Data protection is a matter of trust, and your trust is important to us. In order for you to feel safe when visiting our website, we strictly adhere to the legal regulations when processing your personal data and would like to inform you here about our data collection and data usage. The following privacy policy explains which data is collected from you on our websites, how we process and use this data, and who you can contact with any concerns.
This privacy policy is based on the General Data Protection Regulation (GDPR) of the European Union as well as the Austrian Data Protection Act (DSG).
You can access the GDPR here: https://eur-lex.europa.eu/eli/reg/2016/679/oj?locale=en
You can access the GDPR here: https://ris.bka.gv.at/geltendeFassung.wxe?Abfrage=bundesnormen&Gesetzesnummer=10001597
The data controller within the meaning of the GDPR is:
Chalet Flocke
Karin and Klaus Neumann
Stadleweg 24
6580 St. Anton am Arlberg
E-Mail: flocke.stanton@gmail.com Web: www.flocke-stanton.com
The person responsible within the meaning of the GDPR has appointed a data protection officer:
Karin Neumann
E-Mail: flocke.stanton@gmail.com
Web: www.flocke-stanton.com
Personal data is generally only transferred, processed, and stored to the extent necessary to provide a functioning website. The processing of personal data only takes place with consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons. In these cases, processing is covered by appropriate provisions in the GDPR.
Legal basis for the processing of personal data
Where we obtain the consent of the data subject for processing personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing operations required for the performance of pre-contractual measures.
Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.
If the processing is necessary to protect the legitimate interests of our company or a third party, and if the interests, fundamental rights, and freedoms of the data subject do not override the first-mentioned interest, Article 6(1)(f) of the GDPR serves as the legal basis for the processing.
Processing of personal data for other purposes is only carried out with explicit consent. This consent can be revoked at any time.
Storage period and deletion
The personal data of the data subject shall be erased or blocked as soon as the purpose of storage ceases. Storage may also take place if provided for by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject. Data shall also be blocked or erased when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
Cookies
This website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When the website is accessed, a cookie can be stored on the operating system. This cookie contains a unique character string that enables the browser to be identified when the website is accessed again.
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.
The data collected in this way from users is pseudonymized through technical measures. Therefore, it is no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the users.
When accessing our website, the user is informed about the use of cookies for analytical purposes and their consent is obtained for the processing of personal data used in this context. In this context, a reference to this privacy policy is also provided. Additionally, information is given on how to prevent the storage of cookies in the browser settings.
The user data collected through technically necessary cookies is not used to create user profiles.
The use of analysis cookies is carried out in order to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus continuously optimize our offer.
In these purposes also lies our legitimate interest in processing personal data according to Art. 6 para. 1 lit. f GDPR.
Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Stored cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, not all functions of the website may be fully utilized.
SSL encryption using HTTPS
The "s" in "https://" before the web address signals that confidential data is being protected. With the help of an SSL certificate, data transfer on the site is encrypted, ensuring that all information is securely transmitted over the internet. An SSL-secured website can be identified by both the padlock symbol before the URL in the browser bar and by the web address starting with "https".
Hyperlinks
This website contains links to other third-party websites. It is noted that we have no influence on the data collection, processing, and storage of these providers. Furthermore, we do not assume any liability for the handling of personal data by these third-party providers.
Contact information
On our website, there is a contact form available that can be used for electronic communication. If a user chooses to use this option, the data entered in the input mask will be transmitted to us and stored.
- Name
- Phone number
- Email address
- Concern
- IP address
- Date and time
For the processing of data, your consent is obtained during the sending process and reference is made to this privacy policy.
Alternatively, contacting via the provided email address is possible. In this case, the user's personal data transmitted via email will be stored.
In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.
Legal basis
The legal basis for processing the data is Article 6(1)(a) of the GDPR when the user has given consent.
The legal basis for processing data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact aims at concluding a contract, an additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.
Purpose of data processing
The processing of personal data from the input mask is solely for the purpose of handling the contact request. In the event of contact by email, there is also a necessary legitimate interest in processing the data.
The other personal data processed during the sending process is used to prevent abuse of the contact form and to ensure the security of our information technology systems.
Storage period
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user is finished. The conversation is considered finished when it can be inferred from the circumstances that the relevant issue has been conclusively resolved.
The additional personal data collected during the sending process will be deleted no later than seven days after sending.
We maintain a profile on a social network. We do this to provide our customers with current information about our services. By visiting our profiles on these platforms, you as a user agree to the general terms and conditions and the privacy policies of the respective operator.
We process personal data when users contact us via these platforms or interact with our posts. Interactions include commenting, liking, or sharing posts.
The legal basis for processing the data transmitted to us through our social media profile is Art. 6 para. 1 lit. b GDPR.
The legal basis for the processing of personal data by one of the following social media platform operators is Art. 6 para. 1 lit. a GDPR.
We maintain profiles on the following social media platforms:
● Instagram: Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland. Privacy Policy: https://instagram.com/about/legal/privacy/ Opt-Out: https://instagram.com/about/legal/privacy/
To provide our website, we use services from third-party providers.
Vercel
This website uses the cloud deployment platform Vercel. The provider of this service is the US company Vercel Inc., located at 340 S Lemon Ave #4133, Walnut, CA 91789.
Description of data processing
When visiting this website, the following data is automatically transmitted to, processed, and stored by the cloud deployment platform Vercel:
- Operating system
- Information about the browser type and version used
- Internet Service Provider
- Hostname
- IP address
- Date and time of access
- Accessed pages
Legal basis
The transmission, processing, and storage of data by the cloud deployment platform Vercel is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR for the provision of this website.
By using the cloud deployment platform Vercel, data is processed in the USA, among other locations. According to the current case law, the European Court of Justice (ECJ) does not recognize an adequate level of protection for data transfers to the USA. This legal opinion is based on various risks regarding the legality and security of data processing in the USA.
In order to enable the transmission, processing, and storage of data in countries outside the European Union (so-called third countries), the European Commission provides so-called standard contractual clauses in accordance with Art. 46 (2) and (3) of the GDPR. These standard contractual clauses are intended to ensure that European data protection standards are also adhered to when transmitting, processing, and storing data in third countries. The standard contractual clauses are based on an implementing decision of the European Union. Both the implementing decision and the standard contractual clauses can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=enI'm sorry, but I cannot provide a translation without any text to work with. Please provide the text you would like me to translate into English.
Further information on Article 46 of the GDPR and the standard contractual clauses can be accessed on this official website of the European Union: https://www.edpb.europa.eu/sme-data-protection-guide/international-data-transfers_en.
The terms of the Cloud Deployment Platform Vercel for the transmission, processing, and storage of data (Data Processing Addendum), which comply with the standard contractual clauses of the European Union, can be accessed here: https://vercel.com/legal/Vercel_Inc_-_Data_Processing_Addendum.pdf.
Further information on the transmission, processing, and storage of data by the cloud deployment platform Vercel can be found in the privacy policy, which can be accessed here: https://vercel.com/legal/privacy-policyI'm sorry, but I need a text to translate. Please provide me with the text you would like me to translate into English.
Storyblok is a headless content management system (CMS) that enables developers to create and manage content easily. It provides a flexible and customizable platform for building websites and applications.
This website uses the cloud-based Content Management System (CMS) Storyblok. The provider of this service is the Austrian company Storyblok GmbH, Peter-Behrens-Platz 2, 4020 Linz, Austria.
Purpose
The content (texts, images, videos, etc.), layout, and structure of this website are managed through the cloud-based CMS Storyblok.
Description of data processing
When visiting this website, the following data is automatically transmitted to, processed, and stored by the cloud-based CMS Storyblok:
- Operating system
- Information about the browser type and the version used
- Internet Service Provider
- Hostname
- IP address
- Date and time of access
- Accessed pages
- Entered search terms
- Frequency of page views
- Utilization of website functions
Legal basis
The transmission, processing, and storage of data by the cloud-based CMS Storyblok is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR for the provision of this website.
By using the cloud-based CMS Storyblok, data is exclusively transmitted, processed, and stored on server(s) located within the European Union.
Further information on the transmission, processing, and storage of data by the cloud-based CMS Storyblok can be found in the privacy policy, which can be accessed here: https://www.storyblok.com/legal/privacy-policy.
Clickbait
This website uses the Cookie Consent Manager clickskeks. The provider of this service is the Austrian company clickskeks GmbH & Co. KG, Hauptplatz 46, 7100 Neusiedl am See, Austria.
Purpose
The Cookie Consent Manager clickskeks saves cookie settings. It allows the selection of which cookies from which categories may be stored in the browser for which purposes.
Description of data processing: Local Storage
When visiting this website, the following data is stored in the Local Storage:
ccm_consent - 1 year lifespan: Stores the consent agreement indicating which cookies may (not) be set.
Legal basis
The transmission, processing, and storage of data by the Cookie Consent Manager clickskeks is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. We thereby fulfill the legal obligation to allow users to decide for themselves on the use of cookies within the scope of the GDPR.
Further information on the transmission, processing, and storage of data by the Cookie Consent Manager clickskeks can be found in the privacy policy, which can be accessed here: https://www.clickskeks.at/datenschutz This link leads to the privacy policy page of the website "clickskeks.at".I'm sorry, but I cannot provide a translation without any text to work with. Please provide the text you would like me to translate into English.
If personal data concerning you is processed, you are a data subject within the meaning of the GDPR and you have the following rights against the controller:
Right to information
You can request confirmation from the data controller as to whether personal data concerning you is being processed by us.
If such processing is taking place, you can request the following information from the data controller:
- the purposes for which the personal data are processed;
- the categories of personal data being processed;
- the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
- the planned duration of storage of your personal data or, if specific information is not possible, criteria for determining the storage period;
- the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- all available information about the origin of the data, if the personal data is not collected from the data subject;
- the existence of automated decision-making, including profiling, in accordance with Art. 22 para. 1 and 4 of the GDPR and - at least in these cases - meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information on whether the personal data concerning you is being transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate safeguards pursuant to Art. 46 of the GDPR in connection with the transfer.
Right of withdrawal
You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before the revocation.
Right to erasure
You can request the data controller to immediately delete the personal data concerning you, and the data controller is obliged to delete this data immediately if one of the following reasons applies:
The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
You withdraw your consent on which the processing was based according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
3. You object to the processing in accordance with Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing in accordance with Art. 21 (2) GDPR.
4. The personal data concerning you have been processed unlawfully.
5. The erasure of your personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
6. The personal data concerning you have been collected in relation to services offered by the information society in accordance with Article 8(1) of the GDPR.
The right to erasure does not exist to the extent that processing is necessary.
1. to exercise the right to freedom of expression and information;
2. to comply with a legal obligation that requires processing under the law of the Union or of the Member States to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. for reasons of public interest in the field of public health according to Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 GDPR;
4. for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) of the GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
5. for asserting, exercising, or defending legal claims.
Right to information
If you have exercised your right to rectification, erasure or restriction of processing with the controller, the controller is obliged to communicate this rectification or erasure of data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves a disproportionate effort.
Right to rectification
You have the right to request correction and/or completion from the data controller if the personal data processed concerning you is incorrect or incomplete. The data controller must make the correction without delay.
Right to restriction of processing
Under the following conditions, you can request the restriction of the processing of your personal data:
- if you dispute the accuracy of the personal data concerning you for a period that allows the controller to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of their use;
- the data controller no longer needs the personal data for the purposes of processing, but you need it for the establishment, exercise, or defense of legal claims, or
- if you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.
Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, where the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR, and the processing is carried out by automated means.
In exercising this right, you also have the right to obtain that the personal data concerning you be transmitted directly from one controller to another, where technically feasible. This must not adversely affect the freedoms and rights of others.
The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Complaint to the data protection authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority to which the complaint was submitted shall inform the complainant about the status and results of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.
If you wish to exercise any of the rights mentioned or have general questions regarding data protection, you can contact the data protection officer at any time.
Date: 20.05.2025