Privacy Policy

Introduction and overview

We have drawn up this privacy policy (version 18.05.2025-112997605) to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter referred to as "data") we as the controller – and the processors commissioned by us (e.g., providers) – process, will process in the future, and what legal options you have. The terms used are to be understood as gender-neutral. In short: We provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. This privacy policy, however, is intended to describe the most important things to you as simply and transparently as possible. Wherever transparency is required, technical terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. We are thus informing you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible if one provides the briefest, most unclear, and legally technical explanations possible, as is often the norm on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative and perhaps you will find some information there that you were not previously aware of. If you still have any questions, we would like to ask you to contact the responsible body named below or in the imprint, follow the existing links, and look for further information on third-party websites. Our contact details can of course also be found in the imprint.

scope

This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (contract processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as a person's name, email address, and postal address. The processing of personal data ensures that we can offer and bill our services and products, whether online or offline. The scope of this privacy policy includes:

• all online presences (websites, online shops) that we operate
• Social media presence and email communication
• mobile apps for smartphones and other devices

In short: This privacy policy applies to all areas in which personal data is processed in a structured manner within the company via the aforementioned channels. Should we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal basis

In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, that enable us to process personal data. Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation online on EUR-Lex, the gateway to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex:32016R0679.

We only process your data if at least one of the following conditions applies:

• Consent (Article 6 (1) (a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of the data you entered in a contact form.
• Contract (Article 6 (1) (b) GDPR): We process your data in order to fulfill a contract or pre-contractual obligations with you. For example, if we conclude a purchase agreement with you, we require personal information in advance.
• Legal obligation (Article 6 (1) (c) GDPR): We process your data if we are subject to a legal obligation. For example, we are legally obligated to retain invoices for accounting purposes. These usually contain personal data.
• Legitimate interests (Article 6 (1) (f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website securely and economically efficiently. This processing therefore constitutes a legitimate interest.

We generally do not apply additional conditions, such as the processing of recordings in the public interest, the exercise of official authority, or the protection of vital interests. Should such a legal basis be applicable, it will be indicated at the appropriate point.

In addition to the EU regulation, national laws also apply:

• In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.
• In Germany, the Federal Data Protection Act, or BDSG for short, applies.

If other regional or national laws apply, we will inform you about them in the following sections.

Contact details of the person responsible

If you have any questions about data protection or the processing of personal data, you will find the contact details of the controller in accordance with Article 4 paragraph 7 of the EU General Data Protection Regulation (GDPR) below:

Daniel Salvenmoser, Ebener Straße 15, 6212 Eben am Achensee, Austria

E-Mail: info@apartment-marlen.atTelefon: 43 676 4824510Impressum: https://www.apartment-marlen.at/impressum/

Storage period

Our general policy is to only store personal data for as long as it is absolutely necessary to provide our services and products. This means that we delete personal data as soon as the reason for processing it no longer exists. In some cases, we are legally obligated to retain certain data even after the original purpose no longer applies, for example, for accounting purposes.

If you wish to have your data deleted or withdraw your consent to data processing, the data will be deleted as quickly as possible and unless there is an obligation to store it.

We will inform you below about the specific duration of the respective data processing, provided we have further information on this.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 of the GDPR, we inform you of the following rights to which you are entitled to ensure fair and transparent data processing:

• According to Article 15 of the GDPR, you have the right to information about whether we process your data. If so, you have the right to receive a copy of the data and the following information:
• for what purpose we carry out the processing;
• the categories, i.e. the types of data that are processed;
• who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
• how long the data is stored;
• the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
• that you can complain to a supervisory authority (links to these authorities can be found below);
• the origin of the data if we did not collect it from you;
• whether profiling is carried out, i.e. whether data is automatically evaluated in order to create a personal profile of you.
• According to Article 16 GDPR, you have the right to rectification of data, which means that we must correct data if you find any errors.
• According to Article 17 GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you can request the deletion of your data.
• According to Article 18 GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it any further.
• According to Article 20 GDPR, you have the right to data portability, which means that we will provide you with your data in a common format upon request.
• According to Article 21 GDPR, you have the right to object, which, if enforced, will result in a change in the processing.
• If the processing of your data is based on Article 6 (1) (e) (public interest, exercise of official authority) or Article 6 (1) (f) (legitimate interest), you may object to the processing. We will then examine as quickly as possible whether we can legally comply with this objection.
• If data is used for direct marketing purposes, you can object to this type of data processing at any time. We may no longer use your data for direct marketing purposes after this time.
• If data is used for profiling purposes, you can object to this type of data processing at any time. We may no longer use your data for profiling purposes after this time.
• According to Article 22 GDPR, you may have the right not to be subjected to a decision based solely on automated processing (e.g. profiling).
• According to Article 77 of the GDPR, you have the right to lodge a complaint. This means you can lodge a complaint with the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: You have rights – do not hesitate to contact the responsible body listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/. In Germany, each federal state has a data protection officer. For further information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Messenger & Communication Introduction

Messenger & Communication Privacy Policy Summary👥 Affected parties: Website visitors🤝 Purpose: Contact inquiries and general communication between us and you📓 Data processed: Data such as name, address, email address, telephone number, general content data, and IP address if applicable. You can find more details in the respective tools used.📅 Storage period: depends on the messenger and communication functions used⚖️ Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests), Art. 6 (1) (b) GDPR (contractual or pre-contractual obligations)

What are messenger and communication features?

We offer various options on our website (e.g., messenger and chat functions, online or contact forms, email, and telephone) for communicating with us. Your data will also be processed and stored to the extent necessary to respond to your inquiry and our subsequent actions.

In addition to traditional communication tools such as email, contact forms, or telephone, we also use chats and messengers. The currently most frequently used messenger function is WhatsApp, but there are, of course, many different providers offering messenger functions specifically for websites. If content is end-to-end encrypted, this will be indicated in the individual data protection texts or in the privacy policy of the respective provider. End-to-end encryption simply means that the content of a message is not visible even to the provider. However, information about your device, location settings, and other technical data may still be processed and stored.

Why do we use messenger and communication functions?

Communication options with you are extremely important to us. Ultimately, we want to talk to you and answer any questions you may have about our service as best as possible. Effective communication is a key part of our service. With our practical messenger and communication functions, you can always choose the one you prefer. In exceptional cases, however, we may not be able to answer certain questions via chat or messenger. This is the case, for example, when it concerns internal contractual matters. In these cases, we recommend other communication options such as email or telephone.

We generally assume that we remain responsible for data protection even when we use the services of a social media platform. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 GDPR. Where this is the case, we will specifically point this out and work on the basis of a relevant agreement. The essence of the agreement is set out below for the relevant platform.

Please note that when using our integrated elements, your data may also be processed outside the European Union, as many providers, such as Facebook Messenger or WhatsApp, are US companies. This may make it more difficult for you to assert or enforce your rights regarding your personal data.

What data is processed?

Exactly which data is stored and processed depends on the respective provider of the messenger and communication functions. This generally includes data such as name, address, telephone number, email address, and content data, such as any information you enter into a contact form. Information about your device and IP address is usually also stored. Data collected via a messenger and communication function is also stored on the provider's servers.

If you want to know exactly which data is stored and processed by the respective providers and how you can object to data processing, you should carefully read the respective company's privacy policy.

How long is data stored?

How long the data is processed and stored depends primarily on the tools we use. You can find out more about how the individual tools process data below. The providers' privacy policies usually state exactly which data is stored and processed for how long. In principle, personal data is only processed for as long as it is necessary to provide our services. When data is stored in cookies, the storage period varies greatly. The data can be deleted immediately after you leave a website, but it can also be stored for several years. You should therefore look at each individual cookie in detail if you want to know more about data storage. You can usually find informative information about the individual cookies in the privacy policies of the individual providers.

Right of objection

You also have the right and option to revoke your consent to the use of cookies or third-party services at any time. This can be done either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating, or deleting cookies in your browser. For further information, please refer to the section on consent.

Since cookies may be used in messenger and communication functions, we also recommend that you read our general privacy policy regarding cookies. To learn exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to the processing and storage of your data through integrated messenger and communication functions, this consent serves as the legal basis for data processing (Art. 6 (1) (a) GDPR). We process your inquiry and manage your data within the framework of contractual or pre-contractual relationships in order to fulfill our pre-contractual and contractual obligations or to answer inquiries. The basis for this is Art. 6 (1) (b) GDPR. In principle, if you have given your consent, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 (1) (f) GDPR) in fast and effective communication with you or other customers and business partners.

Review platforms introduction

Review Platform Summary👥 Affected parties: Visitors to the website or a review platform🤝 Purpose: Feedback on our products and/or services📓 Data processed: IP address, email address, name, among others. You can find more details below or in the respective review platforms used.📅 Storage period: depends on the respective platform⚖️ Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests)

What are review platforms?

You can rate our products or services on various review platforms. We participate in some of these platforms so that we can receive feedback from you and thus optimize our offering. If you rate us via a review platform, the privacy policy and general terms and conditions of the respective review service apply. You often also have to register to submit a review. Rating technologies (widgets) may also be integrated into our website. By using such an integrated tool, data is also transferred to the corresponding provider, processed, and stored.

Many of these integrated programs work according to a similar principle. After you order a product from us or use a service, you will be asked to submit a review via email or on the website. You will usually be redirected to a review page via a link, where you can quickly and easily create a review. Some review systems also offer an interface to various social media channels to make the feedback accessible to multiple people.

Why do we use review platforms?

Review platforms collect feedback and ratings about our offerings. Your ratings provide us with quick, relevant feedback and allow us to improve our products and/or services much more effectively. The ratings therefore help us optimize our offerings, while also providing you and all our future customers with a good overview of the quality of our products and services.

What data is processed?

With your consent, we transmit information about you and the services you have used to the relevant review platform. We do this to ensure that you have actually used one of our services. Only then can you provide genuine feedback. The transmitted data is only used to identify the user. Which data is stored and processed depends, of course, on the providers used. In most cases, personal data such as your IP address, email address or your name is also made available to the review platforms. Order information such as the order number of a purchased item is also forwarded to the relevant platform after you have submitted your review. If your email address is transmitted, this is so that the review platform can send you an email after you have purchased a product. So that we can also integrate your review into our website, we also inform the providers that you have visited our site. The review platform used is responsible for the personal data collected.

How long and where is the data stored?

You can find out more about the duration of data processing below in the provider's privacy policy, if we have further information on this. Generally, we only process personal data for as long as it is absolutely necessary to provide our services and products. Personal data mentioned in a review is usually anonymized by employees of the platform used and is therefore only visible to the company's administrators. The collected data is stored on the provider's servers and, for most providers, deleted after the order has been completed.

Right of objection

You also have the right and option to revoke your consent to the use of cookies or third-party services at any time. This can be done either via our cookie management tool or through other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating, or deleting cookies in your browser.

Legal basis

If you have consented to the use of a review platform, this consent forms the legal basis for the corresponding data processing. According to Art. 6 (1) (a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when collected by a review platform.

We also have a legitimate interest in using a rating platform to optimize our online service. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use a rating platform if you have given your consent.

We hope we have been able to provide you with the most important general information regarding data processing by review platforms. Further information can be found below in the privacy statements or in the linked privacy statements of the companies.

Google Customer Reviews Privacy Policy

We also use the Google Customer Reviews platform for our website. The service provider is the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services.

Google processes your data, among other places, in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. Further information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard contractual clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the standard contractual clauses, Google undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The data processing terms for Google advertising products (Google Ads Controller-Controller Data Protection Terms), which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/

You can find out more about the data processed through the use of Google in the privacy policy at https://policies.google.com/privacy?hl=de.

Web design introduction

Web design privacy policy summary

👥 Affected parties: Website visitors🤝 Purpose: Improving the user experience📓 Data processed: Which data is processed depends heavily on the services used. This usually includes IP address, technical data, language settings, browser version, screen resolution, and browser name. You can find more details in the respective web design tools used.📅 Storage period: Depends on the tools used⚖️ Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests)

What is web design?

We use various tools on our website to support our web design. Web design is not, as is often assumed, just about making our website look pretty, but also about functionality and performance. But of course, the right look and feel for a website is also one of the main goals of professional web design. Web design is a sub-area of media design and deals with the visual, structural, and functional design of a website. The goal is to use web design to improve your experience on our website. In web design jargon, this is referred to as user experience (UX) and usability. User experience refers to all the impressions and experiences that website visitors have on a website. A sub-section of user experience is usability. This refers to the user-friendliness of a website. The main emphasis here is on ensuring that content, subpages, or products are clearly structured and that you can find what you are looking for quickly and easily. In order to offer you the best possible experience on our website, we also use so-called third-party web design tools. In this privacy policy, the category "web design" includes all services that enhance the design of our website. These can include, for example, fonts, various plugins, or other integrated web design functions.

Why do we use web design tools?

How you absorb information on a website depends heavily on its structure, functionality, and visual perception. Therefore, good, professional web design has become increasingly important to us. We are constantly working on improving our website and see this as an extended service for you, the website visitor. Furthermore, a beautiful and functional website also has financial advantages for us. After all, you will only visit us and take advantage of our services if you feel completely comfortable.

What data are stored by web design tools?

When you visit our website, web design elements may be integrated into our pages that can also process data. The exact data involved depends, of course, heavily on the tools used. Further down you can see exactly which tools we use for our website. For more detailed information about data processing, we recommend that you also read the respective privacy policy of the tools used. This will usually tell you which data is processed, whether cookies are used, and how long the data is stored. Fonts such as Google Fonts, for example, also automatically transmit information such as language settings, IP address, browser version, browser screen resolution, and browser name to Google's servers.

Duration of data processing

How long data is processed varies greatly from person to person and depends on the web design elements used. If cookies are used, for example, the retention period can be as little as one minute or as long as several years. Please inform yourself about this. We recommend that you read our general section on cookies and the privacy policies of the tools used. There you will usually find out which cookies are used and what information is stored in them. Google Font files, for example, are stored for one year. This is intended to improve the loading time of a website. In principle, data is only stored for as long as it is necessary to provide the service. If legally required, data can be stored for longer.

Right of objection

You also have the right and option to revoke your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. You can also prevent data collection through cookies by managing, deactivating, or deleting cookies in your browser. However, some web design elements (usually fonts) also contain data that cannot be deleted so easily. This is the case when data is automatically collected when a page is accessed and transmitted to a third-party provider (such as Google). In this case, please contact the support of the respective provider. In the case of Google, you can reach support at https://support.google.com/?hl=de.

Legal basis

If you have consented to the use of web design tools, this consent forms the legal basis for the corresponding data processing. According to Art. 6 (1) (a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when data is collected by web design tools. We also have a legitimate interest in improving the web design on our website. After all, only then can we provide you with an attractive and professional website. The corresponding legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use web design tools if you have given your consent. We would like to emphasize this again here.

Information on specific web design tools – where available – can be found in the following sections.

Online booking systems Introduction

Online Booking Systems Privacy Policy Summary👥 Affected parties: Website visitors🤝 Purpose: Improving the user experience and organization📓 Data processed: Which data is processed depends heavily on the services used. This usually includes IP addresses, contact and payment data, and/or technical data. You can find more details in the respective tools used.📅 Storage period: Depends on the tools used⚖️ Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests)

What is an online booking system?

To enable you to make bookings through our website, we use one or more booking systems. Appointments, for example, can be easily created online. A booking system is a software application integrated into our website that displays available resources (such as free appointments) and through which you can book and usually also pay directly online. You are probably already familiar with such booking systems from the restaurant or hotel industry. However, such systems are now used in a wide variety of industries. Depending on the tool and settings, booking systems can be used both internally for us and for customers like you. In this process, personal data is usually also collected and stored from you.

Booking usually works as follows: You'll find the booking system on our website, where you can book an appointment for a service directly with just a click of the mouse and enter your details, and usually pay immediately. You may be asked to enter various personal information via a form. Please be aware that all data you enter may be stored and managed in a database.

Why do we use an online booking system?

In a sense, we see our website as a free service for you. We want you to receive helpful information and feel completely at home on our site. This includes an online service that makes booking appointments or services as easy as possible. Gone are the days when you had to wait days for a booking confirmation via phone or email. With an online booking system, you can complete everything in just a few clicks and get back to other things. The system also makes managing all bookings and appointments easier for us. Therefore, we consider such a booking system to be absolutely beneficial for both you and us.

What data is processed?

Of course, we cannot tell you exactly which data is processed in this general information text about booking systems. This always depends on the tool used and the functions and options it contains. Many booking systems offer a range of additional features in addition to the conventional booking function. For example, many systems also have an external online payment system (e.g. from Stripe, Klarna or PayPal) and a calendar synchronization function integrated. Accordingly, depending on the function, different amounts of data can be processed. Data such as IP address, name and contact details, technical information about your device and the time of a booking are usually processed. If you also make a payment in the system, bank details such as account number, credit card number, passwords, TANs, etc. are also stored and passed on to the respective payment provider. We recommend that you read the respective privacy policy of the tool used carefully so that you know which of your data is specifically processed.

Duration of data processing

Each booking system stores data for different lengths of time. Therefore, we cannot yet provide specific information about the duration of data processing. However, personal data is generally only stored for as long as absolutely necessary to provide the services. Booking systems generally also use cookies, which store information for different lengths of time. Some cookies are deleted immediately after you leave the site, while others can be stored for several years. You can learn more about this in our "Cookies" section. Please also read the respective providers' privacy policies. These should explain how long your data will be stored in each specific case.

Right of objection

If you have consented to data processing by a booking system, you always have the option and the right to revoke this consent. Please be aware that you have rights regarding your personal data and can exercise these rights at any time. If you do not want personal data to be processed, then no personal data may be processed. It's that simple. The easiest way to revoke data processing is to use a cookie consent tool or other opt-out functions offered. You can also manage data storage via cookies directly in your browser, for example. Until you revoke your consent, the legality of data management remains unaffected.

Legal basis

If you have consented to the use of booking systems, this consent forms the legal basis for the corresponding data processing. According to Art. 6 (1) (a) GDPR (consent), this constitutes the legal basis for the processing of personal data, as may occur through booking systems.

Furthermore, we also have a legitimate interest in using booking systems because, on the one hand, they allow us to expand our customer service and, on the other hand, optimize our internal booking organization. The corresponding legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use these tools if you have given your consent. We would like to reiterate this at this point.

Information on specific booking systems – where available – can be found in the following sections.

Explanation of terms used

We always strive to make our privacy policy as clear and understandable as possible. However, this is not always easy, especially when it comes to technical and legal topics. It often makes sense to use legal terms (such as personal data) or certain technical expressions (such as cookies, IP address). However, we do not want to use these without explanation. Below you will find an alphabetical list of important terms used that we may not have sufficiently addressed in the previous privacy policy. If these terms are taken from the GDPR and are definitions, we will also cite the GDPR texts here and add our own explanations if necessary.

Processor

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions shall apply:

‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all data we process from you. In addition to the controllers, there may also be so-called processors. This includes any company or individual that processes personal data on our behalf. Processors can therefore include, in addition to service providers such as tax consultants, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

consent

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions shall apply:

‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation: On websites, such consent is usually given via a cookie consent tool. You're probably familiar with this. Whenever you visit a website for the first time, you'll usually be asked via a banner whether you agree to data processing. You can usually also make individual settings and thus decide for yourself which data processing you allow and which you don't. If you do not consent, no personal data may be processed. In principle, consent can of course also be given in writing, i.e., not via a tool.

Personal data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions shall apply:

‘personal data’ means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Explanation: Personal data is all data that can identify you as an individual. This is usually data such as:

• Name
• Address
• Email Address
• Postal address
• Telephone number
• birth date
• Identification numbers such as social security number, tax identification number, identity card number or registration number
• Bank details such as account number, credit information, account balances and much more.

According to the European Court of Justice (ECJ), your IP address also counts as personal data. IT experts can use your IP address to determine at least the approximate location of your device and, subsequently, you as the subscriber. Therefore, storing an IP address also requires a legal basis within the meaning of the GDPR. There are also so-called "special categories" of personal data that also deserve special protection. These include:

• racial and ethnic origin
• political opinions
• religious or ideological beliefs
• union membership
• genetic data such as data obtained from blood or saliva samples
• biometric data (information about mental, physical, or behavioral characteristics that can identify a person). Health data
• Data on sexual orientation or sex life

Profiling

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions shall apply:

‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

Explanation: Profiling involves compiling various information about a person in order to learn more about that person. Profiling is often used in the web for advertising purposes or for credit checks. Web or advertising analysis programs, for example, collect data about your behavior and interests on a website. This results in a specific user profile that can be used to target advertising to a specific audience.

 

Person responsible

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions shall apply:

‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Explanation: In our case, we are responsible for the processing of your personal data and are therefore the "controller." If we pass on collected data to other service providers for processing, these are "processors." A "processing agreement (DPA)" must be signed for this purpose.

 

processing

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions shall apply:

“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Note: When we refer to "processing" in our privacy policy, we mean any type of data processing. As mentioned above in the original GDPR statement, this includes not only the collection but also the storage and processing of data.

All texts are protected by copyright.

Source: Privacy Policy created with the Data Protection Generator for Austria from AdSimple