Privacy policy

General Information

As the operator of this website and as a company, we come into contact with your personal data. This refers to all data that reveals something about you and that can be used to identify you. In this privacy policy, we want to explain how, for what purpose, and on what legal basis we process your data.

The party responsible for data processing on this website and in our company is:

Sabrina Rattensperger
Kirchgasse 9
5710 Kaprun
Austria

Phone: +43 664 356 1791
Email: info@bergfried-kaprun.at

General Information

SSL or TLS Encryption

When entering data on websites, making online orders, or sending emails over the internet, you always have to expect that unauthorized third parties may access your data. Full protection from such access is not possible. However, we make every effort to protect your data as best as we can and close security gaps where possible.

An important protection mechanism is the SSL or TLS encryption of our website, which ensures that the data you transmit to us cannot be read by third parties. You can recognize encryption by the lock icon in front of the internet address in your browser and by the fact that our website address starts with "https://" instead of "http://".

How long do we store your data?

At certain points in this privacy policy, we inform you about how long we or companies processing your data on our behalf store your data. If no such information is provided, we store your data until the purpose of data processing no longer applies, you object to the data processing, or you withdraw your consent to data processing.

In case of an objection or withdrawal, we may still process your data if at least one of the following conditions applies:

  • We have compelling legitimate grounds for continuing the data processing that override your interests, rights, and freedoms (only if the objection is against data processing; if the objection concerns direct marketing, we cannot present legitimate grounds).
  • The data processing is necessary to assert, exercise, or defend legal claims (does not apply if the objection concerns direct marketing).
  • We are legally obligated to store your data.

In this case, we will delete your data once the condition(s) no longer apply.

Your Rights

Right to Object to Data Processing

IF YOU READ IN THIS PRIVACY POLICY THAT WE HAVE LEGITIMATE INTERESTS IN PROCESSING YOUR DATA AND RELY ON ARTICLE 6 PARAGRAPH 1 SENTENCE 1 LIT. F) OF THE GDPR, YOU HAVE THE RIGHT TO OBJECT UNDER ARTICLE 21 OF THE GDPR. THIS ALSO APPLIES TO PROFILING BASED ON THE MENTIONED PROVISION. THE CONDITION IS THAT YOU PROVIDE REASONS FOR YOUR OBJECTION THAT ARISE FROM YOUR PARTICULAR SITUATION. A JUSTIFICATION IS NOT REQUIRED IF THE OBJECTION IS AGAINST THE USE OF YOUR DATA FOR DIRECT MARKETING PURPOSES.

THE CONSEQUENCE OF OBJECTION IS THAT WE CAN NO LONGER PROCESS YOUR DATA, UNLESS ONE OF THE FOLLOWING CONDITIONS APPLIES:

  • WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS.
  • THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

THE EXCEPTIONS DO NOT APPLY IF YOUR OBJECTION IS AGAINST DIRECT MARKETING OR PROFILING RELATED TO IT.

Additional Rights

Withdrawal of Your Consent to Data Processing

Many data processing operations are carried out based on your consent. You give this consent, for example, by ticking a box on online forms before submitting the form or by accepting certain cookies when visiting our website. You can withdraw your consent at any time without giving a reason (Article 7(3) GDPR). From the time of withdrawal, we can no longer process your data. The only exception is if we are legally required to retain the data for a certain period, such as under tax or commercial law.

Right to Lodge a Complaint with the Supervisory Authority

If you believe that we are violating the General Data Protection Regulation (GDPR), you have the right to lodge a complaint with a supervisory authority under Article 77 of the GDPR. You can contact a supervisory authority in the member state of your residence, your workplace, or the place where the alleged violation occurred. The right to lodge a complaint exists in addition to administrative or judicial remedies.

Right to Data Portability

If we process data on the basis of your consent or for the performance of a contract, you have the right to receive your data in a structured, commonly used, and machine-readable format and to transmit it to another data controller, provided that this is technically feasible.

Right to Access, Deletion, and Rectification of Data

Under Article 15 of the GDPR, you have the right to obtain information free of charge about which personal data we have stored about you, where the data comes from, to whom we transmit the data, and for what purpose the data is stored. If the data is incorrect, you have the right to have it corrected (Article 16 GDPR). Under the conditions of Article 17 GDPR, you may request the deletion of your data.

Right to Restriction of Processing

In certain situations, under Article 18 of the GDPR, you can request that we restrict the processing of your data. The data may then only be processed in the following ways (apart from storage):

  • With your consent
  • For the establishment, exercise, or defense of legal claims
  • To protect the rights of another natural or legal person
  • For important public interest reasons of the European Union or a member state

The right to restrict processing applies in the following situations:

  • You dispute the accuracy of your personal data stored by us, and we need time to verify this. You have the right to restrict processing during this period.
  • Your personal data has been processed unlawfully or was processed unlawfully in the past. You have the right to restrict processing as an alternative to deleting the data.
  • We no longer need your personal data, but you need it to exercise, defend, or assert legal claims. You have the right to restrict processing as an alternative to deletion.
  • You have objected under Article 21(1) of the GDPR, and we need to balance our and your interests. The right to restriction applies as long as the outcome of the balancing is pending.

Data Collection on this Website

Use of Cookies

Our website places cookies on your device. These are small text files used for different purposes. Some cookies are technically necessary for the website to function (necessary cookies). Others are needed to perform specific actions or functions on the site (functional cookies). For example, without cookies, you cannot use the advantages of a shopping cart in an online shop. Other cookies are used to analyze user behavior or optimize advertising measures. If we use third-party services on our website, such as for payment processing, these companies may also place cookies on your device when you visit the website (so-called third-party cookies).

How do we process your data?

Session cookies are only stored on your device for the duration of a session. Once you close the browser, they disappear automatically. Permanent cookies, on the other hand, remain on your device unless you delete them. This can, for example, lead to your user behavior being analyzed permanently. You can control how your browser handles cookies through your browser settings:

  • Do you want to be informed when cookies are placed?
  • Do you want to exclude cookies in general or for specific cases?
  • Do you want cookies to be deleted automatically when the browser is closed?

If you disable or do not accept cookies, the functionality of the website may be limited.

If we use cookies from other companies or for analysis purposes, we will inform you about this in this privacy policy and ask for your consent when you visit our website.

On what legal basis do we process your data?

We have a legitimate interest in ensuring that our online offerings can be used by visitors without technical problems and provide all desired functions. Therefore, the storage of necessary and functional cookies on your device is based on Article 6(1) lit. f) GDPR. We use all other cookies based on Article 6(1) lit. a) GDPR if you give us your consent. You can withdraw your consent at any time with effect for the future. If you consented to the placement of necessary and functional cookies, their storage will also be based solely on your consent.

Cookie Consent with the Legal Cockpit

What is the Legal Cockpit Cookie Tool?

Consent Management Platform (CMP) for obtaining and processing GDPR-compliant consents.

Who processes your data?

Legalcore AG, Reinhardtstr. 7, 10117 Berlin

Where can you find more information about data protection at Legal Cockpit?

https://cockpit.legal/datenschutz/

How do we process your data?

We use the Legal Cockpit Consent Management Platform to obtain your consent for storing cookies on your device in compliance with data protection regulations. When you visit our website and close the cookie consent window, the following data is transmitted to the company:

  • Your IP address
  • Information about your browser
  • Information about your device
  • The time of your visit to the website

Additionally, the Legal Cockpit stores a cookie in your browser to assign the consents given or their withdrawal to your browser. All collected data is stored until the cookies are no longer needed, you delete the Legal Cockpit cookie, or we are requested to delete the data. This does not apply if we are legally obligated to retain the data.

On what legal basis do we process your data?

We are legally obliged to obtain consent from our website visitors for the use of certain cookies. To fulfill this obligation, we use Legal Cockpit. Therefore, the legal basis for data processing is Article 6(1) lit. c) GDPR.

Server Log Files

Server log files record all requests and accesses to our website and capture error messages. They also include personal data, especially your IP address. However, this is anonymized by the provider shortly after collection, so we cannot assign the data to you personally. The data is automatically transmitted by your browser to our provider.

How do we process your data?

Our provider stores the server log files to track activity on our website and detect errors. The files contain the following data:

  • Browser type and version
  • Used operating system
  • Referrer URL
  • Hostname of the accessing computer
  • Time of server request
  • IP address (possibly anonymized)

We do not combine this data with other data; it is only used for statistical evaluation and to improve our website.

On what legal basis do we process your data?

We have a legitimate interest in ensuring that our website runs smoothly. It is also in our legitimate interest to obtain an anonymized overview of accesses to our website. Therefore, the data processing is lawful according to Article 6(1) lit. f) GDPR.

Google Fonts (local hosting)

We use fonts from the US company Google on our website. The fonts are locally installed, so no connection to Google's servers is made when you visit our website.

For more information on Google Fonts, see: Google Fonts FAQ and the Google Privacy Policy: Google Privacy Policy.

Font Awesome (local hosting)

We use icons from the Font Awesome icon library on our website. The library is provided by Fonticons Inc. The icons are locally installed, so no connection to the company's servers is made when you visit our website.

For more information on Font Awesome, see: Font Awesome and the Privacy Policy: Font Awesome Privacy.