PRIVACY POLICY of XENIOS Management GmbH
Data protection is a matter of trust and your trust is of utmost importance to us at XENIOS Management GmbH. The protection of your personal data is of particular concern to us.
This privacy policy will inform you about the nature, scope and purpose of the collection and use of personal data of (a) users of our services (“Customer“), (b) website users and (c) newsletter subscribers carried out by our company and will provide you with information about your rights with respect to the collection and processing of personal data. Any processing of data will only be carried out in accordance with the relevant legal provisions, in particular the General Data Protection Regulation (“GDPR”), the Data Protection Act (“DPA“, i.e. the Austrian Datenschutzgesetz, the DSG) and the Telecommunications Act of 2021 (“TKG“), as amended from time to time. In this data protection information, we will inform you about the most important aspects of data processing in accordance with Articles 13 and 14 of the GDPR.
The controller for all processing activities and your contact person for all questions relating to the processing of your personal data is the
XENIOS Management GmbH
Getreidemarkt 14/Top 27
1010 Vienna
Phone no.: +43 (0) 1 890 666 1
E-mail: dataprivacy@loisium.com (“responsible person“)
If you have any questions about data protection or about exercising your rights in relation to your personal data processed by us, please contact our data protection coordinators at dataprivacy@loisium.com.
a) If you are our customer
The processing of personal data is necessary within the framework of the initiation and processing of the contractual relationship as well as for the management of our customer relationship.
Within the framework of the initiation and processing of the contractual relationship as well as for the efficient support of our customers, we collect, generate and store the personal data of our customers exclusively to the extent that is necessary to be able to fulfil our legal and contractual obligations. This includes in particular the personal data that we specifically collect from you or that are generated by us in the course of the contractual relationship:
b) If you are a website user
Each time the website is called up, our system collects data and information from the computer system of the calling computer. The following data is collected:
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.
These include the following:
The log files do not contain IP addresses or other data that allow an assignment to a user. The data is also stored in the log files of our system. Not affected by this are the IP addresses of the user or other data that enable the data to be assigned to a user. Any storage of this data together with other personal data of the user shall not take place.
If you contact us via our contact form, we process the following data:
For more information on cookies and web analytics, please see point 6 of this Data Protection Declaration.
c) If you are a newsletter subscriber
If you register for the free newsletter on our website, your personal data will be processed. This includes title, first name, last name, email address, time of retrieval, IP address, browser type and operating system.
a) If you are our customer
If you are our customer, we process your personal data
You can object to the processing of your personal data at any time by stating your reasons in accordance with Article 21 of the GDPR.
b) If you are a website user
If you are a user of the website, we will process your personal data
You can object to the processing of your personal data at any time by stating your reasons in accordance with Article 21 of the GDPR.
c) If you are a newsletter subscriber
If you subscribe to our newsletter, we will process your personal data based on your consent (point (a) of Article 6 (1) of the GDPR). Your data will be processed for the purpose of delivering the newsletter provided by us.
We use a double opt-in procedure which allows to register for our newsletter. After your registration, we will send you an e-mail in which you explicitly confirm that you would like to receive our newsletter and agree to the associated processing of your data. Only after submitting this confirmation, your registration for the newsletter will be completed.
You can unsubscribe from the newsletter at any time. Please send your unsubscription to the following e-mail address: [news@loisium.com]. We will then immediately delete your data collected and processed by our company in connection with the newsletter dispatch.
d) No automated decision making or profiling
The data we process is not processed for automated decision-making, nor do we carry out so-called “profiling”.
Your personal data will be stored and processed by us and, if necessary, forwarded to third parties.
a) If you are our customer
„Opera/Oracle Austria GmbH“, Donau-City-Straße 7, DC Tower, 36. “Opera/Oracle Austria GmbH”, Donau-City-Straße 7, DC Tower, 36th floor, 1220 Vienna, Austria and “Amadeus Hospitality/Travelclick” Via Augusta, 117, 08006 Barcelona, Spain for handling the room reservations;
“Zenchef”, Société Zenchef, 63 avenue de villiers, 75017 Paris for handling table reservations;
WIENER STÄDTISCHE Versicherung AG Vienna Insurance Group, Vienna 1, Schottenring 30, A-1010 Vienna, P.O. 80 as well as
AXA France IARD – 313, Terrasses de l’Arche – 92727 Nanterre Cedex;
b) If you are a website user
“Into-IT GmbH” Hernalser Hauptstrasse 196/1, 1170 Vienna, Austria;
c) If you are a newsletter subscriber
If the recipients of your personal data mentioned above are located outside the EEA and the country in question has also not been determined to have an adequate level of data protection by decision of the EU Commission, we will ensure that the transfer is made on the basis of standard contractual clauses (currently Commission Implementing Decision (EU) 2021/914) or otherwise in accordance with Articles 46, 47 or 49 of the GDPR.
In addition, processors commissioned by us receive your data in order to be able to perform their respective services (e.g. “Amadeus Hospitality” based in Via Augusta, 117, 08006 Barcelona, Spain when registering for the newsletter: the e-mail is sent via “Travelclick”). All processors are contractually obliged to treat your data confidentially and to process it only within the scope of our commissioning and in accordance with our specifications.
We generally store and process your personal data as long as this is deemed necessary for the fulfilment of the purpose of processing. In detail, this will include the following aspects:
a) If you are our customer
As a matter of principle, we will only store your personal data for as long as we need them for the processing of the contract, i.e. mostly until the end of the business relationship. We are obliged to store data relevant under tax law according to Section 132 of the Austrian Federal Fiscal Code (i.e. BAO, the Bundesabgabenordnung) and business letters according to Section 212 of the Austrian Commercial Code, i.e. the UGB, for a period of at least seven years. In addition, the data will be kept as long as specific claims are asserted against us. If we have reasonable suspicion of abusive behaviour and forward the data to the competent public authorities, this data will be kept on a separate data carrier and deleted after the legal proceedings have ended.
b) If you are a website user
The storage period of cookies ends within six to 24 months calculated from the end of the activity that led to the cookie setting (i.e. usually the visit to a website). The specific storage period varies depending on the cookie or the tool used. The consent given with regard to cookies can be revoked at any time with effect for the future via the link [“Cookie settings”]. This prevents the setting of cookies in the future.
Data that you transmit to us via contact form, chat, e-mail or telephone is stored for a period of at least seven years in accordance with the statutory retention and documentation obligations pursuant to Section 132 of the Austrian Federal Fiscal Code (i.e. BAO, the Bundesabgabenordnung) and Section 212 of the Austrian Commercial Code, i.e. the UGB. If there is no business relationship entered into, however, we will store them for a maximum of 3 years.
c) If you are a newsletter subscriber
We will delete your data after having received your revocation of consent.
If you have any questions regarding the specific retention period of your personal data, please do not hesitate to contact us at the address given above or by e-mail to dataprivacy@loisium.com.
a) Cookies
Our website uses cookies. These are small text files that are temporarily stored on your end device with the help of the browser or that your browser saves. They do not cause any damage, but make the use of the website more user-friendly. “Session cookies” store information used during your current browser session. These cookies are automatically deleted when you close your browser. “Persistent cookies”, on the other hand, are not deleted when you close your browser, but remain stored on your computer and allow us to recognise your browser the next time you visit.
In the course of your use of the website, we therefore collect and process the following data: IP address and language setting. We collect this data automatically with cookies provided by third-party providers on the basis of your consent in accordance with point (a) of Article 6 (1) of the GDPR (or in connection with Section 165 (3) of the Austrian TKG in the case of persistent cookies, which are stored on your terminal device).
You can also revoke the storage of individual cookies (via configuration in the cookie banner) as well as the storage and use via browser configuration at a later time. “Technically necessary cookies”, which are mandatory for the structure and functioning of the website, cannot be deactivated.
We use the following technically necessary cookies:
borlabs-cookie: This permanent first-party cookie is set by the Consent Tool and is used to record the user’s consent for the cookies in the “Advertising” category. The cookie has a normal lifetime of 11 months so that returning visitors to the website can remember their preferences. It does not contain any information that can identify the website visitor.
wp-wpml_current_language: This functional session cookie stores website language preferences and is deleted at the end of the session.
We also use third-party content on our website to make our internet presence as informative and convenient as possible for you. This includes, for example, Google Maps, RSS feeds or YouTube. These third-party providers receive your IP address for technical reasons (“third-party cookies”). We have no influence on the use of this data by the third-party provider. In this regard, we refer to the data protection declarations of the respective providers.
b) Web analysis Google Analytics
Our website uses functions of the web analytics service Google Analytics. Google Analytics is a service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses “cookies”, which allow Google to analyse the use of our website. The information collected by the cookies about the use of our websites (including your anonymised ip address) is usually transferred to a Google server located in the USA and stored there. We would like to point out that Google Analytics has been extended on our websites to ensure anonymised collection of IP addresses (so-called IP masking). Your ip address is only recorded by Google in shortened form, which ensures anonymisation and does not allow any conclusions to be drawn about your identity. With IP anonymisation on our websites, your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google also observes the data protection provisions of the “US Safe Harbor” agreement and is registered with the “Safe Harbor” programme of the US Department of Commerce. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. A transfer of this data by Google to third parties only takes place due to legal regulations or within the framework of commissioned data processing.
The data processing is based on your consent pursuant to Section 165 (3) of the Austrian Telecommunications Act, the TKG, as well as point (a) of Article 6 (1) of the GDPR.
We use the following cookies and pixel trackers for this purpose:
_ga: this Google Analytics cookie is used to distinguish visitors when collecting information about page visits. This cookie helps us to identify and improve the website area. In principle, these “permanent cookies” are stored for a period of 14 months. The storage period is justified by the interest in being able to carry out statistical annual comparisons with regard to web analysis.
_gcl_au: this permanent third party cookie allows us to store a generated user ID for tracking Google Ads advertisements and is deleted after a period of three months.
You can revoke your consent at any time with effect for the future by calling up the link [“Cookie settings”] and changing your selection there. The lawfulness of the processing carried out on the basis of the consent given by you until the revocation remains unaffected thereby.
You can also prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict functionalities on this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by selecting the appropriate settings on your browser and
For more information on Google Analytics’ terms of use and Google’s privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/en/ and https://policies.google.com/?hl=en.
c) Google Tag Manager
We use Google Tag Manager to recognise your user behaviour. The Google Tag Manager is a solution with which marketers can manage website tags via an interface. The tool is used to steer extended script and event handling. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.
The data processing is based on your consent pursuant to Section 165 (3) of the Austrian Telecommunications Act, i.e. the TKG, as well as point (a) of Article 6(1) of the GDPR.
You can find more detailed information here.
d) Google Ads
This website also uses Google Conversion Tracking. Google Ads sets a cookie on your computer if you have accessed our website via a Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Ads client’s website and the cookie has not yet expired, Google and the client can recognise that the user clicked on the ad and was redirected to this page. Each Ads client receives a different cookie. Cookies can therefore not be tracked across Ads clients’ websites. The information collected using the conversion cookie is used to create conversion statistics for Ads clients who have opted in to conversion tracking. Ads clients learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that personally identifies users. If you do not wish to participate in the tracking procedure, you can also refuse the setting of a cookie required for this – for example, via a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser in such a way that cookies from the domain “www.googleadservices.com” are blocked. Further information on Google’s privacy policy can be found here.
When you use SSL search, Google’s encrypted search feature, the search terms are usually not sent as part of the URL in the referring URL. However, there are some exceptions to this, for example if you are using certain less common browsers. For more information on SSL-search, please click also here. Search queries or information in the referral URL could also be viewed through Google Analytics or an application programming interface (API). In addition, advertisers may receive information about the exact search terms that triggered a click on an ad. https://policies.google.com/faq?hl=de“.
The data processing is based on your consent pursuant to Section 165 (3) of the Austrian Telecommunications Act, the TKG, as well as point (a) of Article 6 (1) of the GDPR.
e) Google Remarketing
We use the Google Remarketing service, an advertising analysis tool, on our website. With Google Remarketing, advertisements can be displayed for users who have already visited our website in the past. Within the Google advertising network, this enables advertisements to be displayed on our site that are tailored to the users’ interests. Google Remarketing uses cookies for this evaluation.
The service provider is the American company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for the provision of all Google services.
You can find out more about the data processed through the use of Google Remarketing in the Privacy Policy at https://policies.google.com/privacy?hl=de.
The data processing is based on your consent pursuant to Section 165 (3) of the Austrian Telecommunications Act, the TKG, as well as point (a) of Article 6 (1) of the GDPR.
f) Facebook (Meta) Remarketing / Pixel
This website uses the “Custom Audiences” remarketing function of Facebook Inc (“Facebook”). This function is used to present interest-based advertisements (“Facebook Ads”) to visitors of this website when they visit the social network Facebook. For this purpose, the Facebook remarketing tag has been implemented on this website. Via this tag, a direct connection to the Facebook servers is established when visiting the website. In doing so, data information is transmitted to the Facebook server that you have visited this website and Facebook will assign this information to your personal Facebook user account. For more information on the collection and use of data by Facebook, as well as your rights in this regard and options for protecting your privacy, please refer to Facebook’s privacy policy at https://www.facebook.com/about/privacy/. Alternatively, you can deactivate the “Custom Audiences” remarketing function at https://www.facebook.com/settings/?tab=ads . To do this, you must be logged in to Facebook.
The data processing is based on your consent pursuant to Section 165 (3) of the Austrian Telecommunications Act, i.e. the TKG, as well as in accordance with point (a) of Article 6 (1) of the GDPR.
We use the following cookies for the purposes of target group advertising:
_fbp un fbq_external_id: this first party cookie is set and used by us to display our (personalised) advertisements to social media users on third-party sites who have already visited our website. This cookie will be stored in their browser for a period of 90 days.
Shared responsibility:
Together with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta), we are jointly responsible for the collection and transfer of data as part of this process. This applies to:
The following processing operations are therefore not covered by joint processing:
For joint responsibility, we have concluded a corresponding agreement with Facebook, which can be accessed here: https://www.facebook.com/legal/controller_addendum. This sets out the respective responsibilities for fulfilling the obligation under the GDPR with regard to shared responsibility.
The contact details of Facebook and the Facebook data protection officer can be found here: https://www.facebook.com/about/privacy .
Meta is primarily responsible for the exercise of data subjects’ rights (see point 4. of the list).
Further information on how Meta processes personal data, including its legal basis and further information on data subject rights can be found here: https://www.facebook.com/about/privacy. We transfer the data within the scope of shared responsibility on the basis of our legitimate interests pursuant to point (f) of Article 6 (1) of the GDPR.
Information on the data security conditions can be found here. https://www.facebook.com/legal/terms/data_security_terms and on processing based on standard contractual clauses can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.
g) Instagram
Functions of the Instagram service are integrated on our pages. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram. For more information, please see the Instagram privacy policy: https://instagram.com/about/legal/privacy/
h) Hotjar
We use Hotjar by Limited (Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta) on this website to statistically analyse visitor data. Hotjar is a service that analyses user behaviour and feedback on websites through a combination of analytics and feedback tools. Hotjar-based websites have a tracking code embedded on their websites which is transmitted to our servers located in Ireland (EU). This tracking code contacts Hotjar’s servers and sends a script to the computer or device you use to access the Hotjar-based website. The script collects certain data relating to the user’s interaction with the relevant website. This data is then sent to Hotjar’s servers for processing.
More details about the privacy policy and what data is collected by Hotjar and in what way can be found at https://www.hotjar.com/legal/policies/privacy.
_hjSessionUser_: this persistent third party cookie is set the first time a user views a page using the Hotjar script and is deleted after a period of one year. It is used to store the Hotjar user ID that is unique to that page in the browser.
Deactivating Hotjar: If you do not want Hotjar to collect your data, you can activate the Hotjar Opt Out. There you have the option to deactivate or reactivate the collection of data by Hotjar by simply clicking on the red deactivate Hotjar button. Attention: Deleting cookies, using the incognito/private mode of your browser, or using a different browser will result in data being collected again.
i) Cloudflare
We use the Content Delivery Network (CDN) of Website Cloudflare of Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA) to improve the security and delivery speed of our website. To implement this, Cloudflare uses cookies and processes visitor data.
Cloudflare offers web optimisation and security services. These include a reverse proxy, a pass-through security service and a content distribution network. Cloudflare collects information from website visitors. This information includes, but is not limited to, IP addresses, system configuration information and other information about traffic to and from the website. Cloudflare collects and uses log data to operate, maintain and improve its services in accordance with customer agreements. For example, log data may help Cloudflare detect new threats, identify malicious third parties and provide more robust security protection to this website.
Cookies used by Cloudflare:
__cfduid: used to identify individual visitors behind a shared IP address and apply security settings to each individual visitor. The cookie is deleted after one year.
This cookie is absolutely necessary for the Cloudflare security functions and cannot be deactivated.
j) Live chat
Our website uses the Live Chat module (http://www.livechatinc.com/privacy-policy/). You can use Live Chat like a contact form to chat with our employees in almost real time. When you start the chat, the following personal data is collected:
The data processing is based on your consent pursuant to Section 165 (3) of the Austrian Telecommunications Act, the TKG, as well as point (a) of Article 6 (1) of the GDPR. This consent is obtained prior to the setting of cookies and the transmission of the aforementioned data. The processing serves to be able to offer our customers even better service and support. You have the right to revoke your consent at any time. You can delete the cookies at any time via the settings in your browser. The lawfulness of the processing until the point in time of your revocation shall not be affected thereby. The chat logs as a part of corporate communication are stored for three years.
If the recipients of your personal data mentioned above are located outside the EEA and the country in question has also not been determined to have an adequate level of data protection by decision of the EU Commission, we will ensure that the transfer is made on the basis of standard contractual clauses (currently Commission Implementing Decision (EU) 2021/914) or otherwise in accordance with Articles 46, 47 or 49 of the GDPR.
As a data subject of our data processing, you have the following rights. To assert your rights, you can reach us at the following contact details, among others:
XENIOS Management GmbH
Getreidemarkt 14/Top 27
1010 Vienna
E-mail: dataprivacy@loisium.com
a) Right to rectification and right to restriction of processing
You may request that inaccurate or incomplete data be corrected or completed. You also have the right to request a restriction of the processing of data that may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest, for example if the accuracy of the data is disputed.
b) Right to data portability
You may request that a copy of the data, insofar as it has been made available to us, be sent to you – or, insofar as this is technically feasible, to a third party that can be determined – in a structured, common and machine-readable format.
c) Right to erasure
You can request the deletion of your data, for example if it is not processed in accordance with the data protection regulations.
d) Right to object
You have the right to object to the processing of personal data at any time, stating your reasons. In this case, we will no longer process the personal data relating to you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, or the processing serves the purpose of asserting, exercising or defending legal claims.
e) Right to revoke a declaration of consent
If you have given us your consent to process your data, you can revoke your declaration of consent at any time, informally and without stating any reasons. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
f) Supervisory authority
If you believe that the processing of your data is taking place unlawfully or that your rights under data protection law have been violated in any other way, you have the right to lodge a complaint with the competent supervisory authority. In Austria, the competent authority is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna.
Furthermore, you have the right to bring an action before the competent regional court pursuant to Section 29 (2) of the Data Protection Act and to take any other legal remedies, such as asserting claims for damages in the event of unlawful processing.
We reserve the right to adapt this data protection statement at any time in compliance with the applicable data protection regulations. Users are requested to inform themselves regularly about the content of the data protection statement.
Status: March 2023
Data protection notice in application process
For more detailed information, please click here.
Why is nothing displayed here? Due to your current cookie settings, this content is not displayed. Please click here to adjust the settings and use the content as usual. All other data protection information can be found here::
loisium.com/en/privacy-policy/
Why is nothing displayed here? Due to your current cookie settings, this content is not displayed. Please click here to adjust the settings and use the content as usual. All other data protection information can be found here::
loisium.com/en/privacy-policy/
Why is nothing displayed here? Due to your current cookie settings, this content is not displayed. Please click here to adjust the settings and use the content as usual. All other data protection information can be found here::
loisium.com/en/privacy-policy/