BMW DATA PROTECTION INFORMATION.

Alpenhotel Ammerwald as a permanent establishment of BMW AG, Ammerwald 1, 6600 Reutte/Tyrol, Austria, UID no. ATU 31792209 is the provider of the website https://www.bmwgroup.com/content/grpw/websites/alpenhotel-ammerwald_at/de.html 

We process your personal data with the help of processors who assist us in providing the services (e.g. web host, booking engine).  
These processors are obliged to strictly protect your personal data and may not process your personal data for any purpose other than to provide our services.

Your personal information will only be shared with typical business service providers such as banks (in the case of bank transfers to you), accountants (if you appear on our accounts), shipping companies (in the case of shipping to you), credit card companies (in the case of credit card payments). 

It is generally possible to use our website without providing any personal data. Insofar as personal data (e.g. name, address or e-mail addresses) is collected on our website, this is always done on a voluntary basis wherever possible.

Personal data or personal information is any information about an individual by which that individual can be identified. This does not include data from which the identity has been removed (anonymous data).

We may collect, use, store and transfer different types of data about you, which we have grouped together as follows:
 

• Identity data includes first and last names, user names or similar identifiers, marital status, title, date of birth, place of birth, nationality, passport or ID card number, gender and licence plate number.

• Contact details include billing address, postal address, e-mail address, fax and telephone numbers.

• Sensitive data includes information about your state of health and disabilities as well as religious affiliation or dietary requirements if you inform us of any special requirements and provide details.

• Reservation and payment system data includes bank account or credit card details and payments, purpose of stay and other details about your reservations, stays and other services you have purchased from us, as well as comments and responses you have provided in surveys regarding our services.
  

• Technical data about your visit to this website includes the Internet Protocol address (IP address), your login data, browser type and version, time zone and location setting, browser plug-in types and versions, operating system and platform and other technologies of the device you are using to access this website. 
  

• Usage data includes information about how you use our services or connect with us via social media and our website. We will not collect all of the above-mentioned data in every case, but only those data for which there is a specific legal basis.
  

• Normally, we only collect sensitive data about you (this includes information about your religious beliefs or information about your health needs and restrictions) if this is provided voluntarily by you or on your behalf and is necessary to fulfil your requirements during your stay with us or the use of our facilities or services. It may also be necessary to process this information in the event of an accident or medical or other emergency during your stay or other use of our facilities.
  

With regard to children for whom a stay in one of our hotels has been booked, we only collect limited information (number, age and, if required by law, other information such as name, place of birth, etc.).

Your data will be processed for enquiries and reservations as requested by the guest (fields: first name, surname, address, e-mail address, telephone, arrival and departure dates).

After submitting the contact form, the personal data entered by you will be processed by the data controller for the purpose of processing your enquiry on the basis of your consent given by submitting the form. 

There is no legal or contractual obligation to provide personal data. Failure to do so will only mean that you will not be able to submit your request and we will not be able to process it.

You have the right to withdraw your consent in writing at any time without affecting the lawfulness of the processing based on the consent prior to its withdrawal. 

Requests are processed digitally and stored on a local, password-protected drive. The hotel reservation software is also password protected.

In accordance with Art. 17 GDPR for as long as necessary for the purposes for which we process your data.

There is no technical means to view your personal data. However, there is also no individual account that each guest can manage for themselves. Please contact us (Alpenhotel Ammerwald, tel: +43 5672 78131-0 
E-mail:( Alpenhotel.ammerwald@bmw.de), we will be happy to tell you which of your data we have stored.

If you have any questions about our use of your personal data, please contact the Alpenhotel Ammerwald first - either by e-mail at Alpenhotel.ammerwald@bmw.de or by telephone on +43 5672 78131-0 (daily 08:00 am - 06:00 pm).

You can also contact the data protection officer. You can find a list of data protection officers here . 

As an individual affected by the processing of your data, you have certain rights against us under the GDPR and other relevant data protection legislation. The following section explains your rights as a data subject under the GDPR. Depending on the nature and scope of your request, we may ask you to submit it to us in writing.

As a data subject, you have the following rights vis-à-vis BMW under the GDPR:

Right to know (Art. 15 GDPR): 
You may at any time request information from us about the data we hold about you. This information concerns, among other things, the categories of data we process, the purposes for which we process them, the origin of the data if we have not collected it directly from you and, if applicable, the recipients to whom we have transmitted your data. You can obtain a copy of your personal data from us free of charge. If you request additional copies, we reserve the right to charge you for the additional copies. 

Right to rectification (Art. 16 GDPR): 
You can request that we correct your data. We will take reasonable steps to keep the information we hold and process about you accurate, complete and up to date, based on the most recent information available to us.

Right to deletion (Art. 17 GDPR): 
You can ask us to delete your data if the legal requirements are met. According to Art. 17 GDPR, this may be the case, for example, if 

• the data is no longer necessary for the purposes for which it was collected or otherwise processed;

• you withdraw your consent that is the basis for the data processing and there is no other legal basis for the processing; 

• you object to the processing of your data and there are no overriding legitimate grounds for the processing, or you object to the processing of your data for direct marketing purposes;

• the data has been processed unlawfully, unless the processing is necessary, 

• to ensure compliance with a legal obligation that requires us to process your data;

• in particular with regard to statutory retention periods; 

• to assert, exercise or defend legal claims.  

Right to restrict processing (Art. 18 GDPR): 
You can request that we restrict the processing of your data if

• you contest the accuracy of the data, for the period of time we need to verify the accuracy of the data; 

• the processing is unlawful and you object to the deletion of your data and request the restriction of their use instead;

• we no longer need your data, but you need it to assert, exercise or defend legal claims; 

• you have objected to processing pending the verification whether our legitimate grounds override yours.

Right to data portability (Art. 20 GDPR): 
At your request, we will transfer your data to another controller, insofar as this is technically possible. However, you are only entitled to this right if the data processing is based on your consent or is necessary to fulfil a contract. Instead of receiving a copy of your data, you can also ask us to transfer the data directly to another controller specified by you.

Right to object (Art. 21 GDPR): 
You may object to the processing of your data at any time for reasons relating to your particular situation, provided that the data processing is based on your consent or on our or a third party's legitimate interests. In this case, we will no longer process your data. This does not apply if we can demonstrate compelling legitimate grounds for the processing which override your interests, or if we need your data for the establishment, exercise or defence of legal claims.

In general, we aim to respond to all requests within 30 days. However, this period may be extended for reasons relating to the specific data subject right or the complexity of your request.

In certain situations, we may not be able to provide you with access to all of your information due to legal requirements. If we have to reject your request for information in such a case, we will also inform you of the reasons for the rejection.

BMW AG takes your concerns and rights very seriously. However, if you believe that we have not adequately addressed your complaints or concerns, you have the right to complain to a competent data protection authority.