Protecting your personal data is very important to us. We process your data exclusively on the basis of the applicable legal regulations (GDPR, Austrian Telecommunications Act 2021). This Privacy Policy informs you about the most important aspects of data processing in the context of our website and our services related to the Midera Chalet.

1. Controller

Mrs. Claudia Steiner
Midera Chalet
Email: info@midera-chalet.at

2. Collection and Storage of Personal Data

We process the personal data that you voluntarily provide to us when making an inquiry, booking, or communicating with us. This includes, in particular:

Name, address
Email address, phone number
Booking and stay details
Number of guests
Payment information (e.g., invoice-related data; no storage of credit card details)
Optional: information about pets, special requests, or personal preferences

3. Purpose of Data Processing

We process your data for the following purposes:

Processing inquiries and bookings
Managing your stay
Fulfilling our contractual obligations
Issuing invoices and handling local taxes (tourist tax)
Complying with legal registration requirements (Austrian guest registration law)
Improving our website and service offerings
Communicating with you before, during, and after your stay

4. Legal Basis for Processing

The processing of your data is based on the following legal grounds:

Art. 6(1)(b) GDPR (performance of a contract)
Art. 6(1)(a) GDPR (consent)
Art. 6(1)(f) GDPR (legitimate interests)
Art. 6(1)(c) GDPR (legal obligation – e.g., guest registration, tax law)

5. Disclosure of Data to Third Parties

Your personal data is not shared with third parties unless necessary for the purposes listed above:

Tax advisor for fulfilling tax obligations
Municipal authorities for mandatory guest registration and tourist tax reporting
Payment service providers for processing payments
External service providers (IT, website hosting, booking systems)
Booking platforms (e.g., Airbnb, Booking.com) when a booking is made through them
Cleaning services, if required for the preparation and management of your stay

In all cases, we ensure GDPR-compliant processing and sign appropriate data processing agreements when required.

6. Cookies & Web Technologies

Our website uses cookies to:

ensure essential website functions
improve user experience
provide statistical and analytical insights (e.g., anonymous usage patterns)

Upon your first visit, you will be shown a cookie banner that allows you to select which cookies you consent to.

7. Server Log Files

The hosting provider of our website automatically collects information in so-called server log files, which your browser automatically transmits. These include:

IP address
Date and time of request
Pages visited
Browser type and version
Operating system
Referrer URL

These data are used exclusively for technical monitoring, system security, and improving our website. They are not combined with other data sets.

8. Booking & Contact Forms

If you use our booking or contact form, the information you submit will be stored for the purpose of processing your inquiry or booking. We will not share this data without your permission.

For bookings made via third-party platforms (e.g., Airbnb, Booking.com), their respective privacy policies apply additionally.

9. Data Retention

Personal data is stored only for as long as necessary:

Booking data: until completion of your stay and thereafter in accordance with statutory retention periods (7 years)
Guest registration data: according to legal requirements
General inquiries: 12 months
Cookies: according to your chosen cookie preferences and browser settings

10. Your Rights under the GDPR

You have the right to:

access the data we store
rectify inaccurate data
erase your data (“right to be forgotten”)
restrict processing
data portability
object to data processing
withdraw consent at any time

If you wish to exercise any of these rights, please contact us by email.

If you believe that your data is being processed unlawfully, you may lodge a complaint with the Austrian Data Protection Authority.

11. Data Security

We take technical and organizational measures to protect your data from:

loss
theft
alteration
unauthorized access
destruction

Our security measures are continuously adapted to current technological standards.

12. Changes to This Privacy Policy

We reserve the right to update or adapt this Privacy Policy. The latest version is always available on our website.