PRIVACY NOTICE

Name: Frühstückspension Martinshof
Address: Gurglerstraße 98, Obergurgl, 6456, Österreich
Telephone: +43 5256 6237

When using this website, personal data may be processed.

Data protection law obliges website operators to inform users about this.

1. Data protection controller

Frühstückspension Martinshof

Gurglerstraße 98

6456 Obergurgl

+43 5256 6237

martinshof@obergurgl.com

2. Type of data processed

The personal data that is processed depends on how our website and our services are used: On the one hand, this is personal information that you provide, such as name, telephone number, e-mail address when using a contact form or payment information when placing orders. On the other hand, information will be collected automatically when you visit the website or through the use of cookies or related technologies, such as device and usage information (e.g. IP, browser information, previously visited URL). As a rule, the identity of a person cannot be directly deduced from this information.

3. Purposes of processing

Among other things, we process data for the following purposes:

- Provision and optimisation of the online offer, its content and functions

- Provision of contractual services, services and customer care

- Responding to contact requests and communicating with users

- Marketing and advertising

- Safety measures

- Fulfilment of legal obligations, e.g. fulfilment of retention obligations under company, tax and tax law

4. Relevant legal bases

In accordance with Art. 13 GDPR, we inform you of the legal basis for our data processing:

- Insofar as we obtain consent for the processing of personal data, Art. 6 (1) (a) GDPR serves as the legal basis for the processing of the data.

- In the case of the processing of personal data that is necessary for the performance of a contract, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

- Insofar as the processing of personal data is necessary to comply with a legal obligation, Art. 6 (1) (c) GDPR serves as the legal basis.

- In the event that the vital interests of you or another natural person necessitate the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.

- If the processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms do not outweigh the first interest(s), Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

5. Data transfer

If we disclose, transfer or otherwise provide access to personal data to other persons and companies (such as processors such as technical service providers for the provision of our website, affiliated companies or other third parties), this will only take place if it is permitted by law (e.g. transfers to a payment service provider for the performance of contracts), if you have consented or if we are legally obliged to do so (e.g. authorities in the context of investigative proceedings) or on the basis of our legitimate interests (e.g. in the case of the deployment of agents, etc.) If we commission third parties to process data on the basis of a so-called "data processing agreement", this will be done in accordance with Art. 28 GDPR.

The data is stored within the EU. Some data recipients are located outside your country or process your personal data there. The level of data protection in other countries may not be the same as that of your country. However, we only transfer your personal data to countries or to (US) companies for which the EU Commission has decided that they have an adequate level of data protection (e.g. US companies certified according to the EU-US Privacy Framework), or we take measures to ensure that recipients commit themselves to an adequate level of data protection. To this end, we conclude, for example, standard contractual clauses (SCC 2021) for the transfer of personal data to third countries in accordance with Regulation (EU) 2016/679 or ensure that they are concluded by our service providers.

6. Description of individual processing operations

6.1. Provision of the website, logging of accesses

Purpose: The website should be able to be used and operated securely, quickly and stably. Web hosting is done via cloud-based servers in the EU.

Legal basis: legitimate interest (Article 6 (1) (f) GDPR), technical necessity

Data types: Usage data (e.g. websites visited, access times, entries), communication data (e.g. IP address, browser type, operating system)

Categories of recipients: Web hosting CDN provider (mono solutions ApS., Denmark, Amagerfælledvej 106 2300 Copenhagen), SSL certificate provider

Transfer to third countries: Not planned.

Storage period: max. 30 days

6.2. Processing of requests

Purpose: Users should be able to ask questions or book appointments via forms.

Legal basis: legitimate interest in responding (Article 6 (1) (f) GDPR)

Data types: Contact details (e.g. name, e-mail, telephone), contents of free text fields

Categories of recipients: Cloud and. Email Service Providers, Contact Form Providers, Booking Tool Providers

Transfer to third countries: Not planned.

6.3. Managing Contacts

Purpose: The contact details of our users and their interactions should be centrally and clearly viewable and administrable. If users are contacted for advertising purposes, the permission should be verifiable.

Legal basis: legitimate interest (Article 6 (1) (f) GDPR), legal obligation to store consent

Types of data: contact details (e.g. name, e-mail, telephone), contents of free text fields or messages, consent status

Transfer to third countries: Not planned.

6.4. Map contents

Purpose: Our users should be able to find our locations easily. If consent is given in the cookie banner or if a consent level is displayed separately, the map elements are loaded and the data is transmitted to a server of the map provider.

Legal basis: Consent Article 6 (1) (a) GDPR

Types of data: Usage data: e.g. websites visited, access times, communication data: e.g. browser type, operating system or IP addresses

Category of recipients: Card tool providers

6.5. Our online presence on social media

We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users active there and to be able to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data protection information of the respective social networks apply. We process the data of users when they communicate with us within the social networks and platforms, e.g. write posts on our profile or send us messages. Requests for information and the assertion of data subject rights can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information.

6.6. Cookies and similar tracking technologies

We may use cookies and similar tracking technologies (such as web beacons and pixels) to collect information about how people interact with our Services. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, troubleshoot errors, remember your preferences, and support basic website functions.

Based on our users' consent, we also allow third parties and service providers to use online tracking technologies on our Services for analytics and advertising, including managing and displaying ads, tailoring ads to your interests, or sending abandoned cart reminders. The third parties and service providers use their technologies to provide advertisements for products and services that are tailored to your interests and may appear either on our Services or on other websites.

For specific information about how we use such technologies and how you can opt out of certain cookies, please see our Cookie Notice.

To obtain and manage consent for cookies and similar technologies, we use the consent management tool of mono solutions ApS., Denmark, Amagerfælledvej 106, 2300 Copenhagen. The legal basis for the processing is Article 6 (1) (c) GDPR (legal obligation to obtain verifiable consent) or, in the alternative, lit f: Our legitimate interests in processing lie in the storage of user settings and preferences with regard to the use of cookies and other functionalities. The consent forms are stored for 180 days in the EU and include consent settings themselves (true/false for each category), date and time, a random user ID, an obfuscated IP address (not complete), and the browser string.

Data-saving integration of Google services via server-side tracking: The data-saving technical solution prevents the IP address of your device from being transmitted to Google LLC with locations in the USA ("Google") when you visit this website. We use Google Tag Manager (GTM) to control and manage website services. However, the technical solution behind the data processing is carried out without establishing a direct connection to Google servers, i.e. on the one hand without transferring personal data to unsafe third countries and on the other hand without anonymizing the IP address of the website visitors (deletion of the last octet). In this case, the IP addresses are collected for a logical second for the sole purpose of anonymization. Due to the measures described, it is not possible for us or our service provider to draw individualized conclusions about individual website visitors. After your consent to the setting of cookies, we use the Google services (in particular Google Analytics, Google Tag Manager, Google Ads) in the consent mode offered by Google in the Basic variant (more information: https://support.google.com/google-ads/answer/10031513) for analysis and marketing purposes, whereby URL and title of our website, browser data [information on the browser, operating system, screen resolution, language selection, date and time]) anonymized reference value and transferred to Google LLC with locations in the USA ("Google"). We refer to Article 6 (1) (a) GDPR as the legal basis.

Google Analytics 4
Insofar as you have given your consent (legal basis: Article 6 (1) sentence 1 (a) GDPR and implementation laws of the European E-Privacy Directive), Google Analytics 4, a web analysis service provided by Google LLC, is used on this website. On behalf of the operator of this website, Google will use this information to evaluate your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns. The responsible body for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Cookies are used to enable an analysis of your use of our websites. The information collected by the cookies about your use of this website is usually transmitted to a Google server in the USA and stored there. With Google Analytics 4, IP address anonymization is enabled by default. The IP address is anonymized on servers in the EU provided by our technical service providers before data is transmitted to Google. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google. During your visit to the website, your user behaviour is recorded in the form of "events". Events can be: page views, first visit to the website, start of the session, web pages visited, your "click path", interaction with the website, scrolls (whenever a user scrolls to the bottom of the page (90%), clicks on external links, internal search queries, interaction with videos, file downloads, viewed / clicked ads, language preference. In addition, the following information is collected: your approximate location (region), date and time of your visit, your IP address (in abbreviated form), technical information about your browser and the devices you use (e.g. language settings, screen resolution), your Internet provider, the referrer URL (via which website/advertising medium you came to this website). Recipients of the data are/may be: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 GDPR), Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. For the USA, the European Commission adopted its adequacy decision on 10 July 2023. Google LLC is certified according to the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider. Under the cookie symbol on the left of each page, you can view the maximum lifespan of Google Analytics cookies in our cookie consent tool and revoke your consent at any time with effect for the future. This does not affect the lawfulness of the processing carried out on the basis of consent before its revocation. You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to refuse all cookies, functionality on this and other websites may be limited. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by: not giving your consent to the setting of the cookie or by using the browser add-on to deactivate Google Analytics HERE Download and install. You can find more information about the terms of use of Google Analytics and data protection at Google under https://marketingplatform.google.com/about/analytics/terms/de/ and under https://policies.google.com/?hl=de.

Google Ads

We advertise with Google Ads, the online advertising platform developed by Google, to draw attention to our offers on external websites and in Google products such as Google Search or Youtube. In relation to the data of the advertising campaigns, we can determine the success of the individual campaigns. We are pursuing the interest of showing users advertising that is likely to be of interest to them, making our website more individualized and thus more interesting, and achieving a fair calculation of advertising costs. These advertising materials are delivered by Google via so-called "ad servers". Ad server cookies are used for this purpose, which can be used to measure certain parameters for measuring success, such as the display of ads or clicks by users. If a user reaches our website via a Google ad and agrees to the setting of optional marketing cookies, Google Ads stores cookies on the user's device. These cookies allow Google to recognize your internet browser. If a user visits certain pages of an Ads Client's website and the cookie stored on their device has not yet expired, Google and the Client can recognise that the user clicked on the ad and was redirected to that page. Each Ads customer is assigned a different cookie. Cookies cannot be tracked through the websites of Ads customers. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material, in particular we cannot identify the users on the basis of this information. Data transfer to Google with locations in the USA is based on active certification according to the EU-US Privacy Framework. We have no influence on the scope and further use of the data collected by Google through the use of this tool.

7. Storage period

We will only retain your personal data for as long as necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (e.g. for tax, accounting or other legal reasons).

If we have no further legitimate business need to process your personal data, we will either delete or anonymise that data or, if this is not possible (for example, because your personal data has been stored in backup archives), we will keep your personal data secure and isolate it from any further processing until deletion is possible.

8. Rights related to the protection of personal data

Subject to the conditions of applicable law, you have the following rights:

- Right of access (Article 15 GDPR)

- Right to rectification (Article 16 GDPR)

- Right to erasure ("right to be forgotten") (Article 17 GDPR)

- Right to restriction of processing (Article 18 GDPR)

- Right to data portability (Article 20 GDPR)

- Right to object (Article 21 GDPR)

- Right not to be subject to a decision based solely on automated processing, including profiling (Article 22 GDPR)

- Right to lodge a complaint with the competent supervisory authority. Here is a list of the relevant EU authorities: https://www.edpb.europa.eu/about-edpb/about-edpb/members_de

Last updated on 21.10.2025