Privacy Policy

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. You can find their contact details in the “Notice regarding the Controller” section of this privacy policy.
The protection of your personal data is of particular concern to us. Therefore, we process your data exclusively on the basis of legal provisions (GDPR, TKG 2003). In this data protection information, we inform you about the most important aspects of data processing within the framework of our website.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter into a contact form. Other data is collected automatically or after your consent by our IT systems when you visit the website. This is primarily technical data (e.g., internet browser, operating system, or time of the page view). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Part of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders, or other order inquiries.

Contacting us

If you contact us via the form on the website or by email, your provided data will be stored by us for six months for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

What rights do you have regarding your data?

You have the right at any time to receive information free of charge about the origin, recipient, and purpose of your stored personal data. You also have a right to demand the rectification or erasure of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. You also have the right, under certain circumstances, to demand the restriction of the processing of your personal data. Furthermore, you have a right to lodge a complaint with the competent supervisory authority (Austrian Data Protection Authority, Wickenburggasse 8, 1080 Vienna, dsb@dsb.gv.at). For this purpose, as well as for further questions on the subject of data protection, you can contact us at any time (info@kristall-zell.at).

Cookies

Our website uses so-called cookies. These are small text files that are stored on your end device with the help of the browser. They do not cause any damage.
We use cookies to make our offer user-friendly. They are stored on your end device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Some cookies remain stored on your end device until you delete them. They enable us to recognize your browser on your next visit.
Cookies can come from us (first-party cookies) or from third-party companies (third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for processing payment services). Cookies have various functions. Numerous cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies can be used to evaluate user behavior or for advertising purposes.
Cookies that are required to carry out the electronic communication process, to provide certain functions you desire (e.g., for the shopping cart function), or to optimize the website (e.g., cookies for measuring the web audience) (necessary cookies) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent for the storage of cookies and comparable recognition technologies has been requested, processing takes place exclusively on the basis of this consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG); consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted. You can find out which cookies and services are used on this website in this privacy policy.

Note: If cookies are deactivated, the functionality of our website may be restricted.

Renew or change your Cookie preferences

 

Controller

The controller responsible for data processing on this website is:
Appartements Mary | Family Egger and Spiegel Am Bachangerl 213, A-5721 Fürth-Kaprun-Piesendorf, Austria T: +43 660 7395 023 | E: office@app-mary.at UID: [Deine UID-Nummer hier einfügen] Member of the Austrian Economic Chamber (WKO)
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

General Notes on the Legal Basis for Data Processing

We process your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Austrian data protection laws. Data processing may be based on the following legal grounds:
• Art. 6(1)(a) GDPR: Consent (the user has given consent to the processing).
• Art. 6(1)(b) GDPR: Performance of a contract or pre-contractual measures.
• Art. 6(1)(c) GDPR: Legal obligation.
• Art. 6(1)(f) GDPR: Legitimate interests (balancing of interests).
Where consent is required, you may withdraw it at any time with effect for the future.
Storage Duration Unless a more specific storage period has been specified in this policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for erasure or withdraw your consent, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods).

SSL or TLS Encryption

This site uses SSL/TLS encryption for security and to protect confidential content (e.g., booking inquiries). You can recognize an encrypted connection by the “https://” address line and the lock symbol. Data transmitted cannot be read by third parties.
Inquiry by Email, Telephone, or Fax If you contact us, your request, including all resulting personal data (e.g., name, request details), will be stored and processed by us for the purpose of handling your request (Art. 6(1)(b) or Art. 6(1)(f) GDPR). The data will remain with us until you request deletion or the purpose for storage no longer applies.

Objection to Advertising Emails

The use of contact data published for legal notice obligations for sending unsolicited advertising is rejected. We reserve the right to take legal action in the event of unsolicited promotional information (spam).

Analysis tools and third-party tools

When visiting this website, your surfing behavior can be statistically evaluated. This happens primarily with so-called analysis programs. You can find detailed information about these analysis programs in the following privacy policy.
________________________________________
The controller responsible for data processing on this website is:
Appartements Mary Family Egger and Spiegel

Am Bachangerl 213

A-5721 Fürth-Kaprun-Piesendorf

T: +43 660 7395 023

E: office@app-mary.at

This website uses analysis tools to evaluate user behavior. Data processing may include IP address, browser type, and access times.

  • Data Transfer: Data may be transferred to third countries (e.g., USA). We ensure an adequate level of data protection via the EU-U.S. Data Privacy Framework (DPF) or Standard Contractual Clauses (SCCs).
  • Automated Decision-Making: We do not engage in automated decision-making or profiling.

Your Rights Under the GDPR You have the following rights:

• Right to Withdraw Consent (Art. 7(3) GDPR): Withdraw at any time.
• Right to Object (Art. 21 GDPR): Object to processing based on Art. 6(1)(f) or direct marketing.
• Right to Data Portability (Art. 20 GDPR): Receive data in machine-readable format.
• Information, Rectification, and Erasure (Art. 15-17 GDPR): Request access, correction, or deletion.
• Right to Restriction of Processing (Art. 18 GDPR): Request limited processing.
Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde, Wickenburggasse 8, 1080 Wien, https://www.dsb.gv.at/), if you believe that the processing of your personal data infringes the GDPR.

Soziale Medien

Facebook & Instagram

We use components of Meta Platforms Ireland Limited (Dublin, Ireland).

  • Social Media: If activated, Meta receives information about your visit via your IP address. If you are logged in, Meta associates your visit with your profile.
  • Lead Ads: If you use our contact forms (Lead Ads) on Facebook or Instagram, the data you provide is processed by us to answer your request and to prepare an individual holiday offer for you.
  • Legal Basis: Art. 6(1)(f) GDPR (visibility) or Art. 6(1)(a) GDPR (if consent was given).

The use of this service is based on your consent according to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time. Details on joint responsibility and data transfer correspond to those mentioned under “Facebook”. Further information can be found in Instagram’s privacy policy: https://privacycenter.instagram.com/policy/.

Plugins and Tools

Google Maps

This website uses Google Maps (Google Ireland Limited, Dublin, Ireland). To use these functions, your IP address is stored. This is based on Art. 6(1)(f) GDPR (legitimate interest in location presentation) or Art. 6(1)(a) GDPR (if consent was given).

Google reCAPTCHA

We use Google reCAPTCHA (Google Ireland Limited). It checks whether entries (e.g., contact forms) are made by humans or bots by analyzing behavior (IP, mouse movements, etc.). The legal basis is Art. 6(1)(f) GDPR (protecting against spam) or Art. 6(1)(a) GDPR (if consent was requested).

Web Analysis

Our website uses functions provided by the web analysis service Google Analytics (Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on the legal basis of our overriding legitimate interest (analysis of website use). In order to do so, cookies are used that make it possible to conduct an analysis of website use by visitors to the site. The information collected by this means is transmitted to the provider’s server where it is stored.

You can prevent this from happening by changing your browser settings so that cookies are no longer stored.

We have entered into a contract with the provider for the aforementioned purposes of data processing.

Your IP address is logged, though immediately pseudonymized (e.g. by deleting all but the last 8 bits). This means that only approximate localization is possible from that point on.

Your data is processed on the basis of the legal provisions set forth under § 96 par. 3 of the Telecommunications Act (TKG) as well as Art. 6 par. 1 lit a (consent) and/or f (legitimate interest) of the GDPR.

Our goals as required by GDPR (legitimate interest) are improvement of our offer as well as our web presence. Because the privacy of our users is important to us, user data is pseudonymized.

Detailed information about how user data is handled by Google Analytics can be found in Google’s own data privacy policy at www.google.com/intl/de/policies/privacy/as well as support.google.com/analytics/answer/6004245.

Please enable cookie consent messages in backend to use this feature.

Server Log File

In order to monitor the technical functionality as well as improve the reliability and security of the Web server, on the basis of our overriding legitimate interest (technical security measures) the following personally identifiable data is stored in a server log file: IP, authenticated user, date, time day, webpages visited, protocols, status code, data volume, referrer, user agent, accessed hostname.

In doing so, the IP addresses are anonymized. The anonymized IP addresses are deleted after 60 days. Information about the authenticated user is anonymized after one day.

Error logs, which maintain a record of erroneously accessed pages, are deleted after seven days. In addition to the error messages, they include the accessing IP address as well as the website that was accessed erroneously.

PixelYourSite (Management Plugin)

We use the WordPress plugin PixelYourSite (provided by Mircea Sandu SRL) on our website. This plugin is used for the technical integration and management of various analysis and marketing services, particularly the Meta Pixel. PixelYourSite sets its own cookies (e.g., pys_consent, pbid) to manage your consent preferences chosen in the cookie banner and to ensure that tracking data is only transmitted if you have provided your consent.

Legal Basis: Art. 6 (1) (a) GDPR (Consent).

Storage Duration: Until you withdraw your consent or delete the cookies in your browser.

Meta Pixel and Conversions API (CAPI)

In conjunction with PixelYourSite, we use the Meta Pixel and the Conversions API (CAPI) provided by Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

How it works:

Browser-Side Tracking (Meta Pixel): Data regarding your user behavior (e.g., pages visited, clicks on booking buttons) is transmitted to Meta via your browser.

Server-Side Tracking (Conversions API): In addition, information about specific interactions (such as successful booking inquiries) is transmitted directly from our server to Meta. This increases measurement accuracy and allows for better attribution of our marketing efforts (e.g., our Easter Bonus campaigns) without being solely dependent on browser-based cookies.

Data Processing:
The collected data (e.g., IP address, browser information, event data like “Lead” or “Purchase”) is used by Meta to create target groups for advertisements (“Custom Audiences”) and to measure the success of our ads. We use a feature called Advanced Matching, where personal data (e.g., email addresses) is encrypted (hashed) before transmission, rendering it unidentifiable to third parties.

Third-Country Transfer:
Meta may transfer data to the USA. Such transfers are based on the EU-U.S. Data Privacy Framework or the Standard Contractual Clauses of the EU Commission.

Withdrawal of Consent:
You can withdraw your consent at any time via our cookie banner (Cookiebot) or deactivate tracking in your Facebook account settings under “Ad Preferences.”

Facebook Leads

Use of Facebook Lead Ads (instant forms)
We use the “Lead Ads” or “instant forms” feature on our social media pages (Facebook/Instagram) to receive inquiries about our apartments.

Type of data:
When you fill out such a form, the data you enter (e.g., name, email address, desired period, number of people) is transmitted to us. Facebook automatically fills in some of these fields with your profile data stored with Meta, provided you agree to this.

Purpose and legal basis:
This data is collected solely for the purpose of processing your inquiry and creating a personalized vacation offer for Mary Apartments. The legal basis for this is Art. 6 (1) (b) GDPR (pre-contractual measures) and your express consent by submitting the form (Art. 6 (1) (a) GDPR).

Joint responsibility:
Meta Platforms Ireland Ltd. and we have a “joint responsibility” (Art. 26 GDPR) for the collection of data in the context of Lead Ads. We have concluded a corresponding agreement with Meta. For more information on data processing by Meta, please refer to Facebook’s privacy policy at: https://www.facebook.com/about/privacy.

Storage period:
The transmitted data will be stored by us until the purpose for data storage no longer applies (e.g., after your request has been processed) or you request us to delete it.