Data protection declaration

1 Organisation responsible for data processing

The organisation responsible in accordance with article 4 para. 7 EU General Data Protection Regulation (GDPR) is

Weitzer Hotels Betriebsgesellschaft m.b.H.
Grieskai 12-14
8020 Graz, Austria
T: +43 316 703-0

2 The following applies with regards to interested parties, guests, potential guests, customers, suppliers and business partners

We store data provided by you as a user of the website and/or as a guest, customer, supplier or business partner by means of information, such as in the course of an enquiry or registration or for the conclusion of a contract.

We will only pass on personal data to third parties if it is necessary for the purpose of contract execution or for invoicing purposes and if you as the user of the website and/or as a guest have given consent beforehand. We have concluded processor contracts in conformity with the law with all third parties – if necessary.

The stored personal data will be deleted, if you as the user of the website and/or customer withdraw your consent regarding storage and if your data is not required for the purpose of the storage any longer or if the storage is or becomes unlawful for other legal reasons. Data for invoicing purposes and accounting purposes are subject to the legal retention period in accordance with the Federal Tax Code (BAO) and are not affected by a deletion request.

The below points are the legal basis of data processing:

  • Contract initiation and performance in accordance with article 6 para 1 lit b GDPR in order to carry out your reservations and bookings in a completely satisfactory manner.
  • Legal obligations in accordance with article 6 para 1 lit c GDPR we have to comply with such as retention and documentation obligations prescribed by law.
  • Justified interests of our company in the sense of article 6 para 1 lit f GDPR and justified interests in the sense of article 6 para 1 lit f GDPR by a third party,
  • Article 6 para 1 lit a GDPR in the course of obtaining consent in the framework of registration for e.g. receiving newsletters and marketing material

3 Collection of personal data during your visit to our website

3.1  Informative use of the website

For purely informative use of the website we only collect the personal data your browser transmits to our server. If you wish to look at our website, we will collect the data that is technically required by us to show you our website and to ensure stability and quality, only:

  • IP address
  • Date and time of the enquiry
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • Access status/HTTP status code
  • Website the request originates from
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

Article 6 para 1 lit f GDPR is the legal basis

4 Cookies

In addition to the data mentioned above, cookies will be stored on your server when you use our website. Cookies are small text files that are stored on your hard drive; they are allocated to the browser used by you and allow certain information to reach the organisation that places the cookie (in this case us). Cookies are not able to carry out programmes or to transfer viruses to your computer.

By means of the cookie you will be recognised when you visit the website without the need to re-enter data you already entered previously.

The information contained in the cookies is, for example, used to determine whether you are logged in or what data you already entered, or to recognise you as a user if a connection is established between our web server and your browser. Most web browsers accept cookies automatically.

By using our website you consent to the use of these cookies, to the extent cookies are accepted in accordance with your browser settings

4.1 Transient cookies

Transient cookies are deleted automatically when you close the browser. They include session cookies, in particular. Session cookies store a so-called session ID which allow various enquiries by your browser to be allocated to the joint session. This makes it possible to recognise your computer when you return to our website. These session cookies are deleted when you log out or close the browser.

4.2 Persistent cookies

Persistent cookies are deleted automatically after a predetermined period of time which may vary depending on the cookie. You can delete the cookies at any point in time in your browser’s safety settings.

4.3 Third-party provider cookies

These are cookies from providers other than the operator of the website. They may be used, for example, to collect information for marketing purposes, user-defined contents and web statistics.

4.4 Browser

Most browsers’ standard settings are set to accept all cookies. You can program your browser in such a way that you will be informed about the placement of cookies and that you allow cookies in individual cases only, exclude the acceptance of cookies in certain cases or in general. If cookies are deactivated, the functionality of our website may be restricted.

You can remove cookies stored on your PC at any point in time by deleting the temporary internet files.

Article 6 para 1 lit f GDPR is the legal basis

5 Server log files

To optimise this website with regards to system performance, user friendliness and provision of useful information about our services, the provider of the website automatically collects and stores information in the so-called server log files which are automatically transmitted to us by your browser. This includes the Internet Protocol address (IP address) of the requesting computer (including mobile devices), browser and language settings, operating system, referrer URL, your internet service provider and date/time.

This data is not combined with personal data sources. We reserve the right to carry out a subsequent check of this data, if we become aware of concrete indications regarding illegal use, and – in the event of a hacker attack – to transmit the data to the law enforcement authorities. Otherwise data will be not passed on to third parties.

Article 6 para 1 lit f GDPR is the legal basis

6 Use of data for services provided by Google

Google Ireland Limited (“Google”), a company registered and operated in accordance with Irish law (registration number: 368047) with its seat at Gordon House, Barrow Street, Dublin 4, Ireland undertakes to comply with the Privacy-Shield agreement concluded between the EU and the USA and published by the US Department of Commerce, about collection, use and storage of personal data from the EU member states. Google, including its wholly owned subsidiaries in the USA has declared by means of certification that it complies with the respective Privacy-Shield-principles. Click here for Google’s Privacy-Shield certification. The same applies to the services provided by Google listed below.

6.1        Google Analytics

This website uses the function “Activation of IP anonymisation” (i.e Google Analytics was extended by the code “gat._anonymizelp();” in order to ensure anonymised collection of IP addresses (so-called IP-Masking)). As a result your IP address is first shortened by Google within member states of the European Union or in other contract states of the agreement about the European Economic Area. The full IP address is transmitted to a Google server in the USA and shortened there in exceptional cases only.

In accordance with information by Google, Google uses the information it obtained to analyse your use of the website, produce reports concerning the website activities and to provide further services regarding the use of the website and internet use to us. The IP address transmitted by your browser within the framework of Google Analytics is not combined with other data by Google. If necessary, Google will transmit this information to third parties, if prescribed by law or to the extent this data is processed by third parties on behalf of Google. You can prevent storage of the cookies by means of respective settings of your browser software. We would like to point out that in this case you will not be able to use all functions of the websites in full. You can also prevent collection of the data created by the cookie related to your use of the websites (including your anonymised IP address) by Google and processing of this data by Google by downloading and installing the browser plug-in available under the following link (

For further information on user terms and conditions and data protection see or

6.2        Google Tag Manager

We use the so-called Google Tag Manager in order to identify your user behaviour. The Google Tag Manager is a solution that allows the marketer to administer website tags via a surface. The tool itself (implementing the tags) is a cookie-free domain and does not record personal data. The tool ensures that other tags are triggered which potentially record data. Google Tag Manager does not access this data. If a deactivation took place on domain or cookie level, it remains in force for all tracking tags implemented by means of Google Tag Manager.

For further information see:

6.3 Google Fonts

We use Google Fonts. The use of Google Fonts takes place without authentication and no cookies are sent to the Google Fonts API. If you have a Google account, no Google account information will be transmitted to Google during use of Google Fonts. Google only records the use of CSS and the used fonts and stores this data safely. For further information and questions see

For information on what data is recorded by Google and how this data is used see

Article 6 para 1 lit a GDPR is the legal basis

7 Use of data and services provided by Facebook

Our services use Social Plugins (“plugins”) by Facebook (Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland). The plugins are recognisable by one of the Facebook logos (dark grey or black “f” on light grey circle or white “f” on blue tile, or the term “like”, “share” or a “thumbs-up” sign) or they are marked with the addition “Facebook social plugin”. The list and appearance of the Facebook social plugins are available here:

If a user accesses a website of this offer containing such a plugin, the browser will create a direct connection with Facebook’s servers. Facebook directly transmits the content of the plugin to your browser and includes it in this website. We therefore have no influence on the extent of the data Facebook obtains by means of this plugin.

The data obtained this way is anonymous for us, this means we do not see individual users’ personal data. This data is, however, stored and processed by Facebook and we notify you in accordance with our level of knowledge. Facebook can connect this data with your Facebook account and use it for its own advertising purposes, in accordance with Facebook’s guideline for data use You can enable Facebook and its partners to place advertising campaigns on and outside Facebook. It can also store a cookie on your computer for these purposes.

Users must be over 14 years of age to be able to give this consent. If you are younger, please ask your legal guardian. Please click here if you wish to withdraw your consent:

Article 6 para 1 lit a GDPR is the legal basis

8 Use of Instagram

On our website we also use the functions of the social media network Instagram by Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. By means of the functions for embedding Instagram contents (embed function) we are able to show images and videos. By accessing sites that use such functions, data (IP address, browser data, date, time, cookies) is transmitted to Instagram, stored and evaluated. In the event you are signed in to your Instagram account – while you surf on our website – this data will be allocated to your personal account. For data protection guidelines about information collected by Instagram and how it is used, see

Article 6 para 1 lit a GDPR is the legal basis

9 Use of TripAdvisor

The plugins of the website TripAdvisor (TripAdvisor Inc., 141 Needham Street, Newton, MA 02464, USA) are integrated on our page. The plugins recognise you by the respective logo on our page. If you visit our page, a direct connection is established between your browser and the respective plugin providers’ server via the plugin. This way TripAdvisor obtains the information that you visited our page with your IP address. We would like to point out that we as the provider of the page are not notified about the content of the transmitted data and their use by TripAdvisor. For further information see TripAdvisor’s data protection declarations under:

Article 6 para 1 lit a GDPR is the legal basis

10 Your rights

You have the following rights vis-à-vis us with regards to your personal data:

  • Right to information, correction and deletion
  • Right to restriction of processing
  • Right to object to processing
  • Right to data transferability

Please direct your enquiries and concerns to us by email to or use the contact details provided to contact us.

In the event the data processed by us is incorrect, please notify us accordingly. We will correct it immediately and notify you accordingly. In the event you do not wish us to process your data any longer, please send us an informal message. We will, of course, delete the data immediately and notify you accordingly. If deletion is not possible due to mandatory legal reasons, we will notify you accordingly without undue delay.

If you believe we violate Austrian or European data protection right in the course of processing your data and thus infringe your rights, please contact us to clarify any questions you may have.

You are also entitled to complain to the regulatory authority, the Austrian Data Protection Authority:

Austrian Data Protection Authority

Barichgasse 40 – 42
1030 Vienna
Phone: +43 1 52 152-0

11 Changes to this data protection declaration

We reserve the right to make adjustments to our data protection declaration from time to time. We will not restrict your rights in accordance with this data protection declaration without your express consent. All changes to this data protection declaration will be published by us on this page. Please check the respective current version of our data protection declaration in this respect.

12 Exclusion of liability

Weitzer Hotels BetriebsgesmbH does not accept any liability for contents on third-party websites that are referred to via links. The operators of other websites are exclusively responsible for the contents of the linked pages.

13 Contact

Weitzer Hotels Betriebsgesellschaft m.b.H.
Grieskai 12-14
8020 Graz, Austria
T: +43 316 703-0