DSCF1736 (1)


1.    General
This data protection info sheet informs you which personal data FMTG Services GmbH processes, in what way and for what purpose, in an automated manner, and what your rights as affected person (data subject) are.

2.    Controller (Responsible)
Controller (hereinafter referred to as “the Controller”) is FMTG Services GmbH, Walcherstraße 1A. Stiege C2, Top 6.04, A-1020 Vienna, Austria/ Tel.: +43 (5) 09911 11 999 / Email: dataprotection@falkensteiner.com.

3.    Collection and processing of persona data 
The protection of your personal data is a matter of special importance to us. Your personal data will therefore only be processed to the extent that is permitted by law and required for the fulfillment of the respective purpose (registration, provision of services, medical treatments, fulfillment of legal obligations and legitimate interests, sending information material and advertising, sending a newsletter, customer analyzes).

Following personal data is collected and processed for the purpose of providing our services: 

1.    For the purposes of hotel registration and registration to the competent authority:
•    First name and last name
•    date of birth
•    place of birth
•    residence: city, state and zip code
•    nationality
•    gender (male or female)
•    ID type (ID card or passport) and ID number 
•    name of children: first and last name, date and place of birth, gender, nationality,
•    ID details of spouse

2.    For the purpose of fulfilling the contractual obligations and obligations deriving from the business relationship:
•    First name and last name,
•    gender, 
•    title, 
•    personal address,
•    nationality, 
•    region, 
•    telephone number, 
•    email-address, 
•    birthday, 
•    car plate number/ license plate, 
•    travel document, 
•    issuing authority, 
•    date of issue, 
•    expiry date, 
•    company, 
•    occupation, 
•    tax number, 
•    member or loyalty card, 
•    photo, 
•    remarks, 
•    family relationship to other profiles
•    name of spouse, date and place of birth,
•    allergies
•    special requirements
•    credit card/payment details 
•    copy of ID card for exchange office transactions
•    other ways of transportation: flight number, arrival time, GPS co-ordinates
•    guest preferences (sea view or park view, room type)
•    additional packages (baby sitter, wellness, …)
•    date of birth, various anniversaries, divorces, family death cases
•    room set up: romantic, corporate clients
We need your explicit consent in order to process the above-listed health data (allergies and special requirements). You can revoke your consent at any time. Please note that in the event that you do not give your consent or revoke it during our business relationship, we cannot fully provide our services, hence, you take advantage of our services at your own risk.

3.    For the purposes of providing health care services and/or medical treatment:
Following health data is mandatory for the risk-free performance of a diagnostic examination, for the professional medical treatment plan and for the daily support of our medical staff at the Hotel Grand MedSpa, Marienbad: general health information, information on allergies, diabetes, medications, hemophiliacs, anticoagulants, infectious diseases, pregnancy, operations (what and when), accidents (what and when), currently undergoing medical treatment, smoker (number of cigarettes per day), alcohol consumption (how much? how often?), insomnia, indigestion, complaints when urinating, heart disease (f.e. heart attack, Angina Pectoris, arrhythmia, heart pacemaker), circulatory diseases, epilepsy, headache, weight change of min. 2 kg during last 4 weeks, complaints in following areas: sense organs, nervous system, thorax, lung, abdominal organs, head, neck, heart, circulation, spinal column, limbs, varicose vein, blood pressure, pulse.
We need your explicit consent in order to process the above-listed health data. You can revoke your consent at any time. Please note that in the event that you do not give your consent or revoke it during our business relationship, we cannot fully provide our services, hence, you take advantage of our services at your own risk.

4.    For the purpose of being informed about offers and services of the Falkensteiner Group and to be contacted for customer surveys:
•    name
•    postal address 
•    mobile phone number 
•    e-mail address 
In doing so, we use the following communication channels: e-mail, post and sms
In order to inform you about offers and services and to contact you for customer surveys we need your consent which you give in a Double-Opt-In-form. Without providing us the data listed above (point 4.) and without giving your consent we cannot send you any information or contact you in this regard.   

5.    For the purpose of providing and improving the services and personalizing the offers and services to suit your needs (profiling): 
•    name
•    title
•    gender
•    date of birth
•    nationality
•    residence
•    spouse 
•    children 
•    dates of anniversaries, shoe and T-shirt size for MICE group participants
•    enrolling into animation activities (puzzle games, camps, competition …)

4.    Profiling
Profiling is the process in which a responsible person (data controller) collects process personal data for the purpose of providing and improving the services and personalizing the offers and services to suit guest’s needs. However, no decisions which could have legal effect or could harm you in any way will be made by automated means.
We can process the following data in our system Protel: Name, gender, title, personal address, nationality, region, telephone number, email-address, birthday, license plate, travel document, issuing authority, date of issue, expiry date, company, occupation, tax number, member card, photo, remarks, family relationship to other profiles. 
We can allocate the following reservation-related data to your profile: past reservations, future reservations, invoices, offers, confirmations, notes and questionnaires.
Personal data you provide will be processed until you revoke your consent. 
You can revoke your consent at any time, free of charge and without stating reasons at the hotel reception, by email to dataprotection@falkensteiner.com or by phone to number +43 (5) 09911 11 999

5.    Taking photos at events and courses 
We have a legitimate interest to take photos at events and courses and to publish them on our website for marketing purposes. 

If you do not agree with this, you can object to this processing and the publication any time at the hotel reception, by email to dataprotection@falkensteiner.com or by phone under +43 (5) 09911 11 999. 

6.    Video surveillance 
For the purpose of public security there may be video surveillance at the hotel entrance, hotel reception, exchange offices, kitchen areas, garage entrances, beach and pool-bars, area around wellness buildings and staff houses. Videos are stored on stand-alone hard disks at each location, and access is provided to external security companies, IT administration person and GM hotels.
Taken videos can be stored for the maximum period of 6 months (Croatia), 72 hours (Austria), 7-14 days (Czech Republic), 15 days (Slovakia) or 7 days (Italy). Taken videos at the exchange office legally have to be stored minimum 72 hours in Croatia.
For the purpose of public security in tourist resorts, there may be a main entrance gate to the resort, where guest needs to provide the name and/ or reservation number in order to proceed, car registration plates/ license plates are input into registration list manually.

7.    Transmitting personal data to third parties 
Your personal data are not transmitted to third parties except in the following cases: 
–    when we are legally obliged to transmit the data based on e.g. Criminal Law, Criminal Procedure Law, 
–    for services outside the hotel area, upon your request (e.g. taxi, restaurant reservation, yacht,  etc.) 
–    in case of medical emergencies, data has to be transmitted to authorized medical personnel; 
–    based on your explicit, written consent; 
–    Individual hotels of the FMTG – Falkensteiner Michaeler Tourism Group AG (FMTG): you can request more details on the businesses (hotels) belonging to the FMTG which process your data on our website: www.falkensteiner.com or send your enquiries to dataprotection@falkensteiner.com.
For payment processing purposes, your bank details are forwarded to electronic payment services.

8.    Data processing on behalf of the Controller 
Where processing is to be carried out on behalf of the Controller by the Processor, the Controller remains liable for the protection of your personal data.  
All direct and indirect subsidiaries or sister companies of FMTG Services GmbH that are operating under the Brand “Falkensteiner Hotels & Residences” are Processors pursuant to the Art 28 GDPR. 
External Processors are arranged only to perform activities that are necessary to provide our services, such as mailing services, services provided by tourist agencies, tourist guides etc. All external Processors are committed to comply with the applicable data protection regulations.  Processing agreement based on Article 28 GDPR has been concluded with every external data processor. 
Your personal data is transmitted to the following external data processors:

  • Protel Hotelsoftware Austria GmbH
  • Reservation Assistant, TAC Informationstechnologie GmbH, Hartberg
  • Delegate Technology GmbH, Wien; Vertrag über Softwarewartung
  • ProASP Professional Application Services Providing GmbH, Bad Vöslau
  • Thomas International Österreich GmbH, Wien
  • Prescreen International GmbH, Wien
  • m.consulting Anita Maslo, Wien
  • HGC Hotellerie & Gastronomie Consulting GmbH, Innsbruck
  • A1 Telekom Austria AG, Wien
  • Rubatscher Steuerberatungs- und Wirtschaftsprüfungsgesellschaft m.b.H, Innsbruck
  • BMD Systemhaus GmbH, Steyr
  • Confida Süd Wirtschaftsprüfungsgesellschaft m.b.H, Graz
  • adserve digital advertising services GmbH, Wien
  • G.A. Service GmbH, Salzburg
  • Incert e-Tourismus GmbH & Co. KG, Linz
  • Workflow EDV GmbH, Wien
  • Die Socialisten – Social Software Development GmbH, Wien
  • Nexxchange GmbH, Wien
  • IB Grant Thornton Audit s.r.o., Bratislava, SK
  • Nexell GmbH, Zug, CH
  • Salesforce.com EMEA Limited, München, DE
  • AffiliRed S.L., Palma de Mallorca, ES
  • The Reach Group GmbH, Berlin, DE
  • Auditor spol. s.r.o., Prag, CZ
  • Laser Line d.o.o., Umag, HR
  • MC Sistemi d.o.o., Ljubljana, SLO 
  • BMB Leitner s.r.o., Bratislava, SK
  • Adria Scan d.o.o., Sveta Nedjelja, HR
  • Infolink d.o.o. Belgrad, SRB
  • Metadata d.o.o., Belgrad, SRB
  • Premiere Global Services, Inc. and subsidiaries // Premiere Conferencing Ireland Ltd; Cork, IRL
  • Adara Inc., London, UK
  • All About Cards S&K Solutions GmbH & Co. KG, 94032 Passau, DE
  • Revinate Inc., San Francisco, CA, USA
  • Facebook Inc., Menlo Park, CA, USA
  • Instagram Inc., San Francisco, CA, USA
  • Twitter Inc., San Francisco, CA, USA
  • YouTube LLC, San Bruno, CA, USA
  • Helmuth Thaler GmbH, Bruneck, Südtirol
  • Travelclick Inc, New York,USA
  • Serenissima Informatica SpA.,Padova, IT
  • THE HOTELS NETWORK, S.L, Barcelona, ES
We primarily arrange external processors within the European Union. We will only arrange processors outside the European Union if (i) there is a European Commission adequacy decision for the third country concerned or (ii) we refer to the standard contractual clauses of the European Commission or (iii) if there are appropriate guarantees, e.g. the EU / US privacy shield with the third country or (iv) there are binding internal contractual data protection clauses with the processor.
For further information about the external processors you can send your enquiries to dataprotection@falkensteiner.com.


9.    Google Analytics
Our websites use Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies” (text files stored on users’ computers) which allow an analysis of the website usage. The information generated by the cookies about the use of the websites by the users are usually transmitted to a Google server in the USA and are stored there.
In the case of the IP anonymization activation on our websites, the Google users IP address will be shortened beforehand within European Union member states or in other states members of the European Economic Area. Only in exceptional cases the full IP address will be transmitted to a Google server in the US and shortened there. IP anonymization is active on our websites. On behalf of the operator of our websites, Google will use this information to evaluate the use of the websites by the users, to compile reports on the website activities and to provide further services relating to website usage and internet usage to the website operator.
The shortened IP address provided by Google Analytics within the User Browser will not be merged with any other data provided by Google. Users can prevent the storage of cookies by the opt-out function on the Falkensteiner website or alternatively by an appropriate setting of their browser software; FMTG Services GmbH, however, points out to users that in this case, not all functions of our websites may be fully utilized. Furthermore, users can prevent the collection of data (including their IP address) generated by the cookies as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
For more information about Google data usage for advertising purposes, settings and opt-out options, please visit Google’s websites: https://www.google.com/intl/en/policies/privacy/partners/ (“How Google uses information from sites or apps that use our services”),  http://www.google.com/policies/technologies/ads (” Use of data for promotional purposes “), http://www.google.com/settings/ads (” Managing information, the Google uses to show you advertising “) and http://www.google.com/ads/preferences/ (“Determine which Google advertising shows you”).

10.    Duration of the processing 
We process your personal data, health data, data concerning allergies and other special requirements – if necessary – for the duration of the entire business relationship (from the initiation, performance to the termination of a business relationship and until all open claims in connection with the business relationship have been satisfied in full).
The above listed data will be stored and processed until you withdraw your consent to this processing. The withdrawal of your consent has no effect on the lawfulness of the data processing up to this time.
After the business relationship ends, your data will be stored until expiry of the warranty, limitation and compensation periods as well as until expiry of legally binding retention periods and upon termination of any legal dispute in which the data is required as proof.   
The data that you have provided us for marketing and information purposes, such as for sending a newsletter, is stored until you revoke your consent.

11.    Data security 
We are implementing technical and organisational measures to secure your personal data from accidental or intentional manipulation, loss, destruction, alteration and unauthorised disclosure as pursuant to the Article 28 of the General Data Protection Regulation. The security measures are being continuously improved in line with technical progress. 

12.    Your rights
With regard to the processing of your data, you may claim the following rights under the General Data Protection Regulation and the national data protection law: 

a.    Right of access
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed. The confirmation contains the purposes of the processing, the categories of personal data concerned and recipients or categories of recipients to whom personal data have been or will be disclosed and the duration of the processing.

b.    Right to rectification
You have the right to obtain the rectification of inaccurate personal data concerning you and the right to have incomplete personal data completed, without undue delay. 

c.    Right to erasure 
You have the right to obtain the erasure of personal data concerning you without due delay when the personal data have been unlawfully processed, when the processing disproportionally interferes with your legitimate interests, when the personal data are no longer necessary in relation to the purposes for which they were collected and when you withdraw your consent on which the processing is based. Please note that there may be reasons that preclude immediate erasure, such as in the case of legal retention obligation.

d.    Right to restriction of processing 
You have the right to obtain the restriction of processing of your data when:
•    you contested the accuracy of the data, for a period enabling us to verify the accuracy of the data;
•    the processing is unlawful, you oppose the erasure and request the restriction of data usage instead;
•    we do no longer need the data for the purposes of the processing, but you require the data for the establishment, exercise or defense of legal claims, or 
•    you objected to processing of the data.
Where there is a request for the restriction of processing, this data will be processed only with your consent, or for the establishment, exercise or defense of legal claims.

e.    Right to data portability
You have the right to receive the personal data concerning you, which you provided to us, in a structured, commonly used and machine-readable format where:
•    we are processing the data based on your given and revocable consent or for a fulfillment of contract between us, and
•    the processing is carried out by automated means. 

f.    Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data, necessary to safeguard your legitimate interests or legitimate interests of a third party. Your data shall no longer be processed unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is necessary for the establishment, exercise or defense of legal claims. 
You have the right to object to be targeted by the direct marketing at any time without stating grounds for the objection. 

g.    The right to lodge a complaint 
If you are of the opinion that we are processing your data contrary to national or European data protection legislation, you can contact us at any time. You also have the right to contact the relevant data protection authorities and as from 25.05.2018 you can contact or lodge a complaint with a supervisory authority within the EU. 

h.    Asserting your rights 
In order to assert one of the aforementioned rights, please use the following contact options:

–    Email to: dataprotection@falkensteiner.com
–    Letter to: FMTG – Falkensteiner Michaeler Tourism Group AG
   c/o Data Protection Officer
Walcherstraße 1A. Stiege C2, Top 6.04
   AT-1020 Vienna
–    Call: Phone +43 (5) 09911 11 999
If we cannot identify you based on the data which we hold, it may be necessary to request additional information to determine your identity (e.g. ID with photo). Any questions you may have will help protect your rights and privacy.

Privacy notice

Information on the protection of your personal data pursuant to article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 for the protection of individuals with regard to the processing of personal data (GDPR)

Date of first drafting: 14.03.2022

Last modified: 14.03.2022

Name and contact data of the controller

JESOLO LIDO REAL ESTATE Srl, con sede in Via Isarco, 1 – 39040 Varna (BZ), e-mail: jesololidorealestate@legalmail.it

Contact data of the data protection office

The appointment of a data protection officer is not necessary for the treatments we perform. For questions about the protection of your data or to exercise your rights, you can contact us at any time at the address indicated above.

Scope and legal basis for the processing

  1. Making the website available

For the provision of the website, we process data such as IP address, date and time of the request received, amount of data transferred, information on the browser (version and language) and information on the operating system.

The processing of this data is necessary to represent this website correctly and to ensure its security and stability.

Legal basis: Protection of legitimate interests pursuant to article 6 paragraph 1 letter f) GDPR.

Maintaining the functionality of the site and protecting against unauthorized access are such legitimate interests.

  1. Response to your requests

For doubts or questions, you can contact us by e-mail or telephone. In this context, we process information such as name, surname, e-mail, telephone number and message content.

Legal basis: Fulfillment of a contract or pre-contractual measures pursuant to Article 6 (1) (b) GDPR

  1. Application for open positions

If you apply for an open position, we will process your contact details, information on training and professional experience, nationality and residence permit, driving license, desired workload, languages ​​and all other information (necessary to evaluate the application or information you voluntarily provide to us).

Legal basis: Fulfillment of a contract or pre-contractual measures pursuant to Article 6 (1) (b) GDPR

  1. Booking of a table

If you book a table, we process data such as name and surname, date and time of booking, allergies, if you bring children, e-mail and telephone number and any other useful information for making the service available.

Legal basis: Fulfillment of a contract or pre-contractual measures pursuant to Article 6 (1) (b) GDPR

  1. Web analytics and tracking

The activities of the users can be evaluated by this website in two ways for web analysis: via cookies or the IP address. If cookies (text files) are saved via the browser, the website recognizes the last language setting, for example. The IP address, on the other hand, is used to determine the location of the user. Since the IP addresses are usually assigned dynamically, the specification of the address is not exact, but limited to a geographic region.

You can use the cookie settings to determine whether and how cookies are stored. For more information, see the relevant section of this privacy policy.

We also use Google Analytics and Google Fonts on this website. The evaluation or creation of a profile carried out by Google is referred to as so-called tracking. Google is bound to the functionality of the Internet protocols and must record the IP address of the visitor so that the evaluation can take place. You can find more information in the cookies section of this website.

Google Fonts does not store any cookies on your PC. But when a font is retrieved from your browser, the IP address can be captured by Google and used for analytics purposes.

Categories of recipients

Your personal data are disclosed to the following categories of recipients:

– Website hosting provider

– IT service providers or web agencies

– Table booking software providers

– Providers of web analytics and tracking tools

Requests or applications are only handled internally. IT service providers may have access to data while providing maintenance services.

All recipients have been carefully selected and contractually appointed pursuant to Article 28 of the GDPR. They are bound by our instructions, have adequate technical and organizational measures and are checked regularly.

Furthermore, your data may be disclosed in the event of official investigations or legal proceedings, if required by the authorities.

Transfer to third countries

You have already been informed in the cookie banner that we use providers from outside of the EU (such as the USA):

• Google

If this is the case, we have taken appropriate precautions to ensure an appropriate level of data protection for any data transfers. 

The processing takes place, for example, on the basis of the signed standard contractual clauses (Resolution 2021/914/EU – Standard Contractual Clauses – SCC).

If disclosed outside of the EU, there is a risk that authorities (e.g. secret services from the USA) will have access to the transmitted data in order to analyze it accordingly. In addition, the enforceability of your rights cannot be guaranteed. You were informed of this before you gave your optional consent.

Your rights

Each interested person has the right to receive the information referred to in art. 15 GDPR, the right to modify or correct your personal data, provided for by art. 16 GDPR, the right to be forgotten, pursuant to art. 17 GDPR, the right to limit the processing provided for by Article 18 of the GDPR, the right to object pursuant to art. 21 and the right to data portability pursuant to art. 20 GDPR. Finally, any interested person can lodge a complaint with the data protection authority (Article 77 of the GDPR).

If you have given your consent to the processing of personal data, this processing is lawful on the basis of the consent provided. The same can be revoked at any time. This also applies to the revocation of consent declarations issued before the entry into force of the EU General Data Protection Regulation on the 25 May 2018. Please note that the revocation only applies for the future. The treatments that took place before the revocation remain unaffected. You can also ask us at any time for an overview of the consents you have given us.

Exercising your rights

To exercise your rights, please contact us by e-mail or telephone. We will reply to you within the deadline.

Automated decision making

If you use our services, you will not be subject to automated decision-making processes, including profiling (see Article 22 of the GDPR).


If you do not remove the accepted cookies by yourself, they will be deleted as follows:

Google Analytics 4:

Cookie name: _ga

Purpose: distinguishes different users

Storage period: 2 years

Cookie name: _gid

Purpose: distinguishes different users

Storage period: 24 hours

Cookie name: _ga_<container ID>

Purpose: Used to maintain session state.

Storage period: 2 years

Cookie name: _gac_gb_<container ID>

Purpose: Used to collect campaign related information.

Storage period: 90 days

Universal analytics:

Cookie name: _ga

Purpose: distinguishes different users

Storage period: 2 years

Cookie name: _gid

Purpose: distinguishes different users

Storage period: 24 hours

Name cookie: _gat

Purpose: Used to throttle the request rate. If Google Analytics is provided via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.

Storage period: 1 minute

Cookie name: AMP_TOKEN

Purpose: Contains a token that can be used to get a client ID from the AMP Client ID service. Other possible values indicate opt-out, inflight request, or an error retrieving a client ID from the AMP Client ID service.

Storage period: 30 seconds to 1 year

Cookie name: _gac_<property id>

Purpose: Contains campaign-related information for the user.

Storage period: 90 days

You can find detailed information on cookies at: https://cookiedatabase.org

Cancellation of cookies

You can delete cookies at any time in your browser (Google Chrome, Mozilla Firefox, Microsoft Internet Explorer, Safari, etc.). You can also use programs like CCleaner to remove the history of visited websites and all cookies. 

Please note: This data protection notice may change at any time due to new European regulations or requirements of data protection authorities. It is therefore necessary that you check this information occasionally to stay up to date.