Holidays on the farm Burgerhof in Brixen / South Tyrol
Data protection notice pursuant to EU Regulation No. 679/2016
The purpose of this notice is to provide information on the methods, scope and purposes of the processing of personal data by Jocher Thomas, in compliance with EU Regulation no. 679/2016 (hereinafter GDPR).
The Data Controller is Jocher Thomas, with registered offices in San Leonardo/Bressanone in the person of their legal representative Jocher Thomas, contact details: Burgerhof, Burgstallweg 11, 39042 Bressanone.
The Data Protection Officer, Jocher Thomas, may be contacted either by registered letter or e-mail at the following addresses: Burgerhof, Burgstallweg 11, 39042 Bressanone or email@example.com.
Data Subjects and type of personal data processed:
Jocher Thomas processes the personal data of customers, suppliers and persons who voluntarily provide their data personally (whether by telephone, fax or e-mail) and/or by registering on our website, as well as persons whose data have been shared by third parties, for example in public registers and directories, etc. In the case of third parties, processing is limited to basic personal data.
Purpose of data processing:
Personal data are processed exclusively for the following purposes:
1. fulfilment of legal obligations, including tax and accounting requirements
2. execution of a contract
3. activities related to the company’s business, like internal statistics, invoicing and accounting
5. sending newsletters
6. internal statistics
Lawful bases for data processing:
Data are processed in compliance with the applicable law and based on the following grounds, in accordance with Art. 6 and 7 of the GDPR:
– contract execution, i.e. providing the services required, fulfilling contractual requirements, answering enquiries
– compliance with legal obligations
– pursuing the Company’s legitimate interests
– consent provided by the Data Subject
Methods of data processing:
Data may be processed with or without the aid of electronic or automated means. Data processing activities may include the collection, storage, organisation, filing, consultation, processing in the strict sense of the term, and modification, selection, extraction, comparison, use, linking, blocking, transmission and deletion of data.
Data processing is carried out by the Data Controller as well as by Data Processors and third parties who may have been entrusted by the Data Controller with processing data for the purposes outlined in paragraph 3 or in cases where this is required by law. The Data Controller guarantees that any Processors and third parties that have been granted access to the personal data also process them in accordance with the GDPR.
If necessary for the activities and purposes outlined in paragraph 3, the data will be shared with domestic and/or foreign natural and/or legal persons. With the exception of these cases, personal data are not disseminated.
Data are processed using the following methods:
On registration, personal data are collected and processed to create a user account. During registration and login to the user’s account, their IP address and access times are tracked.
These data will be deleted as soon as the user’s account is deleted, except in cases where storage is required for tax or accounting purposes.
When the user contacts the Company via a contact form, e-mail or social media, their personal data are processed to reply to enquiries or provide the services they require. In these cases, the data collected may be stored in a customer relationship management system or similar systems.
Enquiries are deleted as soon as no longer necessary, unless the relevant data are required for compliance with legal obligations.
Google Tag Manager
This website uses Google Tag Manager, a tag management interface that enables Google marketing services to be integrated into our online offer. The Tag Manager itself does not process any personal data; for further information please refer to the Google Tag Manager use policy: https://www.google.com/analytics/tag-manager/use-policy/
In this respect, Data Subjects have the right to withdraw their consent at any time by installing the opt-out browser add-on, available at: https://tools.google.com/dlpage/gaoptout?hl=en.
Google Adwords and Conversion measurement
This website uses social plug-ins provided by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA. Recognisable by the Instagram logo, the plug-ins establish a direct connection between the user’s browser and the Instagram server located in the United States, so that Instagram receives information that the user has visited the relevant page. If the user is logged into the social network, Instagram can directly associate the data with the respective account. For further information, please refer to the Instagram data policy
Presence on social media
Jocher Thomas maintains an online presence within various social networks and platforms to communicate with customers, users and anyone interested and inform them about its services. In this context, the data protection policies of each respective social network apply.
Transfer of data for domain registration
Domain registration requires that personal data be transmitted to the relevant national or international registrars. In this respect, we only transmit the minimum amount of data required. Users may view and consult the data provided to the registrars if they so wish. The registries prohibit the use of personal data for commercial or abusive purposes.
Transfer of data to certification purposes
Personal data are transferred to the competent authority for the issuance of an SSL certificate. In this respect, we only transmit the minimum amount of data required. The Data Subject consents to his/her data being automatically transferred to the authority for the purposes of certification.
Business analyses and market research
This website carries out analysis and profiling activities using personal data to identify current market trends and meet the wishes of users and clients. The data processed for these purposes include contact details, contract and invoicing data, payment data and usage data, as well as metadata of contractual partners, interested parties, customers and visitors to our website. Analysis of these data serves to increase user-friendliness, optimise our offer and increase efficiency; the data collected will not be disclosed to third parties.
When you visit this website, session cookies are generated that are only stored for the duration of your visit. These cookies are not shared across domains nor used to track user behaviour.
Provision of personal data and refusal
The provision of personal data is optional but strictly necessary for the purposes listed in paragraph 3; failing to provide the data requested will result in the impossibility to perform the said activities.
Storage of personal data
Unless expressly stated otherwise in this notice, processed data will be deleted as soon as they are no longer required for the purposes outlined in paragraph 3, provided that storage is not or no longer required by law. As a general rule, personal data will not be kept for longer than two years.
If deletion is not possible for legal reasons, data processing will be restricted, i.e. the data will be blocked and not used for any other purposes.
Rights of Data Subjects:
Pursuant to the GDPR, Data Subjects have the following rights:
1. The right to access their personal data that the Data Controller stores about them, to demand the erasure or rectification of data and the restriction of processing as well as the right to object to processing;
2. The right to data portability, i.e. to receive their own data from the Data Controller in a structured and comprehensible format, and to request the transmission of data to another Controller;
3. The right to revoke their consent to the processing of data at any time provided that the lawful basis of the processing is the Data Subject’s consent, without prejudice to the legitimacy of data processing carried out on the basis of consent until the time of revocation;
4. The right to file a complaint with the competent Supervisory Authority.
To exercise these rights, Data Subjects may send a request by certified e-mail to the following e-mail address firstname.lastname@example.org or by registered letter with acknowledgement of receipt to: Burgerhof, Burgstallweg 11, 39042 Bressanone.