book now


Privacy Statement – Malon Eshel GmbH

We provide this privacy statement to inform you on how we may collect, use, share, and otherwise process your personal information. As a private customer, an employee of one of our corporate clients or other individual to whom we offer or provide our services – travel, (overnight) stays, meetings and events, and related products and services – via our websites, mobile applications, email communications or other online and offline means. We have a strong commitment to respecting our users’ concerns about privacy and process all personal information in compliance with the European and the Austrian data protection law. Personal information provided by you when making a request regarding data protection is used exclusively for the purpose of processing your request.

Who acts as Controller in respect of the processing of your data and where can you turn to?

The following entities act as Controllers with respect to the applicable data protection laws:

Malon Eshel GmbH
Hotel Resonanz
Taborstrasse 20a/5
A-1020 Wien, Österreich
Tel. +43 1 955 32 52

Hotelpartner YM GmbH
Eberhard-Fugger-Straße 5
5020 Salzburg
Tel. +43 662 21374343

What data categories do we process?

Due to our contractual obligations, we process:

Account Information – If you contact us, register with us or receive services from us, we collect general information about you in order to contact you regarding booking and additional travel information or service information in connection with your booking requests. This may include your name, email address, phone numbers, employer, and physical addresses, in some cases your gender and date of birth.

Guest and Travel Information – If you book a trip, stay or any other service, we collect directly or – if you do not book the stay or travel yourself – indirectly (via third parties f.e. via your employer, other intermediary travel agents, friends and family members or other organizers) the details of your trip or stay or other service (such as arrival and departure time and location, airline, hotel, car rental data) and other information required to complete your travel bookings. We may also collect special categories of information to provide accessibility, food preferences, or other desired services. If necessary, we also require the passport data from travellers. If we book trips for your escorts, we may collect the same data categories from them. Please forward this information to all those affected whose data you provide in a travel booking. Your customer data is stored in your travel or guest profile, where we collect the information required for your travel booking and the provision of our services. You can provide additional information in your travel or guest profile, including frequent flyer program credentials, regulatory identification numbers, and emergency contact information.

Payment Information – To pay for bookings and other transactions through our services, we collect payment card information and other details necessary to process payments.

Based on our legitimate interest to provide you with personalized advertisements and to create statistics on user behaviour during the usage of our websites and mobile applications, we also process:

Device Data – We collect information about how you use our services, including your computer’s IP address and information that can be derived from it (such as internet provider and general geographic location), your device’s unique identifier and other technical information. We also collect information about how you use our websites and mobile applications. We collect some of this information using cookies and similar technologies, as described here.

How long do we process your data?

Your data will be stored at least as long and to the extent as it is required by our contractual basis. After termination of the contract, your data will be kept in accordance with our retention obligations for max. 7 years. In addition, your information will be stored

  • on the basis of our legitimate interest until we get a substantiated objection from you, or
  • on the basis of your consent until you withdraw it.

For what purposes do we process your data?

Provide you with travel products and services – We use your information the provision of travel services, in particular to book your travel and overnight stays, organize meetings and events, prepare itineraries and invoices, communicate with you about your travel or our products and services, provide customer service, and manage your account.

Provide our products and services to corporate clients – We use your information to comply with our agreements with your employer or travel sponsor, communicate about our products and services or help them ensure compliance with their policies.

Process payments – We use your information to process transactions and provide you with related customer service.

Operate websites and mobile applications – We use device data to

  • monitor and improve the performance and content of our services,
  • provide updates,
  • analyse trends and use in connection with our services, and
  • measure whether our ads and offers are effective.

Operate and improve our business – We use your information for compliance with our company policies and procedures, for accounting and financial purposes, to detect or prevent fraud or criminal activity, to perform, analyse and improve our business and services, and otherwise as required by law.


Our websites and pages use what the industry refers to as “cookies.” Cookies are small text files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them or they are automatically eradicated by your web browser.

In some cases it is possible that third party cookies are stored on your device once you enter our site (third party cookies). These cookies enable you or us to take advantage of certain services offered by the third party (e.g. cookies for the processing of payment services).

Cookies have a variety of functions. Many cookies are technically essential since certain website functions would not work in the absence of the cookies (e.g. the shopping cart function or the display of videos). The purpose of other cookies may be the analysis of user patterns or the display of promotional messages.

Cookies, which are required for the performance of electronic communication transactions (required cookies) or for the provision of certain functions you want to use (functional cookies, e.g. for the shopping cart function) or those that are necessary for the optimization of the website (e.g. cookies that provide measurable insights into the web audience), shall be stored on the basis of Art. 6 Sect. 1 lit. f GDPR, unless a different legal basis is cited. The operator of the website has a legitimate interest in the storage of cookies to ensure the technically error free and optimized provision of the operator’s services. If your consent to the storage of the cookies has been requested, the respective cookies are stored exclusively on the basis of the consent obtained (Art. 6 Sect. 1 lit. a GDPR); this consent may be revoked at any time.

You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete function for the automatic eradication of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.

In the event that third party cookies are used or if cookies are used for analytical purposes, we will separately notify you in conjunction with this Data Protection Policy and, if applicable, ask for your consent.


Technically required cookies guarantee the basic functions of the website such as site navigation. Without such cookies, the website cannot function correctly. Therefore, this information is essential to provide you with our online services.
Legal basis for incorporating these cookies is Art. 6 Sect. 1 lit. f GDPR.

Cookie name: PHPSESSID
Creator: Typo3
Duration: Session
Purpose: Contains the visitor’s state charac-teristics whenever pages are requested.

Cookie name: be_typo_user
Creator: Typo3
Duration: Session
Purpose: Notifies Typo3 whether the visitor is logged into the Typo3 backend and which backend user it is.

Cookie name: cookieconsent_status
Creator: Typo3
Duration: 1 year
Purpose: Stores the visitor’s consent status with respect to use of cookies on the domain in question.

Cookie name: dp_cookieconsent_status
Creator: Typo3
Duration: 1 year
Purpose: Stores the fact that the visitor has viewed the cookie banner.


These cookies enable us to keep statistics about the visitors of our website. User experience can be improved on the basis of such information – for example, the number of visitors to the various areas of the website and the frequency of visits, help us to improve our site navigation and provided services. Statistic cookies are processed only on your consent.

Cookie name: _ga
Creator: Google Analytics / Google Tag Manager
Duration: 2 years
Purpose: Used to reduce enquiry rates.

Cookie name: _gid
Creator: Google Analytics
Duration: 24h
Purpose: Registers an explicit ID that is used in order to generate statistical data about the visitor’s use of the website.

Cookie name: _gat
Creator: Google Analytics
Duration: 1 minute
Purpose: Used by Google Analytics in order to throttle request rates.



Third party services are integrated on our website, which in turn collect cookies and transmit them to the country of origin. If you consent to the use of these services, your personal data may be transferred to and processed in these third countries which are insecure in terms of data protection (insufficient level of data protection according to EU standards). Please note that the responsibility for the transfer and processing of your data lies with these companies and takes place without our involvement. 


The use of the services listed below is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; your consent can be withdrawn at any time.


Google Services

Provider: Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Irland

  • Google Web Fonts

This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. A connection to Google servers does not take place.

You can find more information about Google Web Fonts here.

You can find detailed information about data protection with Google services in their privacy policy.

Optimization of services and marketing

We use your data in you and our legitimate interest to optimize our services and future benefits, including:

  • the pre-filling of forms and payment data
  • the usage of contact information

    • for the transmission of performance and service changes
    • to contact you and related parties in emergencies
    • to obtain feedback on our services provided
    • to send you information to our products and services electronically as well as by mail

    We ask for appropriate information if you do not agree with the storage or use of your data.

With whom and how do we share your information?

Generally, we do not transmit your data to third parties without your consent, neither free of charge nor against payment. Exceptions to this are transfers that we make on the basis of a legal or contractual obligation or on the basis of our mutual and legitimate interests as mentioned above:

Your employer or travel sponsor – Our services to you may be provided under the terms of service agreements with your employer or travel sponsor. We share your information with them to allow them to manage their business travel needs and assure compliance with their company travel policies. At the request of your employer or travel sponsor, we may also share information with their vendors.

Travel suppliers and other travel service providers – We share information with travel suppliers (for example, airlines and hotels) and travel service providers (for example, ticket distribution systems and travel application providers), and the vendors for both, as necessary to book your travel and provide travel-related services to you and your related (third) parties.

Vendors, suppliers, processors – We share information with vendors that perform functions on our behalf, such as other travel agencies, meeting and event planners, visa and passport service providers, mobile application and software developers, and vendors who provide IT support, data hosting, marketing and communications services, and collections.

Affiliates – We may share information within our corporate family to the extent permitted by law to allow them to provide, analyse and improve their and our products and services.

Authorities, government agencies, banks, courts – We may disclose information to regulatory authorities, courts, and government agencies where we believe doing so would be permitted or absolutely necessary by law, regulation or legal process, or to defend our or third party interests, rights or property.

Business transfers – If we negotiate or complete a transaction involving all or parts of our companies (for example, a reorganization, merger, sale or acquisition), we may disclose information to third parties involved in the transaction to the extent permitted by law.

We may also share personal information with other parties as directed by you or subject to your consent.


We have integrated components of the company Facebook on our website.

The operating company is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland acts as controller if an affected person lives outside the US or Canada.

Each time you visit one of the individual pages of websites operated by us and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on your IT-system is automatically triggered by the respective Facebook component to download a respective representation of the Facebook component. An overview of all Facebook plug-ins can be found at As part of this technical process, Facebook receives information about which specific individual page of our website is visited by the person concerned.

If you are logged in to Facebook at the same time, Facebook recognizes with each of your visits to our website and during the entire duration of the respective stay, which specific individual page of our website is visited. This information is collected through the Facebook component and assigned by Facebook to the respective Facebook account. If you press one of the integrated Facebook buttons on our website, for example the "Like"-button, or leave a comment, Facebook assigns this information to your personal Facebook user account and saves this personal data.

If such a transmission of this information to Facebook is not wanted, you can prevent this transmission by logging out of your Facebook account before visiting our website.

The Facebook Privacy Policy, which is available at, provides information on the collection, processing and use of personal data by Facebook. It also explains which options Facebook offers to protect your privacy.

By the means of your consent, our website uses the Conversion Tracking Pixel Service provided by Facebook. This pixel can be used to track user behaviour after they have been redirected to our site by clicking on a Facebook ad. This enables tracking the effectiveness of Facebook advertising for statistical and market research purposes. The collected data remains anonymous. This means that we cannot access the personal data of individual users. However, the collected data is stored and processed by Facebook. We inform you according to our knowledge. Facebook may link the data to your Facebook account information and use it for its own promotional purposes, according to the Facebook Privacy Policy. Facebook Conversion Tracking also allows Facebook and its affiliates to show you ads in- and outside of Facebook. Additionally, a cookie is stored on your computer for this purpose. You have the possibility to prohibit Facebook and its partners from displaying advertisements. You can edit the settings for Facebook's ads using the following link:

Google Analytics

We have integrated the component Google Analytics (with anonymization function) on our website. Google Analytics is a web analytics service. The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of the Google Analytics component is to analyse visitor flows on our website. Google uses the data and information obtained to evaluate the use of our website, to compile online reports showing the activities on our websites and to provide other services related to the use of our website.

Google Analytics sets a cookie on your IT-system. By using this cookie, Google gets able to analyse the usage of our website. Each time you visit one of the individual pages of websites operated by us and on which a Google Analytics component has been integrated, the Internet browser on your IT-system is automatically triggered by the respective Google Analytics component to send data to Google for the purposes of the online analysis. As part of this technical process, Google will receive personally identifiable information, such as your IP address, which are used to track the origin of visitors and clicks and facilitate commission settlement.

By using this cookie, personally identifiable information, such as access time, the location from which access was made and the frequency of visits to our website, is being stored. Each time you visit our website, your personal information, including the IP address of the Internet connection you use, is transferred to Google in the United States of America. This personal information is stored by Google in the United States of America. Google may transfer such personal data collected through the technical process to third parties.

You can prevent the storing of cookies through our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the activation of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on your IT- system. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

In addition, you have the option of objecting to and preventing the collection of data generated by Google Analytics for the use of this website and the processing of this data by Google. To do this, you can download and install a browser add-on at This browser add-on informs Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as a contradiction. If your information technology system is later deleted, formatted, or reinstalled, you must reinstall the browser add-on to disable Google Analytics.

Additional information and Google's privacy policy can be found at and Google Analytics is explained in more detail at

International data transmission

We may transfer your information to jurisdictions outside of your home country for the purposes described here, including to countries that may not provide the same level of data protection as your home country. To protect the information, transfers will be made in accordance with appropriate data transfer agreements and other protections. Regardless of where we process your information, we protect it in the manner described in this Privacy Statement and in accordance with applicable law.

What are your privacy rights?

You have the right(s)

  • to obtain a confirmation as to whether or not personal data relating to you are being processed, and, where that is the case, to receive free information on the personal data stored about you and a copy of this information;
  • to withdraw your consent to the processing of personal data without affecting the lawfulness of the processing already carried out;
  • to obtain the rectification of any (wrong) personal data relating to you or, at most,
  • to obtain the erasure of your data if there is no legal reason to store them any further;
  • to obtain restriction of processing;
  • to receive your personal data processed on the basis of your given consent and which you have provided to us, in a structured, commonly used and machine-readable format and
  • to transmit those data to another controller without out hindrance;
  • to have the personal data transmitted directly from one controller to another, where technically feasible and this not does not adversely affect the rights and freedoms of others;
  • to lodge a complaint with the Austrian Data Protection Authority in the case we do not comply with the Austrian data protection provisions.

How do we protect your data?

We maintain reasonable administrative, technical, and physical security measures to protect your information from unauthorized access and use. We retain your information only as long as needed to provide our services and for legitimate business purposes, unless we are required by law or regulation or for litigation and regulatory investigations to keep it for longer periods of time.

General data security measures

At any time we implement appropriate technical and organizational measures, such as pseudonymisation, which are designed to implement data-protection principles, in order to meet the requirements of the data protection provisions and to implement the necessary warranties in the processing in order to comply with the requirements of the data protection laws and to protect your data.

We implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual's intervention to an indefinite number of natural persons. These measures may include

  • the pseudonymisation and encryption of your personal data;
  • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

Special data security measures

Secure Socket Layer (SSL) Whenever it is necessary for you to enter personal information online, we use an encrypted transmission method (SSL) to protect your confidential information. “SSL” stands for “Secure Socket Layer”. When accessing a secure server, the first characters of the site address will change from “http://” to “https://”. This indicates that you are in a secure mode. In addition, you may also see one of the following icons in the lower right-hand or left-hand corner of the computer screen:

  • Internet Explorer
  • Firefox
  • Chrome
  • Safari

SSL creates a secure connection between a client and a server (your computer), over which any amount of data can be sent in secure mode. For using SSL, the browser and the server need what is called an SSL certificate to be able to establish a secure connection and to indicate where the server is located and who it is operated by. In order to receive such a certificate, you need a certificate issuer, who guarantees that the information given is accurate. Our secure server has been certified by the Comodo Group.


We may change this Privacy Statement from time to time as our business changes or legal requirements change. If we make material changes to this Privacy Statement, we will post a notice on our website before the changes go into effect, and notify you as otherwise required by applicable law.


If you have questions or complaints regarding the processing of your data, please contact our service staff or contact us in writing:

Verkehrsbüro Group, Datenschutz Lassallestraße 3, 1020 Vienna, Austria

We will review your request and reply in writing within 30 days after receipt.

Online Dispute Resolution

Under the following link you will find the Online Dispute Resolution platform from EU Commission: