Privacy Policy

We are pleased that you are visiting our website and thank you for your interest in the Roomz group. Protecting your personal data while using www.roomz-hotels.com and its subpages is especially important to us. Your personal data is processed strictly in accordance with applicable data protection laws.

I. Name and address of the controller

The controller within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is Roomz Hotelmanagement GmbH, Rothschildplatz 2, 1020 Vienna, Austria,
Tel: +43 1 361 40,
Mail: office@roomz-vienna.com

II. Name and address of the data protection officer

Dr. Thomas Schartel, Rothschildplatz 2, 1020 Vienna, Austria
Tel.: +43 1 361 40,
E-Mail: office@roomz-vienna.com

III. General Information on Data Processing

  1. Scope of the processing of personal data
    We collect and use our users’ personal data only to the extent necessary to provide a functional website and our content and services. The collection and use of our users’ personal data only takes place regularly with the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
  2. Legal basis for the processing of personal data
    Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject (e.g. national reporting laws), Art. 6 para. 1 lit. c GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
  3. Data erasure and storage duration
    The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

IV. Provision of the website and creation of log files

  1. Description and scope of data processing
    Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

    (1) Information about the browser type and version used
    (2) The user’s operating system
    (3) The IP address of the user
    (4) Date and time of access
    (5) Websites from which the user’s system accesses our website
    (6) Websites that are accessed by the user’s system via our website

    The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. Personal user profiles cannot be created. The stored data is only analyzed for statistical purposes.

  2. Legal basis for data processing
    The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
  3. Purpose of the data processing
    The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
    The data is stored in log files to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context.
    These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
  4. Duration of storage
    The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
    If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client.
  5. Possibility of objection and removal
    The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

V. E-mail Contact

  1. Description and scope of data processing
    There is a contact option on our website that can be used to contact us electronically. If a user makes use of this option, they can contact the relevant contact person via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail (such as name, date of birth, address, telephone number, e-mail address, bank details or IP address) are stored in the e-mail system. We do not process any sensitive data (such as health data).
    No data is passed on to third parties in this context. The data is used exclusively for processing the conversation.
  2. Legal basis for data processing
    The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent.
    The legal basis for the processing of the data is otherwise Art. 6 para. 1 lit. f GDPR. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
  3. Purpose of the data processing#
    When processing personal data when contacting us by email, there is a necessary legitimate interest in processing the data.VI. Customer Support & Consulting.
    We collect contact details from potential partners and customers via events, meetings, etc. for sales and support purposes.
    Legal basis: Art. 6(1)(b) and (f) GDPR. Data is deleted after one year if no contract arises. No data is shared externally. You may object via data.protection@roomz-hotels.com.
  4. Duration of storage
    The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
    If the contact is a pre-contractual relationship (offer or reservation request), the transmitted data will also be stored in our hotel software and used to execute the contract. If there is no contractual relationship, we will delete the data after one year at the end of the year.
  5. Right of objection and removal
    The user has the option to object to the processing of their personal data at any time. We have set up the e-mail address data.protection@roomz-hotels.com. for this purpose.
    We would like to point out that in the event of an objection, the conversation cannot be continued or we cannot create any offers etc. All personal data stored in the course of making contact will be deleted in this case.

VI. Customer support & advice

  1. Description and scope of data processing
    In addition to the (also potential) business partner, we collect and use contact persons, telephone numbers, e-mail addresses, organizational affiliations and postal addresses for customer support, advice and contacting customers. We do not process any sensitive data (such as health data). We (or our sales employees) receive the information in particular through inquiries, contacts at events, trade fairs, workshops, the exchange of business cards at meetings, visits, etc.
    No data is passed on to third parties in this context. The data is used exclusively for the purposes stated.
  2. Legal basis for data processing
    The legal basis for the processing of the data is also Art. 6 para. 1 lit. f GDPR. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
  3. Purpose of the data processing
    We use this contact data exclusively for our own purposes and for the needs-based design of our own sales activities.
  4. Duration of storage
    In principle, there is no deletion period.
    If the contact is a pre-contractual relationship (offer or reservation request), the transmitted data will also be stored in our hotel software and used to execute the contract. If there is no contractual relationship, we will delete the data after one year at the end of the year.
  5. Possibility of objection and removal
    The company contact has the option to object to the processing of their personal data at any time. We have set up the e-mail address data.protection@roomz-hotels.com for this purpose. In this case, all personal data of the contact person that has been stored for the business partner will be deleted.

VII. Use of Cookies

  1. Description and scope of data processing
    The website www.roomz-hotels.com uses cookies to enable the best possible functioning of this website for the user and to optimize the user experience of the services offered. Cookies are stored on the user’s computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies.
    In addition, the website also allows third-party providers (e.g. Google, Facebook, …) to set cookies. By browsing this website, you agree to the use of cookies. Of course, you can restrict or deactivate the cookies used through your browser. Cookies that have already been saved can be deleted at any time. However, this may mean that not all functions of the website are available to you.
    A cookie is a small text file that is stored on your computer, tablet or smartphone when you visit a website. It stores information that can be read by the website when you visit it again at a later time. Some cookies are necessary for the website to function properly. Other cookies are beneficial for visitors, as they store data entered in the same secure way, such as language settings. The purpose of cookies is to ensure that you do not have to enter the same information every time you visit a website.
  2. Legal basis for data processing
    The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.
    The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a GDPR if the user has given consent to this.
  3. Supplementary information
    In addition to the above information on the use of cookies, we would like to point out the following: Our website, like many others, uses Google Analytics, a web analysis service of Google Inc. (“Google”), to enable an analysis of the use of the website. The following data is collected, stored and analyzed: Browser type, operating system, country, date, time and duration of access, IP address, pages visited, entry and exit pages. The data is not used to personally identify visitors to this website.
    We only use Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA, shortened and stored there.
    Google will use this information for the purpose of evaluating your use of this website, compiling reports on website activity for us and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. The legal relationship with Google Inc. is based on the EU-US Privacy Shield concluded between the EU and the USA.
    By using this website, you consent to the processing of data about you by Google Inc. and its subsidiaries in the manner and for the purposes set out above. Liability for the conduct of Google Inc. or the use of your data by Google is excluded. Data processing is carried out on the basis of the legal provisions of § 96 para. 3 TKG, Art 6 para. 1 lit a (consent), Art 6 para. 1 lit b (fulfillment of contract / pre-contract), Art 6 para. 1 lit c (fulfillment of legal obligations) and/or f (legitimate interest) of the GDPR.

VIII. Protection of minors

This service is primarily aimed at adults. We do not currently market any special areas for children. As a result, we do not knowingly collect information to determine age, nor do we knowingly collect personal data from children under the age of 16.

IX. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller (after providing proof of your identity): You have a right to information about the personal data stored about you, about the purposes of processing, about any transfers to other bodies and about the duration of storage. If data is incorrect or no longer required for the purposes for which it was collected, you can request that it be rectified, erased or processing restricted. Where provided for in the processing procedures, you can also view your data yourself and correct it if necessary. If your particular personal situation gives rise to reasons against the processing of your personal data, you can object to this if the processing is based on a legitimate interest. The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing. You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

X. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, as a data subject you have the right to lodge a complaint with a supervisory authority for data protection, in particular in the Member State of your habitual residence or place of the alleged infringement if you consider that the processing of personal data relating to you infringes data protection.

The supervisory authority to which the complaint is submitted will inform you of the status and outcome of your complaint, including the possibility of a judicial remedy.

Austrian Data Protection Authority

Wickenburggasse 8
1080 Vienna
Tel: +43 1 52 152 – 0
E-Mail: dsb@dsb.gv.at

XI. Security

Roomz Hotels uses technical and organizational security measures in accordance with Art. 32 GDPR to protect your data managed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously evaluated and improved in line with technological developments. Access to this data is only possible for a few authorized persons and persons with a special data protection obligation who are involved in the technical, administrative or editorial management of data.

Notwithstanding this, any transmission via the Internet may be subject to security vulnerabilities, so that complete and permanent protection of data against unauthorized access by third parties cannot be guaranteed despite the utmost care.

XII. Declaration of consent by the user

By using our websites and the offers contained therein, you agree that the personal data voluntarily transmitted by you may be stored by us and processed and used in accordance with this privacy policy.

We reserve the right to amend, update or supplement this privacy policy at any time. Any revised Privacy Policy will only apply to personal data collected or modified after the effective date of the revised policy.

XIII. Information and disclaimer for content

In this privacy policy, we inform you about the most important aspects of data processing. It only applies to www.roomz-hotels.com and the associated subpages. External websites are completely independent of this website and are beyond the control and influence of the controller. No responsibility is therefore assumed for the content of external websites, especially not for their accuracy, completeness, up-to-dateness or legality.

Despite the greatest possible care, no liability can be accepted for the correctness, completeness and up-to-dateness of the content of the www.roomz-hotels.com website. We reserve the right to make changes. All information available here is provided for general information purposes only. No liability is accepted for any direct or indirect damage or consequential damage resulting from the use of this website. This exclusion of liability also includes damage caused by computer viruses, computer worms, Trojans or similar malware. External websites may contain a link to this website. Links from this website to other websites (“hyperlinks”) are provided to visitors to this site as a service.

Status | February 2025