Data protection & cookies
Closing your account
After closing your account, we still need some of your data for legal obligations, such as tax matters and audits. Furthermore, there is a legitimate interest in further processing with regard to fraud detection and prevention as well as security assurance.
Data for bookings
When searching for your perfect accommodation, we cannot help you without information. To do this, we need the information you provide or are asked to provide, such as your name and those of the people traveling with you, your email address, and payment information. For bookings, we may also ask you to provide your place of residence, telephone number, date of birth, and any preferences. In the case of health-related information, we ask you to give us this by telephone.
Disclosure of booking data
The purpose of passing on your data is to complete your booking with the accommodation you have chosen and to transmit your information to the relevant provider. Where necessary to complete the booking, your data will be shared with persons assisting us. Such recipients include financial institutions, advertising companies, or even public authorities. In each case, their headquarters are located within the EEA or data protection-safe third countries. We do not sell or rent out your personal data.
Data we receive from you about others
As a rule, you do not only make a booking for yourself but also for guests traveling with you, whose details you provide when making the booking. This is of course also the case when you make a booking for someone else. In some cases, you can use our platform to share information with others (e.g. in referral programs). Information on data processing is given separately there. We would like to point out that it is your responsibility to ensure that the persons whose personal data you are transmitting to us have given their consent accordingly.
Legal basis and duration of processing for bookings
The provision of personal data in the context of bookings is necessary because otherwise the agreed services cannot be provided. The legal basis for the above data processing is the fulfillment of the agreed services, of which the data subject is a party or processing for the fulfillment of a legal obligation (Art. 6 para. 1 lit. b or lit. c DSGVO). The data will be processed or stored until the above purposes cease to apply.
Data that we collect automatically (cookies)
When you visit our website, we may automatically process data. This may include IP address, date and time of your use, hardware, software or browser type, the operating system of your computer, language settings, and information about clicks and which pages are displayed to you. If you use our service with your mobile device, we may process additional information: Mobile device type and operating system, device-specific settings and features, geographical location, and other system activity. The legal basis for this processing is the fulfillment of the agreed services or the technical necessity of the processing or our legitimate interests, namely the traceability and optimization of our services, whereby the interests or fundamental rights of the party concerned are not overridden (Art. 6 para. 1 lit. f DSGVO). In connection with the last legal ground, the data subject has a right of objection in case of predominant interest - for details see below on data subject rights. The data will be processed or stored until the aforementioned purposes cease to apply.
We process your personal data with the assistance of processors who assist us in providing the Services. These include Web hosting, and email newsletter delivery service. These processors are obliged to strictly protect your personal data and are not allowed to process your personal data for any other purpose than to provide our services. Furthermore, your personal data is only passed on to service providers typical for the economy, such as banks (in the case of bank transfers to you), tax advisors (if you are included in our accounting), dispatch service providers (in the case of dispatch to you), etc., which for their part are subject to data protection regulations.
Contacting us via contact form/e-mail / post / telephone
When contacting us via a contact form, mail, or e-mail, your data will be processed for the purpose of handling the contact request. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. When using the contact form - fields: Name, address, e-mail, and other form fields. After sending the contact form, the personal data entered by you will be processed by the data protection officer for the purpose of processing your inquiry on the basis of your consent given by sending the form. There is no legal or contractual obligation to provide personal data. The only consequence of not providing it is that you do not submit your request and we are unable to process it. You have the right to revoke your consent at any time by written notification without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.
Further processing of contact form data
Further processing of the data, which is compatible with the original purpose of processing, is carried out on the same legal basis for the purpose of direct marketing in forms not subject to consent, such as the addressed postal dispatch of advertising, until the objection is made. In this case, the data will be passed on to the mailing service provider. You have the right to object to the use of your personal data for the purpose of direct advertising at any time - for details see below on the rights concerned. In the event of an objection, your personal data will no longer be processed for the purpose of direct marketing.
Changing the cookie settings
Cookies on our website
Our website processes the following cookies:
_ga, origin: Google. Google Analytics cookie to distinguish different users. Valid for 2 years.
_gat, Origin: Google. Google Analytics cookie to limit the request rate. Valid for 1 minute.
_gid, origin: Google. Google Analytics cookie registers a unique ID to generate statistical data on how a user uses the website. Valid for 24 hours.
ARRAffinity, Origin: Microsoft Windows Azure cloud platform. A cookie is used for load balancing to allow the user to connect to the same server in each session. Valid until the end of the session.
cookieconsent_status, Origin: Silktide Ltd. cookie consent by insights. Cookie used to store the current status of the cookie consent. Valid for 1 year.
_hjIncludedInSample. Origin: Hotjar. Cookies are used to anonymously record user statistics and anonymous advertising. Valid for 1 year.
PHPSESSID, origin:tiefrastenhutte.it is a Cookie that contains an anonymous user ID in order to be able to assign several page requests of a user to the same session. Valid until the end of a session.
XSRF-TOKEN, origin: tiefrastenhutte.it is a Session cookie that helps prevent cross-site request forgery attacks. Valid until the end of a session.
XSRF-V, origin: tiefrastenhutte.it is a Session cookie that helps prevent cross-site request forgery attacks. Valid until the end of the session.
If third-party content is included on the site, e.g. in the form of widgets or similar, these may use additional cookies. In this case, the type and number of cookies may change depending on the session, browser, etc., and are therefore beyond our control. Please contact the respective third-party provider directly for information on the type and purpose of the individual cookies. The use of third-party cookies can usually be prevented by making the appropriate settings in the browser.
Deactivate Google Analytics
You can generally prevent the collection of your user data on our website by setting "Do Not Track" in your web browser. Our website takes into account the "Do Not Track" signal that your web browser then sends to all websites. You can generally prevent the collection of your user data by Google Analytics on all websites by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Deactivate Google Remarketing / Adwords
Server Log File
This website processes the following personal data in a server log file for the purpose of monitoring the technical function and increasing the operational security of the web server on the basis of the overriding legitimate interest of the controller (technical security measures):
Time of the server request
Browser type/browser version
Operating system used
The IP address is anonymized.
We continually improve our administrative, technical, and physical security measures to protect the privacy of your information from unauthorized access, loss, destruction, or alteration. The security measures used include firewalls and data encryption as well as access controls on shared information. For security reasons and to protect the transmission of confidential content, this website uses the SSL (Secure Sockets Layer) coding system. You can recognize this encryption by the "https://" and the lock symbol in the address line of the browser. In this way, the data cannot be read by third parties. However, we would like to point out that data transmission on the web can have security gaps. Complete protection against access by third parties is not possible.
Your (data subject) rights
You have the right to information and, under certain circumstances, to correction, deletion, and restriction of the processing of personal data. Insofar as the legal basis for the processing of your personal data is your consent or a contract concluded with you, you also have the right to data portability. You have the right to revoke any consent you may have given for the processing of your personal data. The lawfulness of the processing of personal data until the revocation is not affected by the revocation. You have the right to object to the processing of your personal data for the purpose of direct marketing or in case of predominant legitimate interest. In the event of an objection, your personal data will no longer be processed for the purpose of direct advertising. To exercise your data protection rights, please contact us using the contact details provided at the top of this privacy statement.
Furthermore, you have the right to lodge a complaint with the supervisory authorities in
Germany: German Federal Commissioner for Data Protection and Freedom of Information, Husarenstr. 30, 53117 Bonn, firstname.lastname@example.org
Austria: Austrian Data Protection Authority, Wickenburggasse 8, 1080 Vienna, email@example.com
Italy: Garante per la protezione dei dati personali, Piazza di Monte Citorio 121, 00186 Roma, firstname.lastname@example.org
Switzerland: Federal Data Protection and Information Commissioner (FDPIC), Feldeggenweg 1, 3003 Bern
Links to other websites
We link to websites of providers not affiliated with us (third parties). When you open these links, we no longer have any influence on the collection and use of your data. You will find information on this in the data protection declarations of the respective providers of the linked websites. We cannot assume any responsibility for the data collection and processing. Therefore, when you leave our services by clicking on a link, you will be informed as far as possible that you are accessing another provider. If this is not clear from the text, the link will be marked with a note such as "external link".
Changes to this data protection declaration
We reserve the right to adapt and change our data protection declaration at any time in accordance with the present regulations. If changes are made, this will be indicated on our platform and the last modification date of this data protection declaration will be publicly updated.
Status day 03.07.2023