1. Personal Data
We, Hundschupfenkellerei Hagn Weine GesmbH (Hagn) hold the top-level domains www.hagn-weingut.at (winery), shop.hagn-weingut.at (e wine shop) and www.weindomizil.at (restaurant & room rental) collect, process and use your personal data only upon your prior consent, as part of the fulfillment of the contract or for purposes agreed or if there is another legal basis in accordance with the General Data Protection Regulation (GDPR) and in each case in compliance with the applicable data protection and civil law provisions.
Only those personal data is collected which is necessary for the performance and processing of your reservation (in particular via www.weindomizil.at) and your user account registration and order (in particular via https://shop.hagn-weingut.at for the contact via the contact form, for the submission of our newsletter as well as for identifying and combating fraud and other illegal activities or which you voluntarily provided to us. For further information on the data processing please see points 19 to 22 of this statement.
Personal data means any data that contain details of personal or material circumstances. This includes the following personal data processed by us: name, account name, account password, IP-address, social media data, address, e-mail address, telephone number, date of birth, age, gender, payment information (bank details, credit card details, etc).
2. Right of Access and Erasure
As a client or generally as data subject you have at any time the right of access to your personal data stored, their origin and recipients and to the purpose of data processing as well as a right to rectification, data transfer, objection, restriction of processing as well as to blocking or erasure of incorrect or inadmissibly processed data.
As far as changes of your personal data arise, we should be grateful for your appropriate notice.
You have the right to withdraw your consent to the processing of your personal data at any time. Your request for access, erasure, rectification, objection and/or data transfer, in the latter case, unless this is a disproportionate effort, may be addressed to the address stated in point 25 of this statement below or to firstname.lastname@example.org.
If you believe that the processing of your personal data by us violates the applicable data protection law or your data protection rights, you can file a complaint with the competent supervisory authority. In Austria, the competent authority is the data protection authority (Datenschutzbehörde) (www.dsb.gv.at, T: +43 1 521 52 0, M: email@example.com). Please contact us in advance – we believe that we can answer your questions directly in most cases
3. Data Security
Your personal data is protected by appropriate organizational and technical measures. These precautions relate in particular to protection against unauthorized, unlawful or accidental access, processing, loss, use and manipulation (eg firewalls, data encryption, physical access restrictions for our data centers and data access authorization controls, etc.).
Notwithstanding the efforts to maintain a consistently high level of due diligence, it cannot be ruled out entirely that information you share with us over the Internet will be retrieved and used by third parties.
Please note that we therefore accept no liability whatsoever for the disclosure of information due to non-caused errors in data transmission and/or unauthorized access by third parties (eg hacking on e-mail account or telephone, interception of faxes).
4. Data Processing
Safe for processing the information provided to us for statistical purposes, provided that the data provided have been anonymized, we will not process the information provided to us for purposes other than those covered by our contractual relationship or your consent or otherwise by any provision in accordance with the GDPR.
5. Transmission of Data to Third Parties
In order to achieve the purpose agreed, it may also be necessary to sub- and transmit your data to third parties (eg carrier, insurance companies, authorities, service providers, including but not limited to it-service providers and payment services providers, whom we use and to whom provide data to, etc.). We do so exclusively on basis of the GDPD, in particular for fulfilling your order or upon your prior consent. We limit the amount of personal data we share to what is directly relevant and necessary to achieve the relevant purpose.
Some of the recipients of your personal data mentioned above are located outside your country or process your personal data there. The level of data protection in other countries may not be the same as it is in Austria. However, we only transfer your personal data to countries for which the EU Commission has decided that they have an adequate level of data protection, or we take measures to ensure that all recipients have an adequate level of data protection, which includes standard contractual clauses (2010/87/EC and/or 2004/915/EC).
6. Notification of Data Breaches
We endeavour to ensure that any data breach is detected early and, where appropriate, immediately reported to you or the relevant supervisory authority, including the relevant categories of personal data involved.
7. Storage of Data
We will not store data for longer than it is necessary to fulfil our contractual or legal obligations and to avert or enforce any possible claim or liability.
Our website uses “cookies” to make our offer more user-friendly, effective and secure.
A “cookie” is a small text file that we transmit via our web server to the cookie file of the browser installed on the hard disk of your computer. This will allow our website to recognize you as a user when connecting between our web server and your browser. Cookies help us to determine the frequency of use and the number of users of our websites. The content of the cookies we use is limited to an identification number that no longer allows any personal reference to the user. The main purpose of a cookie is to recognize visitors of the site.
Two types of cookies are used on our website:
• Session Cookies: These are temporary cookies that remain in the cookie file of your browser until you leave our website. They are automatically deleted after the end of your visit.
• Persistent Cookies: For better usability, cookies are stored on your end device and allow us to recognize your browser on your next visit.
You can change the settings of your browser so that you are informed about the setting of cookies, accept cookies in individual cases, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of our website.
To optimize our website in terms of system performance, usability and provision of useful information about our offers, our web service provider automatically collects and stores information in so-called server log files, which are automatically transmitted by your browser to us. This includes your internet protocol address (IP address), browser and language settings, operating system, referrer URL, your internet service provider and date/time.
A combination of this data with personal data sources will not be made. We reserve the right to check this data retrospectively, if we become aware of specific indications for unlawful use.
10. Google Analytics
We use Google Analytics, a web analytics service operated by Google LLC, 1600 Amphitheater Parkway Mountain View, CA 94043, USA (Google). Google Analytics uses methods that allow us to analyse how you use the websites, such as “cookies”, which are text files that are stored on your computer. The generated information about your use of the websites is usually transmitted to a Google server in the USA and stored there. By activating the IP-anonymisation on the websites, the IP-address is shortened before being transmitted within the European Union or European Economic Area. The full IP-address will rarely be sent to a Google server in the US and shortened there. On behalf of us, Google will use this information to evaluate your use of the websites, to compile reports on website activity and to provide us with other services related to website activity and internet usage. The anonymized IP-address submitted by your browser via Google Analytics will not be merged with any other data provided by Google.
You may prevent the processing of the data generated by the cookie and related to your use of the websites (including your IP-address) and the processing of such data by Google by downloading and installing the browser plugin available under https://tools.google.com/dlpage/gaoptout?hl=en. We inform you, however, that in such case you may not be able to entirely use all functions of our websites.
For more information about Google’s data processing, how to adjust and opt out, please visit Google’s websites under https://policies.google.com/privacy/partners?hl=en (“How Google uses data when you use our partners’ sites or apps”), https://policies.google.com/technologies/ads?hl=en (“Advertising”), https://adssettings.google.com (“Managing information processed by Google to show you advertising”).
11. Google Maps
We use social plugins from Google’s social network Google+. For an overview of Google+ plugins, please visit https://developers.google.com/+/web/. When you visit a page of our web presence that contains such a plugin, your browser connects directly to Google’s servers. The content of the plugin is transmitted by Google directly to your browser and is integrated into the website. Through this integration, Google receives the information that your browser has accessed the relevant page of our web presence, even if you do not have a profile on Google+ or are currently not logged in to Google+. This information (including your IP-address) is transmitted from your browser directly to a Google server in the United States and stored there.
If you are logged in to Google+, Google may immediately associate your visit to our websites with your Google+ profile. If you interact with the plugins, for example, press the “g+”-button, the relevant information is also transmitted directly to a Google server and stored there. The information will also be published on Google+ and disclosed to your contacts.
If you do not want Google to associate data collected directly through our web presence with your profile on Google+, you’ll need to log out of Google+ before visiting our websites. You can completely prevent the loading of Google plugins with add-ons for your browser (eg script blocker “NoScript”).
We use plugins of the social network Facebook operated by Facebook Inc., 1601 Willow Road, 94025 Menlo Park, USA (Facebook). An overview of the Facebook plugins can be found under https://developers.facebook.com/docs/plugins/?locale=en_US. The content of the plugin is transmitted by Facebook directly to your browser and is integrated into the website. Through this integration, Facebook receives the information that your browser has accessed the relevant page of our web presence, even if you do not have a Facebook profile or are currently not logged in to Facebook. This information (including your IP-address) is transmitted from your browser directly to a Facebook server in the USA and stored there. Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
If you are logged in to Facebook, Facebook can immediately associate your visit to our websites to your Facebook profile. If you interact with the plugins, for example, press the “Share” button, this information will also be transmitted directly to a Facebook server and stored there. The information will also be published on your Facebook profile and disclosed to your Facebook friends.
We use Twitter’s microblogging service operated by Twitter, Inc., 1355 Market Street, Suite 900
San Francisco, CA 94103, USA (Twitter). An overview of the Twitter buttons and their appearance can be found under https://publish.twitter.com/#. When you visit a page of our web presence that contains such a plugin, your browser connects directly to the servers of Twitter. The content of the plugin is transmitted by Twitter directly to your browser and is integrated into the website. Through the integration, Twitter receives the information that your browser has accessed the relevant website of our web presence, even if you do not have a profile on Twitter or are currently not logged in to Twitter. This information (including your IP-address) is sent from your browser directly to a Twitter server in the US and is stored there. Twitter is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).
If you are logged in to Twitter, Twitter can immediately associate your visit to our websites to your Twitter account. If you interact with the plugins, for example by clicking on the “Tweet”-button, the relevant information is also transmitted directly to a server of Twitter and is stored there. The information will also be published on your Twitter account and disclosed to your contacts.
If you do not want Twitter to directly associate the data collected via our web presence to your Twitter account, you must log out of Twitter before visiting our websites. You can completely prevent the loading of Twitter plugins even with add-ons for your browser, eg. With the script blocker “NoScript”. You can change your privacy settings on Twitter in the account settings under https://twitter.com/personalization.
To prevent Tumblr from associating your visit to our websites to your Tumblr account, you must log out of your Tumblr account before visiting our website.
We use features of the social network LinkedIn operated by LinkedIn Inc., 2029 Stierlin Court, Mountain View, CA 94043, USA (LinkedIn). An overview of the LinkedIn buttons and their appearance can be found under https://developer.linkedin.com/plugins. Each time you visit our websites where such a component is integrated, your browser downloads an equivalent representation of the “LinkedIn” component. Through this process LinkedIn is informed about which specific website of our web presence is currently being visited. If you click on the LinkedIn “Share Button” while logged in to your LinkedIn account, you can associate the contents of our websites to your LinkedIn profile. As a result, LinkedIn is able to associate your visit to our websites with your LinkedIn user account.
To prevent Pinterest from associating your visit to our websites to your Pinterest account, you must log out of your Pinterest account before visiting our site.
19. e wine shop (eShop Hagn)
We process data of our customers in the context of the ordering process via our online shop, in order to enable them the selection and the order of the selected products and services, as well as their payment and delivery or execution. The processed data includes inventory data, communication data, contract data, payment data and the affected persons include our customers, interested parties and other business partners. The processing is carried out for the purpose of fulfilling our contractual obligations in the context of the operation of an online shop, billing, delivery and customer services. Therefore, we use session cookies for the storage of the shopping cart contents and permanent cookies for the storage of the login status.
We disclose the data to third parties only in the context of delivery, payment or in the context of legal permissions and obligations to legal advisors and authorities. The data will only be processed in third countries if it is necessary for the fulfillment of the contractual obligations (for example, at the customer’s request on delivery or payment).
In order to place an order with us at the e wine shop, a user account must be created by registering. However, you can also create a user account without placing an order. The data submitted by you during registration will be used to process the order. In addition, you may be informed by e-mail about offers or registration-related information, such as changes in the scope of the offer or technical circumstances. If you have closed your user account, your data will be deleted, provided that you wish to do so and the deletion does not conflict with any statutory storage requirements. We are entitled to irretrievably delete all your data stored during the term of the agreement.
21. Contact Request
If you use our contact form, we will use this information to contact you regarding your interest or to respond to your reservation or order. These data is stored and processed solely for the purpose of answering your request or for establishing further contact and the associated technical administration. Your data will be deleted after the final processing of your request, provided that you wish to do so and the deletion does not conflict with any statutory storage requirements.
If you have consented to the processing of personal data for special purposes subject to consent, you can withdraw this consent at any time. The data will be deleted by us. Data that you have disclosed to us in the course of the contact form will not be disclosed to third parties. You are entitled to restrict your consent to the processing of your data, in which case we will delete your data in accordance with the scope of the restriction.
If you have consented via double-opt-in (after subscribing you will receive an e-mail asking you to confirm your subscription) to receive our newsletter, we will process your e-mail address to send you an e-mail newsletter that is published several times a year, providing information about our winery products, promotions and news. You can withdraw your consent at any time by contacting us via the contact details stated under point 25 of this statement below. There is also the option of unsubscribing to the newsletter via a dedicated link at the end of each newsletter.
23. Links to Other Websites
Our websites contain links to external websites. The privacy statement at hand only allpies to our websites. We are not responsible for the content of any such external websites and disclaim any liability associated therewith.
24. Changes to this Statement
We reserve the right to change this privacy statement at any time in accordance with legal requirements and business needs.