Privacy Policy

Ferienwohnung Rosa

Christoph Astner
Grünsbach 334a
6232 Münster

We process the following data when you enter into a contract with us

Master Data:

Family and first name, full address, all contact information (e.g., email address, phone number), information about the type and content of our contractual relationship.

Other personal data that you or third parties provide to us with your consent or otherwise lawfully during the initiation of the contract, during the contractual relationship (e.g., for the issuance of a guest card), or to fulfill legal obligations:

Date of birth or age, marital status, gender, occupation, ID data, bank account details, signing or representation authority, contractual obligations, cancellation or termination deadlines, or other information about you that you have disclosed to us.

Use of Data Processors

The protection of your data is important to us. Even if we use a data processor, such as the company Feratel – Guest Directory according to § 19 MeldeV, we ensure that data processing takes place within the European Union.

1. Registration Data

1.1 Registration Obligation

You are required to register with us according to the Austrian Registration Act, providing the data specified in § 5 and § 10 of the Registration Act. This includes the following data:

Name, date of birth, gender, nationality, country of origin, address including postal code, and for foreign guests, the type, number, issuing authority, and issuing location of a travel document, as well as the date of arrival and departure.

1.2 Guest Directory

We will maintain this data in a guest directory due to the legal obligation imposed on us by § 19 of the Registration Act Implementation Regulation and will store it for seven (7) years, unless it is processed longer for other purposes stated in this privacy policy.

The guest directory is maintained electronically by us, and we forward the data to an IT data processor where it is stored locally. There is no transfer of data to a third country.

1.3 Data Sharing

The data categories „Arrival,“ „Departure“ linked with the country of origin are forwarded to the municipality where our accommodation is located according to § 6 of the Tourism Statistics Regulation. Aggregate data on the number of overnight stays overall and the number of people required to pay the local tax are also transmitted to the respective tourism association „Tourismusverband Alpbachtal & Tiroler Seenland,“ of which we are a member, and/or the municipality. This is done based on § 9 of the Tyrolean Local Tax Act.

1.4 Legal Basis for Processing

The processing of data according to the above points 1.1 to 1.3 is based on Article 6(1)(c) of the GDPR (compliance with legal obligations).

1.5 Additional Data Transfer to TVB/Municipality

Additionally, we transmit your postal code and birth year (in pseudonymized or anonymized form) for statistical purposes to create and evaluate origin and age statistics by the tourism association to our municipality and our TVB. This transfer is based on Article 6(1)(e) (task in the public interest) and Article 6(1)(f) (overriding legitimate interests) of the GDPR. You can object to this at any time, for reasons arising from your particular situation (Article 21(1) of the GDPR).

2. Guest Card

2.1 General Information

You have the option to request a guest card. The guest card grants you discounts and/or services at various businesses in the region (e.g., discounted admissions). The guest card is valid for the duration of your stay with us.

2.2 Issuance of the Guest Card

The guest card is issued and provided by the accommodation provider only upon your request. Depending on the guest card system used by the TVB and/or the accommodation provider, it will be issued either as:

• An electronically generated guest card,
• A manually created guest card, or
• The copy of the registration form.

2.3 Processed Personal Data

For both the electronically generated and the manually created guest cards, the following personal data, derived from the registration data (see above point 1), is processed:

First name, last name, date of birth, and duration of stay (arrival/departure), country of origin, postal code.

If the guest card is issued in the form of a „registration form,“ it contains the content according to § 5 in conjunction with § 9 of the Registration Act (see above point „Registration Data“ 1.1). In this case, there is no electronic processing for the purpose of the guest card.

When using the guest card, the following additional personal data is processed: data on the usage cycle of the respective card, service usage, bookings, transaction logging, billing data, reference to the registration data, and the accommodation provider.

The data is necessary to verify the identity and validity of the guest card at the respective service provider and to enable the billing of discounts between service providers, the TVB, and potentially the accommodation providers.

2.4 Legal Basis for Processing

The processing of data for the purposes of the guest card is based either on your consent (Article 6(1)(a) GDPR) or, if the guest card is part of the service provided under the accommodation contract, for the purpose of fulfilling the contract (Article 6(1)(b) GDPR).

Consent can be revoked at any time by verbally informing the accommodation provider or in writing via email.

2.5 Operation of the Guest Card System

The guest card system is operated by the local tourism association („TVB“). Local accommodation providers and local businesses („service providers“) are also involved. The data processed for the guest card is deleted after 48 (forty-eight) months.

2.6 Recipients of the Data

The local TVB receives the data processed for the purposes of the guest card for the purpose of billing with the service providers and/or accommodation providers.

The individual service providers who grant discounted services based on the guest card also receive the data, as far as you use the guest card services with these companies.

To take advantage of discounts, you must present the respective guest card, which displays the data, to the service provider and thus disclose it yourself. The provider then checks the validity, usually by reading the barcode on the guest card and transmitting the barcode data to our IT data processor to verify its (continued) validity. Personal data, including your identity data (to verify identity and date of birth), is also transmitted to the provider.

If the guest card is issued in the form of a „registration form,“ the provider checks the validity based on the copy of the „registration form.“

3. Other Processing of Your Data

In principle, we only process data that is absolutely necessary for the conclusion of the contract or the fulfillment of the contract. If you have also given us your consent, we process your data so that we can send you information about our services until you revoke this consent. We use the following communication channels, provided you have given us this information:

Phone, email, SMS, mail, or social media channels.

4. Data Deletion

Your master data and other personal data will be deleted when it is no longer necessary to achieve the purpose of the storage – usually after seven (7) years – or if storage becomes unlawful for legal reasons.

Instead of deletion, data can also be anonymized, which means that any personal reference is irretrievably removed.

5. Cookies

Our website uses so-called cookies. These are small text files that are stored on your device with the help of the browser. They do not cause any damage.

We use cookies to make our offer user-friendly. Some cookies remain stored on your device until you delete them. They enable us to recognize your browser on your next visit.

If you do not wish this, you can set your browser to inform you about the setting of cookies and allow this only in individual cases.

Disabling cookies may limit the functionality of our website.

You can prevent the storage of cookies by configuring your browser accordingly. We have concluded corresponding data processing contracts with all providers.

5.1 Web Analytics

Our website uses functions of the web analytics service Google Analytics to create statistics and Google Ads for advertising purposes. Both services use Consent Mode v2. These services are provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Cookies are used to enable an analysis of the use of the website by its users. The generated information is transmitted to Google’s servers in the USA and stored there.

5.2 Use of Complianz

We use the Complianz tool to store cookie settings and manage the cookie banner. © Complianz BV, CoC 717814475, Kalmarweg 14-5, 9723 JG, Groningen (NL).

5.3 Bookings via „Hotel Booking“ by MotoPress

To allow you to book accommodations with us via our website, we use the WordPress plugin „Hotel Booking“ by MotoPress. The plugin sets a session cookie, which is necessary to retrieve your booking data. JETIMPEX, INC. affiliated project, 525 NE 14 Avenue, Fort Lauderdale, FL 33301, USA.

5.4 Stripe for Online Payments

We use the service Stripe for online payments. Stripe Inc. is located at 354 Oyster Point Blvd, South San Francisco, CA 94080, USA. Payment data is transmitted to Stripe and processed there. Privacy Policy: https://stripe.com/at/legal/cookies-policy.

5.5 Google Maps

We use Google Maps to provide you with a visual representation and, if needed, quick navigation to the respective location. For more information about Google’s privacy policy, please visit https://policies.google.com/privacy?hl=en.

6. Newsletter

You have the option to subscribe to our newsletter via our website. For this, we need your email address and your declaration that you agree to receive the newsletter.

To provide you with targeted information, we also collect and process voluntarily provided information about interest areas, birthdate, and postal code.

Once you have subscribed to the newsletter, we will send you a confirmation email with a link to confirm your subscription.

You can cancel the newsletter subscription at any time by clicking the unsubscribe link in the newsletter. If you want to delete all your data related to the newsletter, please send an email to the following address: [Email address]. To verify your identity, we need sufficient identification, such as a copy of an ID document. We will then promptly delete your data related to the newsletter.

Our newsletter is managed through HubSpot and SendGrid. Your data will be transferred to and processed by HubSpot Inc., 25 First Street, Cambridge, MA 02141, USA, and SendGrid Inc., 1801 California Street, Suite 500, Denver, CO 80202, USA.

7. Your Rights Regarding Data Processing

7.1 Right to Information

You have the right to know whether and to what extent we process your data. Contact / Responsible Person: Christoph Astner.

7.2 Your Rights

You generally have the rights to access, rectification, deletion, restriction, data portability, revocation, and objection. If you believe that the processing of your data violates data protection law or if your data protection rights have otherwise been infringed, you can file a complaint with the supervisory authority. In Austria, this is the Data Protection Authority.

7.3 Right to Complain

If you believe that the processing of your personal data violates Austrian or European data protection law, please contact us to clarify any questions. Of course, you also have the right to file a complaint with the Austrian Data Protection Authority or a supervisory authority within the EU.

8. Identity Verification

To protect your rights and privacy, we are entitled to request proof of identity if there is any doubt.

9. Fee for Excessive Requests

If you exercise one of the mentioned rights manifestly unfounded or excessively often, we are entitled to charge a reasonable processing fee or refuse to process the request.

10. Cooperation Obligation

As part of our cooperation obligations, we are required to provide data according to the legal regulations (e.g., BAO, Registration Act, ZPO, StPO, etc.) upon request.

11. Validity

This privacy policy is valid from 31.07.2024 and replaces the existing privacy regulations.