Data protection

Last modified: March 2019

Welcome to the app of zadego GmbH. We are very pleased about your interest in our company and would like to thank you for your trust, to download the app and for the made booking.

Data protection is of particular importance for zadego GmbH, its management and their employees. If you want to use special services of our company through our app, processing of personal data may be required. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain your separate consent to the processing of your personal data.

Zadego GmbH has created the SARA app as a free app. This service is provided by zadego GmbH free of charge and is intended for the intended use within the scope of the services of zadego GmbH.

This Privacy Policy is intended to inform users of the app about our policies when processing your personal information if someone has opted to use this app.

If you choose to use our app, you consent to the collection and use of information in relation to this Privacy Policy. The personal information we process is used to provide and improve the service. We do not use or share your information with anyone other than described in this Privacy Policy.

The terms used in this Privacy Policy have the same meaning as in our Terms and Conditions, which may be accessed through SARA, unless otherwise specified in this Privacy Policy.

1. General

The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection provisions applicable to zadego GmbH. Through this privacy policy, our company seeks to inform the public about the nature, scope and purpose of the personal information we collect, use and process. Furthermore, data subjects are informed of their rights under this privacy policy.

As the controller, zadego GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed via this app. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection can not be guaranteed. For this reason, every person concerned is free to submit personal data to us by alternative means, for example by telephone.

This privacy policy applies to the mobile app \"SARA\" of zadego GmbH. Individual pages in the app may contain links to other providers that are not covered by the privacy policy, so we can not accept any liability for such content.

1. Name and address of the person responsible

Responsible (hereinafter only the \"responsible\" or \"zadego GmbH\") within the meaning of the GDPR is the:

zadego GmbH

Hypo-Passage 2

6020 Innsbruck (Austria)

Tel .: +43 5 09 08

E-Mail: office@easybooking.eu

Website: www.easybooking.eu

If you have any questions, suggestions or concerns regarding this Policy or the processing of your data by the controller, please contact them directly at:

zadego GmbH

Department of Privacy

Hypo-Passage 2

6020 Innsbruck (Austria)

E-Mail: datenschutz@easybooking.eu

You may also turn to the address just mentioned for the exercise of your rights (see Section 8 of this Agreement).

1. Purpose of processing and data processing when using the app

For a better user experience, we may require certain personal information when using our service, including:

• IP address
• Device and card ID (IMEI, UDID, IMSI, MAC address)
• Device type and name
• Location data
• usage data
• registration data (first name, last name, e-mail, address data, telephone number) - profile picture (optional - if desired)

The app uses third-party services that may collect information that identifies you.

Following is a list of third-party providers and services used by the app:

• Google Play Services
• Firebase Analytics
• Fabric
• Crashlytics
• SwipeView
• Smile Weather
• Alamo Fire Image
• AlamofireSwiftyJSON
• Bolts
• FBSDKCoreKit
• FBSDKLoginKit
• GoogleSignIn

The purpose of processing this data is to provide the SARA App Services:

• Unique identification of the person as a user of the app
• Answering the feedback messages to the person responsible
• Ensure the exercise of the rights of the victims
• Display and storage of bookings on the mobile device
• digital guest communication between tourist business and its guests (chat functionality) (see paragraph 12 of this agreement)
• Display of weather information
• Display of booking information
• Possibility for online check-in

1. Collecting general data, information and error reports

We'd like to let you know that every time we make a mistake or crash in the app, we collect data and information called log data. This log information can include information such as the IP address of your device, the device type and name, the

OS version, the configuration of the app when using our service, the time and date of your use of the service, and other statistics that will help us to further optimize the app for you and to deliver optimal value for your use.

When using this general data and information zadego GmbH does not draw any conclusions about the data subject. Rather, this information is needed to (1) properly deliver the contents of our app, (2) to optimize the content of our app, (3) to ensure the continued functioning of our information technology systems and the technology of our app, and (4) to law enforcement agencies in the Case of cyberattack, provide the information necessary for law enforcement. Zadego GmbH evaluates this anonymously collected data and information on the one hand statistically and further with the aim to increase data protection and data security in our company in order to ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by an affected person.

1. Analysis tools

When you access our app, your behavior can be statistically evaluated using certain analysis tools and analyzed for market research purposes or to improve our offerings.

5.1 Firebase

Firebase is a real-time database. It can be used to embed real-time information. User data is transmitted anonymously to Firebase. Firebase is owned by Google and is headquartered in San Francisco, CA, USA. The Firebase privacy policy can be found at https://www.firebase.com/terms/privacy-policy.html.

5.2 General analysis with Google Analytics and complementary services

In order to be able to comprehensively optimize our offers beyond these analyzes, we use the web analysis service Google Analytics, which uses cookies to scan usage both in real time and in the long term. The data is usually transmitted to US servers and stored there; because we have activated IP anonymization, however, Google must first reduce its IP address in EU and EEA countries (only in the case of technical failures in Europe, for example, can the IP address be shortened in the USA) , You can object to the described data collection and processing in apps by disabling them in the settings (on Android and iOS directly in the app menu under Privacy).

1. Registration in our app

The data subject has the possibility to register himself in the app of the persons responsible by providing personal data. The following data must be provided for the registration:

• E-mail address
• Password
• Facebook registration optional (Facebook Login)
• Google registration optional (Google Sign-In)

The personal data entered by the data subject are collected and stored solely for internal use by the person responsible.

By registering in the app of the person responsible, the IP address assigned by the Internet service provider (ISP) of the person concerned, the date and time of registration are also stored. The storage of this data takes place against the background that only so the misuse of our services can be prevented, and this data if necessary, to clarify committed offenses. In this respect, the storage of this data to secure the responsible persons is required. A disclosure of this data to third parties is not, as long as there is no legal obligation to disclose or the disclosure of law enforcement serves.

By registering the data subject voluntarily providing personal data, the data controller serves to provide the data subject with content or services that, due to the nature of the case, can only be offered to registered users. Registered persons are free to change the personal data given at registration at any time or to have it deleted completely from the data of the person responsible.

The person responsible gives each affected person at any time upon request information about which personal data about the data subject is stored. Furthermore, the responsible person corrects or deletes personal data at the request or notification of the data subject, insofar as this does not conflict with any statutory storage requirements.

1. Routine deletion and blocking of personal data

The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of the storage or, if so required by the European legislature and other legislators in laws or regulations, that of the controller subject to was provided.

If the storage purpose is omitted or if a storage period prescribed by the European directives and regulations or any other relevant legislature expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

Basically, we process your data until the termination of the contractual relationship, which can be done in particular by revoking the consent. Thereafter, the data will be deleted, unless legal regulations require longer processing.

The criterion for the duration of the storage of personal data is the respective statutory retention period. After the deadline, the corresponding data will be routinely deleted, if they are no longer required to fulfill the contract or to initiate a contract.

1. Rights of the data subject

With regard to your data, which are processed by us, you have the following rights. To assert your rights described below, we ask you to contact us. The contact details can be found under Zif. Second

Right to information: We will provide you with information on request in the form of a confirmation, if and to what extent we process your data. Please direct your request to Zif. 2. named contact details.

Right to correction: If it turns out that the data processed by us are incomplete and / or incorrect, you have the right at any time to request the addition and / or correction of the data.

Right to delete - \"right to be forgotten\": You have the right to request the deletion of the data, provided that

• the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
• you have revoked your consent;
• you were legitimately objected to the processing of the data;
• the personal data were processed unlawfully.

A deletion of your data will also take place, if a legal obligation under European Union law or the law of one of the member states obliges us to the deletion.

Please note that there may be reasons that lead to a refusal of the deletion. Such a refusal may, for example, occur when we are required to comply with statutory retention requirements, when the storage of the data required to exercise the right to freedom of expression and information is required or when the storage is done to fulfill a legal obligation or a public interest.

Right to restriction of processing: This right means that in principle the data may only be stored.

You have the right to request restriction of data processing when

• You have denied the accuracy of the data for the duration of the verification of the accuracy of the data by us;
• the use of data is unlawful, but you have objected to deletion and instead request a restriction of processing;
• the data is no longer needed by us, but you need the data to assert, exercise or defense of legal claims or
• You have objected to the processing of the data for the duration of our review.

Right to Data Portability: You have the right to transmit the data you provide to us in a structured, common and machine-readable format and to disclose that information to another client without hindrance, provided that

- the processing of your data is done by automatic means and

- this data was either due to a (revocable at any time) consent from you or a contract between you and us.

Right to object: This right of objection basically only exists in cases where your data is processed in the performance of a task in the public interest or for the protection of our legitimate interests. In these cases, you can object to data processing if there is an overriding protection interest in your data.

For cases of direct marketing (for example, transmission of advertising), you can object at any time without stating reasons. A successful opposition leads to a claim for restriction (see \"Right to limit processing\") and to a cancellation (see \"Right to delete - Right to be forgotten\").

Exercise of rights / reimbursement:

Basically, the exercise of Zif. 8 rights for them free of charge. We are therefore in principle not entitled to reimbursement of costs in this context. However, should you exercise your rights manifestly unfounded or in particular excessive - including in terms of frequency - we reserve the right to offset an appropriate fee for administrative expenses or it may also be that we refuse to provide information in such cases.

Right to Complain: If you believe that the processing of your data violates Austrian or European data protection law in this case, we ask you to contact us so that we can handle your complaint or, if necessary, answer any questions and possible ambiguities can enlighten.

In this context, however, without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority in Austria (Austrian data protection authority) or to a supervisory authority within the EU.

1. Access rights of the app

To properly deliver our services through the app, it requires the access rights listed below to access certain features of your device.

9.1 Location

The app accesses your exact GPS location. The GPS data is needed for the representation of your location on the map, as well as for the calculation of the distance. If access to the exact data is not possible, the application accesses the approximate, network-based location.

9.2 WLAN connection information

The device's Wi-Fi feature is accessed and information retrieved to give you access to the app via Wi-Fi.

9.3 phone

The hotel can be called from the app.

9.3 camera

By accessing the camera of your device, you will be able to create a profile picture or upload a photo for the feedback function. In addition, you can use the camera to scan QR codes and easily add bookings to your app using the booking code.

9.4 Photos, Media, Files

The app needs access rights to change or delete USB memory content. This right is required for downloading app photos and uploading feedback photos and profile photos.

9.5 Memory

The app needs access rights to change or delete USB memory content. This right is required to save and display booking confirmations or other .pdf documents for a booking. Contents of the app (text, images) are stored on the device to be available offline.

9.6 Miscellaneous

In addition, the app requires access to the Internet to download app content from the Firebase database. This is necessary so that you can access the app from your mobile phone. The app has the ability to access all network connections.

 The app needs to know if your device's hibernation is disabled to send push messages about what's new to your device.

The app may prevent the device from hibernating to allow users to view content longer and without interruption.

1. Facebook Connect

In our app you can create a customer account or to register using the social plug-in \"Facebook Connect\" of the social network Facebook, the Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (\"Facebook\") , if you have a Facebook profile.

If you use this form of registration, your device connects directly to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your device and integrated. Through this integration, Facebook receives the information that your device has called the corresponding app from us, even if you do not have a Facebook profile or just are not logged in to Facebook. This information (including your IP address) is transmitted from your device directly to a Facebook server in the US and stored there. These data processing operations are carried out in accordance with Art. 6 para. 1 lit. f DS-GMO based on the legitimate interest of Facebook in the display of personalized advertising based on the surfing behavior.

By using this \"Facebook Connect\" button in our app, you also have the option to log in to our app using your Facebook user data. Only if you have given your express consent in accordance with Art. 6 para. 1 let. Before the registration process on the basis of a corresponding note about the exchange of data with Facebook. If you use the \"Facebook Connect\" button of Facebook, depending on your personally set privacy settings on Facebook, you will receive the general and publicly accessible information stored in your profile. This information includes the user ID, name, profile picture, age, and gender.

The consent given may be revoked at any time by a message to the person named at the beginning of this statement.

US-based Facebook Inc. is certified under the US Privacy Shield, which ensures compliance with the level of data protection in the EU.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your related rights and settings options for the protection of your privacy, please refer to the privacy policy of Facebook: https://www.facebook.com/policy.php

1. Google+ Sign In

In our app, you can sign up for a customer account or sign up using the Google+ Sign-In social plugin Google+, which is provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (\"Google+ \"), register as part of the so-called Single Sign On technique if you have a Google + profile.

If you use this form of registration, your device connects directly to the Google+ servers. The content of the plugin is transmitted and integrated by Google+ directly to your device. Through this engagement, Google+ will receive the information that your device has invoked the functionality of our app, even if you do not have a Google + profile or are currently logged in to Google+. This information (including your IP address) is sent from your device directly to a Google+ server in the United States and stored there. These data processing operations are carried out in accordance with Art. 6 para. 1 lit. f DS-BER based on the legitimate interest of Google in the display of personalized advertising based on surfing behavior.

By using this Google + button in our app, you also have the option to log in to our app using your Google+ user data. Only if you have given your express consent in accordance with Art. 6 para. 1 let. Before the registration process on the basis of a corresponding note on the exchange of data with Google. Giving your DS-GVO, if you use the Google+ Google+ button, depending on your personal privacy settings on Google+, we will receive the public and public information stored in your profile. This information includes the user ID, name, profile picture, age, and gender.

The consent given may be revoked at any time by a message to the person named at the beginning of this statement.

US-based Google LLC is certified to the US Privacy Shield, which ensures compliance with the level of data protection in the EU.

The purpose and scope of the data collection and the further processing and use of the data by Google+, as well as your rights and setting options for the protection of your privacy, can be found in the privacy notices of Google+:

https://www.google.de/intl/de/policies/privacy/

You can view the Terms of Service for using \"Google+ Sign-In\" here: https://www.google.com/intl/en/policies/terms/regional.html

1. Chat functionality of the app

The app provides chat functionality that liaisons and guest can connect to.

The messages sent by the guest can be sent to the lender's mobile device (with the SARA app installed) as well as to the \"easybooking\" management program.

The management software \"easybooking\" provided by the accommodation provider is a PMS (property management system) based in Innsbruck (Austria).

Please note that data transmission over the Internet (for example, when communicating by e-mail or chat) may be vulnerable. A complete protection of the data from access by third parties is not possible. Please note, therefore, that we do not accept any liability whatsoever for the disclosure of personal data due to any failure by us in connection with the transmission of data and / or unauthorized access by third parties.

1. existence of automated decision-making

As a responsible company, we refrain from automatic decision-making or profiling.

1. Hyperlinks

The application may contain hyperlinks to third party websites. Zadego GmbH accepts no responsibility for the content of these websites nor does zadego adopt these websites and their contents as its own, since zadego does not control the linked information and is not responsible for the content and information made available there. Their use is at the user's own risk. In any case, every user should exercise caution and read the privacy policies of the websites in question.

These links may include but are not limited to:

• European travel insurance
• Homepage of the accommodation provider

1. Encryption of the app

This app uses SSL encryption for security reasons and to protect the transmission of sensitive content, such as your login information, requests between you and the hotel, feedback you send to us as the app operator. This encryption prevents the data you submit from being read by unauthorized third parties.

1. Changes to this Privacy Policy

We may update our privacy policy from time to time. Therefore, it is recommended to check this page regularly for changes. We'll let you know about changes by posting the new privacy policy on this page.

These changes will take effect immediately after publication on this page.

1. Competent supervisory authority

Austrian Data Protection Authority

Wickenburggasse 8

1080 Vienna (Austria)

Telephone: +43 1 52 152-0

E-Mail: dsb@dsb.gv.at

1. Note on Online Dispute Resolution

Online dispute resolution pursuant to Art. 14 para. 1 ODR-VO: The European Commission provides a platform for online dispute resolution (OS), which can be found at https://ec.europa.eu/consumers/odr/.

1. Opposition advertising mails

The use of published in the context of the imprint obligation contact information for sending unsolicited advertising and information materials is hereby prohibited. The operators of the app expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.