4 hotels - 4 styles

Privacy policy

1. Basic information

In this privacy policy, you will learn what personal data Grape Hospitality OpCo GmbH, in what way and for what purpose automation-supported processing, as well as what rights you, as a data subject, have.

2. Person in charge

The responsible party is Grape Hospitality OpCo GmbH, Landstraßer Hauptstraße 28, 1030 Vienna, Austria/ Tel: +43 (1) 716710 / Email: h5357@accor.com.

3. Collection and processing of personal data

The protection of your personal data is of particular concern to us. Therefore, your personal data will only be processed to the extent that this is permitted by law and necessary to fulfill the respective purpose (provision of services, contract execution, fulfillment of legal obligations, sending informational material and advertising, sending a newsletter, conducting customer analyses).
For the processing of your health data (allergies and special needs), we require your express consent, which you can revoke at any time. Please note that if you do not give your consent or revoke it during our contractual relationship, we will not be able to provide our services to the usual extent, whereupon you will use our services at your own risk.
To send information about services and products of our company and to contact customer service:

  • Name
  • Address
  • Email address
  • Mobile phone number

In doing so, we will use the following communication channels if you have provided them to us: Email, mail and SMS.
In order to inform you about offers and services and to contact you for customer surveys we need your explicit consent, which you can give in a "double-op-in" form. Without you providing us with the data mentioned in point 4 and giving your explicit consent, we will not be able to send you any information or contact you in this regard.
For the purpose of providing and improving services and personalizing offers and services to better meet your needs (profiling):

  • Name
  • Title
  • Gender
  • Address
  • Date of birth
  • Citizenship
  • spouse
  • Child/children

This website uses the WordPress plugin Wordfence by Defiant, Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA for security purposes. For this purpose, cookies are set in your browser and your IP address is collected, stored and transmitted to a server of Defiant in the USA.
The provided DSGVO-compliant data processing agreement has been concluded. Wordfence, as a data processor, complies with all requirements of the GDPR and is subject to the provisions of the Privacy Shield.
WordFence is used to increase the security of this website and thus also the security of the website users. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO.
The privacy policy of Wordfence can be found at https://www.wordfence.com/terms-of-use/ and at https://www.wordfence.com/privacy-policy/.

4. Profiling

Profiling is the process in which the responsible person (controller or processor) collects and processes personal data for the purpose of providing and improving offers and services so that they can be better tailored to the needs of the customer. However, no decisions that may entail legal consequences or damages of any kind to the customer will be made in automated form.
We may process the following data in our system: Name, gender, title, address, telephone number, e-mail address, date of birth, comments and relationship to other profiles.
We may associate the following data related to your reservation with your profile: Previous reservations, future reservations, confirmations and notes. Personal data provided by you will be processed until you withdraw your consent. You can revoke your consent at any time free of charge and without giving reasons in the restaurant, by e-mail at: h5357@accor.com or by phone at +43 (1) 716710.

5. Photographs at events

.
We have a legitimate interest in taking photographs at events for marketing purposes and publish them on our website. If you do not agree, you can object at any time in the restaurant or by e-mail at h5357@accor.com or by phone at +43 (1) 716710.

6. Video surveillance

In the interest of public safety, there may be video surveillance in the area of the restaurant. Videos are stored in independent hard drives at the respective location and access is granted to restaurant managers.
Recorded video may be stored for a maximum of 72 hours.

7. Disclosure to third parties

Your personal data will not be disclosed to third parties, except.

    • we are required to do so by law, such as under the TKG, StGB or StPO.
    • to authorized medical personnel in medical emergencies.
    • on the basis of their express written consent
    • for services outside the hotel at your express request (eg for cabs, etc.)
  •  

For the purpose of payment processing, your bank details will be passed on to electronic payment service providers.

8. Data processing on behalf

If we engage a processor, we remain responsible for the protection of your personal data.
We therefore only engage external processors to perform activities that are necessary to provide our services, such as sending newsletters. These processors have undertaken to comply with the applicable data protection regulations vis-à-vis us. An order processing contract has been concluded in accordance with Art 28 DSGVO.
Your personal data will be passed on to the following external data processors:

    • Facebook Inc, Menlo Park, CA, USA
    • Instagram Inc, San Francisco, CA, USA
  •  

We primarily use processors within the European Union. We only use processors outside the European Union if (i) an adequacy decision has been issued by the European Commission for the third country in question, or (ii) we refer to the European Commission's standard contractual clauses, or (iii) appropriate safeguards, such as the EU/US Privacy Shield, are in place with the third country, or (iv) we have agreed binding internal data protection rules with the processor.

9. Google Analytics

Our websites used Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses so-called "cookies", (text files that are stored on the user's computer,) which allow an analysis of the use of the websites. The information generated by the cookie about the use of the websites by the users is usually transmitted to a Google server in the USA and stored there.
In the event that IP anonymization is activated on our websites, however, Google will truncate the user's IP address beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymization is active on our websites. On behalf of the operator of our websites, Google will use this information for the purpose of evaluating the use of the websites by users, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
The shortened IP address transmitted by the user's browser as part of Google Analytics will not be merged with other Google data. Users may refuse the use of cookies by selecting the opt-out function on the Divvy Restaurant website or, alternatively, by selecting the appropriate settings on your browser, however, Grape Hospitality OpCo GmbH points out that if you do this you may not be able to use the full functionality of our website. Users can also prevent the collection of data generated by the cookie and related to their use of the websites (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
For more information about Google's use of data for advertising purposes, settings and opt-out options, please visit Google's websites: https://www.google.com/intl/de/policies/privacy/partners/ ("Data use by Google when you use our partners' websites or apps"), http://www.google.com/policies/technologies/ads ("Data Use for Advertising Purposes"), http://www.google.de/settings/ads ("Manage Information Google Uses to Show You Ads"), and http://www.google.com/ads/preferences/ ("Determine What Ads Google Shows You").

10. Duration of processing

We process your personal data - as far as necessary - for the duration of the entire business relationship (from the initiation, processing to the termination of a contract and until the settlement of outstanding claims). After the contract has been fully processed, your data will be stored until the expiry of the warranty, limitation and compensation periods and statutory retention periods applicable to us, and beyond this until the end of any legal disputes in which the data is required as evidence.
We store data that you have provided to us for marketing and information purposes, such as for sending a newsletter, until you revoke your consent to do so.

11. Data Security

We use technical and organizational security measures to protect your personal data against accidental or intentional manipulation, loss or destruction and against access by unauthorized persons, in accordance with Article 32 of the General Data Protection Regulation. Our security measures are continuously improved according to technical progress.

12. Your rights

With regard to the processing of your data, you may exercise the following rights under the General Data Protection Regulation and the National Data Protection Act:

a. Right of access

You may request confirmation from us as to whether and to what extent we process your data. This confirmation will include information about the purposes for which your data are processed, the categories of personal data processed, the recipients or categories of recipients of the personal data, the duration of the data processing.

b. Right to rectification

You may at any time request that data concerning you which is inaccurate or incomplete be corrected and/or completed without undue delay.

c. Right to erasure

You may request that we erase your personal data if we process it unlawfully, the processing unreasonably interferes with your legitimate interests in protecting yourself, the personal data is no longer necessary for the purposes for which it was collected, or you have withdrawn your consent. Please note that there may be reasons that prevent immediate deletion, such as in the case of legal retention obligations.

d. Right to restriction of processing

You can request us to restrict the processing of your data if

  • you dispute the accuracy of the data, for a period that allows us to verify the accuracy of the data;
  • the processing of the data is unlawful, but you refuse erasure and instead request restriction of data use;
  • we no longer need the data for the intended purpose, but you still need this data to assert, exercise or defend legal claims, or
  • you have objected to the processing of the data.
  •  

This data will be processed from the restriction request only with individual consent or for the assertion and enforcement of legal claims.

e. Right to data portability

You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format, provided that

  • we process this data on the basis of consent given by you, which may be revoked, or for the performance of a contract between us, and
  • this processing is carried out with the aid of automated procedures.

f. Right to object

You may object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is necessary for the purposes of protecting our legitimate interests or those of a third party. After the objection, your data will no longer be processed unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
You may object to direct marketing at any time without giving reasons.

g. Right of complaint

If you believe that we are violating national or European data protection law in processing your data, you can contact us at any time. Of course, you also have the right to contact the competent data protection authority and, as of 25.05.2018, also the supervisory authority within the EU.

h. Assertion of your rights

To assert any of the aforementioned rights against us, please use the following contact options:

  • Email to: h5357@accor.com
  • Letter to:
    Grape Hospitality OpCo GmbH
    c/o Data Protection Officer
    Landstraßer Hauptstrasse 28
    AT-1030 Vienna
  • Call: +43 (1) 716710

If we are unable to determine your identity on the basis of the data available to us, it may be necessary for us to request additional information to determine your identity (e.g. photo identification). Inquiries in this regard serve to protect your rights and your privacy.