Privacy Policy
Casa Habicht
Johanna Brecher
Habichtsgasse 6
A-6167 Neustift im Stubaital
Tyrol/Austria
+43 650 5111295
[email protected]
Protecting your personal data is a matter of great importance to us. We therefore process your data exclusively in accordance with the applicable legal regulations (GDPR, TKG 2003). In this privacy policy, we inform you about the most important aspects of data processing on our website, our booking system, inquiries, newsletter registration, as well as the use of our social media channels (e.g. Facebook, Instagram, etc.).
We are committed to providing you with outstanding quality and the best possible service. To ensure this, we collect and process personal data in the course of our business operations – particularly in the following cases:
– Inquiries via the contact form or by email
– Bookings made through our website or third-party platforms
– Visits to our website (e.g. IP address, cookies, usage behavior, etc.)
– Use of our newsletter or social media channels
The processing of this data is carried out in accordance with Article 6(1)(b) GDPR (performance of a contract or pre-contractual measures) as well as Article 6(1)(f) GDPR (legitimate interest in effective and customer-friendly communication and presentation of our services).
Your personal data is treated with strict confidentiality and will not be disclosed to third parties unless there is a statutory obligation to do so or you have provided your explicit consent in accordance with applicable data protection regulations.
Notice: This website uses SSL encryption (HTTPS) to ensure the secure transmission of your personal data.
What data do we collect?
Website:
When you visit our website, we collect technically necessary data that is automatically transmitted to our server. This includes, but is not limited to:
– IP address of the requesting device
– Date and time of access
– Type of device used
– Access status / HTTP status code
– Browser type, language, and version of the browser software
– Operating system used
This data is technically necessary to correctly display our website to you. Furthermore, we use this information to ensure the stability and security of the website, as well as to continuously develop and adapt our online services to better meet your expectations.
The legal basis for this data processing is Article 6(1)(f) GDPR (legitimate interest).
Forms & Email contact:
If you contact us via a form on our website or by email, submit an inquiry, or make a booking, we process the personal data that you voluntarily provide to us. This includes, in particular:
– Name (first and last name)
– Postal address
– Email address
– Telephone number
– Individual content of your message or inquiry
– If applicable, your interests (e.g. preferred travel dates, number of guests, accommodation preferences)
This data is necessary in order to respond to your inquiry and/or process your booking. We store and process your information exclusively for this purpose.
Your data will not be disclosed to third parties, except to companies acting on our behalf as data processors (e.g. IT service providers, booking systems). We have concluded data processing agreements with these companies, obligating them to handle your data with the same care and in full compliance with applicable data protection laws as we do ourselves.
The specific service providers acting as data processors are listed further below in this privacy policy.
Cookies
Web Analytics: Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), to statistically evaluate the use of our website and to continuously optimize our online offering.
Google Analytics uses so-called “cookies,” which are text files stored on your device that enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including your IP address) is generally transmitted to a Google server and stored there — potentially also in the United States.
However, we use Google Analytics with IP anonymization enabled (“_anonymizeIp()”). This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission. Only in exceptional cases is the full IP address transmitted to a Google server in the United States and shortened there. As a result, any direct personal reference is excluded.
Google uses this information on our behalf to:
– analyze your use of the website
– compile reports on website activity
– provide other services related to website and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.
Google is certified under the EU-U.S. Privacy Shield framework (www.privacyshield.gov).
For more information about Google’s terms of use, please visit:
www.google.com/analytics/terms/de.html
For more information about Google’s privacy policy, please visit:
www.google.com/intl/de/analytics/privacyoverview.html
Google Maps
Our website uses the map service Google Maps, provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). This enables us to display interactive maps directly on our website and to provide you with convenient use of the map features – for example, to help you plan your journey or find your way around.
When you access a page on which Google Maps is integrated, information — in particular your IP address of the requesting device is transmitted to Google servers. These servers may also be located in the USA . Google may combine this data with other information (e.g. your Google account, if you are logged in) and use it to create usage profiles.
You can prevent the transmission of data to Google by disabling JavaScript in your browser settings or by rejecting all cookies. However, please note that in this case, the services provided by Google Maps will no longer be available to you.
For more information about Google’s terms of use, please visit:
www.google.com/analytics/terms/de.html
For more information about Google’s privacy policy, please visit:
www.google.com/intl/de/analytics/privacyoverview.html
For more information about Google’s Maps terms of use, please visit:
www.google.com/intl/de_US/help/terms_maps.htm
Google Fonts
On our website we use Google Fonts, a service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), to ensure the consistent and visually appealing presentation of fonts.
When you visit our website, your browser loads the required web fonts directly from Google’s servers. In doing so, a connection is established to Google’s servers, which allows Google to receive and store your IP address. These servers may also be located in the USA . According to current information, no cookies are set in connection with the provision of Google Fonts. The use of Google Web Fonts is in the interest of a consistent and visually appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR.
Google is certified under the framework of the EU-U.S. Data Privacy Framework . This ensures an adequate level of data protection pursuant to Article 45 GDPR, even when data is transferred to the United States. Further information can be found at: https://www.dataprivacyframework.gov/
Social Media Plugins
We use social media plugins on our website provided by the social network Facebook , operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. You can recognize the integration of these plugins by typical symbols such as the “Like” button or other Facebook logos.
When you visit a page that contains such a plugin, a direct connection is established between your browser and Facebook’s servers. In this process, information such as your IP address, the browser used, the operating system, the previously visited website, as well as the date and time of access, is transmitted to Facebook. This data transmission occurs regardless of whether you have a Facebook account or are logged in. If you are logged in to Facebook while visiting our website, Facebook can directly associate your visit to our website with your user account.
The data collected in this manner is stored by Facebook as usage profiles and used for the purposes of advertising, market research, and the customized design of the Facebook platform. Even users who are not logged in may be affected by this data collection. We use these plugins to offer you an interactive user experience, to improve our online services, and to make our website more appealing. The legal basis for this use is Art. 6 Abs. 1 lit. f DSGVO, where our legitimate interest lies in optimizing our online presence and enhancing user-friendliness.
Please note that, as the provider of this website, we have no influence over the scope of the data collected and processed by Facebook through the use of this plugin. For more information about the purpose and scope of data collection, as well as the further processing and use of data by Facebook, please refer to Facebook’s privacy policy at:
https://www.facebook.com/privacy/explanation
Meta Platforms Inc. (formerly Facebook Inc.), based in the United States, is certified under the EU-U.S. Data Privacy Framework . This ensures an adequate level of data protection even when personal data is transferred to the United States. For more information, please visit:
https://www.dataprivacyframework.gov/
Contact and Inquiry Form
If you contact us via the contact form on our website or by email, we will process the personal data you provide (e.g., name, email address, message content) solely for the purpose of handling your inquiry and for any follow-up questions. The processing of your data is based on our legitimate interest in efficiently responding to your request pursuant to Art. 6 (1) lit. f GDPR, or – if your inquiry is aimed at the conclusion of a contract – for the implementation of pre-contractual measures pursuant to Art. 6 (1) lit. b GDPR. The data you submit will be stored for up to six months in order to respond to any follow-up questions. Your data will not be shared with third parties without your explicit consent.
Newsletter
If you subscribe to the newsletter offered on our website, we will process your personal data (e.g., email address, IP address, time of registration) solely for the purpose of sending you the newsletter. Registration follows the double opt-in procedure: after submitting the form, you will receive an email asking you to confirm your subscription by clicking a verification link. Your email address will only be added to our mailing list after this confirmation.
The legal basis for the processing of your data is your consent pursuant to Art. 6 (1) lit. a GDPR. Providing your consent is voluntary and can be revoked at any time with future effect—for example, via the unsubscribe link included in every newsletter. Unsubscribing is automatically considered a withdrawal of your consent. Upon withdrawal, your personal data will be promptly deleted, unless statutory retention obligations apply.
The newsletter is sent via the service provider Brevo (formerly Sendinblue), operated by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. We have entered into a data processing agreement with Brevo in accordance with Art. 28 GDPR. All data is processed exclusively on servers within the European Union.
For more information on data protection at Brevo, please visit:
https://www.brevo.com/en/legal/privacypolicy/
To evaluate and improve our newsletter content, we use tracking pixels and link tracking. This allows us to record whether and when an email was opened and which links within the email were clicked. The evaluation is carried out in a pseudonymized form and serves to optimize the content and delivery rates of our newsletters. Your data will not be shared with third parties. You can also object to this use at any time.
Online Booking
If you make a booking through our website, a connection to our external booking system will be established for technical processing. In this context, the personal data you provide (e.g., name, contact details, booking information) will be transmitted to the service provider’s server and processed there in accordance with the applicable data protection regulations. Data processing takes place exclusively for the purpose of carrying out pre-contractual measures or fulfilling a contract pursuant to Art. 6 (1) lit. b GDPR. Your data will not be passed on to third parties beyond this, unless this is necessary for the fulfillment of the contract or you have expressly consented to such transfer. We retain your booking data only for as long as is necessary to process your booking and to comply with any applicable legal retention requirements.
Retention Period
We process and store your personal data only for as long as it is necessary to fulfill the respective processing purposes or as required by statutory retention obligations. If the purpose of processing ceases to apply or a legally prescribed retention period expires, the relevant data will be deleted in accordance with the applicable legal provisions ..
Data will only be stored beyond this period if required to fulfill legal obligations (e.g. under tax or commercial law) or if you have given us your explicit consent to do so.
For information about specific retention periods and the criteria for data deletion, please contact us at: [email protected].
Your rights
Under the General Data Protection Regulation (GDPR), you as a data subject have comprehensive rights regarding your personal data. These rights are intended to ensure transparency and give you control over how your data is processed.
Right of Access:
You have the right to request confirmation from us as to whether we are processing personal data concerning you. If this is the case, you may request access to this data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data has been or will be disclosed (particularly in the case of transfers to third countries); the envisaged period for which the data will be stored (or, if not possible, the criteria used to determine that period); the existence of automated decision-making, including profiling; and, where the personal data was not collected directly from you, any available information about the source of the data.
Right to Rectification:
If your data is inaccurate or incomplete, you have the right to request its prompt rectification or completion.
Right to Erasure (“Right to be Forgotten”):
You have the right to request the erasure of your personal data, provided that the legal requirements are met – for example, if the data is no longer needed for its original purposes, you have withdrawn your consent, or the data was processed unlawfully. Erasure will not take place if statutory retention obligations or other legal grounds prevent it.
Right to Restriction of Processing:
You may request the restriction of processing if you contest the accuracy of the data, if the processing is unlawful and you oppose the erasure of the data, if we no longer need the data but you require it for the establishment, exercise, or defense of legal claims, or if you have objected to the processing and a verification of overriding legitimate interests is still pending.
Right to Data Portability:
You have the right to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format and to transmit this data to another controller, provided that the processing is based on your consent or a contract and is carried out by automated means. Where technically feasible, you also have the right to have the data transmitted directly from one controller to another.
Right to Object:
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data where such processing is based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions. Following your objection, your personal data will no longer be processed unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
Right to Withdraw Consent:
If the processing is based on your consent, you may withdraw it at any time with effect for the future. The lawfulness of the processing carried out before the withdrawal remains unaffected.
Right to Lodge a Complaint with a Supervisory Authority:
If you believe that the processing of your personal data violates data protection regulations, you have the right to lodge a complaint with the competent supervisory authority. In Austria, this is the Austrian Data Protection Authority (Datenschutzbehörde), Barichgasse 40-42, 1030 Wien, www.dsb.gv.at.
Wenn Sie Fragen zu dieser Erklärung oder der Verarbeitung Ihrer personenbezogenen Daten durch uns haben, wenden Sie sich bitte bei uns per E-Mail an [email protected].
Neustift im Stubaital, am 09.06.2025