Privacy policy

Basic information

In this privacy policy, you will find out which personal data FMTG – Falkensteiner Michaeler Tourism Group AG processes automatically, in what way and for what purpose, and the rights you have as the data subject.

Data controller

The Data Controller is
FMTG – Falkensteiner Michaeler Tourism Group AG
Walcherstraße 1A. Entrance C2, Top 6.04, A-1020 Vienna, Austria
Tel.: +43 (5) 09911 11 999 
Email: dataprotection@falkensteiner.com

Collection and processing of personal data

Your personal data is collected when you provide the data on the offer for the granting of a loan for subordinated loans granted to us and as part of the registration on the relevant online platform. Your personal data will be processed on the basis of your (revocable at any time) consent and if it is required to fulfil a contract or to carry out pre-contractual measures or due to a legal obligation. Furthermore, if the data processing is necessary to protect your vital interests or those of another natural person, if it is necessary for the performance of a task that is in the public interest or in the exercise of official authority, or if it is necessary to protect legitimate interests on our part or on the part of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail.
The protection of your personal data is of paramount importance to us. Your personal data will therefore only be processed to the extent permitted by law and necessary for the fulfilment of the respective purpose .

The following personal data is collected and processed as part of our services:

1. To process the granting of subordinated loans to FMTG – Falkensteiner Michaeler Tourism Group AG and to process future investments:

  • First and last name
  • Date and country of birth
  • Address (state, country, postcode)
  • Gender
  • Personal situation – family situation
  • Ultimate beneficial ownership – first and last name
  • Phone number
  • Email address
  • Banking details
  • Citizenship


2. To send information about our company’s services and products (especially information about future potential investments) and to be contacted by customer service:

  • Name
  • Address
  • E-Mail address
  • Phone Number

We use the following communication channels, if you have provided them to us: email, mail and SMS.

To inform you about offers and services and to contact you for customer surveys, we need your express consent, which you can grant in a “double-opt-in” form. Without you providing us with the data referred to in point 4 and giving your express consent, we cannot send you any information or contact you in this regard.

3. For the purpose of personalising offers for potential future investments in order to better meet your needs (profiling):

  • Name
  • Title
  • Gender
  • Address
  • Date of birth

Profiling

Profiling is the process whereby the responsible person (data controller or processor) collects and processes personal data for the purpose of providing and improving offers and services so that they can be better tailored to the needs of the customer. However, no decisions which may result in legal consequences or damage of any kind for the customer are made in an automated manner.

We may process the following data in our system called Protel: name, gender, title, address, phone number, email address, date of birth, license plate number, passport number, issuing authority, date of issue, expiry date, company, profession, tax number, membership card, photo, comments and relationship to other profiles.

We can assign the above data related to your investments to your profile. Personal data provided by you will be processed until you withdraw your consent. You can withdraw your consent at any time, free of charge and without giving any reason, by email at:  dataprotection@falkensteiner.com or by phone at +43 (5) 09911 11 999.

Disclosure to third parties

Your data will not be disclosed to third parties unless

  • we are legally obliged to do this, e.g., according to the TKG, StGB or the StPO,
  • to authorised medical personnel in case of medical emergencies.
  • based on your express, written consent.
  • to individual companies of the FMTG – Falkensteiner Michaeler Tourism Group and to FMTG Services GmbH, Vienna, based on your consent; you can find more information about the companies (hotels) belonging to FMTG that process your data on our behalf on our website (https://www.fmtg.com/ and https://fmtg-invest.com) or you can at dataprotection@falkensteiner.com

For the purpose of payment processing, your bank details will be passed on to electronic payment service providers.

Data processing on behalf of a third party

If we engage a data processor, we remain responsible for protecting your personal data. All direct or indirect subsidiaries and affiliated companies of FMTG – Falkensteiner Michaeler Tourism AG which operate under the brand “Falkensteiner Hotels & Residences” are data processors according to Art. 28 GDPR.

We therefore only commission external data processors to perform activities that are necessary for the provision of our services, such as for sending newsletters. These data processors have committed themselves to us to comply with the applicable data protection regulations. A third-party data processing contract has been concluded with them in accordance with Art. 28 GDPR.

Your personal data will be shared with the following external data processors:

  • A1 Telekom Austria AG, Vienna, AT
  • AdoptoTech d.o.o., Zagreb, HR
  • Adria Scan d.o.o., Sveta Nedjelja, HR
  • Auditor spol. s.r.o., Prague, CZ
  • LeitnerLeitner Slovakia s.r.o., Bratislava, SK
  • BMD Systemhaus GmbH, Steyr
  • CONDA GmbH, Vienna
  • Confida Süd Wirtschaftsprüfungsgesellschaft m.b.H, Graz
  • Delegate Technology GmbH, Vienna, AT
  • Facebook Inc., Menlo Park, CA, USA
  • Facelift, Hamburg, DE
  • A. Service GmbH, Salzburg
  • Google Inc., Dublin, IR
  • Helmuth Thaler GmbH, Bruneck, South Tyrol
  • HGC Hotellerie & Gastronomie Consulting GmbH, Innsbruck
  • Incert e-Tourismus GmbH & Co. KG, Linz
  • Infolink d.o.o. Belgrad, SRB
  • Instagram Inc., San Francisco, CA, USA
  • Laser Line d.o.o., Umag, HR
  • consulting Anita Maslo, Vienna
  • MC Sistemi d.o.o., Ljubljana, SLO
  • Metadata d.o.o., Belgrade, SRB
  • Microsoft, Vienna, AT
  • Nexell GmbH, Zug, CH
  • Nexxchange GmbH, Vienna
  • ProASP Professional Application Services Providing GmbH, Bad Voslau
  • Protel Hotelsoftware Austria GmbH
  • Revinate Inc., San Francisco, CA, USA
  • Rubatscher Steuerberatungs- und Wirtschaftsprüfungsgesellschaft m.b.H, Innsbruck
  • com EMEA Limited, Munich, DE
  • Serenissima Informatica SpA.,Padova, IT
  • Workflow EDV GmbH, Wien
  • YouTube LLC, San Bruno, CA, USA
  • zero21 Funding Services GmbH, Vienna


We primarily use data processors within the European Union. We only use data processors outside the European Union if (i) the European Commission has issued an adequacy decision for the third country in question or (ii) we refer to the standard contractual clauses of the European Commission or (iii) if suitable guarantees, e.g., the EU/US Privacy Shield, with the third country or (iv) we have agreed binding internal data protection regulations with the data processor.

You can request more information about data processors commissioned by dataprotection@falkensteiner.com

Google Analytics

Our websites use Google Analytics, a web analysis service provided by Google Inc. (Google). Google Analytics uses so-called “cookies” (text files that are stored on the user’s computer) which enable an analysis of the use of the website. The information generated by the cookie about the use of the website by users is usually transmitted to a Google server in the USA and stored there.

However, if IP anonymisation is activated on our website, your IP address will first be truncated by Google within the member states of the European Union or in other signatory states that are contracting parties to the Agreement on the European Economic Area. Only in exceptional cases, IP addresses are transferred to a Google server in the USA and truncated there. IP anonymisation is active on our websites. On behalf of the operator of our websites, Google will use this information to evaluate the use of the websites by users, to compile reports on the website activities and to provide other services related to website activity and internet usage to the website operator.

The shortened IP address transmitted by the user’s browser as part of Google Analytics will not be merged with other Google data. Users can prevent the storage of cookies by using the opt-out function on the Falkensteiner website or alternatively by setting your browser software accordingly; however, FMTG Services GmbH would like to point out to users that, in such case, not all functions of our website can be used to their full extent. Users can also prevent the data generated by the cookie and related to their use of the website (including their IP address) being sent to Google and the processing of this data by Google by using the browser plug-in available under the following link download and install: http://tools.google.com/dlpage/gaoptout?hl=de.

You can find more information on data use by Google for advertising purposes, setting and objection options on the Google website: https://www.google.com/intl/de/policies/privacy/partners/  (“Data use by Google when you use websites or apps of our partners”), http://www.google.com/policies/technologies/ads  (“Data use for advertising purposes”), http://www.google.de/settings/ads (“Manage information that Google uses to show you advertising”) and http://www.google.com/ads/preferences/  (“Determine what advertising Google shows you”)”.

Duration of processing

We process your personal data – if necessary – for the duration of the entire business relationship (from the initiation and processing to the termination of a contract and the processing of outstanding claims). Once the contract has been completed, your data will be stored until the end of the warranty, statute of limitations, compensation for damages and statutory retention periods applicable to us, and also until any legal disputes in which the data is required as evidence are completed. We store data that you have provided to us for marketing and information purposes, such as sending us a newsletter, until you revoke your consent.

Data security

We use technical and organisational security measures to protect your personal data against accidental or intentional manipulation, loss or destruction and against access by unauthorised persons, in accordance with Article 32 of the General Data Protection Regulation. Our security measures are being continuously improved in accordance with technical progress.

Your rights

With regard to the processing of your data, you can assert the following rights under the General Data Protection Regulation and the national data protection law:

a. Right to information
You can request confirmation from us as to whether and to what extent we are processing your data. This confirmation contains information about the purposes for which your data is processed, the categories of personal data processed, the recipients or categories of recipients of personal data, the duration of data processing.

b. Right to rectification
You can request at any time that incorrect or incomplete data concerning you be corrected and/or completed immediately.

c. Right to erasure
You can ask us to delete your personal data if we process it unlawfully, the processing interferes disproportionately with your legitimate protection interests, the personal data is no longer necessary for the purposes for which it was collected, or you have revoked your consent. Please note that there may be reasons that prevent immediate deletion, such as legally regulated retention obligations.

d. Right to limit the processing

  • You may request that we restrict the processing of your data if:
  • you contest the accuracy of the data for a period of time that allows us to verify the accuracy of the data;
  • the processing of the data is unlawful, but you refuse to delete it and instead request a restriction on the use of the data;
  • we no longer need the data for the intended purpose, but you still need this data to assert, exercise or defend legal claims, or
  • you have lodged an objection to the processing of the data.

This data will be processed from the request for restriction only with individual consent or for the assertion and enforcement of legal claims.

e. Right to data portability
You can request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format, provided that

  • we process this data on the basis of your revocable consent or for the fulfilment of a contract between us, and
  • that this processing is carried out using automated methods.

f. Right to object
For reasons arising from your particular situation, you can object at any time to the processing of personal data concerning you, which is necessary to protect our legitimate interests or those of a third party. Your data will no longer be processed after the objection, unless there are compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

You can object to direct marketing at any time without stating reasons.

g. Right to appeal
If you believe that we violate national or European data protection law when processing your data, you can contact us at any time. Of course, you also have the right to contact the competent data protection authority and, from 25 May 2018, the supervisory authority within the EU.

h. Assertion of your rights
In order to assert one of the rights mentioned against us, please use the following contact options:

If we cannot determine your identity based on the data we have on file, it may be necessary for us to request additional information to determine your identity (e.g., photo ID). Such inquiries serve to protect your rights and your privacy.

General information about cookies

Our website uses cookies. This is a small file that can be stored on the visitors’ device when they visit our website. We use cookies to make our website more user-friendly. Most of the cookies on this website are session cookies. They are automatically deleted when you leave our website. Other cookies remain in your device’s memory until you delete them. These cookies enable us to recognise your browser when you next visit the site. When you visit our website, we only set cookies that are absolutely necessary for the functionality of the website. Otherwise, we only process your personal data by setting cookies after you have given your express consent. You can prevent the setting of cookies at any time by means of an appropriate setting of the browser used. Furthermore, cookies that have already been set can be deleted at any time via your browser. This is possible in all common browsers. However, we would like to point out that if you have deactivated the setting of cookies in your internet browser or have deleted cookies that have already been set, not all functions of our website may be fully usable.

Mit Erteilung Ihrer ausdrücklichen Einwilligung stimmen Sie dem Einsatz folgender Cookies bzw Plugins zu: