Last modified: May 2026 · Version 2.1 (AT/DE/CH)
Dear visitors! Thank you for your interest in a stay with us. The protection of your personal data is of essential concern to us. With this privacy policy we inform you, pursuant to Art. 13 GDPR in conjunction with the Austrian Data Protection Act (DSG), about which data we process within our online booking, enquiry and check-in process, for what purpose, on what legal basis and which rights you are entitled to.
Dear visitors! Thank you for your interest in a stay with us. The protection of your personal data is of essential concern to us. With this privacy policy we inform you, pursuant to Art. 13 GDPR in conjunction with the German Federal Data Protection Act (BDSG), about which data we process within our online booking, enquiry and check-in process, for what purpose, on what legal basis and which rights you are entitled to.
Dear visitors! Thank you for your interest in a stay with us. The protection of your personal data is of essential concern to us. With this privacy policy we inform you, pursuant to Art. 19 ff. of the revised Swiss Federal Act on Data Protection (revFADP), about which data we process within our online booking, enquiry and check-in process, for what purpose and which rights you are entitled to.
Controller within the meaning of Art. 4 No. 7 GDPR for the processing of your personal data is:
Controller within the meaning of Art. 5 lit. j revFADP (or Art. 4 No. 7 GDPR, where applicable) for the processing of your personal data is:
Demohotel Technik Test-3The appointment of a Data Protection Officer is not mandatory under Art. 37 GDPR.
Under Art. 10 revFADP, the appointment of a data protection advisor is voluntary for private controllers. If appointed, contact details to be inserted here.
For the administration of bookings, enquiries and check-in we use the hotel software ("Property Management System", PMS for short) easybooking provided by:
For the administration of bookings, enquiries and check-in we use the hotel software ("Property Management System", PMS for short) easybooking provided by:
zadego GmbHzadego is our processor pursuant to Art. 28 GDPR. A written data processing agreement (DPA) is in place which obliges zadego to strict adherence to instructions, confidentiality and to comply with appropriate technical and organisational measures. Access by zadego to your data takes place exclusively within the framework of this agreement (e.g. for support, maintenance, backup) and only on our instructions.
zadego is our processor pursuant to Art. 9 revFADP (corresponds to the processor under Art. 28 GDPR). A written data processing agreement is in place which obliges zadego to strict adherence to instructions, confidentiality and to comply with appropriate technical and organisational measures. Access by zadego to your data takes place exclusively within the framework of this agreement (e.g. for support, maintenance, backup) and only on our instructions.
Processing on our behalf does not constitute a transfer of data to a third party within the meaning of the GDPR.
Processing on our behalf does not constitute a disclosure of data to a third party within the meaning of the revFADP.
Personal data means any information relating to an identified or identifiable natural person (Art. 4 No. 1 GDPR) – e.g. name, address, email address, telephone number, date of birth.
Personal data means any information relating to an identified or identifiable natural person (Art. 5 lit. a revFADP or Art. 4 No. 1 GDPR) – e.g. name, address, email address, telephone number, date of birth.
On this website you are using one or more modules ("widgets") of the easybooking software embedded in our page. These include, among others:
Entries into these widgets are always made voluntarily and are only required where they are necessary for processing your enquiry or booking.
Please note that data transmission on the internet (e.g. when communicating via email) may have security gaps. Complete protection against access by third parties is technically not entirely possible. However, we implement appropriate technical and organisational measures (see section 11).
We process your personal data exclusively on the basis of the statutory provisions (GDPR as well as national data protection law). Below you find an overview:
We process your personal data exclusively on the basis of the statutory provisions (revFADP; additionally GDPR where applicable). Below you find an overview:
| Purpose | Data categories | Legal basis |
|---|---|---|
| Enquiry / quotation | Name, email, phone (optional), period of stay, number of persons, wishes | Art. 6 (1) lit. b GDPR (pre-contractual measures) |
| Booking processing & contract performance | Name, address, date of birth, contact data, stay data, payment data (if applicable) | Art. 6 (1) lit. b GDPR (contract) |
| Online Check-In & statutory registration obligation | Name (incl. fellow travellers), date of birth, gender, nationality, country of origin, address, travel document data | Art. 6 (1) lit. c GDPR i.c.w. § 5 Austrian Registration Act (MeldeG) Art. 6 (1) lit. c GDPR i.c.w. §§ 29 et seqq. German Federal Registration Act (BMG, registration obligation for accommodation establishments) |
| Invoicing & accounting | Name, address, stay data, payment receipts | Art. 6 (1) lit. c GDPR i.c.w. § 132 BAO, UStG Art. 6 (1) lit. c GDPR i.c.w. § 257 HGB, § 147 AO |
| Payment processing | Payment data, transaction data | Art. 6 (1) lit. b GDPR; for external payment service providers see their respective privacy policies |
| Guest profile / service optimisation for repeat bookings (preferences, special requests) | Master data, stay history, preferences | Art. 6 (1) lit. f GDPR (legitimate interest in efficient guest service) – right to object under Art. 21 GDPR |
| Promotional communication, third-party offers | Name, email, stay data (if applicable) | Art. 6 (1) lit. a GDPR (separate, voluntary consent) |
| Ensuring IT operations, abuse detection, log data | IP address, timestamp, technical metadata | Art. 6 (1) lit. f GDPR (legitimate interest in system security) |
| Purpose | Data categories | Legal basis (revFADP / GDPR) |
|---|---|---|
| Enquiry / quotation | Name, email, phone (optional), period of stay, number of persons, wishes | Art. 31 (2) lit. a revFADP (contract initiation) / Art. 6 (1) lit. b GDPR |
| Booking processing & contract performance | Name, address, date of birth, contact data, stay data, payment data (if applicable) | Art. 31 (2) lit. a revFADP / Art. 6 (1) lit. b GDPR |
| Online Check-In & statutory registration obligation | Name (incl. fellow travellers), date of birth, gender, nationality, country of origin, address, travel document data | Art. 31 (1) revFADP (statutory basis) i.c.w. [cantonal accommodation/tourism law – to be specified by DPO] |
| Invoicing & accounting | Name, address, stay data, payment receipts | Art. 31 (1) revFADP i.c.w. Art. 957 et seqq. CO (bookkeeping obligation, 10 years) |
| Payment processing | Payment data, transaction data | Art. 31 (2) lit. a revFADP; for external payment service providers see their respective privacy policies |
| Guest profile / service optimisation (preferences, special requests) | Master data, stay history, preferences | Art. 31 (1) revFADP (overriding interest in efficient guest service) – right to object |
| Promotional communication, third-party offers | Name, email, stay data (if applicable) | Art. 6 (6) revFADP (consent) or Art. 6 (1) lit. a GDPR |
| Ensuring IT operations, abuse detection, log data | IP address, timestamp, technical metadata | Art. 31 (1) revFADP (overriding interest in system security) |
Unless expressly indicated otherwise, the provision of your data is voluntary. However, without the data required for contract performance we cannot process your enquiry or booking.
Your data will only be transferred to third parties if this is necessary for the performance of the contract, if there is a statutory obligation, if you have given your express consent or if a legitimate interest justifies the transfer. Recipients or categories of recipients may be:
Disclosure of your personal data to third parties only takes place if this is necessary for the performance of the contract, if there is a statutory obligation, if you have given your express consent or if an overriding interest justifies the disclosure (Art. 31 revFADP). Recipients or categories of recipients may be:
The processing of your data by us and our processor zadego generally takes place within the European Union or the European Economic Area.
In individual cases, a data transfer to third countries may occur, in particular in the case of:
Such a transfer only takes place if the special requirements of Art. 44 et seqq. GDPR are met, in particular through:
Our processor zadego GmbH is based in Austria (EU/EEA). This disclosure abroad already takes place in compliance with the requirements of Art. 16 et seqq. revFADP. According to the Federal Council's country list, Austria is considered a state with an adequate level of data protection.
In individual cases, a data disclosure to further third countries may occur, in particular in the case of:
Such a disclosure only takes place if the requirements of Art. 16 et seqq. revFADP are met, in particular through:
You can request a copy of the safeguards via the contact details listed in section 1.
We store your data only as long as is necessary for the respective purposes or as long as statutory retention obligations require:
After expiry of the respective period, the data is routinely deleted or anonymised, unless it is exceptionally required for further permissible purposes (e.g. legal defence, statutory obligations).
Insofar as we process data on the basis of your consent (Art. 6 (1) lit. a GDPR) – for example for promotional communication or storage in the guest profile beyond the contractual duration – this is always done voluntarily and on the basis of an active declaration by you (e.g. by separately ticking a checkbox).
Insofar as we process personal data on the basis of your consent (Art. 6 (6) revFADP or Art. 6 (1) lit. a GDPR) – for example for promotional communication or storage in the guest profile beyond the contractual duration – this is always done voluntarily and on the basis of an active declaration by you.
Granting these consents is not a prerequisite for the conclusion of the contract or the processing of your booking (prohibition of coupling pursuant to Art. 7 (4) GDPR)..
You have the right to withdraw a granted consent at any time with effect for the future. Withdrawal is possible informally, e.g. by email to bettina.guggenberger@easybooking.eu. The lawfulness of processing carried out until withdrawal remains unaffected.
Under the GDPR you are entitled in particular to the following rights:
Under the revFADP you are entitled in particular to the following rights:
To exercise your rights, please contact us using the contact details provided in section 1. We will respond to your request without undue delay, at the latest within the statutory time limits.
Without prejudice to any other remedy, you have the right, pursuant to Art. 77 GDPR, to lodge a complaint with a data protection supervisory authority if you consider that the processing of your personal data infringes the GDPR.
The competent supervisory authority in Austria is:
Österreichische DatenschutzbehördeIf you have your habitual residence in another EU member state, you may also contact the supervisory authority there.
Without prejudice to any other remedy, you have the right, pursuant to Art. 77 GDPR, to lodge a complaint with a data protection supervisory authority if you consider that the processing of your personal data infringes the GDPR.
The state data protection authority responsible for us is:
An overview of all state data protection authorities can be found on the website of the Federal Commissioner for Data Protection and Freedom of Information (BfDI).
If you have your habitual residence in another EU member state, you may also contact the supervisory authority there.
If you consider that the processing of your personal data infringes the revFADP, you may at any time lodge a complaint with or file a report to the competent Swiss supervisory authority:
Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB)Automated decision-making, including profiling pursuant to Art. 22 GDPR, does not take place.
Automated individual decision-making within the meaning of Art. 21 revFADP and high-risk profiling pursuant to Art. 5 lit. g revFADP do not take place.
We and our processor zadego take appropriate technical and organisational measures pursuant to Art. 32 GDPR to protect your personal data against accidental or unlawful destruction, loss, alteration or unauthorised disclosure and unauthorised access. These include in particular:
We and our processor zadego take appropriate technical and organisational measures pursuant to Art. 8 revFADP to ensure a level of data security appropriate to the risk. These include in particular:
Our security measures are continuously developed in accordance with the state of the art.
We reserve the right to amend this privacy policy as far as this becomes necessary due to changes in the legal situation, technical developments or changes in our processing operations. The currently applicable version can be viewed in the booking and enquiry process. We will notify you separately of material changes where required.
As of: May 2026 · Version 2.1