarding of data
Arrival and departure data, together with country of origin, is forwarded in accordance with
§ 6 of the Regulation on Tourism Statistics (Tourismus-Statistik-Verordnung) to the municipality
in which our tourist accommodation establishment is located. Aggregated data about the
total number of overnight stays and the names of persons required to pay a local tourist tax
are also forwarded to the respective tourism association Wilder Kaiser to which we belong.
This is done in accordance with § 9 of the Tyrolean Regulation on Local Tourist Tax (Tiroler
1.4 Legal basis for data processing
The processing of data as specified above in items 1.1 to 1.3 is based on Art. 6, para. 1, lit. c
GDPR (fulfillment of legal obligation).
1.5 Additional data forwarded to the tourism association/municipality
We also forward your postal code and year of birth (in pseudonymized and anonymized
form) to our municipality and our tourism association. This is done for statistical purposes so
that the tourism association can create and evaluate statistics on country of origin and age.
The data is forwarded in accordance with Art. 6, para. 1, lit. e (public interest) and lit. f
(legitimate prevailing interests) GDPR. You can file an objection at any time for reasons
resulting from your particular situation (Art. 21, para. 1 GDPR).
2. Guest card
2.1 General information
You can make use of a guest card. A guest card offers discounts and/or services provided by
various regional businesses (e.g., discounted admission). The guest card is valid for the
duration of your stay with us.
2.2 Issuing of guest cards
Guest cards are issued by the accommodation provider upon request only. Depending on
the guest card system used by the tourist association and/or tourist accommodation
establishment, you will be issued one of the following:
• Electronically generated guest card,
• Manually created guest card
• Carbon copy of the registration form.
2.3 Processed personal data
For both the electronically generated and manually created guest card, the following
personal data, which is taken from the registered data (see item 1 above), is processed:
First name, last name, date of birth and duration of stay (arrival/departure), country of origin,
If the guest card is issued as a carbon copy of the registration form, it includes information as
stipulated in § 5 in conjunction with § 9 of the Austrian Registration Law (see 1.1 Registration
data). In this case, the data is not processed electronically for guest card purposes.
The following additional personal data is processed when the guest card is used: data about
the card's usage frequency, services used, bookings, transaction logging, billing data,
reference to registered data and the tourist accommodation establishment.
This data is required to determine, on the one hand, your identity, and on the other hand, to
determine the guest card's duration of validity at the respective service provider's
establishment. It also facilitates the settlement of discounts between the service providers, the
tourism association, and if need be, the tourist accommodation establishments.
2.4 Legal basis for data processing
Data is processed for guest card purposes, based either on your consent (Art. 6, para. 1, lit. a
GDPR) or, for the purpose of contractual performance (Art. 6, para. 1, lit. b GDPR), if the guest
card is part of service provisioning as specified in the accommodation agreement.
You may revoke your consent at any time by notifying the accommodation provider verbally
or by sending an email to the following address: email@example.com.
2.5 Guest card system administration
The guest card system is managed by the local tourism association. Other parties involved
are the local tourist accommodation establishments and local companies (service providers).
Data that is processed for guest cards is d eleted after forty-eight (48) months.
2.6 Data recipients
Data processed for guest card purposes is forwarded to the local tourism association to
facilitate the billing of service providers and/or tourist accommodation establishments.
Individual service providers, who honor the guest card and offer discounted services, also
receive this data when you use services provided by these establishments that are offered
through the guest card.
To claim discounts, you must present the card containing this data to the service provider.
The establishment then checks if the card is (still) valid, usually by scanning the barcode on
the guest card and then by transferring the barcode data to our IT processor. At this time,
personal data is also transfered to the establishment, in particular, data about your identity
(to verify identity and date of birth).
If the guest card is a carbon copy of the registration form, the establishment verifies its validity
by means of the carbon copy of the registration form.
3. Other processing of your data
As a rule, we process only data that is absolutely necessary to conclude and execute the
agreement. However, upon your consent and until revoked, we will also provide you with
information about our services. We will send you information via the following communication
channels if you have given us the respective data:
Telephone, email, mobile number for texts, address, social media information
4. Deleting data
Your personal data and other personal data are d eleted if it is no longer required for
compliance with retention laws, typically after seven (7) years, or if saving the data is not
permitted according to the law.
In lieu of deleting the data, it is also possible to anonymize it, which means that any reference
to a person is irrevocably removed.
browser. They are not malicious.
your device until you d elete them. They make it possible for us to recognize your browser the
next time you visit.
If you do not want cookies to be placed on your device, you can change the settings in your
browser so that you are informed when cookies appear and allow them in individual
Our website functionality can be limited by the deactivation of cookies.
6. Web analytics
Our website uses functions provided by zadego GmbH (easybooking), Tschamlerstraße 4,
use of a particular website. Information collected is transferred to and saved on the provider's
You can prevent this by making settings in your browser so that no cookies are saved. We
have concluded a corresponding data processing agreement with the provider.
7. Social media plug-ins
The establishment uses embedded social media plug-ins on its website (interfaces to social
networks). When you visit its website, the system uses the plug-ins to automatically establish a
connection to the respective social network and transfers the data (IP address, website visit,
The establishment does not assist with the data transfer and is not responsible for the transfer.
The user can prevent the transfer of this data by logging out of his social networks before
visiting the website. The social network is able to link specific data to the activity profile of the
user through automatic data transfer only when the user is logged in.
The automatically transferred data is used exclusively by the social network providers and not
by the tourist accommodation establishment. More information, including information about
the content of the data being collected by social networks, can be found directly on the
website of the respective social network. Changes to social media privacy settings can also
be made there.
Social networks connected to the website are:
Facebook Inc., 1601 S California Ave, Palo Alto, CA, 94304, USA
For more information, see: h ttps://www.facebook.com/policy.php
Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA
For more information, see: h ttps://policies.google.com/terms?hl=en
Instagram, LLC Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA
For more information, see: h ttps://help.instagram.com/155833707900388
8. You have the following rights in regards to the processing of your data:
8.1. Right to information You have the right to know if we are processing your data and to
Contact/person responsible: Haus Bella Ellmau
8.2. Your rights
You have the fundamental right to information, correction, deletion, limitation, data
portability, revocation, and objection. If you believe that the processing of your data
violates the Data Protection Law, or if your right to protected data has been violated
in any way, you may report this to the regulatory authority. In Austria this is the Data
Protection Authority (Datenschutzbehörde).
8.3. Right of appeal If you believe the processing of your personal data violates the
Austrian or European Data Protection Law, please contact us to clarify any questions
you may have. Of course you have the right to file a complaint with the Austrian
Data Protection Authority or a regulatory authority within the EU.
9. Confirmation of identity
To protect your rights and your privacy, we may request that you provide proof of identity in
case of doubt.
10. Claim to rights for a fee
If the complaint is deemed manifestly unfounded or is lodged particularly often, we have the
right to charge a reasonable processing fee or to reject complaint processing.
11. Responsibility to cooperate
As part of our responsibility to cooperate, we are obligated to provide data as stipulated by
statutory regulations (e.g., Austrian Federal Fiscal Code (BAO), Austrian Registration Law
(Meldegesetz), Austrian Code of Civil Procedure (ZPO), Austrian Code of Criminal Procedure
(StPO), etc.) upon request.
12. Period of validity