![[Translate to Magyar:]](/fileadmin/_processed_/f/3/csm_Header_Sujet_Homepages-Lets_Party_e776b761ed.jpg "[Translate to Magyar:]")
Data protection information sheet for users of the "Experience App" according to Art 13 DSGVO
Dear user!
Your data is in safe hands with us! We are committed to protecting your data that you provide to us when you register for the "Experience App" and that is created in the photo and video systems through the use of the "Experience App" offers in our spa. Please take the time to read this information sheet and get an idea of why we collect your data and in what form we process it.
First of all, we would like to inform you that we will use your data to
- process your data for the fulfillment of our contractual obligations (Art 6 para 1 lit b DSGVO), namely the fulfillment of the user contract for the use of the "Experience App". Failure to provide your data would have the consequence that we would not be able to fulfill our contractual obligations.
- based on your consent to process the personal data concerning you (Art 6 para 1 lit a DSGVO), namely for sending newsletters as well as the analysis of the newsletter usage. You have the right to revoke this consent at any time without affecting the legality of the processing.
- of the processing carried out on the basis of the consent until revocation is affected (Art 7 (3) DSGVO);
- for the purpose of legitimate interests of our company or on the basis of legitimate interests of third parties (Art 6 (1) (f) DSGVO), namely
- Providing ranked lists of slide times to create a competitive
- element;
- to prevent cases of abuse and block user accounts that violate the terms of use;
- the creation of a possibility for networking of different users by
- establishing groups within the "Experience App;
- to analyze user behavior within the "Experience App".
The following table gives a detailed overview of the function, data type and purpose of the data used.
Function | Data type | Purpose |
Registration | E-mail address | The email address is used to uniquely identify users in order to enable the use of the app. |
Registration | Username | Used for identification in the public rankings of the slides. There is no requirement for a clear name. It is up to the visitor how he/she defines his/her username. The user name can be changed at any time by the user. |
Registration | Opt-in check box for newsletter E-mail address | Visitors have the option to agree to receive news from the spa in the form of a newsletter. |
Registration | am I over 14 years old check box | Used to verify that the registered visitor is over 14 years old. |
Settings | (Profile) image | Visitors have the option to specify their own profile picture to personalize their ranking entries. Only by active modification by the users a personally chosen picture will be displayed. By default, an impersonal profile picture is selected. |
Slide and diving tower experience | Videos | Recording videos is one of the core purposes of the app. The videos are end-to-end encrypted and can only be opened on the user's device with which the account was paired when the video was created. The cameras are not activated in idle mode. The video recording will only be started if the user has created an app account and his:her wristband has been paired with the app and the camera function has been actively started via a RFID scan before the experience (slide and diving tower). |
Augmented Reality Experience | Videos and photos | Capturing the augmented reality photos and videos are one of the core purposes of the app. The app can be used to take photos and videos of the AR experience. When and where a video or photo is taken is decided by the visitor at his own discretion. The videos and photos are only stored locally on the device of the spa visitors. Sonnentherme has no access to these videos and photos. |
Facefilter and TrueDepth API | Videos, photos and True Depth data | The app can be used to create photos and videos of the face filters. This is one of the core purposes of the app. In runtime, the face filter function is based on the depth image information (Truedepth API) is accessed to enable placement of the face filters. This information is not stored, but only used in runtime. When and where a video or photo is taken is decided by the visitor at his or her own discretion. The videos and photos are only stored locally on the device of the spa visitor. Sonnentherme has no access to these videos and photos. |
In order to achieve the purposes we seek, it may be necessary on a case-by-case basis for us to disclose your information to the following recipients. This disclosure may be made by transmission, dissemination or other form of provision.
Receiver |
Purpose |
Legal basis |
Location | Basis for transfer to a third country |
Microsoft Ireland Operations Limited] |
Technical operation of the backend of the "Experience App" |
Contract fulfillment (Art 6 Abs 1 lit b DSGVO) | France | Within the EEA |
LL.C. | Differentiation of users; analysis of user behavior | Legitimate interests (Art 6 para 1 lit f DSGVO): for the purpose of analyzing user behavior within the "Experience App" | Californi en, USA | Privacy shield |
dialog-M ail eMarketi ng Systems GmbH | Newsletter distribution; analysis of newsletter usage | Consent (Art 6 para 1 lit a DSGVO) | Austria | Within the EEA |
We will only store your data for as long as is necessary for those purposes for which we collected your data. Videos and photos will be stored for 72 hours after recording. Your slide times as well as the rankings summarized from them will be stored for a period of one year. We store information about the use of our newsletter for a period of 3 years from the date of sending the newsletter. In this context, it should be noted that for reasons of tax law, contracts and other documents from our contractual relationship must generally be kept for a period of seven years (§ 132 BAO). In individual cases, for example in the case of pending official proceedings, this storage period may be longer than seven years. Statutes of limitations for legal claims as well as internal company requirements for the storage of data are also relevant.
We would like to inform you that you have the right to request information about which of your data is processed by us at any time. The right to information also includes the right to receive a copy of the data, provided that this does not affect the rights and freedoms of other persons (Art. 15 DSGVO). You have the right to request that inaccurate or incomplete data concerning you be corrected or completed (Art 16 GDPR). In principle, you have the right to have your data deleted (Art 17 GDPR). However, the right to erasure does not exist, for example, insofar as the processing is necessary for the fulfillment of a legal or contractual obligation. You have the right to request the restriction of the processing of your data if certain conditions are met (Art 18 GDPR).
You have the right to object to processing of your data that is necessary to protect our legitimate interests or those of a third party. In the event of an objection, we will no longer process your data unless the processing serves the purpose of asserting, exercising or defending legal claims or we can demonstrate compelling legitimate grounds for the processing that override your interests. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes (Art 21 DSGVO). In principle, you also have the right to receive the transfer of the data you have provided in a structured, common and machine-readable format. However, the right to data portability only exists if the processing is based on your consent or on a contract (Art 20 DSGVO).
If, despite our obligation to process your data lawfully, a breach of your right to lawful processing of your data should occur contrary to expectations, you have the right to lodge a complaint with the Austrian Data Protection Authority or with another data protection supervisory authority in the EU, in particular at your place of residence or place of work.
We hope that this information sheet has provided you with clarity about the form in which and the purposes for which we process your data. If you still have questions about the processing of your data, please feel free to contact our data protection officer, Sonnentherme Lutzmannsburg Frankenau GmbH, Thermengelände 1, 7361 Lutzmannsburg, Attn: Data Protection Officer or by e-mail to datenschutz@landesholding-burgenland.at.
Sonnentherme Lutzmannsburg-Frankenau GmbH
Thermengelände 1
7361 Lutzmannsburg
FN 109948 p
Landesgericht Eisenstadt
Phone: +43 2615 87171-0
Fax: +43 2615 87171-20
E-mail: info@sonnentherme.at
Homepage: www.sonnentherme.at
Commercial register court: Oberpullendorf
UID number: ATU 38285404
