Data protection
Effective date: 25/05/2018
 
In accordance with the ORDINANCE (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, we inform you that we will process personal data of customers and suppliers, as well as data of persons who communicate their data willingly (personally, by phoning, by faxing or by e-mailing to us) and by registering on our website, as well as persons whose data have been acquired by third parties, for example when collecting external data for business information, public directories, etc., whereas in the latter case only personal data of ordinary / common kind and nature is concerned.

Our company guarantees within the framework of legal regulations that the processing of personal data takes into account the fundamental rights and freedoms as well as the dignity of the person concerned, with particular reference to secrecy, personal identity and the right of protecting personal data.
Target and purpose positions in data processing:

In relation to the above stated objectives, your personal information will be forwarded as needed: What kind of information is collected from you and for how long?

1.  Information provided by the user and collected automatically

The personal data stored by our company are collected directly from customers or third parties, such as the hypothesis that the company acquires data from external companies for commercial information, market research, direct offers of products or services. For this last type of data, an informative notice will be provided at the time of its registration or, in any event, no later than the first possible notice.

In addition, our company may possess data that the law defines as "sensitive" in relation to customer-requested transactions. The law requires a specific consent for their utilization.

Each time you visit our platforms, we may collect information about the devices you use and the networks you are connected to when using our services, in accordance with applicable laws and, where applicable, your consent. This may include: IP address, login information, browser type and version, browser plug-in types and versions, operating system and platform, advertising ID, visit information including the clickstream URL to, from and to our platforms, products viewed or searched, download errors, duration of visits to specific pages, interaction on the pages and any phone numbers used to call our customer service. We collect this information using various technologies, including cookies (see our Cookie Policy for more information).

2. Data Storage

Click on this link to see the retention period of the data.
 
Type of data processing: 

The data processing may be carried out with or without the aid of electronic means - in any case automatic - and includes all the operations required and necessary for the data processing concerned. In any case, the data processing will be carried out in compliance with all security measures that ensure their security and secrecy. 

Advertising online
For advertising purposes, based on your interests and to display targeted online advertising based on the use of cookies, we may also combine the data collected by cookies with other data we have collected. If you do not want information to be processed through the use of cookies, read our Cookies section to learn how to review and disable this information. Please note that the exclusion of interest-based advertising does not prevent the display of advertising that is not based on your interests.

Third parties who act as processors of such contractual processing guarantee that they will not store the data received from the client and will not use them for other purposes. Our contractors are contractually committed to use the same privacy and security standards, and we ensure that they are complied with. 
 
Dati di navigazione Internet: 

The computer systems and procedures provided for the function of the stafler.com website collect certain personal information during normal operation, the transmission of which is subject to the use of data exchange protocols on the Internet.

It is information that is not collected to associate with identified persons but, by their nature, enables users to be identified by processing and linking to third party data. This category of data includes the IP addresses or domain names of the computers that connect to the website, the Uniform Resource Identifier (URI) addresses of the resources requested, the time of the request, and other parameters related to the transfer and the data communication of the user's computer environment.

These data are used only for the purpose of collecting anonymous statistical information when using the Website to verify that it works correctly. The data in question may be used to establish liability in the case of offenses by means of information technology to the detriment of our website.
 
Transfer of data abroad: 

We may need to submit your data to service providers in non-European countries (EEA). The EEA consists of countries of the European Union and Switzerland, Iceland, Liechtenstein and Norway, which are considered to be countries with equivalent data protection and privacy laws. This type of data transfer may occur if our servers (i.e. where we store data) or our suppliers and service providers are located outside the EEA or if you use our products and services during your stay in countries outside the EEA from this area.
The updated list of third countries to which the company may transfer data is available on request to the data controller.
If such transfer takes place, we will ensure that it is in accordance with this Privacy Policy and that it is governed by standard contractual clauses approved by the European Commission that provide reasonable protection for the parties concerned.
 
Rights of the person concerned: 

The Basic Data Protection Regulation 679/2016 gives the data subject the opportunity to exercise certain rights. In particular, it has the right to obtain information on whether and what kind of its data exist and to obtain in an understandable form details of such data, their origin and the reason for and purpose of their processing, as well as details of the holder and controller of the processing and persons and categories of persons to whom such data may be transmitted.

The data subject has the right to update, correct and complete his data and to request that the data be deleted, blocked and converted into anonymous data if the processing violates the legal provisions. He has the right, for a justified reason, to oppose, in whole or in part, the processing of his data, and for no justified reason, to use data for the purposes of trade information, the sending of advertising material, direct sales, market research and opinion polling.
In addition, from 25 May 2018 onwards, the right to data portability will apply. For more information, please contact the data controller.
If you believe that your rights have been violated, you have the right to lodge a complaint with the competent data protection authority (Garante della Privacy) or to take legal action.
 
The rights can be asserted on the part of the person concerned or a person commissioned by him, by means of a request to the person responsible for data processing at the Family Stafler – Mauls Nr. 10 -  39040 Freienfeld at Sterzing - by registered mail or e-mail to info@stafler.com 

Holder of the data processing:

Family Stafler
[AddressFamily]
Mauls Nr. 10
39040 Freienfeld at Sterzing
T. +39 0472 771 136
F. [AddressFax]
info@stafler.com
 


Using the online booking tool DIRS21 of TourOnline AG
Our online presence uses to make online bookings of accommodation and other travel services, as well as for the processing of inquiries, the online booking tool DIRS21 (hereinafter "OBT") of the company TourOnline AG, Borsigstraße 26, 73249 Wernau, Germany (www.dirs21.de, hereinafter "TOAG"). As part of OBT, TOAG processes the data as the person responsible. 
You will find the notices and provisions on data protection in the TOAG privacy policy for the OBT, which you can call up at any time from the OBT or at www.dirs21.de/en/privacy.


Web push notifications from PushPanda.io

We use web push notifications from PushPanda.io. Web push notifications are notifications that can be displayed on your terminal device without opening the website or the relevant app.
No distinctive user data, such as IP addresses or similar, that could allow the user in question to be identified, are saved. If somebody registers for the notification distributor (opt-in process), only an identification code and the geographical IP information (country and state) of the user are sent to PushPanda.io and stored in its database. This code is issued by the respective browser provider (Google, Mozilla, etc.) and enables the notifications to be sent to the relevant browser later. Notifications are sent by the browser provider itself.
If the opt-in for push notifications is withdrawn (opt-out), all data saved with PushPanda.io is deleted and the identification code will be invalid.
PushPanda.io is a service of Project K GmbH, with headquarters in Innsbruck, Austria.

Information on how to unsubscribe from push notifications can be found here:

Google Chrome: https://www.pushpanda.io/en/chrome-web-push-messages
Firefox: https://www.pushpanda.io/en/firefox-web-push-messages
Microsoft Edge: https://www.pushpanda.io/en/edge-web-push-messages
 
ADDITIVE+ LANDINGPAGE - Online Marketing and Landing Pages
Beside our website we do also operate optimized landing pages for means of hotel online marketing. To process your request, reservation, order, activation, registration or the transmission of other contact forms on our website as well as to save and store your data we use cloud services, CRM systems and software provided by ADDITIVE Srl, 39011 Lana (BZ), Italy (“ADDITIVE”), our partner in the field of hotel digital marketing. The adequate level of data protection is based on data processing agreements with the respective company.

Our landing pages use Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics enables website operators to analyse the user behavior of the visitors. The information about the user behavior is transmitted to and stored by Google on its servers.

Your IP address is collected but immediately anonymised (for example by deleting the last 8 bits). As a result the geolocation data is less accurate.

You can prevent the data collection connected to your use of our online services through cookies and the processing of this data by Google, by installing the browser-plugin available at the following link: https://chrome.google.com/webstore/detail/google-analytics-opt-out/fllaojicojecljbmefodhfapmkghcbnh

ADDITIVE has an insight into data gathered through Google Analytics. This data will be used only to analyse the use of our websites and to evaluate our marketing and distribution strategies.

Our website and landing pages also use functions provided by ADDITIVE for the multi-channel monitoring of the use of our websites as well as marketing and distribution strategies like landing pages, newsletter and social media presence. Information about your visits and submitted forms on our websites are also transmitted to ADDITIVE in order to evaluate and optimize our marketing and sales measures.

The data processing takes place in accordance with the requirements of art. 6 para. 1 lit f (legitimate interests) of the GDPR.

Our objective in accordance with the GDPR (legitimate interests) is the improvement of our products and services and our web presence through the analysis of the use of our website as well as marketing and distribution strategies.

Our website and our landing pages also use remarketing functions provided by Google Inc. (“Google”) and by Meta Platforms Inc. (“Meta”). Therefore, Meta and Google will know that you have visited our website. This way visitors of our website and of our landing pages will find ads adapted to their interests on Google’s advertising platforms and on the social media platforms Facebook and Instagram.

The data processing takes place in accordance with the requirements of art. 6 para. 1 lit a (consent) of the GDPR.

When you visit our landing pages a banner will inform you about the use of cookies for remarketing functions. If you continue using the website or click on the respective button you consent to the use of cookies. You can deny your consent anytime, by visiting the page containing the cookie information and denying the use in the banner that will be displayed.

ADDITIVE+ VOUCHERS
On our website you have the possibility to buy vouchers by using the integrated voucher software. To process your purchase and to save and store your data we use software provided by ADDITIVE Srl, 39011 Lana (BZ), Italy (“ADDITIVE”) in the context of voucher marketing. Through the use of these services and systems your data will be processed and stored in the EU.

The data you provide is required to fulfil the contract or to carry out pre-contractual measures. Without this data we cannot conclude a contract with you. The data will not be transferred to an outside third party, except for your credit card data which will be transferred to the payment provider and to our tax accountant to fulfil our tax obligations.

The data processing takes place in accordance with the requirements of art. 6 para. 1 lit a (consent) and/or lit b (processing necessary for the performance of a contract) of the GDPR.

ADDITIVE+ MARKETING AUTOMATION - Direct Marketing
In order to increase customer loyalty and to sell our services and additional services we use hotel online marketing software provided by ADDITIVE Srl, 39011 Lana (BZ), Italy (“ADDITIVE”) within the field of hotel marketing automation. Therefore your data, which we gather and process in connection with your request, reservation, order, activation, registration or the transmission of other contact forms on our website, will be analysed and used to provide you with automatically generated offers for our services and additional services. Through the use of these services and systems your data will be processed and stored, at least in part, also outside of the EU or the EEC. The adequate level of data protection is based on data processing agreements.

You can deny the use of your data for this purpose anytime by clicking on the “unsubscribe” link in the respective message.

The data processing takes place in accordance with the requirements of art. 6 para. 1 lit f (legitimate interests) of the GDPR.

Our objective in accordance with the GDPR (legitimate interests) is the prevention of competitive disadvantages, the increase in brand awareness and the maximisation of our economic success through an optimal use of the acquired contacts.

ADDITIVE+ NEWSLETTER
On our website you have the possibility to subscribe to our newsletter. For the subscription we need your email address and your consent to receive our newsletter through ADDITIVE, our provider for hotel e mail marketing. To provide you with relevant information we also gather and process voluntary information concerning interests, name, date of birth and country/region of origin in our hotel newsletter tool.

After signing up for our newsletter you will receive an email containing a link to confirm the subscription.

Your subscription can be cancelled any time by clicking on the cancellation link in the respective newsletter.

To process your subscriptions and to send our newsletters we use software provided by ADDITIVE Srl, 39011 Lana (BZ), Italy (“ADDITIVE”). Through the use of these services and systems your data will be processed and stored, at least in part, also outside of the EU or the EEC. The adequate level of data protection is based on data processing agreements.