Data privacy
General Information
This privacy policy informs users of this website about the nature, scope and purpose of processing personal data by the website operator Eric & Eva-Maria Cattoen, Bschlabs 24, 6647 Pfafflar.
The website operator treats personal data confidentially and in accordance with legal requirements. Due to new technologies and the ongoing development of this website, adjustments to this privacy policy may become necessary. Please review this policy regularly.
Definitions of terms such as ‘personal data’ and ‘processing’ can be found in Art. 4 GDPR.
Access Data
Based on our legitimate interests (Art. 6(1)(f) GDPR), we collect data about access to the website and store it as server log files:
- Visited website
- Time of access
- Amount of data sent in bytes
- Referrer source
- Browser used
- Operating system used
- IP address used
Server log files are stored for a maximum of 7 days and then deleted. Storage is for security reasons, e.g. to clarify cases of misuse. If data must be retained as evidence, it will be excluded from deletion until the incident is finally clarified.
Analytics and Cookies
We process personal data such as first name, last name, IP address, email address, place of residence, postal code and content you provide via the contact form and the booking function. Processing takes place only with the explicit permission of the users concerned and in compliance with applicable data protection regulations.
Handling of Contact Data
If you contact us, your details will be stored to process and respond to your request. Without your consent, this data will not be passed on to third parties.
No Third-Party Tools
- No Google Analytics
- No comment function
- No social media plugins
Online Booking via easybooking (zadego GmbH)
We integrate widgets from the provider zadego GmbH (easybooking) on our website, e.g. enquiry form, booking engine, price overview, availability calendar and, where applicable, online check-in. When accessing these areas, your browser connects to easybooking servers. Provider: zadego GmbH, Anton-Melzer-Straße 10, 6020 Innsbruck, Austria, email: datenschutz@easybooking.eu. For details, please see the provider’s legal and privacy notices.
Categories of Data Processed
In particular, the data you enter for enquiries and bookings is processed (e.g. travel and stay data, number of persons, selected services, title/name, contact details, free-text messages) as well as technically necessary information (e.g. IP address, time of use, device and browser data). easybooking may set functional cookies, e.g. for language selection and session management (such as i18next, PHPSESSID).
Purposes and Legal Bases
Processing serves the initiation and performance of an accommodation contract and the handling of your enquiry (Art. 6(1)(b) GDPR) and our legitimate interest in a user-friendly online booking process (Art. 6(1)(f) GDPR). Where consent is required for non-essential cookies/functions, processing is based on Art. 6(1)(a) GDPR and may be withdrawn at any time with future effect.
Roles and Data Processing Agreement
We are the controller responsible for processing your booking data. easybooking generally acts as our processor; a data processing agreement pursuant to Art. 28 GDPR is in place with the provider.
Recipients and Sources
Recipient of your data is zadego GmbH (easybooking) as part of the provision of booking widgets. Depending on the booking process, additional recipients may be involved where necessary for contract performance (e.g. payment service providers, registration systems).
Storage and Erasure
We store booking and enquiry data in accordance with statutory retention periods (in particular commercial, tax and registration laws) and erase it thereafter. easybooking stores data to provide the service; details are set out in the provider’s privacy information.
Data Transfers to Third Countries
According to the provider, processing takes place within the EU/EEA. If, in individual cases, data is transferred to third countries, this will only occur in compliance with Arts. 44 et seq. GDPR (e.g. EU standard contractual clauses) and where necessary.
Cookies and Consent Management
The widget is loaded in an iframe by the provider. If you allow ‘functional services’ or ‘external content’ in our consent banner, the widget will be loaded and cookies or requests to easybooking may be triggered. Without consent, only technically necessary elements are loaded.
Messaging and Other Communication Features
Our website enables communication via chat and messenger services, online contact forms, email and telephone. We process and store your data insofar as necessary to respond to your enquiries and take subsequent steps. Content of many messengers is end-to-end encrypted; nevertheless, technical data such as device information and IP addresses may be processed.
Data Processed
Depending on the provider: name, address, phone number, email address, content you submit, device information, IP address and metadata. Data may also be stored on the providers’ servers. Please refer to the respective services’ privacy policies.
Storage Duration
The storage duration depends on the tool used and the purpose of communication. As a rule, we process personal data only as long as necessary to provide our services. Cookie lifetimes vary by provider.
Legal Basis
Depending on the situation, we rely on Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract or pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in efficient communication).
We use WhatsApp, provided in the EU by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (a subsidiary of Meta Platforms Inc.). WhatsApp processes personal data and uses, among other things, standard contractual clauses. For details see WhatsApp Privacy, data transfer information at WhatsApp Legal, and general information from the European Commission at European Commission and EUR-Lex.
Your Rights
You have the rights under Arts. 15–22 GDPR (access, rectification, erasure, restriction, objection to processing based on Art. 6(1)(f), data portability) as well as the right to withdraw consent at any time with future effect. You also have the right to lodge a complaint with a supervisory authority.
Erasure and Right to Object
Unless statutory retention obligations prevent this, we erase personal data when the purpose of processing ceases to apply. If erasure is not possible, processing will be restricted. Users may object to the processing of their personal data at any time.
Contact
For access, rectification, blocking, erasure, objection or withdrawal of consent, please contact: info@so-naturlech.com.