Data protection
1. Person Responsible
In mobilis Objektmanagement GmbH
Himmelreichweg 37b
8044 Graz
Austria
Company registration number: FN 275181 d
VAT number: ATU62410224
E-mail: office@urlaubammeer.at
Website: https://urlaubammeer.at
Managing Director:
Mr. Nikolaus Offner (sole representative)
Shareholder:
Offner’sche Privatstiftung
2. General Information on Data Processing
The processing of personal data takes place in accordance with the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).
Personal data is all information that relates to an identified or identifiable natural person.
Legal bases of the processing:
- Art. 6 para. 1 lit. a GDPR (Consent)
- Art. 6 para. 1 lit. b GDPR (Contract / pre-contractual measures)
- Art. 6 para. 1 lit. c GDPR (legal obligation)
- Art. 6 para. 1 lit. f GDPR (legitimate interest)
3. Hosting, Server Logs & Backups
Our website is operated on Hetzner Cloud (self-managed).
Hosting provider:
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany
Server logs
The following data is automatically processed when you visit the website:
- IP address
- Date and time of access
- Pages and files accessed
- Referrer URL
- Browser type and operating system
- HTTP status codes
Purpose:
Ensuring technical operation, system security, error analysis and prevention of misuse.
Legal basis:
Art. 6 para. 1 lit. f GDPR
Storage period:
Server log files are stored for a maximum of 90 days and then deleted, unless security-relevant incidents or legal obligations require longer storage.
Backups
We use the following for data backup:
- server-internal backups as well as
- the integrated Hetzner Cloud Backup.
The backups are used exclusively for recovery in the event of technical malfunctions or security incidents.
Legal basis:
Art. 6 para. 1 lit. f GDPR
Storage period:
Backups are kept in accordance with Hetzner’s technical settings and are regularly overwritten.
4. WordPress
This website is based on WordPress. Technically necessary cookies are set, which are required for the operation of the website.
Legal basis:
Art. 6 para. 1 lit. f GDPR
5. Cookies & Consent Management (Borlabs)
We use Borlabs Cookie to manage cookies and consents.
Cookies for statistical and marketing purposes are only set after active consent.
Legal basis:
Art. 6 para. 1 lit. a GDPR
Consent can be revoked at any time via the cookie settings.
6. Contact
When you contact us by e-mail or form, we process the transmitted data (e.g. name, e-mail address, message).
Purpose:
Processing the request and follow-up communication.
Legal basis:
Art. 6 para. 1 lit. b GDPR or Art. 6 para. 1 lit. f GDPR
Storage period:
Until the request has been processed and in accordance with legal retention obligations.
7. Google Analytics
This website uses Google Analytics, a web analysis service of Google Ireland Limited.
Provider:
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, Ireland
- IP anonymization activated
- Tracking only takes place after consent
Legal basis:
Art. 6 para. 1 lit. a GDPR
Data transfer:
A transfer to third countries (especially USA) is possible. Google is certified according to the EU–US Data Privacy Framework.
8. Google Ads & Google Merchant Center
We use Google Ads and Google Merchant Center to advertise our services and measure the success of advertising measures.
Cookies and server-side tracking technologies can be used.
Legal basis:
Art. 6 para. 1 lit. a GDPR
9. Meta Ads & Conversion API
We use Meta Ads (Facebook and Instagram) to promote our services.
Both:
- the Meta Pixel and
- the Meta Conversion API (server-side)
are used.
In particular, event data, IP address and technical information are processed.
Legal basis:
Art. 6 para. 1 lit. a GDPR
Data transfer:
A transfer to third countries (USA) is possible. Meta Platforms is certified according to the EU–US Data Privacy Framework.
10. WooCommerce (Online Shop & Bookings)
This website uses WooCommerce, a WordPress plugin for processing bookings and orders.
In particular, the following data is processed:
- Name
- Billing and, if applicable, delivery address
- E-mail address
- Booking and order data
- IP address
Purpose:
Contract processing, booking management and billing.
Legal basis:
Art. 6 para. 1 lit. b GDPR
Storage period:
Order and booking data are stored in accordance with the statutory retention obligations (in particular commercial and tax law) for up to 7 years.
11. Payment service providers
We use external payment service providers for payment processing.
PayPal
PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg
Stripe
Stripe Payments Europe Ltd., Ireland
The payment data is processed exclusively by the respective payment service providers.
Credit card or account data is not stored on our servers.
Legal basis:
Art. 6 para. 1 lit. b GDPR
12. Security of processing
We take appropriate technical and organizational measures to secure personal data.
These include in particular:
- Access restrictions
- secure password policies in user accounts
- regular backups
- current software and security updates
13. Data protection violations (“Worst Case”)
Should a violation of the protection of personal data occur despite all security measures (e.g. data loss or unauthorized access), we will act in accordance with Art. 33 and 34 GDPR.
This includes in particular:
- immediate investigation of the incident
- Notification to the responsible data protection authority, if required
- Information of affected persons, if there is a high risk to their rights and freedoms
14. Your rights
You have the right to:
- Information (Art. 15 GDPR)
- Correction (Art. 16 GDPR)
- Deletion (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Revocation of granted consents (Art. 7 para. 3 GDPR)
- Objection to the processing (Art. 21 GDPR)
Please send requests to: office@urlaubammeer.at
15. Right to complain
You have the right to complain to the responsible supervisory authority.
Austrian Data Protection Authority
Barichgasse 40–42
1030 Vienna
https://www.dsb.gv.at
16. Status
This privacy policy is currently valid.