Privacy policy

Responsible in the sense of the GDPR is:

Hofgut Touristik GmbH
Wagrainerstraße 24
5602 Wagrain
Austria
Telephone: 0043 6413 8824
Fax: 0043 6413 8824-11

The processed data includes:

  • Your first and last name
  • Your email address
  • Your telephone number
  • Your address
  • Number & age of accompanying children
  • Your message

Purposes of data processing

The personal data you provide in the application form will only be processed for the purpose of processing the inquiry, booking, and contacting you. Your data will only be passed on to third parties if this is necessary to fulfill our contractual and legal obligations or if you have expressly given us your consent.

Data transfer

Your personal data will only be passed on to third parties if this is necessary to fulfill our contractual and legal obligations or if you have given us your explicit consent. Recipients of your data may be service providers that we use to fulfill contracts with you, external service providers that we use to support IT system maintenance and development, conducting analyses, and providing marketing services, and with whom we have concluded a data processing agreement, as well as authorities and government institutions, if we are legally obliged to do so.

Security measures and transfer to third countries

Hofgut Touristik GmbH has taken appropriate organizational and technical measures to protect your data from unauthorized access, loss, or misuse. Our service providers are contractually and/or by agreement obliged to process the data exclusively according to our instructions and to take appropriate security measures.
If we transfer your data to third parties outside the European Union (EU) or the European Economic Area (EEA), we will ensure that an appropriate level of protection exists, for example, through the use of standard contractual clauses of the EU or by certifying the recipient by the EU.

Rights of the data subject

As a data subject, you have the right to information, correction or deletion, restriction of processing, and objection to the processing of your personal data. If you have given us your consent, you can revoke this at any time with effect for
the future. You also have the right to data portability. Please direct your requests, objections, or revocations informally to the following address: info@hofgut.com.

Questions and concerns

If you have any questions or concerns about the processing of your personal data, please contact our data protection officer at the contact address given in the imprint. We will process your request as quickly as possible and inform you about the result. You also have the right to complain to a supervisory authority. A list of the relevant authorities can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Borlabs Cookie

This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie consents.
Borlabs Cookie does not process any personal data.

The borlabs-cookie stores the consents you gave when entering the website. If you wish to revoke these consents, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked for your cookie consent again.

Cloudflare

We use the Content Delivery Network (CDN) of Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich, Germany (Cloudflare), to increase the security and delivery speed of our website. This corresponds to our legitimate interest (Art. 6 Para. 1 lit. f GDPR). A CDN is a network of [worldwide] distributed servers that is capable of delivering optimized content to the website user. For this purpose, personal data can be processed in server log files by Cloudflare. Please compare the explanations under “Hosting”.
Cloudflare is the recipient of your personal data and acts as a processor for us. This corresponds to our legitimate interest within the meaning of Art. 6 Para. 1 S. 1 lit. f GDPR, to not operate a content delivery network ourselves.

You have the right to object to the processing. Whether the objection is successful is to be determined within the framework of a balancing of interests.

The processing of the data specified in this section is not required by law or contract. The functionality of the website is not guaranteed without the processing.

Your personal data will be stored by Cloudflare for as long as necessary for the purposes described.

For more information on objections and elimination options against Cloudflare, please see: Cloudflare DPA

Cloudflare has implemented compliance measures for international data transfers. These apply to all global activities where Cloudflare processes personal data of natural persons in the EU. These measures are based on the EU standard contractual clauses (SCCs). For more information, please visit: https://www.cloudflare.com/cloudflare_customer_SCCs.pdf

Hosting & Content Delivery Network

Unless you contact us via the contact form or make a purchase as a visitor, we collect the following data in so-called log files, which your browser transmits:
IP address, date and time of the request, time zone difference to Greenwich Mean Time, content of the request, HTTP status code, amount of data transferred, website from which the request comes, and information about the browser and operating system.

This is necessary to display our website and ensure stability and security, to allow our host to bill us for the services provided, and to enable efficient delivery of the website. This corresponds to our legitimate interest within the meaning of Art. 6 Para. 1 S. 1 lit. f GDPR.

We use the following host to provide our website.

Kinsta Inc.
Attn: Privacy and Data Protection Team
8605 Santa Monica Blvd #92581
West Hollywood, CA 90069
USA
privacy@kinsta.com

Kinsta primarily uses the Google Cloud Platform service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google) for its infrastructure.

Kinsta has implemented compliance measures for international data transfers with Google. These apply to all global activities where Kinsta processes personal data of natural persons in the EU. These measures are based on the EU standard contractual clauses (SCCs).

Kinsta is the recipient of your personal data and acts as a processor for us. This corresponds to our legitimate interest within the meaning of Art. 6 Para. 1 S. 1 lit. f GDPR, to not have to maintain a server in our premises. The server location is Germany.

For more information on objections and elimination options against Kinsta Inc., please see: https://kinsta.com/legal/privacy-policy/

You have the right to object to the processing. Whether the objection is successful is to be determined within the framework of a balancing of interests.

The data will be deleted after 30 days.

The processing of the data specified in this section is not required by law or contract. The functionality of the website is not guaranteed without the processing.

Google Analytics 4

This website uses Google Analytics 4, a web analysis service provided by Google Inc. (“Google”). Google Analytics 4 uses “cookies”, which are text files stored on your computer that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.
On this website, IP anonymization has been activated so that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide other services related to website and internet usage to the website operator.

Data processing is based on your consent according to Art. 6 para. 1 lit. a GDPR, provided you have given us this. You can revoke your consent at any time with effect for the future.

In addition, this website uses Google Analytics 4 for cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your use in your customer account under “My Data”, “Personal Data”.

You can prevent the storage of cookies by adjusting your browser software accordingly; however, we would like to point out that in this case, you may not be able to use all the functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by changing your cookie consent settings: [borlabs-cookie type=”btn-cookie-preference” title=”Cookie settings” element=”link”/]

For more information on terms of use and data protection, please visit the following links: https://www.google.com/analytics/terms/de.html or https://policies.google.com/privacy.

Google Tag Manager

Google Tag Manager (GTM) is a service provided by Google LLC, which allows website tags to be managed through an interface. With the use of GTM, the website can integrate various services and tools, such as Google Analytics, Remarketing, Conversion Tracking and others, more easily and without changes to the source code of the website.
Google Tag Manager uses so-called “cookies”, which are text files stored on your computer and allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

On this website, IP anonymization has been activated, meaning that your IP address is shortened by Google within member states of the European Union or other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities, and to provide other services related to website and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Tag Manager is not merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

Further information on data protection in connection with the Google Tag Manager can be found in Google’s privacy policy at: https://policies.google.com/privacy

Please note that this privacy statement is specific to Google Tag Manager and that each other tool or service you embed on the website may have its own privacy statement.

Adobe Fonts

In our privacy policy, we would like to inform you about how we use the services of Adobe Typekit on our website and what data is collected by Adobe in the process.
Adobe Typekit is a service provided by Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland, which allows us to access a comprehensive collection of fonts and use them on our website.

When you visit our website, your browser automatically sends information to Adobe Typekit, such as the IP address, the type of browser, the webpage accessed, the fonts accessed, and the time of access. Adobe Typekit uses this information to provide our fonts and to analyze and improve the use of the service. In addition, Adobe can collect the following information through the use of the “Adobe Fonts” service for websites:

  • Fonts provided
  • ID of the web project
  • JavaScript version of the web project (string)
  • Type of web project (string “configurable” or “dynamic”)
  • Embedding type (whether you use the JavaScript or CSS embedding code)
  • Account ID (identifies the customer from whom the web project originates)
  • Service providing the fonts (e.g., Adobe Fonts)
  • Server providing the fonts (e.g., Adobe Fonts server or enterprise CDN)
  • Hostname of the page where the fonts are loaded

Adobe uses the information collected from websites that use Adobe Fonts to provide the “Adobe Fonts” service and to diagnose delivery or download problems. This information is also used to pay and fulfill Adobe’s contracts with the font manufacturers whose fonts are used. Adobe shares aggregated reports with font manufacturers and may confirm to a font manufacturer that you have a valid license from Adobe, but otherwise does not pass on personal information to font manufacturers.
We have taken appropriate technical and organizational measures to ensure an adequate level of protection and to comply with EU data protection regulations.

You can prevent the use of Adobe Typekit on our website by disabling the execution of script code in your browser or using a script blocker plugin. However, please note that this may result in our website not being displayed correctly.

You have the right to obtain information on request about the data stored by Adobe Typekit and, if necessary, to correct or delete it. Please contact Adobe at the contact address provided in the imprint for this purpose.

SSL and TLS Encryption

Our website uses SSL (Secure Socket Layer) and TLS (Transport Layer Security) technology to encrypt data transmissions. These technologies ensure the integrity, confidentiality, and authenticity of the transmitted data, making sure they cannot be read or changed by unauthorized parties.
When you visit our website, your browser will automatically establish a connection to our server, which is encrypted by SSL/TLS. You can recognize this by the fact that the address line of your browser changes from “http” to “https” and the lock icon appears in the address line.

Google Ads and Google Conversion Tracking

Our website uses Google Ads, an online advertising program from Google Inc. With Google Ads, we also use conversion tracking. When you click on an ad placed by Google, a cookie is set which is valid for 30 days and does not serve to personally identify users. The cookie allows us and Google to recognize that you clicked on the ad and were redirected to our page. Each Google Ads customer receives a different cookie and the cookies cannot be tracked across the websites of Google Ads customers. You can object to the use of conversion tracking at any time by disabling the cookie in your browser. Please note that disabling cookies may limit the functionality of our website. For more information, please refer to Google’s privacy policy.
In addition, we would like to point out that our website also uses Google conversion tracking. Conversion tracking is an analysis tool from Google that lets us know if a certain action on our website, such as a purchase or a registration, was triggered by a click on an ad placed by Google. When you click on an ad placed by Google, a cookie is stored on your computer or mobile device. These cookies usually expire after 30 days and do not serve to personally identify users. You can object to the collection of data by Google conversion tracking at any time by disabling the appropriate cookie in your internet browser. For more information about Google Ads and Google Conversion Tracking, please see Google’s privacy policy.

Facebook Pixel

To measure the effectiveness of our advertising campaigns, we use a so-called visitor action pixel from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) on our website. This pixel allows us to track the behavior of visitors who have arrived at our website via a Facebook advertisement. This enables us to evaluate the effectiveness of Facebook ads and improve our future advertising efforts.
The data collected is anonymous to us, and we cannot draw conclusions about the identity of the users. However, Facebook stores and processes the data, which can establish a connection to the respective user profile. Facebook can then use this data for its own advertising purposes, as described in Facebook’s data usage policy. As the operator of the site, we cannot influence this use of data.

For more information about protecting your privacy, please see Facebook’s privacy notices. You can also disable the remarketing feature “Custom Audiences” by logging into Facebook and accessing the ad settings. If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website.

Google reCAPTCHA

Our website uses the services of “Google reCAPTCHA”, a product of Google Inc., to ensure that data input is made by a person and not an automated program. For this purpose, reCAPTCHA analyzes the behavior of the visitor to the website based on various characteristics, such as IP address, time spent on the website, and mouse movements. The data obtained is forwarded to Google. This analysis takes place entirely in the background, and the visitor is not notified. The processing of data is based on the legitimate interest of the website operator to protect its web pages from misuse and spam. For more information about Google reCAPTCHA and their privacy policy, please visit the following links: https://www.google.com/intl/en/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

Use of Google Signal

On our website, we use Google Signal, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Signal allows us to conduct advanced analysis of user behavior across multiple devices (cross-device tracking).
If you have a Google account and have consented to Google’s “personalized advertising” service, Google Signal can link your usage patterns across different devices using temporary Google IDs for cross-device tracking, which are anonymized in our Google Analytics traffic. However, your data will only be analyzed in this way if you have also enabled the “personalized advertising” setting in your Google account.

We use Google Signal for marketing and optimization purposes, particularly to analyze the use of our website and make continuous improvements. The statistical evaluation of user behavior allows us to improve our offer and make it more interesting for you as a user.

It should be noted that data collected via Google Signal may be transferred to the USA and processed there. However, since Google is certified under the EU-U.S. Data Privacy Framework, the European Commission has confirmed that data transfer to the USA is permissible under the same conditions as within the EU.

For more information about Google Signal, please see Google’s privacy policy: https://policies.google.com/privacy.

You can opt out of the use of Google Signal by deactivating the “personalized advertising” setting in your Google account: https://adssettings.google.com/.

Transfer of Data to the USA and Application of the Trans-Atlantic Data Privacy Framework

We employ services on our website that may potentially send data about your usage of this website, including third-party content, to the United States. These transfers are now conducted under the protection of the new Trans-Atlantic Data Privacy Framework, confirmed by the European Commission on July 10, 2023, as the successor to the “Privacy Shield”. This Framework provides a level of data protection comparable to that in the EU. Thus, the transmission of personal data to the USA is permissible under the same criteria as if the data recipient was based in the EU, provided the data recipient is certified under the EU-U.S. Data Privacy Framework.
It is important to note that only companies that are certified by the EU-U.S. Data Privacy Framework can ensure an adequate level of data protection. We ensure that all service providers we use, who transfer data to the USA, are listed on the official list of certified companies: https://www.privacyshield.gov/list. This factor is strictly considered when selecting our service providers to guarantee the protection of your data.

Revocation of Consent and Objection to Data Processing

You have the option to revoke your consent to the use of marketing cookies and smart pixels at any time. The link to the cookie settings can be found in the footer of our website. Moreover, you can control the management of marketing cookies by using self-regulatory programs developed in many countries, such as https://www.aboutads.info/choices/ (USA) or https://www.youronlinechoices.com/uk/your-ad-choices (EU).

Data protection information on the use of Intermaps

On our website we use the “Intermaps” service to show an interactive map of the slopes in our region. Intermaps uses cookies and other technologies to collect data about the use of its services. This data can be used to optimize the website and for advertising purposes. Further information about Intermaps’ data protection can be found here. If you use our website, you agree to the data processing by Intermaps.

Copyright: Gipfelgold GmbH
Date: 2023-10-02