Grand Hotel Bregenz

Privacy policy

1. Basic information

In this privacy policy, you will learn which personal data Grape Hospitality OpCo GmbH processes, in what way and for what purpose with the help of automation, as well as which rights you, as a data subject, have.

2. Person responsible

The responsible party is Grape Hospitality OpCo GmbH, Landstraßer Hauptstraße 28, 1030 Vienna, Austria/ Tel.: +43 (1) 716710 / Email:

3. Collection and processing of personal data

The protection of your personal data is of particular concern to us. Your personal data will therefore only be processed to the extent that this is permitted by law and necessary for the fulfilment of the respective purpose (provision of services, processing of contracts, fulfilment of legal obligations, sending of information material and advertising, sending of a newsletter, carrying out of customer analyses).
For the processing of your health data (allergies and special needs) we require your express consent, which you can revoke at any time. Please note that if you do not give your consent or revoke it during our contractual relationship, we will not be able to provide our services to the usual extent, whereupon you will use our services at your own risk.
To send you information about our company's services and products and for customer service contact purposes:

  • Name
  • Address
  • Email address
  • Mobile phone number

In doing so, we will use the following communication channels if you have provided them to us: Email, post and SMS.
In order to inform you about offers and services and to contact you for customer surveys, we need your express consent, which you can give in a "double-op-in" form. Without you providing us with the data mentioned in point 4 and giving your express consent, we will not be able to send you any information or contact you in this regard.
For the purpose of providing and improving services and personalising offers and services to better meet your needs (profiling):

  • Name
  • Title
  • Gender
  • Address
  • Date of birth
  • Nationality
  • Spouse
  • Child/children

This website uses the WordPress plugin Wordfence by Defiant, Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA for security purposes. For this purpose, cookies are set in your browser (only when you log in to this website) and your IP address is collected, stored and transmitted to a Defiant server in the USA.
The provided DSGVO-compliant data processing agreement has been concluded. As a data processor, Wordfence complies with all requirements of the DSGVO. WordFence is used to increase the security of this website and thus also the security of the website users. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO.
Wordfence's privacy policy can be found at and at

4. Profiling

Profiling is the process by which the responsible person (controller or processor) collects and processes personal data for the purpose of providing and improving offers and services so that they can be better tailored to the needs of the customer. However, no decisions which may entail legal consequences or damages of any kind for the customer are made in automated form.
We may process the following data in our system: Name, gender, title, address, telephone number, email address, date of birth, comments and relationship to other profiles.
We may associate the following data related to your reservation with your profile: Previous reservations, future reservations, confirmations and notes. Personal data provided by you will be processed until you withdraw your consent. You can revoke your consent at any time, free of charge and without giving reasons, at the restaurant, by e-mail at: or by telephone at +43 (1) 716710.

5. Photographs at events

We have a legitimate interest in taking photographs at events for marketing purposes and publishing them on our website. If you do not agree to this, you can object at any time in the restaurant or by e-mail at or by telephone on +43 (1) 716710.

6. Video surveillance

In the interest of public safety, there may be video surveillance in the restaurant area. Videos will be stored in independent hard drives at each location and access will be granted to restaurant managers.
Recorded videos may be stored for a maximum of 72 hours.

7. Disclosure to third parties

Your personal data will not be shared with third parties except for

    • we are legally obliged to do so, such as under the TKG, StGB or StPO.
    • to authorised medical personnel in medical emergencies.
    • on the basis of their express, written consent
    • for services outside the hotel at your express request (e.g. for taxis, etc.)

For the purpose of payment processing, your bank details will be passed on to electronic payment service providers.

8. Data processing on behalf

If we engage a processor, we remain responsible for the protection of your personal data.
We therefore only engage external processors to perform activities that are necessary to provide our services, such as sending newsletters. These processors have undertaken to comply with the applicable data protection regulations towards us. An order processing contract has been concluded in accordance with Art 28 DSGVO.
Your personal data will be passed on to the following external data processors:

    • Facebook Inc, Menlo Park, CA, USA
    • Instagram Inc, San Francisco, CA, USA

We primarily use processors within the European Union. We only use processors outside the European Union if (i) an adequacy decision has been issued by the European Commission for the third country in question or (ii) we refer to the European Commission's standard contractual clauses or (iii) appropriate safeguards, e.g. the EU/US Privacy Shield, are in place with the third country or (iv) we have agreed binding internal data protection rules with the processor.

9. Google Analytics

Our websites used Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about the use of the websites by the users is usually transmitted to a Google server in the USA and stored there.
In the event that IP anonymisation is activated on our websites, however, Google will truncate the user's IP address beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymisation is active on our websites. On behalf of the operator of our websites, Google will use this information for the purpose of evaluating the use of the websites by users, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
The shortened IP address transmitted by the user's browser as part of Google Analytics will not be merged with other Google data. Users may refuse the use of cookies by selecting the appropriate settings on their browser, however please note that if you do this you may not be able to use the full functionality of this website. Users may also prevent the collection of data generated by the cookie and relating to their use of the websites (including their IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link:
For more information on Google's use of data for advertising purposes, settings and opt-out options, please visit Google's websites: ("Data use by Google when you use our partners' websites or apps"), ("Data Use for Advertising Purposes"), ("Manage Information Google Uses to Show You Ads") and ("Determine What Ads Google Shows You").

10. Newsletter

In order to receive the newsletter offered on our website, you can register via our form. In doing so, we use the so-called double opt-in procedure. Here, a confirmation email is first sent to your specified email address, with a request for confirmation. The registration only becomes effective when you click on the activation link contained in the confirmation email. We use your data transmitted to us exclusively for sending the newsletter, which may contain information or offers.

We use rapidmail to send our newsletter. Your data will therefore be transmitted to rapidmail GmbH. In doing so, rapidmail GmbH is prohibited from using your data for purposes other than sending the newsletter. The rapidmail GmbH is not permitted to pass on or sell your data. rapidmail is a German, certified newsletter software provider, which has been carefully selected in accordance with the requirements of the DSGVO and the BDSG.

You can revoke your consent to the storage of data and its use for newsletter dispatch at any time, e.g. via the unsubscribe link in the newsletter.

11. Duration of processing

We process your personal data - as far as necessary - for the duration of the entire business relationship (from the initiation, processing to the termination of a contract as well as until the settlement of outstanding claims). After the contract has been fully processed, your data will be stored until the expiry of the warranty, limitation and compensation periods and statutory retention periods applicable to us, and beyond this until the end of any legal disputes in which the data is required as evidence.
We store data that you have provided to us for marketing and information purposes, such as for sending a newsletter, until you revoke your consent to this.

12. Data security

We use technical and organisational security measures to protect your personal data against accidental or intentional manipulation, loss or destruction and against access by unauthorised persons, in accordance with Article 32 of the General Data Protection Regulation. Our security measures are continuously improved in line with technical progress.

13. Your rights

With regard to the processing of your data, you may exercise the following rights under the General Data Protection Regulation and the National Data Protection Act:

a. Right of access

You may request confirmation from us as to whether and to what extent we are processing your data. This confirmation will include information about the purposes for which your data are processed, the categories of personal data processed, the recipients or categories of recipients of the personal data, the duration of the data processing.

b. Right to rectification

You may at any time request that data relating to you which is inaccurate or incomplete be rectified and/or completed without undue delay.

c. Right to erasure

You may request that we erase your personal data if we process it unlawfully, the processing unreasonably interferes with your legitimate interests in protecting yourself, the personal data is no longer necessary for the purposes for which it was collected, or you have withdrawn your consent. Please note that there may be reasons that prevent immediate deletion, such as in the case of statutory retention obligations.

d. Right to restriction of processing

You may request us to restrict the processing of your data if.

  • you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data;
  • the processing of the data is unlawful, but you object to erasure and request restriction of data use instead;
  • we no longer need the data for the intended purpose, but you still need this data to assert, exercise or defend legal claims; or
  • you object to the processing of the data.
  • you have objected to the processing of the data.

As of the restriction request, this data will only be processed with individual consent or for the assertion and enforcement of legal claims.

e. Right to data portability

You may request that we provide you with your data that you have provided to us in a structured, commonly used and machine-readable format, provided that

  • we are processing that data on the basis of consent given by you, which may be revoked, or for the performance of a contract between us, and
  • this processing is carried out with the aid of automated procedures.

f. Right to object

You may object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is necessary for the purposes of protecting our legitimate interests or those of a third party. After the objection, your data will no longer be processed unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
You may object to direct marketing at any time without giving reasons.

g. Right to complain

If you are of the opinion that we violate national or European data protection law when processing your data, you can contact us at any time. Of course, you also have the right to contact the competent data protection authority and, as of 25.05.2018, also the supervisory authority within the EU.

h. Assertion of your rights

To assert any of the aforementioned rights against us, please use the following contact options:

  • Email to:
  • Letter to:
    Grape Hospitality OpCo Ltd.
    c/o Data Protection Officer
    Landstraßer Hauptstraße 28
    AT-1030 Vienna
  • Call: +43 (1) 716710

If we are unable to determine your identity on the basis of the data available to us, it may be necessary for us to request additional information to determine your identity (e.g. photo ID). Inquiries in this regard serve to protect your rights and your privacy.

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram