Every guest is guaranteed a lounger.
The owner of this website is responsible for processing your personal information. Details on the company can be found in the imprint.
We take the protection of your personal data very seriously. Your personal data will be treated confidentially and in line with both the data protection laws as well as the provisions set out in this data protection declaration.
It is possible to use our website without submitting your personal data. If you are asked to give personal data (e.g. name, postal address or e-mail address), this is always – as far as possible – always on a voluntary basis.
The data protection controller for this website pursuant to Art 4(7) GDPR is TBG Thermenzentrum Geinberg BetriebsGmbH.
If you have any questions about the processing of your data by the SPA Resort Therme Geinberg, you are welcome to contact us as follows:
The contact details of the VAMED Data Protection Officer are as follows:
Mag. Per-Oliver Gustavson
Sterngasse 5, 1230 Vienna, Austria
Tel: +43 (0)1 60127 0
We process your personal data with in cooperation with processing partners who support us in providing our services (e.g. web-hosting, e-mail newsletter distribution).
These processing partners are committed to handling your data in a strictly confidential way and may not use your personal data for any other purpose than providing our services.
Your personal data will only be passed on to service providers such as banks (if you receive money transfers), tax advisors (if you are part of our accounting), distributors (if you receive mail from us), etc.
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Once you have filled in and sent a contact form your personal data provided will be processed by the person responsible in order to answer your enquiry based on the consent you have given by submitting the contact form.
There is no legal or contractual obligation to provide personal data. Choosing to not provide personal data simply means that your enquiry will not be sent to us and we will not be able to process it.
You have the right to withdraw your consent in written at any time form. This withdrawal of consent shall have no impact on the legality of data processing activity up to the point in time when consent was withdrawn.
By clicking on the checkbox you agree to the abovementioned personal data being used by the person responsible for data protection to send you an e-mail newsletter based on your consent (subject to objection and/or withdrawal of consent).
There is no legal or contractual obligation to provide personal data. Not providing personal data will only result in you not receiving the e-mail newsletter.
You have the right to withdraw your consent at any time in written form or by clicking on the relevant link. This withdrawal of consent shall have no impact on the legality of data processing activity up to the point in time when consent was withdrawn.
In the same way you can also revoke consent for your personal data to be used for the purposes of direct advertising. In this case your personal data will no longer be used for direct advertising in the form of an e-mail newsletter.
You will find the current terms and conditions of the VAMED Vitality World customer club here.
Cookies make websites more user-friendly and efficient for users. A cookie is a small text file used to save information. When you visit a website, this website can place a cookie on your computer. If at a later point in time you visit the website again, the website can read the information saved in the cookie and find out, for example, whether you have visited the website before and which areas of the website you are particularly interested in.
More information on cookies is available on WIKIPEDIA.
The web browser settings determine how the web browser deals with cookies and which cookies are or are not allowed. These settings can be changed. How and where these changes can be made depends on the web browser. Use the ‘Help’ function in your web browser to find out more about how to change your cookie settings.
Our website uses the following providers:
For the purposes of technical monitoring and increased security, this website processes the following personal data in a server log file. This processing is based on the principle of overwhelming interest of the person/company responsible (technical security measures).
These data are saved in personalised form only temporarily for a period of seven days. After that the log files are deleted.
This website uses Google Analytics, a web analysis service operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (“Google”). Google Analytics is based on the legal principle of overriding legitimate interest (analysis of website use). To this end we have concluded an agreement with Google on contracted data processing.
This website uses the function "Activation of IP anonymisation". This means that within Member States of the European Union and countries of the European Economic Area your IP address will be shortened. Only in exceptional circumstances will the full IP address be sent to a Google server in the USA and shortened there
According to Google, this data is used to analyse the use of the website, produce reports on website activity and provide additional services connected to use of the website and the internet.
Google may also transfer this information to third parties if this is legally required or if the third party is tasked with processing the data on behalf of Google.
For detailed information on the use of data by Google Analytics please consult the data protection declaration of Google and Google Analytics.
Our websites use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.
This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified based on your previous usage and surfing behavior on one device (e.g. your mobile phone), on other devices (such as a tablet or computer).
Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalized promotional messaging.
To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion.
You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link.
The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give or withdraw from Google per Art. 6 (1) (a) DSGVO. For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing anonymous user behavior for promotional purposes.
It is possible to prevent our website from collecting your user data by activating the “Do Not Track” function in your web browser. Your web browser will then send a “Do Not Track” signal to all websites, including ours.
You can prevent all websites from collecting your user data by downloading the following extension and installing it on your computer: Download Browser Extension.
You can prevent only our website from collecting your user data via Google Analytics by clicking on the following link. This places an opt-out cookie on your computer, which prevents data being collected from you if you visit this website again. Deactivate Google Analytics.
TBG Thermenzentrum Geinberg BetriebsGmbH, Thermenplatz 1, A-4943 Geinberg is operating a Facebook fanpage, where personal data is processed. TBG Thermenzentrum Geinberg BetriebsGmbH as operator of this fanpage is also responsible in the sense of the data protection law.
Your data can be processed through cookies of the fanpage, regardless of whether you have a Facebook account or not. Only Facebook is responsible for the usage of the cookies. TBG Thermenzentrum Geinberg BetriebsGmbH has no influence in this regard. Details about the usage of the cookies can be found on (https://www.facebook.com/privacy/explanation) and (https://www.facebook.com/policies/cookies/). You can further download your own Facebook data directly on Facebook (download of the so called “extended archive” in your account settings).
Via the cookies your data can be forwarded to Facebook Inc. into the USA. Facebook is certified for the EU-US-Privacy-Shield, which means Facebook has to maintain a data protection standard towards users in Europe, which has been approved by the European Commission as being comparable to European standards. Apart from that Facebook might also apply cookies from third-party-providers. Those are listed here: https://www.facebook.com/policies/cookies/ . Their respective Cookie-guidelines can be found on the their respective websites.
You can revoke your declaration of consent regarding the storage, processing and usage of your data via cookies in the course of the usage of the fanpage anytime with effect to the future. In this case the processing of your data until the revocation remains legal.
This website uses Facebook Pixel, a web analysis service operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”) based on the legal principle of overriding legitimate interest (analysis of website use). We have concluded an agreement with Facebook on contracted data processing. In some cases data will be transferred to the USA. This transfer of data to the USA takes place on the basis of the Privacy Shield.
According to Facebook, this data is used to analyse the use of the website, produce reports on website activity and provide additional services connected to use of the website and the internet.
Facebook may also transfer this information to third parties if this is legally required or if the third party is tasked with processing the data on behalf of Facebook.
For detailed information on the use of data by Facebook please consult Facebook’s data protection declaration.
Some pages of our website have buttons which allow users to share the content on social media platforms such as Facebook, Google Plus, Instagram, LinkedIn, Pinterest, Tumblr, Twitter, XING and YouTube.
These buttons have been designed to protect personal data. The script (computer programme) behind the buttons does not collect or process any personal data. Detailed information on the function of these buttons is available from Heise Verlag, the company which publishes the IT journal c’t and is also responsible for developing the buttons.
Website visitors who wish to share our website can click on one of these buttons. They will be forwarded to the “share” page of the respective social media platform. Only there will the scripts be loaded which are needed in order to share the content of the website. This sharing of information is subject to the terms and conditions as well as the data protection provisions of the respective social media platform. For more information visit Facebook, Google Plus, Instagram, Linkedin, Pinterest, Tumblr, Twitter, XING und Youtube.
The following information is collected about the website user’s device and browser:
Our servers record random samples of information from Hotjar-based websites. This includes:
For further details on the cookies used by us please see Hotjar's Cookie Information.
Hotjar promises to guarantee that your data protection rights will be respected at all times when passing on information about your browsing activity and other details related to visiting the website.
By visiting Hotjar's opt-out page and clicking on the option “Deactivate Hotjar” you can prevent Hotjar from collecting your data on this website. This deactivation is possible at any time.
You have the right to know which personal data has been collected, to request that this data be corrected or deleted as well as to limit or object to the use of your personal data.
Provided the processing of your personal data is based on your consent or an agreement which has been concluded with you, you also have the right to request that this data be sent to you.
Furthermore, you have the right to withdraw any consent you have given for your data to be processed. This withdrawal of consent shall have no impact on the legality of data processing activity up to the point in time when consent was withdrawn.
You have the right to object to the processing of your personal data for the purposes of direct advertising. In this case your personal data will no longer be used for direct advertising.
In addition, you also have the right to submit a complaint to the Austrian Data Protection Authority (Austrian Data Protection Authority, Wickenburggasse 8, 1080 Vienna, Austria email@example.com).
We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") in our contact form. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (“Google”).
The aim of reCAPTCHA is to check whether the data in the contact form has been entered by a human or by an automated program. To do this, reCAPTCHA analyses the website visitor’s behaviour based on a number of different characteristics. This analysis starts automatically, as soon as the website visitor accesses the contact form. For the purposes of the analysis, reCAPTCHA assesses various pieces of information (e.g. the IP address, the time spent by the visitor on the website, or the mouse movements made by the visitor). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.
Data processing is carried out on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its websites from improper automated spying and spam.
We maintain publicly available profiles in social networks. The individual social networks we use can be found below.
Social networks such as Facebook, Google+ etc. can generally analyse your user behaviour comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:
If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.
Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) (a) GDPR).
Responsibility and assertion of rights
If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g. Facebook).
Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.
The data collected directly from us via the social media presence will be deleted from our systems as soon as the purpose for their storage lapses, you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions - in particular, retention periods - remain unaffected.
We have a profile on Facebook. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified under the EU-US Privacy Shield.
You can customise your advertising settings independently in your user account. Click on the following link and log in: https://www.facebook.com/settings?tab=ads.
We use the short message service Twitter. The provider is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States. Twitter is certified under the EU-US Privacy Shield.
You can customise your Twitter privacy settings in your user account. Click on the following link and log in: https://twitter.com/personalization.