Data protection

Privacy statement – GDPR

Privacy statement – Gerstner Hospitality Group

This privacy statement tells you how we use your personal data. We provide or make available our services (hotel stays, overnight stays, meetings, catering, restaurant or café visits, light buffets or related products and services) to you as the affected customer or as another individual via our websites, mobile applications, e-mail communication or via other channels, online or offline. This privacy statement is related to European law (GDPR) and Austrian law (DSG – Austrian Data Protection Act).

Responsible party in accordance with GDPR

The responsible party in accordance with the provisions in force for the purposes of data protection is

The following categories of data are processed:

1) In order to fulfil the contract agreed with you, we process:
Customer data – When you contact us, register with us or use our services, we collect general data relating to you in order to be able to contact you appropriately during a trip, a stay or another service, or about our offers, in accordance with your wishes. This information may include your name, e-mail address, telephone numbers, employer and postal address and, where applicable or necessary, also your gender and date of birth.

Guest information– When you book a stay or other service from us, we collect from you directly or – if you are not booking the stay or trip yourself – indirectly (via third parties), for example via your employer, other intermediary travel agencies, friends and family members or other organisers, the details of your trip or stay or other service (e.g. arrival and departure point and time, airline, hotel, car hire) and further data necessary for the conclusion of your bookings. Where applicable, we also collect special categories of data, in order to ensure accessibility, meet dietary requirements or provide other services as desired. In your guest profile, you can also enter further data, including registration data for loyalty programmes, official identification numbers and contact information for emergencies.

Payment information – To enable you to pay for your bookings and other transactions via our services, we collect data relating to payment cards or other data required to process payments.

2) Due to our legitimate interest in providing you with personalised advertising and in compiling statistics on user behaviour during visits to our websites, we process:

Device data – We collect data relating to how you use our services, including the IP address of your computer and data which can be derived from this (such as the Internet service provider and the general geographical location), the unique device number and other technical information. We also collect data relating to how you use our websites and mobile applications. Some of this data is collected by the use of cookies and similar technology, as described here.

Duration of data processing:

Your data is stored for as long and to the extent to which this is required by the contractual basis. Once the contract has ended, your data is stored for a maximum of seven years, in accordance with the accounting regulations to which we are subject. Your data is further stored under the following conditions:

Your data is processed for the following purposes:

For the provision of our offers and our services – We use your data for the performance of touristic and gastronomic services, in particular overnight stays, the organisation of meetings and events, for communications to you relating to your stay or to our products and services, for the provision of customer services and to manage your account.

Operation of mobile applications (apps), websites and electronic communication – We use device data

Business operation and improvement of business processes – We use personal data in order to comply with our company guidelines and business processes, for accounting and commercial purposes, for the identification or prevention of fraudulent or criminal activities, for business operations, analysis and improvement of our services and for other purposes insofar as these are prescribed by law.

Marketing and improvement of our services for you

We use your data in your and our legitimate interest for the optimisation of our services and for future services. This includes:

If you do not consent to the storage or usage of your data, please inform us accordingly.

Transmission of your data to third parties:

In principle, we do not transmit your data to third parties, either for payment or free of charge, without your consent. This excludes transmissions which we undertake as a result of legal or contractual obligations or on the basis of our mutual interests as stated above:

Service partners – We only pass on data to service providers to the extent to which this is necessary for the performance of your services, for example to meeting and event planners, restaurants, mobile application and software developers and partners responsible for supplying IT support, data hosting, marketing and communications services and collection services.

Affiliated companies – We pass on data within our company group to the extent permitted by law, to facilitate the provision, analysis and optimisation of their and our products and services.

Courts, authorities and banks – Where applicable, we pass on data to supervisory authorities, courts, banks and state authorities, if we consider this to be absolutely necessary or permissible due to legislation or within the framework of legal proceedings.

Business transition – If we negotiate or conclude a transaction affecting our company in whole or in part (for example restructuring, merger, sale or acquisition), data may be passed on to third parties involved in this transaction to the extent permitted by law.

Google Analytics

Our online services use Google Analytics, a web analysis service from Google, Inc. ("Google"). Google Analytics uses so-called cookies, i.e. text files, which are stored on your computer and facilitate an analysis of your usage of the website. The data generated by the cookie relating to your use of this website (including your IP address) is usually transmitted to a Google server in the USA, where it is stored. Google uses this data on behalf of the website operator to evaluate usage of the website, to produce reports on website activity for the website operator, and to perform further services connected to website usage and internet usage. Google may also transfer this information to third parties where required by law or insofar as third parties process this data on behalf of Google. Under no circumstances will Google associate your IP address with other Google data.. You can prevent the installation of cookies by setting your browser software appropriately; please note however that, in this case, you will not be able to make full use of the functionality of our website. By using this website, you agree that the data relating to you which has been collected may be processed by Google in the aforementioned manner and for the aforementioned purpose.

For newsletter subscribers: Users who no longer wish to receive our newsletter can click on the "Unsubscribe" link which is included in all of our newsletter e-mails.

You have the following rights:

You have the right

The protection of your data is important to us.

Appropriate organisational, technical and physical security measures are adopted to protect your data from unauthorised access and usage. We only store your data for as long as required for the performance of our services and for legitimate operational reasons (principle of data minimisation), unless we are obliged to store these for a longer period of time due to legislation or regulations, or due to legal proceedings or inquiries by the authorities.

Technical and organisational data security measures

Both at the time of establishing the means of processing and at the time of actually processing your personal data, we are committed to taking suitable technical and organisational measures – such as tokenisation, for example – which are designed to implement data protection effectively and which incorporate the necessary guarantees into the processing to satisfy the requirements of data protection legislation and to protect your data.

For this purpose, we take suitable measures to ensure that, via default settings, in principle only that personal data is processed that is necessary for the respective specific processing purpose, and we thereby ensure above all that, due to default settings, your data is not made accessible to an unspecified number of natural persons without your intervention. These measures include, amongst other things, the pseudonymisation and encryption of your data, and also the capability to permanently ensure the confidentiality, integrity, availability and capacity of the systems and services in connection with the processing, the capability to rapidly restore the availability of the personal data and access to them in the case of a physical or technical incident, and the regular review, assessment and evaluation of the effectiveness of the technical and organisational measures to ensure the security of the processing.

Particular data security measures

Secure Socket Layer (SSL)

All booking forms via which you transmit personal information to us use an encrypted transmission method (SSL) to secure your data. You will know if you are on a secure page, because the address line (the URL) will start with "https://" instead of the usual "http://", and because special symbols will be displayed in the browser status bar (usually at the bottom edge of the window): Internet Explorer, Firefox, Chrome, Safari

Encryption takes place between the server and the client (that is, your computer) in the form of a secure connection via which any data may be transferred.

Certificates guaranteeing the security of the transfer are required for SSL so that one can be certain where the server is located and who is operating this server.

SSL certificate authority: Our secure servers have been certified by the Comodo Group.


If you have any questions or complaints relating to our processing of your data, please contact us at:

Gerstner Hospitality Group, Kärntner Straße 51,1010 Vienna
+43 (0) 1 31665 2250

We will examine your request and will reply in writing within the legally-prescribed period.

Online dispute resolution platform

You can access the EU Commission online dispute resolution platform via the following link: