Privacy Policy
Effective date: 30 July 2025
This privacy policy provides information pursuant to Article 13 GDPR regarding the
processing of personal data by ALMANAC HOTELS GmbH (hereinafter “we”).
Data Controller
ALMANAC HOTELS GmbH
Lothringerstraße 4/Top 4
1040 Vienna, Austria
Email: info@almanachotels.com
Purpose and Legal Bases of Processing
We only process personal data to the extent necessary to provide our website, perform our services, or comply with legal obligations.
| Purpose | Processed Data | Legal Basis |
|---|---|---|
| Website operation and security | IP address, browser type, operating system, visited pages, error logs | Legitimate interest (Art. 6(1)(f) GDPR) |
| Contact forms / Email enquiries | Name, email address, phone number, message content | Consent or performance of contract (Art. 6(1)(a) or (b) GDPR) |
| Room bookings via TravelClick | Name, contact details, travel details, credit card data | Performance of contract (Art. 6(1)(b) GDPR) and consent (Art. 6(1)(a) GDPR) |
| Credit card data | Card number, expiry date, security code | Processed exclusively to carry out your booking and protected in accordance with the PCI-DSS standard. Your consent is obtained as part of the booking process (Art. 6(1)(a) and (b) GDPR). |
| Marketing (e.g. newsletters) | Email address, consent history | Consent (Art. 6(1)(a) GDPR) |
| Web analytics (Google Analytics, Hotjar) | Anonymized usage data, session data | Consent (Art. 6(1)(a) GDPR) via cookie banner |
Cookies and Consent Management
Our website uses cookies. Technically necessary cookies are essential for the operation of the site and are set without consent. All other cookies – especially for analytics and marketing – are only set with your prior consent via our cookie management tool.
The use of Google Analytics and Hotjar is based exclusively on your explicit consent (Art. 6(1)(a) GDPR), which you can give or withdraw via our cookie management tool. You can change or revoke your cookie preferences at any time.
Booking System (TravelClick)
To process room reservations, we use the external booking system TravelClick (part of the Amadeus IT Group), integrated via iFrame or subdomain. Data entered during the booking process is transmitted directly to TravelClick.
ALMANAC HOTELS GmbH and TravelClick act as separate controllers under data protection law.
Data Recipients and Transfers to Third Countries
Your personal data may be disclosed to the following categories of recipients:
- Affiliated companies (e.g. Gran Via Hotel Barcelona S.L.)
- Technical service providers (e.g. hosting, IT support)
- Providers of web analytics tools (e.g. Google Ireland Ltd., Hotjar Ltd.)
- Booking system provider: TravelClick Inc. (USA)
Transfers to third countries (e.g. the USA) only take place under the following conditions:
- Based on standard contractual clauses pursuant to Art. 46 GDPR, or
- With your explicit consent pursuant to Art. 49(1)(a) GDPR.
Please note that third countries may not offer an adequate level of data protection comparable to the EU.
Storage Duration
Your data will be stored for the duration of the applicable legal retention period (e.g. 7 years under § 132 Austrian Federal Tax Code). Beyond that, data will only be retained for as long as necessary for the respective purpose. If processing is based on your consent, data will be stored until you withdraw your consent, unless a longer legal retention obligation exists.
Your Rights as a Data Subject
You have the following rights under the GDPR:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object to processing (Art. 21 GDPR)
- Right to withdraw consent (Art. 7(3) GDPR)
To exercise your rights, please contact us at: info@almanachotels.com
We reserve the right to verify your identity to prevent unauthorized access.
Right to Lodge a Complaint
If you believe that your data is being processed unlawfully, you have the right to file a
complaint with the competent supervisory authority:
Austrian Data Protection Authority
Barichgasse 40–42
1030 Vienna
www.dsb.gv.at
Data Security
We implement appropriate technical and organizational security measures to protect your personal data from loss, misuse, and unauthorized access. Nevertheless, please note that data transmission over the internet may be subject to security risks.
Protection of Minors
Our online services are intended exclusively for individuals over 18 years of age. We do not knowingly process personal data of minors without the consent of a legal guardian. If we become aware of such cases, the data will be deleted immediately.
Changes to This Privacy Policy
We reserve the right to amend this privacy policy at any time, particularly in the event of changes in legal requirements or our services. The current version is always available on our website.