VIVAMAYR Health Resort: Multiple Award-Winning Excellence!

In 2023, the Medical Health Resort VIVAMAYR Maria Wörth once again received multiple awards and our health concept once again successfully stood out against numerous well-known competitors.

Learn more

Data Privacy Patient Dashboard

Last amended: December 2021

We are the controller for this website:

VIVAMAYR Marketing GmbH
Seepromenade 11, A- 9082 Maria Wörth
Tel.: +43 4273 31117
Fax: +43 4273 31117-150
Email: office@vivamayr.com
Web: www.vivamayr.com
Facebook: www.facebook.com/vivamayr.mariawoerth

Registered office: Municipality of Maria Wörth
Companies register number: FN 428877 b
Companies register court: Regional Court of Klagenfurt am Wörthersee
VAT number: ATU 69302426

Our Data Protection Officer:
Kommerzialrat (KommR) Wolfgang Taschler, MAS
Sworn and certified court expert
Paul-Mühlbacher-Weg 6
9020 Klagenfurt

In the following, we provide information about which of your personal data is processed in our systems. Personal data is the information which can be attributed to a person, either directly or indirectly.

We would like to highlight that this privacy policy only applies to the pages of this website. If you leave this website by clicking on a link, the privacy policies of the websites you are directed to will apply.

 

1.Downloading the website

Purpose of data processing:
If you download our website, various pieces of information are exchanged between your end device and our server. These pieces of information are called logfiles.

Logfiles are saved for the following purposes:

  • To guarantee a frictionless establishment of a connection
    • To guarantee comfortable use of our website/application
    • To evaluate system security and -stability.

The following information is sent to the server for this website:

  • The IP address of the requesting device
  • Date and time of the download, time difference to Greenwich Mean Time (GMT)
  • Name and URL of the file downloaded
  • Website/application from which the request originated (referrer URL)
  • Content of the request
  • Access status / http status code
  • The respective volume of data transmitted
  • Website from which the request originated
  • Browser used
  • Operating system and its interface
  • Language and version of the browser software.

Legal base:
This legitimate interest constitutes the legal basis for processing your IP address according to Article 6(1)(f) GDPR and section 165(1) Telecommunications Act 2021 (TKG).

Recipient of transmission:
In the event that our website is used in a way which is unlawful, we reserve the right to transmit this data to the competent authorities and courts for the purposes of criminal prosecution pursuant to Article 6(1)(f) GDPR.

Storage period:
The data will be stored for a maximum of 14 days and then automatically erased.

 

2.Online shop

Purposes of processing data/legal bases:
We process your data for the following purposes:

  • To deliver the products you have requested
  • To make queries about interrupting the delivery, to record and process complaints, update data and change orders
  • To send order confirmations by post or by email
  • To create and send invoices and collect unpaid invoice amounts (dunning process).

The following information is processed:

  • Internal identification code (customer ID)
  • Name
  • Billing address
  • Delivery address
  • Goods and the content of an order
  • Price
  • Payment method
  • Time of order, time of delivery
  • IP address

The legal bases for this are Article 6(1)(b) GDPR and section 165(3) TKG 2021.

Recipient of transmission:

We will transmit your address data to the delivery agent so that they can delivery your orders to you pursuant to sections 5, 6 and 10 Postal Market Act (PMG). DPD, Österreichische Post AG, DHL (international partner of Österreichischen Post AG).

If there is an inspection by the authorities (e.g. tax office) or a court proceeding, we must disclose data which is relevant for the inspection/proceeding to the authorities/courts.

Storage period:
The billing data will be stored for 7 years according to the provisions of Austrian corporate and tax law.

 

3.Online bookings

Purposes of processing data/legal bases: we provide an online booking option to make reservations in our property: VIVAMAYR Maria Wörth BetriebsGmbH Seepromenade 11 9082 Maria Wörth.

The following data is processed:

  • Billing name and billing address
  • E-mail address of the hotel guest
  • Name and address of the guests
  • Date of birth
  • Payment method
  • Room(s) reserved
  • Service requests
  • Download data: user’s end device which is used to open/download mails/the website; emails opened; content of emails

Recipient of transmission:
The service partner Mailpilot arranges for mails to be sent using the provider Mailchimp / Maildrill. If there is an inspection by the authorities (e.g. tax office) or a court proceeding, we must disclose data which is relevant for the inspection/proceeding to the authorities/courts.

Storage period:
The billing data will be stored for 7 years according to the provisions of Austrian corporate and tax law. Non-sensitive access data will be stored for 2 years.

 

4.Guest list

Purposes of processing data/legal bases:
Our property VIVAMAYR Maria Wörth process the following personal data for the purposes of guest management:

  • Name
  • Billing name and billing address
  • Date of birth
  • Sex
  • Nationality
  • Country of origin
  • Address including postcode
  • For foreign guests – the type, number, issue date and issuing authority of the relevant travel document
  • Payment method
  • Room(s) reserved

This data will be transmitted to the registration authority in Austria according to section 5 Registration Act (MeldeG) if the guests are from abroad.

The legal bases for this are Article 6(1)(b) GDPR and section 5 MeldeG.

The following personal data is processed for the purpose of managing guests at the restaurant at the VIVAMAYR Maria Wörth property: name, diet

The legal base for this is Article 6(1)(b) GDPR.

Recipient of transmission:
If there is an inspection by the authorities (e.g. tax office) or a court proceeding, we must disclose data which is relevant for the inspection/proceeding to the authorities/courts.

Storage period:
The billing data will be stored for 7 years according to the provisions of Austrian corporate and tax law.

 

5.Use of MED@home

Purposes of processing data/legal bases:
To use our pre-care and post-care services, the following data is processed:

  • Name
  • Date of birth
  • Email address
  • Telephone number
  • Address
  • Date of arrival
  • Date of departure
  • VIVAMAYR location (VIVAMAYR Maria Wörth)
  • Content data
  • Product description

The abovementioned data is processed in order to offer you our services and perform the contracts. The legal base for this is Article 6(1)(b) GDPR.

If you decide to take advantage of a telemedical consultation, the following data will be stored:

  • Name
  • Date of birth
  • Email address
  • Telephone number
  • Telephone appointment

Health data is processed pursuant to sections 9 and 10 of the Federal Act on Hospitals and Sanatoria and section 51 Physicians Act 1998 and Article 9(2)(h) and (3) GDPR.

Our staff are bound by confidentiality obligations. This data will only be processed by the healthcare staff at the location where you receive the services. These services may be processed at the following location: VIVAMAYR Maria Wörth

VIVAMAYR Marketing GmbH will not perform any processing.

Storage period:
The data must be stored for 10 years according to section 51 Physicians Act (ÄrzteG). The data will be erased automatically 10 years after your last treatment.

 

6. Personal Health Center

Purposes of processing data/legal bases:
The Personal Health Center we offer allows you to view your results electronically. They will be uploaded by the staff at the resort you visited based on your registration on the dashboard.

The results contain the following data:

  • Name
  • Date of birth
  • Email address
  • Telephone number
  • Address
  • Results data

Health data is processed pursuant to section 51 ÄrzteG 1998 and Article 9(2)(h) and (3) GDPR.

This data will only be processed at the location where you receive the service. These services may be processed at the following locations:

There will be no processing by VIVAMAYR Marketing GmbH or by hotels or other health resorts belonging to the VIVAMAYR Group.

For security reasons, you will only receive the data after a 2-step authentication has been done, to ensure that no third parties gain access to your results.

Storage period:
You can choose how long the data remains stored in the Personal Health Center yourself. However, results will be erased 14 months after being uploaded, at the latest. You will receive an email about this in good time before the data is erased so that you can back up the data on your own data carriers or have the results stored for another 14 months.

 

7. Sending newsletters

Purposes of processing data/legal bases:
The newsletter includes special offers, goods and services offered by VIVAMAYR Marketing GmbH.

To receive our newsletter, you need a valid email address. We will check the email address you specify (double opt-in) to see whether you are actually the owner of that email address or whether the owner of the email address has consented to receiving the newsletter. When you subscribe to our newsletter, we save your IP address and the date and time of your registration. This serves to protect us in case a third party misuses your email address and subscribes to our newsletter without your knowledge. Your email address is only added to our distribution list when you click on our confirmation link.

With your consent, we will record your usage behaviour on the websites we operate and regarding the newsletters we send.

For this, we use the service provider eyepin. Eyepin is contractually obliged to send the newsletter as an external processor according to Article 28 GDPR.

The legal basis for this is the provision of the relevant consent according to Art 6(1)(a) GDPR.

Consent to the newsletter
Regarding the use of your personal data to receive our newsletter, you will be asked for consent at the appropriate point as follows: “I agree to the general terms and conditions and the privacy policy“.

Newsletter tracking
Our newsletters contain web bugs which we can use to identify if and when an email has been opened and which links in the email were clicked on by the personalised recipient. We store this data so that we can perfectly customise our newsletters to suit the wishes and interests of our subscribers. Revoking consent to receiving the newsletter entails revoking consent to the abovementioned tracking.

Storage period/ criteria for determining the storage period
The storage period is 3 years if you are not a customer; otherwise data is stored until you withdraw your consent.

Termination/revocation
You can terminate or revoke your subscription to our newsletter free of charge at any time. You can find details on how to unsubscribe in the individual newsletters. Unsubscribe here.

If you raise an objection, the relevant contact address will be blocked for further data processing for marketing purposes.

For technical reasons and due to the necessary lead time for advertisements, it is possible that you will still receive advertising materials despite having raised an objection. This does not mean that we have failed to act on your objection, but that the advertisement was being processed in parallel. Thank you for your understanding!

 

8. Use of cookies

General information
We use cookies within the meaning of section 165 TKG and Art 6(1)(f) GDPR because this is technically necessary and to optimise our website.

Cookies are small files which are saved on your end device (laptop, Tablet, Smartphone or similar) when you visit our website; they do not harm your end device and do not cause any damage (unlike Trojan horses, viruses and other malware). The use of cookies does not mean that we can identify you but that we can make your user experience more pleasant.

What are cookies for?

  • Essential cookies

Cookies are required, e.g. so that you can enter texts onto a website and navigate on a website. Cookies also enable a better user experience and more personalised functions. These cookies collect information on how you can use our website and whether there are any errors on our website.

  • Cookies for statistics

We use cookies to verify the effectiveness of our website so that we can make improvements on an ongoing basis.

  • Cookies for marketing purposes

These cookies are used to display adverts which are relevant to you and which are adjusted to suit your interests. So that marketing adverts stay effective, the frequency with which they are displayed will be limited.

We would like to highlight that completely opting out of cookies can result in certain features of our website not being available.

You can find an overview of the cookies used and further information (e.g. on the storage period) and possibilities for raising objections in our cookies overview: Cookie-Einstellungen ändern

According to Art. 6(1)(a) GDPR, the legal basis for this processing is your consent to the use of the cookies and analytics tools specified.

By using cookies, some data will be transmitted outside of the EU.

 

TRACKING-PIX

Purposes of data processing and legal base:

These pixels are used to make targeted offers of products, services, offers and information from ……

We only use these pixels with your consent according to Art 6(1)(a) GDPR.

 

GOOGLE ANALYTICS

Purposes of data processing and legal base:

We use Google Analytics to make our website more user-friendly and optimise it on an ongoing basis.

The following data will be stored for 26 months and automatically erased afterwards:

  • Browser type/-version
  • Operating system used
  • Referrer-URL (the site visited immediately beforehand)
  • Hostname of the accessing computer (IP address)
  • Time of the server request.

We use this information to evaluate the use of the website, compile reports on the website’s activities and, if required, to request services and to make the design of the website more user friendly.

By conducting IP masking, attribution to your IP address becomes impossible.

We only use these pixels with your consent according to Art 6(1)(a) GDPR.

The service provider for the analysis of the data is Google Ireland Limited (processor), which also uses services from third countries. These are countries outside of the European Union.

You can find further information at: https://policies.google.com/privacy?hl=de&gl=de

 

FACEBOOK PIXEL

Purposes of data processing and legal base:

To be able to read information provided by our company on Facebook, cookies are used to measure the effectiveness of our adverts.

We are the joint controller together with the platform operator within the meaning of Article 26 GDPR (https://www.facebook.com/legal/terms/page_controller_addendum).

The following data will be stored for 26 months and automatically erased afterwards:

  • Browser type/-version
  • Website location
  • Operating system used
  • Referrer-URL (the site visited immediately beforehand)
  • Hostname of the accessing computer (IP address)
  • Time of the server request.

Regardless of whether you use Facebook as a customer, Facebook uses web tracking, which is outside our control.

User- and profile data for your data are stored by the platform operator subject to Facebook’s terms and conditions and privacy policy. We do not have any control over this data.

You can find further information at https://www.facebook.com/privacy/explanation

 

HOTJAR

Purposes of data processing and legal base:
We use Hotjar to make our website more user-friendly and optimise it on an ongoing basis.

The following data will be stored for 1 year and automatically erased afterwards:

  • Browser type/-version
  • Operating system used
  • Screen size
  • Referrer-URL (the site visited immediately beforehand)
  • Accessing country
  • Language settings
  • Hostname of the accessing computer (IP address)
  • Time of the server request.

We use this information to evaluate the use of the website, compile reports on the website’s activities and, if required, to request services and to make the design of the website more user friendly.

The legal basis for this is the provision of the relevant consent according to Art 6(1)(a) GDPR

The service provider for the analysis of the data is Google Ireland Limited (processor)

The following data will be stored for 26 months and automatically erased afterwards:

You can find further information at: https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies;  https://www.hotjar.com/legal/compliance/opt-out ; and  https://www.hotjar.com/legal/policies/privacy/

 

GOOGLE RECAPTCHA

 Purposes of processing data/legal bases
We use reCAPTCHA to protect our input forms within the meaning of Art. 6(1)(f) GDPR.  By using this service, the misuse of machine processing can be prevented.

The following data will be transmitted to Google:

  • Referrer URL
  • IP address
  • Behaviour of visitors to the website
  • Operating system used
  • Browser and session length
  • Cookies
  • Display instructions and scripts
  • Entry behaviour of the user and mouse movements in the area of the “reCAPTCHA” checkbox

Transmission of data to the USA:
The information generated by the cookie is transmitted to a Google server in the USA and stored there. This information may also be transmitted to third parties if this is prescribed by law or to the extent that third parties process this data pursuant to a contract.

If you do not wish data about you and your conduct on our websites to be transmitted and saved by “Google”, please log out of “Google” before you visit our website or use the reCAPTCHA plug-in.

The “reCAPTCHA” service is used in compliance with Google’s terms of use: https://www.google.com/intl/de/policies/privacy/.

Storage period:
The cookies used here and the information they contain are saved according to the following cookie terms Cookie-Einstellungen ändern and deleted promptly upon an objection being raised.

YouTube components with expanded data protection mode

Purposes of processing data/legal bases:
For a more user-friendly experience and to display videos, we use YouTube, a web services provider of Google Inc. (Google). We have a legitimate interest under Art 6(1)(a) and (f) GDPR.

The following information is provided regarding cookies:

  • Browser type/-version
  • Operating system used
  • Referrer-URL (the site visited beforehand which was linked to our website)
  • Hostname of the accessing computer (IP address)
  • Time of the server request.

Transmission of data to the USA:
The information generated by the cookie is transmitted to a Google server in the USA and saved there. Under no circumstances will your IP address be combined with other data of Google. This information may also be transmitted to third parties if this is prescribed by law or to the extent that third parties process this data pursuant to a contract.

On our website, we use components (videos) of YouTube, a company belonging to Google Inc.. In this regard, we use the “expanded data protection mode“ provided by YouTube.

If you download a page which allows you to watch a video, a connection to the YouTube servers is established. When you watch the video, YouTube collects information about which of our web pages you have visited. If you are logged into YouTube at the same time, this information is attributed to your membership account with YouTube. You can prevent this from happening by logging out of your membership account before visiting our website.

Storage period:
The cookies used here and the information they contain are saved according to the cookie terms and deleted promptly when an objection is raised.

 

9.  Social media

Purposes of data processing and legal bases:

We use social media networks to inform our customers about offers, products and services, to present information about VIVAMAYR companies and for the purposes of customer communication and customer feedback.

We are the joint controllers with the respective platform, stated below. In this regard, we have concluded a contract with the platform operators according to Article 26 GDPR.

As regards our responsibility:

Facebook

https://www.facebook.com/vivamayr.mariawoerth/

Instagram

https://www.instagram.com/vivamayrmariawoerth/

Linkedin

https://www.linkedin.com/company/vivamayr

Youtube

https://www.youtube.com/c/vivamayrmedicalhealthresorts

 

Which data is processed:

  • Your comments, images and videos
  • User name on the respective platform

The legal base for customer communications and public relations is Article 6(1)(f) GDPR.

Storage period:
The data you provide will be processed for a period of 30 days in the case of queries.

Your public posts will be deleted if updates are made. You may delete your posts yourself.

Responsibility of the platform operator:

The technical structure of the platforms specified above is determined by the platform operator. We do not have any control over this and will therefore use all means available to us to make the processing of your data as compliant with data protection law as possible.

In general, the use of the platforms results in data being transmitted to third countries such as the USA.

You can find the information about the privacy policies of the platforms used at:

Facebook: https://www.facebook.com/privacy/explanation

Instagram: https://help.instagram.com/519522125107875

YouTube: https://policies.google.com/privacy?hl=de&gl=de

LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=de_DE

 

10. Your rights

According to the provisions of data protection, you can contact us at any time free of charge by email or by post. This relates to questions about the collection, processing or use of your personal data and to legal claims concerning access, rectification, blocking, erasure, transmission or revocation of consent given.

We kindly request you to notify us of any changes to your personal data (i.e. your name, address etc.).

You can direct any queries relating to data protection to the following address:

VIVAMAYR Marketing GmbH
Seepromenade 11
9082 Maria Wörth
Austria

Telephone: +43 4273 31117
Email: datenschutz@vivamayr.com

You can contact our Data Protection Officer at dsgvo@taschler.at.

If you are of the opinion that the processing of your personal data breaches applicable data protection law or that your right to the protection of your personal data has been breached, you can file a complaint with the competent data protection authority in Austria at www.dsb.gv.at, Barichgasse 40-42, 1030 Vienna.

0Social-Media-Menu