Privacy Policy

Künig GmbH (FN 216022f)
Maximilianstraße 7
6330 Kufstein

Telephone: +43 5372 90500
Email address: info@das-sieben.com | datenschutz@das-sieben.com

If you have any questions regarding data protection or the processing of your personal data, please contact us by email at datenschutz@das-sieben.com. Immediately before, during or after your stay at our health resort, you are also welcome to contact reception or the management with any questions regarding the processing of your personal data.

As part of our online services, we process users’ personal data, namely master data (e.g. customers’ names and addresses), contractual data (e.g. services used, names of case handlers, payment details), usage data (e.g. the pages visited on our online service, interest in our products) and content data (e.g. entries in the contact form).

The term ‘user’ covers all persons affected by data processing and is to be understood as gender-neutral. ‘Users’ include, in particular, our customers, business partners and other visitors to our online services.

Legal basis for data processing:

• Consent (Article 6(1)(a) GDPR);
• Conclusion and performance of a contract (Article 6(1)(b) GDPR);
• Compliance with a legal obligation (Art. 6(1)(c) GDPR);
• Processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party, where such interests are not overridden by the interests or fundamental rights and freedoms of the data subject (Article 6(1)(f) of the GDPR);

This website uses SSL encryption for security reasons and to protect the transmission of confidential information, such as orders or enquiries that you send to us as the website operator. You can recognise an encrypted connection by the fact that the address bar of your browser changes from “http://” to “https://” and by the padlock icon in the address bar. This ensures that the data you transmit to us cannot be read by third parties. Furthermore, this is intended to protect the data we process against accidental or deliberate manipulation, destruction, loss or access by unauthorised persons.

We use your personal data only within our company.

Should data be passed on to service providers in the context of commissioned data processing, we also require them to comply with our data protection regulations. We will only disclose your data to authorities entitled to receive such information if we are required to do so by law or by court order.

Users can voluntarily create a user account in certain sections of our website, which allows them to view their orders (e.g. vouchers, online bookings, etc.). This user account is not public and cannot be indexed by search engines. If you close your user account, your data relating to the account will be deleted, unless retention is necessary for commercial or tax law reasons.

When you register, log in again or use our online services, we store your IP address and the time of the respective user action.

When you contact us (via the online contact form or by email), the information you provide will be processed for the purpose of handling your enquiry and responding to it.

On the basis of our legitimate interests, we also collect and store information in server log files that your browser automatically transmits to us. This includes: browser type and version, operating system, referrer URL, hostname of the accessing computer, time of the server request, and your IP address.

Log file information is stored for a maximum of seven days for security reasons (e.g. to investigate misuse or fraud) and is then deleted. Data that needs to be retained for further evidence purposes is exempt from deletion until the respective incident has been fully clarified.

This data is not combined with other data sources.

(1) This website uses features of the web analytics service Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on users’ computers and enable an analysis of their use of the website.  The information generated by cookies regarding users’ use of the online service is generally transmitted to a Google server in the USA and stored there. The storage of Google Analytics cookies is based on Article 6(1)(f) of the GDPR. 

(2) We have a legitimate interest in analysing user behaviour in order to optimise both the website and the advertising.

(3) Google will use this information on our behalf to evaluate users’ use of our online offering, to compile reports on activities within this online offering, and to provide us with further services related to the use of this online offering and internet usage. 

(4) We use Google Analytics to display adverts placed within Google’s advertising services and those of its partners only to users who have shown an interest in our online offering or who exhibit certain characteristics (e.g. interest in content or products determined on the basis of the websites visited) that we transmit to Google (so-called “remarketing” or “Google Analytics Audiences”). We also use Remarketing Audiences to ensure that our adverts match users’ potential interests and do not appear intrusive.

(5) We have enabled the IP anonymisation feature on this website. This means that your IP address is truncated by Google within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.

(6) On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

(7) You can prevent the storage of cookies by adjusting your browser software settings accordingly (so-called browser plugin: https://tools.google.com/dlpage/gaoptout?hl=de). Please note that in this case you may not be able to use all the functions of this website to their full extent. 

(8) Further information on Google’s use of data and options for objecting can be found via the following Google links:

https://www.google.com/intl/de/policies/privacy/partners (Google’s use of data when you use our partners’ websites or apps)

http://www.google.com/policies/technologies/ads (Data usage for advertising purposes)

http://www.google.de/settings/ads (Manage the information Google uses to show you adverts).

(9) Google is certified under the Privacy Shield Agreement and thereby guarantees compliance with European data protection law https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

(1) Our websites use the Google Analytics Remarketing features in conjunction with the cross-device features of Google AdWords. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. (“Google”)

(2) These functions enable us to display advertisements to our users on our website in a more targeted manner; for example, interest-based, personalised advertising messages that have been tailored to you based on your previous usage and browsing behaviour on one device (e.g. mobile phone) are also displayed on another of your devices (e.g. tablet or PC). 

(3) If, for example, a user is shown adverts for products in which they have already expressed an interest on other websites, this is referred to as remarketing. For these purposes, when our website or other websites on which Google tools are active are accessed, a so-called web beacon (code from Google) is executed directly by Google and integrated into the website. With the help of this, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies may also be used instead of cookies). 

(4) Each Google AdWords customer receives a different cookie. These cookies cannot be tracked across the websites of AdWords customers. The information collected in this way (via conversion cookies) is used to generate conversion statistics. This means, for example, that we only learn the total number of users who have clicked on an advertisement. However, these statistics do not contain any information that could be used to personally identify users. 

(5) The user’s IP address is also recorded; however, within the scope of Google Analytics, we state that the IP address is truncated within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area, and is only transmitted in full to a Google server in the USA and truncated there in exceptional cases. The IP address is not merged with user data from other Google services. The aforementioned information may also be combined by Google with such information from other sources. When the user subsequently visits other websites, they may be shown advertisements tailored to their interests.

(6) If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google Conversion Tracking cookie via your internet browser under user settings. You will therefore not be included in our conversion tracking statistics.

(7) For further information on Google’s use of data for marketing purposes, please visit the overview page: https://www.google.com/policies/technologies/ads; Google’s privacy policy is available at https://www.google.com/policies/privacy.

(8) If you wish to object to interest-based advertising via Google Marketing Services, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences.

(9) Google is certified under the Privacy Shield Agreement and thereby guarantees compliance with European data protection law

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

(1) This website incorporates plugins from the social network Facebook (provider: Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA). You can recognise these Facebook plugins by the Facebook logo or the ‘Like’ button on our site. You can find an overview of the available Facebook plugins at: developers.facebook.com/docs/plugins/.

(2) When you visit our pages, the plugin establishes a direct connection between your browser and the Facebook server. Facebook thereby receives the information that you have visited our site using your IP address. If you click the Facebook “Like” button whilst logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to associate your visit to our pages with your user account. Please note that, as the provider of the website, we have no knowledge of the content of the data transmitted or how it is used by Facebook. Further information on this can be found in Facebook’s privacy policy at: de-de.facebook.com/policy.php.

(3) If you do not wish Facebook to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account and delete your cookies. 

(4) Facebook is certified under the Privacy Shield Agreement and thereby offers a guarantee of compliance with European data protection law https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

(5) Further settings and objections regarding the use of data for advertising purposes can be found within the Facebook profile settings: https://www.facebook.com/settings?tab=ads

(1) This site uses Instagram features. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. You can recognise the Instagram button by the Instagram camera icon.

(2) If you are logged into your Instagram account, clicking this Instagram button allows you to link the content of our pages to your Instagram profile. This enables Instagram to associate your visit to our pages with your user account. Please note that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it is used by Instagram.

(3) Further information on this can be found in Instagram’s privacy policy: https://instagram.com/about/legal/privacy/

(1) This page uses features provided by Linktree. These features are offered by Linktree Pty Ltd, 37 Islington St, Collingwood VIC 3066, Australia. You can recognise the Linktree button by the Linktree tree icon.

(2) If you are logged into your Instagram account, clicking the Linktree link on our Instagram profile will take you to an overview page. The links listed there will take you to our website. This enables Linktree to associate your visit to our pages with your user account. Please note that, as the provider of the pages, we can only view the number of general page views via Linktree. However, we have no knowledge of the further content of the data transmitted or its use by Linktree.

(3) Further information on this can be found in Linktree’s privacy policy at https://linktr.ee/s/privacy/

(1) As part of our online offering, we use the so-called "Facebook Pixel" from the social network Facebook on the basis of our legitimate interests in analysing and optimising our online offering. This is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). 

(2) Facebook is certified under the Privacy Shield Agreement and thereby offers a guarantee of compliance with European data protection law: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

(3) This allows the behaviour of website visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook advertisement. This enables the effectiveness of Facebook advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimised.

(4) The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions regarding the identity of the users. However, the data is stored and processed by Facebook, enabling a link to be established with the respective user profile and allowing Facebook to use the data for its own advertising purposes, in accordance with Facebook’s Data Use Policy. This enables Facebook to display advertisements on Facebook pages as well as outside of Facebook. We, as the operator of this website, have no influence over this use of the data.

(5) The processing of data by Facebook takes place in accordance with Facebook’s Data Use Policy. You can find further information on the protection of your privacy in Facebook’s privacy policy: https://www.facebook.com/about/privacy/

(6) Specific information and details regarding the Facebook Pixel and how it works can be found in Facebook’s Help Centre: https://www.facebook.com/business/help/651294705016616.

(7) You can object to the collection of data via the Facebook Pixel and the use of your data for the display of Facebook ads athttps://www.facebook.com/settings?tab=ads.

(1) By subscribing to our newsletter offered on our website, you agree to receive it and to the procedures described.

(2) We send newsletters, emails and other electronic communications containing promotional information only with the consent of the recipients or where permitted by law. Furthermore, our newsletters contain information about our current offers, news and promotions from our companies.

(3) Registration for our newsletter is carried out exclusively via a so-called double opt-in procedure. This means that after registering via the contact form, you will receive an email asking you to confirm your registration. This confirmation is necessary to ensure that no one can register using someone else’s email address or impersonate you. Subscriptions to the newsletter are logged in order to be able to verify the subscription process in accordance with legal requirements. This includes storing the time of subscription and confirmation, as well as the IP address. Changes to your data stored with the mailing service provider are also logged.

(4) Mailing service provider: The newsletter is sent via “mailingwerk”, an Austrian newsletter distribution platform. You can view the mailing service provider’s privacy policy here: https://www.netwerk.at/datenschutz/

(5) Our newsletters contain a so-called web beacon (a small file that is retrieved from the mailing service provider’s server when the newsletter is opened). This collects technical information, such as details about your browser and system, as well as your IP address and the time of retrieval. This information is used to improve the technical aspects of our services. These statistical purposes also include determining whether the newsletter is opened, when it is opened and which links within the newsletter are clicked.

(6) The use of the mailing service provider, the carrying out of statistical surveys and analyses, and the logging of the registration process are based on our legitimate interests pursuant to Article 6(1)(f) of the GDPR. Our interest lies in the use of a user-friendly and secure newsletter system that serves both our business interests and meets users’ expectations.

(7) Unsubscription/Withdrawal – You may unsubscribe from our newsletter at any time. This will simultaneously withdraw your consent to its dispatch by the mailing service provider and to the statistical analyses. Unfortunately, it is not possible to withdraw consent separately for the dispatch by the mailing service provider or for statistical analysis. You will find a link to unsubscribe from the newsletter at the end of every newsletter. Your personal data will be deleted upon unsubscription.

(1) You can sign up for a free brochure delivery service via the relevant contact form on our website. Registrations for the brochure delivery service are logged so that we can provide evidence of the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation, as well as the IP address. 

(2) The data you provide will be used exclusively for the brochure delivery you have requested and will not be passed on to third parties. 

(3) Your data will be deleted once the applicable warranty, guarantee, limitation and statutory or contractual retention periods have expired, or, where applicable, once any legal disputes in which the data is required as evidence have been resolved.

(1) You can use the contact form on our website to send a non-binding enquiry to your chosen Vivea health hotel. Enquiries are logged so that we can provide evidence of the registration process in accordance with legal requirements. This includes recording the time of registration and confirmation, as well as the IP address. 

(2) The data you provide will be used exclusively for the enquiry you have made and will not be passed on to third parties. 

(3) Your data will be deleted once the applicable warranty, guarantee, limitation and statutory or contractual retention periods have expired, or, where applicable, once any legal disputes in which the data is required as evidence have been resolved.

(1) Our website incorporates services provided by third parties on the basis of our legitimate interests (i.e. our interest in the analysis, optimisation and commercial operation of our online offering within the meaning of Article 6(1)(f) of the GDPR). This always requires that the third-party providers of this content detect the user’s IP address, as they would be unable to send the content to the user’s browser without it. The IP address is therefore necessary for the display of this content. Third-party providers may, amongst other things, use pixel tags (web beacons) for statistical or marketing purposes. These pixels enable information such as visitor traffic on the pages of this website to be analysed. The pseudonymous information may also be stored in cookies on the user’s device and may include, amongst other things, technical information about the browser and operating system, referring websites, time of visit and further details regarding the use of our online service, as well as being linked to such information from other sources.

(2) Below you will find an overview of the third-party providers we use and their content, as well as the relevant links to their respective privacy policies:

• External payment services:
  • Sofort AG / Klarna: https://www.klarna.com/at/datenschutz/
  • Concardis: In the area of card payments (direct debit/girocard/credit cards), we work in collaboration with Concardis GmbH (Concardis), Helfmann Park 7, D-65760 Eschborn, represented by its managing directors Mark Freese, Jens Mahlke and Luca Zanotti. In this context, in addition to the purchase amount and date, card details are also transmitted to the aforementioned company. All payment data, as well as data relating to any chargebacks that may occur, are stored only for as long as is necessary for payment processing (including the handling of potential chargebacks and debt collection) and for the prevention of fraud. As a rule, the data is deleted no later than 13 months after it is collected. Furthermore, data may be stored for a longer period if and for as long as this is necessary to comply with a statutory retention period or to investigate a specific case of misuse. The legal basis for data processing is Article 6(1)(f) of the General Data Protection Regulation. You may request access to, and where applicable, rectification or erasure of, your data, as well as restriction of its processing, and/or object to the processing of your data where applicable. If you have any questions regarding data processing by Concardis or wish to exercise your aforementioned rights, you may contact the Data Protection Officer, who can be reached at the address provided or by email at Datenschutzbeauftragter@concardis.com. Furthermore, you have the right to lodge a complaint with a supervisory authority. Please note that the provision of payment details is not required by law or contract. If you do not wish to provide your payment details, you may use a different payment method.
    Privacy Policy: https://www.concardis.com/at-de/datenschutzerklaerung 
• External fonts from Google Inc., www.google.com/fonts (“Google Fonts”). Google Fonts are integrated via a server request to Google (usually in the USA).
  Privacy policy: https://www.google.com/policies/privacy/
  Opt-out: https://www.google.com/settings/ads/
• Maps from the “Google Maps” service provided by the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
  Privacy policy: https://www.google.com/policies/privacy/
  Opt-out: https://www.google.com/settings/ads/
• Videos from the “YouTube” platform provided by the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
  Privacy policy: https://www.google.com/policies/privacy/
  Opt-out: https://www.google.com/settings/ads/
• LinkedIn: The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time you access one of our pages that contains LinkedIn features, a connection is established with LinkedIn’s servers. LinkedIn is informed that you have visited our website using your IP address. If you click the LinkedIn ‘Recommend’ button whilst logged into your LinkedIn account, LinkedIn is able to associate your visit to our website with you and your user account. Please note that, as the provider of the website, we have no knowledge of the content of the data transmitted or its use by LinkedIn.
  Privacy policy: https://www.linkedin.com/legal/privacy-policy
  Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
• XING: The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time one of our pages containing Xing features is accessed, a connection is established with Xing’s servers. To the best of our knowledge, no personal data is stored in the process. In particular, no IP addresses are stored and no usage behaviour is analysed.
  Privacy policy: https://www.xing.com/app/share?op=data_protection.
• Web analytics and optimisation using the Hotjar service (third-party provider Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe). With the help of Hotjar, we can track movements on the websites where Hotjar is used (so-called heatmaps). For example, it shows how far users scroll and which buttons they click on and how often. Furthermore, technical data such as the selected language, operating system, screen resolution and browser type are recorded. In doing so, user profiles may be created, at least temporarily during the visit to our website. Furthermore, Hotjar also enables us to gather feedback directly from website users. This provides us with valuable information to help us make our websites even faster and more user-friendly.
  Privacy policy: https://www.hotjar.com/privacy. Opt-out: https://www.hotjar.com/opt-out

(1) Users have the right, upon request, to receive information free of charge regarding the personal data we hold about them.

(2) With regard to this request for information, we would like to point out that the right set out in Article 15 of the GDPR to request information about the data processed concerning you as the data subject is a highly personal right. Accordingly, we are obliged to obtain and document proof of your identity. This is particularly to ensure that only you, as the data subject, receive information about your data. In doing so, you help us to prevent any misuse of the right to information.

(3) Upon receipt of your proof of identity, we will comply with your request without delay. The statutory period of one month for providing the information, as set out in Article 12 of the GDPR, only begins upon receipt of valid proof of identity.

(4) In addition, users have the right to have inaccurate data rectified, to restrict the processing and erasure of their personal data, where applicable, to exercise their rights to data portability, and, in the event of unlawful data processing, to lodge a complaint with the competent supervisory authority. 

(5) Users may also withdraw their consent, generally with effect for the future.

(1) The data stored by us will be deleted as soon as it is no longer required for the purpose for which it was collected and there are no legal retention obligations preventing its deletion. Where user data is not deleted because it is required for other, legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for any other purposes. This applies, for example, to user data that must be retained for commercial or tax law reasons.

(2) In accordance with legal requirements, data is retained for 6 years pursuant to Section 257(1) of the German Commercial Code (HGB) (commercial ledgers, inventories, opening balance sheets, annual financial statements, commercial correspondence, accounting documents, etc.), for 10 years in accordance with Section 147(1) of the German Fiscal Code (AO) (ledgers, records, management reports, accounting documents, commercial and business correspondence, documents relevant for taxation, etc.)

Users may object at any time to the future processing of their personal data in accordance with the relevant legal provisions. In particular, they may object to the processing of their data for direct marketing purposes.

(1) We reserve the right to amend this privacy policy to bring it into line with changes in the legal landscape, or in the event of changes to the service or data processing. However, this applies only to provisions relating to data processing. Where users’ consent is required, or where parts of the privacy policy contain provisions governing the contractual relationship with users, any amendments will only be made with the users’ consent.