Privacy Policy
Learn how we handle your personal information and ensure your privacy and data security on our platform.
Last Updated on 27th February 2026
Introduction
The Ferienhaus an der Drau is aware of its responsibility to protect your personal data and comply with applicable data protection and data security laws. We process personal data to the extent necessary for providing the services offered, fulfilling legal reporting obligations, and for the provision and optimization of a functional and user-oriented website.
According to Article 4(1) of Regulation (EU) 2016/679 (also referred to as the General Data Protection Regulation, “GDPR”), “processing” means any operation or set of operations performed on personal data, whether or not by automated means. This includes, among other things, collection, storage, organization, use, disclosure, matching, restriction, or deletion of data.
Below, we inform you about the type, scope, purpose, duration, and legal basis of the processing of personal data, where we, alone or jointly with others, determine the purposes and means of processing. We also explain the use of external services employed to optimize and improve the quality of our offerings, where third parties process data in their own responsibility.
Contact
The controller responsible for the processing of personal data under the EU General Data Protection Regulation (GDPR) is:
Ferienhaus an der Drau
Brigitte Wagner
Address: Sankt Oswald 69, 9182 Sankt Jakob im Rosental, Austria
Email: sanktoswald69@gmail.com
Phone: +49 175 8340549
Right of users and data subjects
With regard to the processing described below, users and data subjects have the right to:
Confirm whether their personal data are being processed, obtain information about the processed data, further information regarding processing, and receive copies of the data (cf. Article 15 GDPR);
Request correction or completion of inaccurate or incomplete data (cf. Article 16 GDPR);
Request the immediate deletion of their personal data (cf. Article 17 GDPR) or, alternatively, where further processing is required under Article 17(3) GDPR, to request restriction of processing pursuant to Article 18 GDPR;
Receive the personal data they provided and have them transmitted to another provider/controller (cf. Article 20 GDPR);
File a complaint with the supervisory authority if they believe that their data have been processed in violation of data protection laws (cf. Article 77 GDPR).
The provider is also obliged to inform all recipients to whom data have been disclosed about any corrections, deletions, or restrictions of processing under Articles 16, 17(1), or 18 GDPR. This obligation does not apply if such notification is impossible or involves disproportionate effort. Nevertheless, users have the right to request information about these recipients.
Users also have the right to object under Article 21 GDPR to future processing of their personal data where processing is based on Article 6(1)(f) GDPR. An objection to processing personal data for direct marketing purposes is permitted at any time.
Information on data processing
Data collected when you use our website will be deleted as soon as the purpose of storage is no longer applicable, unless statutory retention obligations prevent deletion or unless otherwise specified for specific processing activities.
Types of personal data we collect
Information you provide to us: We collect personal data (including, where necessary, sensitive personal data) that you provide directly. This includes:
Your full name, address, email, phone number, ID or passport information;
Guest stay information, arrival and departure dates, special requests;
Payment details;
Your reviews, feedback, and opinions about our services;
Any other personal data you provide voluntarily.
Information collected automatically when using the website:
Log information: We may collect system log information about your use of the website, including your browser, access times, visited pages, IP address, and the website you visited before navigating to our site.
Device information: Information about the device you use to access our website, including hardware model, operating system and version, unique device identifiers, and mobile network information.
Location information: We may collect device location information when you access our mobile apps or consent to such collection. You can disable location services at any time, but this may affect certain features.
Cookies and tracking technologies: We and our service providers use cookies and web beacons to collect information. Cookies are small data files stored on your device to improve website functionality, track visits, and identify popular features. Web beacons are electronic images used to provide cookies, count visits, and measure campaign effectiveness. For more information and to opt out, please see our Cookie Policy.
Information about third parties: If you provide personal data of third parties (e.g., family members in connection with bookings), you confirm you have their consent to provide their data. We recommend sharing this privacy policy with them.
Data collected in this manner are stored temporarily, not merged with other personal data. Storage is based on Article 6(1)(f) GDPR. Our legitimate interest is improving the stability, functionality, and security of our website.
Data are deleted within seven days unless retention for evidence purposes is required. Otherwise, data are exempt from deletion until final resolution of the relevant matter.
Contract Processing
We process personal data only if there is a legal basis, in particular:
To fulfill a contract or pre-contractual measures (Art. 6(1)(b) GDPR);
To comply with legal obligations (Art. 6(1)(c) GDPR);
Based on your consent (Art. 6(1)(a) GDPR);
To protect legitimate interests unless overridden by your rights (Art. 6(1)(f) GDPR).
We delete your data after the contract is fully executed, subject to statutory retention periods.
We may use personal data for purposes including:
Streamlined check-in and check-out processes;
Providing access to website content and responding to inquiries;
Offering personalized service and improving products and services;
Fulfilling legal obligations.
We may also receive data from third parties, such as:
Booking platforms;
Payment service providers;
Public sources.
Contact request
If you contact us via form or email, the data you provide will be used to process your inquiry. Providing data is necessary; otherwise, we cannot respond. Legal basis: Art. 6(1)(b) GDPR.
Data are deleted once the inquiry is fully processed, unless statutory retention applies, e.g., in connection with subsequent contract processing.
Disclosure of personal data
We may share personal data:
Among Ferienhaus an der Drau and a limited number of partners relevant to the purposes described;
With third-party service providers, IT and marketing support, and advisors assisting with website provision;
With law enforcement, courts, government, or regulatory authorities, if required by law;
To protect our rights, property, or safety;
With professional advisors (accountants, auditors, lawyers);
With another party with your consent or instruction;
As otherwise permitted or required by law.
Transfers outside the European Economic Area (EEA) occur only if adequate safeguards exist (e.g., EU standard contractual clauses).
Our Commitment to Data Security
We have in place reasonable technical and organisational measures to prevent unauthorised or accidental access, processing, erasure, loss or use of your personal data and to keep your personal data confidential. These measures are subject to ongoing review and monitoring. To protect your personal data, we also require our third party service providers to take reasonable precautions to keep your personal data confidential and to prevent unauthorised or accidental access, processing, erasure, loss or use of personal data, and to act at all times in compliance with applicable data protection laws.
We cannot guarantee that our Site will function faultless and without any interruptions. We shall not be liable for damages that may result from the use of electronic means of communication, including, but not limited to, damages resulting from the failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses.
We maintain a company presence on Instagram for marketing and communication purposes. We are jointly responsible with Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.
Instagram’s Data Protection Officer can be reached via: https://www.facebook.com/help/contact/540977946302970
Joint responsibilities are governed by an agreement under GDPR: https://www.facebook.com/legal/terms/page_controller_addendum
Legal basis: Art. 6(1)(f) GDPR; legitimate interest is analysis, communication, promotion, and marketing of products/services.
Social media links
Links to social media are embedded as graphics. Only by clicking the graphic does the user connect to the social network. The networks currently included: Instagram (Facebook Ireland Ltd.) and Google Maps (Google Ireland Limited).
For Google Maps, a connection may be made to Google servers in the USA. Legal basis: Art. 6(1)(f) GDPR; legitimate interest is optimizing website functionality.
Updates to this Privacy Policy
We may update this privacy policy. The latest version is always available on our website under “Privacy Policy.” Translations may exist, but in case of discrepancies, the German version prevails.
