Privacy police declaration

Privacy police declaration

in accordance with Art. 13 GDPR

Name and address of the person responsible

The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is
Katja Lerche
Rettenbach 38
AT-8081 Pirching am Traubenberg
Austria

Phone: 0043 677 / 617 232 00
E-Mail: holiday@themomentscottage.com

General information on data processing

Legal basis for the processing of personal data

In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not specified in the data protection notice, the following applies:
The legal basis for obtaining consent is Art. 6 para. 1 lit. a i.V.m. Art. 7 GDPR. The legal basis for the processing for the fulfillment of our services and the implementation of contractual measures as well as for answering inquiries is Art. 6 para. 1 lit. b GDPR. The legal basis for processing for the fulfillment of our legal obligations is Art. 6 para. 1 lit. c GDPR. If the processing of your data is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

Data erasure and storage duration

We adhere to the principles of data minimization pursuant to Art. 5 para. 1 lit. c GDPR and storage limitation pursuant to Art. 5 para. 1 lit. e GDPR. We only store your personal data for as long as is necessary to achieve the purposes stated here or as provided for by the retention periods stipulated by law. After the respective purpose no longer applies or after these retention periods have expired, the corresponding data will be deleted as quickly as possible.

Note on the transfer of data to third countries

Tools from companies based in third countries (including the USA) are also integrated on our website. If these tools are active, your personal data may be transmitted to the servers of the respective companies. The level of data protection in third countries generally does not correspond to EU data protection law. There is therefore a risk that your data may be passed on to authorities in these countries. We have no influence on these processing activities.

External links

This website may contain links to third-party websites or to other websites under our responsibility. If you follow a link to a website outside our responsibility, please note that these websites have their own data protection information. We accept no responsibility or liability for these third-party websites and their data protection notices. Therefore, before using these websites, please check whether you agree with their data protection declarations.

You can recognize external links either by the fact that they are displayed in a different colour from the rest of the text or underlined. Your cursor will show you external links when you move it over such a link. Only when you click on an external link will your personal data be transferred to the destination of the link. In particular, the operator of the other website receives your IP address, the time at which you clicked on the link, the page on which you clicked on the link and other information that you can find in the data protection information of the respective provider.

Please also note that individual links may lead to data being transferred outside the European Economic Area. This could give foreign authorities access to your data. You may not have any legal remedies against this data access. If you do not want your personal data to be transferred to the link destination or even exposed to unwanted access by foreign authorities, please do not click on any links.

Rights of the data subject

As a data subject within the meaning of the GDPR, you have the opportunity to assert various rights. The data subject rights arising from the GDPR are the right of access (Article 15), the right to rectification (Article 16), the right to erasure (Article 17), the right to restriction of processing (Article 18), the right to object (Article 21), the right to lodge a complaint with a supervisory authority and the right to data portability (Article 20).

Right of withdrawal:

Some data processing can only take place with your express consent. You have the option to withdraw your consent at any time. However, this does not affect the lawfulness of data processing up to the point of withdrawal.

Right of objection:

If the processing is based on Art. 6 para. 1 lit. e or f GDPR, you as the data subject can object to the processing of your personal data at any time for reasons arising from your particular situation. You also have this right in the case of profiling based on these provisions within the meaning of Art. 4(4) GDPR. Unless we can demonstrate a legitimate interest in the processing that outweighs your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims, we will refrain from processing your data after the objection has been made.

If the processing of personal data serves the purpose of direct marketing, you also have the right to object to this at any time. The same applies to profiling in connection with direct advertising. Here too, we will no longer process personal data as soon as you object.

Right to lodge a complaint with a supervisory authority:

If you believe that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, without prejudice to any other administrative or judicial remedy.

Right to data portability:

If your data is processed automatically on the basis of consent or fulfillment of a contract, you have the right to receive this data in a structured, commonly used and machine-readable format. You also have the right to request the transfer and provision of the data to another controller, insofar as this is technically feasible.

Right of access, rectification and erasure:

You have the right to obtain information about your processed personal data with regard to the purpose of the data processing, the categories, the recipients and the duration of storage. If you have any questions on this topic or other topics relating to personal data, you can of course contact us using the contact details provided in the legal notice.

Right to restriction of processing:

You can request the restriction of the processing of your personal data at any time. To do so, you must fulfill one of the following requirements:

Restriction of processing means that, with the exception of storage, personal data may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

Provision of the website (web host)

Our website is hosted by:

Greenmark IT GmbH
represented by the managing directors Andreas Gundelach, Ali Jasarov
Leinstraße 3
31061 Alfeld (Leine)
Germany

When you visit our website, we automatically collect and store information in so-called server log files. Your browser automatically transmits this information to our server or to the server of our hosting company.

These are:

This data is not merged with other data sources.

Instead of operating this website on our own server, we can also have it operated on the server of an external service provider (hosting company), which we have named above in this case. The personal data collected by this website will then be stored on the hosting company’s servers. In addition to the data mentioned above, the web host also stores contact requests, contact data, names, website access data, meta and communication data, contract data and other data generated via a website for us, for example.

The legal basis for the processing of this data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the technically error-free presentation and optimization of this website. If the website is accessed in order to enter into contractual negotiations with us or to conclude a contract, another legal basis is Art. 6 para. 1 lit. b GDPR. In the event that we have commissioned a hosting company, there is an order processing contract with this service provider.

Use of local storage items, session storage items and cookies

Our website uses local storage items, session storage items and/or cookies. Local storage is a mechanism that enables the storage of data within the browser on your end device. This data usually contains user preferences, such as the “day” or “night” mode of a website, and is retained until you delete the data manually. Session storage is very similar to local storage, whereas the storage period only lasts during the current session, i.e. until the current tab is closed. The session storage items are then deleted from your end device. Cookies are information that a web server (server that provides web content) stores on your end device in order to be able to identify this end device. They are either stored temporarily for the duration of a session (session cookies) and deleted at the end of your visit to a website or permanently (permanent cookies) on your end device until you delete them yourself or they are automatically deleted by your web browser.

These objects may also be stored on your device by third-party companies when you visit our website (third-party requests). This enables us as the operator and you as a visitor to this website to make use of certain third-party services that are installed on this website. Examples of this include the processing of payment services or the display of videos.

These mechanisms can be used in a variety of ways. They can improve the functionality of a website, control shopping cart functions, increase the security and convenience of website use and carry out analyses of visitor flows and behavior. Depending on the individual functions, these must be classified in terms of data protection law. If they are necessary for the operation of the website and intended to provide certain functions (shopping cart function) or serve to optimize the website (e.g. cookies to measure visitor behavior), they are used on the basis of Art. 6 para. 1 lit. f GDPR. As the website operator, we have a legitimate interest in the storage of local storage items, session storage items and cookies for the technically error-free and optimized provision of our services. In all other cases, local storage items, session storage items and cookies are only stored with your express consent (Art. 6 para. 1 lit. a GDPR).

If local storage items, session storage or cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this data protection notice. Your required consent will be requested and can be revoked at any time.

Use of external services

External services are used on our website. External services are services from third-party providers that are used on our website. This can be done for various reasons, for example for embedding videos or for the security of the website. When using these services, personal data is also passed on to the respective providers of these external services. If we do not have a legitimate interest in using these services, we will obtain your consent as a visitor to our website, which can be revoked at any time, before using them (Art. 6 para. 1 lit. a GDPR).

Analytics

We process personal data of website visitors to analyze user behavior. By analyzing the data obtained, we are able to compile information about the use of the individual components of our website. This enables us to increase the user-friendliness of our website. The analysis tools used can be used, for example, to create user profiles for the display of targeted or interest-based advertising messages, recognize our website visitors the next time they visit our website, measure their click/scroll behaviour and downloads, create heat maps, recognize page views, measure the duration of visits or bounce rates, and trace the origin of website visitors (city, country, which page the visitor comes from). With the help of the analysis tools, our market research and marketing activities can be improved.

Processing will only take place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data will not be processed in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will terminate this data processing. This does not affect the legality of the processing carried out up to the point of withdrawal.

Google Analytics

We use the Google Analytics service on our website. The provider of the service is Google Ireland Ltd, Gordon House, Barrow Street Dublin 4, Ireland.
The use of the service may result in data being transferred to a third country (USA).
Further information can be found in the provider’s data protection information at the following URL: https://policies.google.com/privacy.

Jetpack

We use the Jetpack service on our website. The provider of this service is Automattic Inc, 60 29th Street #343, 94110 San Francisco (CA), USA.
As this service is hosted locally on the web server, no data is transferred to third parties.

WordPress Stats

We use the WordPress Stats service on our website. The provider of the service is Automattic Inc, 60 29th Street #343, 94110 San Francisco (CA), USA.
The use of the service may result in data being transferred to a third country (USA).
Further information can be found in the provider’s data protection information at the following URL: https://automattic.com/privacy/.

Consent Management

In order to comply with data protection requirements, we use a consent management tool on our website. We use this tool to obtain the necessary consent for the setting of cookies or the use of external services. The consents are stored.
The processing is necessary for compliance with a legal obligation to which the controller (website operator) is subject. Art. 6 para. 1 lit. c GDPR is therefore used as the legal basis for processing.

Content Delivery Network (CDN)

We use a content delivery network (CDN) to optimize the performance and availability of our website. For this purpose, the service provider that makes this network available processes your IP address and the information about when you visited our website. All further information on data processing by this service provider can be found in its privacy policy.
We base this processing on a legitimate interest (Art. 6 para. 1 lit. f GDPR).
Our legitimate interest in using a content delivery network is to be able to display our website as quickly, securely and reliably as possible.

Google Static

We use the Google Static service on our website. The provider of the service is Google Ireland Ltd, Gordon House, Barrow Street Dublin 4, Ireland.
The use of the service may result in data being transferred to a third country (USA).
Further information can be found in the provider’s data protection information at the following URL: https://policies.google.com/privacy.

Content Management System

A content management system enables the creation, editing, organization and presentation of digital content. We use a content management system to create content for our website. This enables us to design a more appealing website.
We base this processing on a legitimate interest (Art. 6 para. 1 lit. f GDPR).
Our legitimate interest lies in the technically error-free presentation and optimization of the website.

WordPress

We use the WordPress service on our website. The provider of the service is Automattic Inc, 60 29th Street #343, 94110 San Francisco (CA), USA.
The use of the service may result in data being transferred to a third country (USA).
Further information can be found in the provider’s data protection information at the following URL: https://automattic.com/privacy/.

Hosting

Hosting is the provision of web space and the files on it by a web host.
This involves the transfer and storage of personal data on the web host’s servers. In particular, the IP addresses, meta and communication data of users and data on website access are processed. When a website visitor accesses the site, a connection to the web host’s servers is established. This results in the processing of the website visitor’s personal data.
We base this processing on a legitimate interest (Art. 6 para. 1 lit. f GDPR).
Our legitimate interest lies in being able to present our website and make it available on the internet.

Interface software

Business processes are cheaper, faster and more error-free when they are automated with the help of software via interfaces. This allows them to be efficiently integrated into company processes via your own website or social networks. We use interface software on our website to link different applications with each other and to transfer personal data securely from one application to another.
Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data will not be processed in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will terminate this data processing. This does not affect the legality of the processing carried out up to the point of withdrawal.

Google Tag Manager

We use the Google Tag Manager service on our website. The provider of the service is Google Ireland Ltd, Gordon House, Barrow Street Dublin 4, Ireland.
The use of the service may result in data being transferred to a third country (USA).
Further information can be found in the provider’s data protection information at the following URL: https://policies.google.com/privacy.

Social media

We use social media plugins to connect our website with our social media channels. The integration of the plugins is intended to make it easier for visitors to our website to follow our channels on social networks, share, like or comment on content. Some social media plugins make it possible to analyze the user behavior of visitors to the website with regard to their behavior on social networks. The use of plugins is intended to increase the level of awareness and the number of followers of our channels.
The plugins also process personal data and transfer data to these social networks. This transfer occurs as soon as the website is accessed. Processed data includes, for example Name, address, email address, telephone number, access time, device information, IP address.
Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data will not be processed in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will terminate this data processing. This does not affect the legality of the processing carried out up to the point of withdrawal.

Facebook

We use the Facebook service on our website. The provider of the service is Meta Plattform Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Dublin, D02x525, Ireland.
Use of the service may result in data being transferred to a third country (USA).
Further information can be found in the provider’s data protection information at the following URL: https://de-de.facebook.com/policy.php.

Facebook Connect

We use the Facebook Connect service on our website. The provider of the service is Meta Plattform Ireland Limited (Marketplace), 4 Grand Canal Square Grand Canal Harbour Dublin 2, Ireland.
Use of the service may result in data being transferred to a third country (USA).
Further information can be found in the provider’s data protection information at the following URL: https://de-de.facebook.com/policy.php.

Sales platform

By implementing elements of sales platforms, it is possible to purchase products on our website or to be redirected to a provider’s website. Personal data, such as name and delivery address, are processed as a result.
Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data will not be processed in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will terminate this data processing. This does not affect the legality of the processing carried out up to the point of withdrawal.

Google Play

We use the Google Play service on our website. The service provider is Google Ireland Ltd., Gordon House, Barrow Street Dublin 4, Ireland. Using the service may result in data being transferred to a third country (USA). Further information can be found in the provider’s data protection information at the following URL: https://policies.google.com/privacy.

Video/Music Service

Audio and videos are integrated into our website. These are retrieved from our provider’s server, the so-called audio or video platform. In order to be able to play an audio or video, your device connects to the audio or video platform and transmits personal data to it. This includes in particular the IP address, any location data or information about the user’s browser and device. Processing will only occur if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 Para. 1 lit. a GDPR). Without your consent, data processing will not take place in the manner described above. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.

YouTube

We use the YouTube service on our website. The service provider is Google Ireland Ltd., Gordon House, Barrow Street Dublin 4, Ireland. Using the service may result in data being transferred to a third country (USA). Further information can be found in the provider’s data protection information at the following URL: https://policies.google.com/privacy.

Advertising

Our website uses tools that facilitate or enable the placement of advertising and the evaluation of the success of the ads placed. For this purpose, personal data is processed, in particular the IP address, access times and device information. Processing will only occur if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 Para. 1 lit. a GDPR). Without your consent, data processing will not take place in the manner described above. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.

Google Ads

We use the Google Ads service on our website. The service provider is Google Ireland Ltd., Gordon House, Barrow Street Dublin 4, Ireland. Using the service may result in data being transferred to a third country (USA). Further information can be found in the provider’s data protection information at the following URL: https://policies.google.com/privacy.

Google AdSense

We use the Google AdSense service on our website. The service provider is Google Ireland Limited (GV), Gordon House, Barrow Street Dublin 4, Ireland. Using the service may result in data being transferred to a third country (USA). Further information can be found in the provider’s data protection information at the following URL: https://policies.google.com/privacy?hl=de&gl=de.

Google Double Click

We use the Google Double Click service on our website. The service provider is Google Ireland Ltd., Gordon House, Barrow Street Dublin 4, Ireland. Using the service may result in data being transferred to a third country (USA).

Borlabs Cookie

This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs cookie) to store your cookie consent. The service provider is Borlabs – Benjamin A. Bornstein, Rübenkamp 32, 22305 Hamburg, Germany. Borlabs Cookie does not process any personal data. Since this service is hosted locally on the web server, no data is transferred to third parties. The borlabs cookie stores the consent you gave when you entered the website. If you would like to revoke this consent, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked again for your cookie consent.

Polylang (language switch)

The provider is WP SYNTEX, 28, rue Jean Sébastien Bach, 38090 Villefontaine, France. Polylang creates the functional cookie pll_language. It stores a language preference for the visitor to support multilingual websites. The use of Polylang is in the interest of an attractive presentation of our online offerings and is based on our legitimate interest. (Art. 6 para. 1 lit. f GDPR). The storage period is one year. Polylang’s privacy policy can be found here: https://polylang.pro/privacy-policy/

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). The purpose of reCAPTCHA is to check whether data is entered on our websites (e.g. in a contact form) by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (e.g. IP address, length of time the website visitor stays on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyzes run completely in the background. Website visitors are not informed that an analysis is taking place. Data processing is carried out on the basis of Article 6 Paragraph 1 Letter f of the GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and SPAM.

Further information about Google reCAPTCHA and Google’s privacy policy can be found at the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android. html.

Google Fonts

Use of Google Fonts On our website we use “Google Fonts”, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”). Google Fonts allows us to integrate fonts on our website and display them correctly.

Legal basis for data processing

The use of Google Fonts is in the interest of a uniform and attractive presentation of our website. This represents a legitimate interest within the meaning of Article 6 Paragraph 1 Letter f GDPR.

Type and extent of processing

When you visit our website, the required fonts are loaded from Google servers. This may result in personal data, in particular your IP address, being transmitted to Google servers in the USA. Google thereby becomes aware that your IP address has accessed our website. The data collected by Google is processed in accordance with Google’s privacy policy. Further information can be found in Google’s privacy policy: https://policies.google.com/privacy.

Data transfer to third countries

Google may also process your data in the USA. Since there is no adequacy decision from the European Commission for the USA, the transfer is based on the standard contractual clauses used by Google in accordance with Art. 46 GDPR. These guarantee an appropriate level of data protection.

Storage period

Google only stores the data collected for the period necessary to provide the Google Fonts services.

Right to object

You have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided there are reasons that arise from your particular situation. To exercise your right to object, you can contact us at any time.

More information

For further details on Google’s processing of personal data and your rights, please see Google’s privacy policy at https://policies.google.com/privacy.

Google Maps

Google Maps privacy information

On our website we use the map service Google Maps from Google Inc. In Europe, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for Google services. Google Maps enables us to clearly show you locations and adapt our offerings accordingly. Data is transferred to Google and stored on their servers. Below we explain what Google Maps is, why we use it, what data is collected and how you can control it.

What is Google Maps?

Google Maps is a mapping service that allows you to search geographic locations using a computer, tablet or mobile app. In addition to maps of cities, attractions and businesses, the service offers the ability to view the location of stores listed on Google My Business. Directions can also be integrated directly into a website. Google Maps shows the earth’s surface in different views, e.g. B. as a street map or satellite image. The “Street View” function and high-resolution satellite images ensure precise views.

Why do we use Google Maps on our website?

Our goal is to make your use of our website as pleasant as possible. By integrating Google Maps we can provide you with valuable information about locations, e.g. B. the location of our company or the best route to get there – be it by car, public transport or on foot. For us, this is an important part of our customer service.

What data is collected when you use Google Maps?

To provide its service, Google needs to collect and store information about you, including search queries, IP addresses and geographic coordinates. If you use route planning, Google also saves the starting address. This data is collected directly by Google and we have no influence on it. Since Google Maps is integrated on our website, at least one cookie (name: NID) is set in your browser to store data about your user behavior. Google uses this information, among other things. for personalized advertising and the optimization of its services.

Cookies used by Google Maps:

Where and how long does Google Maps store your data?

Google’s servers are located worldwide, with many located in the United States. You can find out exactly where Google’s data centers are located here: https://www.google.com/about/datacenters/inside/locations/?hl=de. Google distributes the data across different storage media to make it quickly accessible and better protected. Certain data is only stored for a limited period of time. Other information, such as your advertising data, is anonymized after 9 to 18 months.

How can you delete your Google Maps data or prevent it from being stored?

Google offers an automatic deletion feature for location and activity data that you can control through your Google Account. Depending on the setting, the data will be deleted after 3 or 18 months. You can also delete or block cookies in your browser. There are specific instructions for different browsers on how to do this, e.g. E.g.:

If you generally do not want to accept cookies, you can set your browser so that you can decide in advance for each cookie whether it will be set or not. Please note that data may be stored and processed outside the EU, particularly in the USA, which is not considered secure under European law. Data transfer there requires special security precautions, such as: B. EU Standard Contractual Clauses. Further information on data processing by Google can be found in their data protection declaration: https://policies.google.com/privacy?hl=de


Change visitor consent:

Visitor opt-out options:

Visitor ID:

Visitor consent history:

Overview of active services and service groups:

Booking enquiry