Privacy Statement Waldhütte
Rental Partnership
Gärtner Hanspeter u. Mitbesitzer GsbR
VAT ID: ATU72310956
Lärchenwiesenstrasse 52/4
A-6212 Eben am Achensee
We use the following data when you enter into a contract with us:
Basic Data:
Surname and first name, full address, all contact details (e.g., email address, phone number), information about the type and content of our contractual relationship.
Other personal data which you or third parties provide to us with your consent or otherwise lawfully during the contract initiation, throughout the contract period (e.g., for issuing a guest card), or to fulfill legal obligations:
Date of birth or age, marital status, gender, occupation, identification data, bank details, signing or representation authority, contractual commitments, cancellation/withdrawal deadlines, or any other information about you that you have voluntarily disclosed to us.
Use of Processors
Protecting your data is important to us. Even when we use processors (e.g., Feratel – guest registry according to § 19 MeldeV), we ensure that processing takes place within the European Union.
1. Registration Data
1.1 Registration Obligation
Under Austrian registration law, you are required to register with us using the data specified in §§ 5 and 10 of the Registration Act. This concerns the following data:
Name, date of birth, gender, nationality, country of origin, address including postal code, and— for foreign guests— type, number, issuing location, and issuing authority of a travel document, as well as arrival and departure dates.
1.2 Guest Registry
We record this data due to our legal obligation under § 19 of the Registration Act Implementing Ordinance in a guest registry and store it for 7 (seven) years unless the data is processed longer for other purposes mentioned in this privacy statement.
The guest registry is maintained electronically. We transfer the data to an IT processor who stores it locally. No transfer to third countries occurs.
1.3 Data Sharing
The data categories “arrival” and “departure” linked with country of origin are forwarded under § 6 of the Tourism Statistics Ordinance to the tourism association of the Silberregion Karwendel, where our accommodation is located. The tourism association also receives aggregated data about the total number of overnight stays and persons liable for the local accommodation tax, based on § 9 of the Tyrolean Accommodation Tax Act.
1.4 Legal Basis for Processing
Processing under points 1.1 to 1.3 is based on Art. 6 para. 1 lit. c GDPR (fulfillment of a legal obligation).
1.5 Additional Data Transfer to TVB Silberregion Karwendel
In addition, we transfer your postal code and birth year (in pseudonymized or anonymized form) for statistical purposes to the tourism association to generate and evaluate origin and age statistics. This is based on Art. 6 para. 1 lit. e (task in the public interest) and lit. f (overriding legitimate interests) GDPR. You may object to this at any time for reasons arising from your particular situation (Art. 21 para. 1 GDPR).
2. Guest Card
2.1 General
You have the option to use a digital guest card called SILBERCARD. The card grants discounts and/or services at various businesses in the region (e.g., reduced or free entry). The guest card is valid for the duration of your stay with us.
2.2 Issuing the Guest Card
The new mobile SILBERCARD of the Silberregion Karwendel is activated by the accommodation provider once the guest registers on the downloaded mobile "Silbercard App."
2.3 Processed Personal Data
For both electronically generated and manually issued guest cards, the following personal data derived from registration data (see point 1 above) are processed:
First name, last name, date of birth, length of stay (arrival/departure), country of origin, postal code.
If the guest card is issued in the form of the "registration form," it contains the information according to §§ 5 and 9 Registration Act (see above point 1.1). In this case, no electronic processing for guest card purposes occurs.
When using the guest card, additional data is processed: data on the usage cycle of each card, service usage, bookings, transaction logging, billing data, references to registration data and the accommodation provider.
This data is necessary to verify identity and the validity period of the guest card with the respective service provider, and to enable the billing of discounts between providers, the tourism association, and potentially the accommodation providers.
2.4 Legal Basis for Processing
Data processing for guest card purposes occurs either on your consent (Art. 6 para. 1 lit. a GDPR) or, if the guest card is part of the accommodation contract service, for contract performance purposes (Art. 6 para. 1 lit. b GDPR).
You may revoke your consent at any time verbally with the accommodation provider or in writing via email to
2.5 Operation of the Guest Card System
The guest card system is operated by the local tourism association (TVB) SILBERREGION KARWENDEL. Local accommodation providers and businesses ("service providers") are also involved.
Data processed for the guest card are deleted after 48 months.
2.6 Recipients of the Data
Data processed for guest card purposes is received by the local tourism association for billing purposes with service providers and/or accommodation businesses.
Individual service providers granting discounts based on the guest card also receive the data insofar as you use guest card services with them.
To use discounts, you must show the guest card with the data to the service provider, thus revealing the data yourself. The provider typically checks the validity by scanning the barcode on the guest card and transmitting this data to our IT processor. Personal data, especially identity data (to verify identity and date of birth), are also transmitted to the provider.
If the guest card is issued as a "registration form," validity is checked via the duplicate copy of the registration form.
3. Other Processing of Your Data
We generally process only data necessary for contract conclusion or performance. If you have given consent, we use your data to send you information about our services until you revoke consent. Communication channels used, if provided by you, include: telephone, email, SMS, postal mail, or social media.
4. Data Deletion
Your basic and other personal data are deleted when no longer required for the purpose of storage—usually after 7 (seven) years—or when storage is legally prohibited.
Instead of deletion, data may be anonymized, meaning all personal references are irreversibly removed.
5. Cookies
Our website uses so-called cookies—small text files stored on your device by the browser. They cause no harm. We use cookies to make our offer user-friendly. Some cookies remain stored until you delete them, enabling us to recognize your browser on your next visit.
If you prefer not to allow cookies, you can configure your browser to notify you when cookies are set and to allow them only selectively. Disabling cookies may limit website functionality.
For help managing cookie settings in common browsers, see these links:
Internet Explorer™: http://windows.microsoft.com/de-at/windows-vista/Block-or-allow-cookies
Safari™: http://apple-safari.giga.de/tipps/cookies-in-safari-aktivieren-blockieren-loeschen-so-geht-s/
Chrome™: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Firefox™: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Opera™: http://help.opera.com/Linux/9.01/de/cookies.html
6. Google Analytics Privacy Statement
We use Google Analytics by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on this website to analyze visitor data statistically. Google Analytics uses goal-oriented cookies. More info on terms and privacy at http://www.google.com/analytics/terms/de.html and https://support.google.com/analytics/answer/6004245?hl=de.
Pseudonymization
Our goal under GDPR is to improve our offerings and website. Because we value user privacy, user data is pseudonymized. Processing is based on § 96 para. 3 TKG and Art. 6 para. 1 lit. a (consent) and/or f (legitimate interest) GDPR.
Disabling Google Analytics Data Collection
Visitors can prevent Google Analytics from using their data by installing the browser add-on to disable Google Analytics JavaScript (ga.js, analytics.js, dc.js). Download at: https://tools.google.com/dlpage/gaoptout?hl=de.
Google Analytics Data Processing Addendum
We have a direct contract with Google for Google Analytics use, having accepted the Data Processing Addendum. More info: https://support.google.com/analytics/answer/3379636?hl=de&utm_id=ad.
Google Analytics IP Anonymization
We implemented Google Analytics IP anonymization on this website. This masks IPs as soon as they enter Google’s data collection network before storage or processing. More info: https://support.google.com/analytics/answer/2763052?hl=de.
Google Analytics Demographics and Interests Reports
Advertising reports including age, gender, and interests data are enabled. These allow us to better understand our users without identifying individuals. More info: https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.
You can disable ads personalization via your Google account settings at https://adssettings.google.com/authenticated.
Google Analytics Opt-Out Link
Clicking the following link prevents Google from recording further visits to this website. Note: deleting cookies, using incognito/private mode, or switching browsers resets this setting.
[Google Analytics deactivate]
7. Newsletter
You may subscribe to our newsletter (sent max. twice a year) on our website. We need your email and consent. After subscribing, you receive a confirmation email with a link to confirm your subscription.
You may unsubscribe at any time by emailing
8. Google Fonts Privacy Statement
We use Google Fonts by Google Inc. on our website. Use is without authentication and no cookies are sent to the Google Fonts API. If you have a Google account, no account data is transmitted to Google during use. Google only collects usage of CSS and fonts and stores these data securely. More info: https://developers.google.com/fonts/faq.
Information on what data Google collects and its use can be found at https://www.google.com/intl/de/policies/privacy/.
9. TLS Encryption with HTTPS (SSL)
We use HTTPS to securely transmit data over the internet. By employing TLS (Transport Layer Security), an encryption protocol for secure data transfer online, we ensure the protection of confidential information. You can recognize this protection by the small lock icon in the top left of your browser and the use of the HTTPS scheme in our web address.
10. Server Log Files
The website provider automatically collects and stores data in server log files, which your browser sends to us automatically. Examples of such data include:
- IP address
- Browser type/version
- Operating system
- Hostname of the computer accessing the website
- Referrer URL
- Time of the request
This information is not combined with other data.
The legal basis for this data processing is Article 6(1)(f) of the GDPR, which permits processing necessary for the fulfillment of a contract or related preliminary measures.
11. Your Rights Regarding Data Processing:
11.1. Right to Information:
You have the right to know whether and to what extent we process your data.
Contact / Responsible Person:
Monika Silan-Gärtner
Tel: +43 (0)650 9534034
11.2. Your Rights:
You generally have the rights to access, correct, delete, restrict, transfer your data, withdraw consent, and object to processing. If you believe your data is being processed unlawfully or your privacy rights have been violated, you may file a complaint with the supervisory authority. In Austria, this is the Data Protection Authority.
11.3. Right to Complain:
If you think the processing of your personal data violates Austrian or European data protection law, please contact us first so we can clarify any issues. Of course, you also have the right to file a complaint with the Austrian Data Protection Authority or any supervisory authority within the EU.
12. Identity Verification:
To protect your rights and privacy, we may request proof of identity if there is any doubt.
13. Excessive Claims of Rights:
If you exercise your rights in a clearly unfounded or excessively frequent manner, we reserve the right to charge a reasonable fee or to refuse to process the request.
14. Duty to Cooperate:
We are required by law (e.g., BAO, Registration Act, Civil Procedure Code, Criminal Procedure Code, etc.) to provide data upon request.
15. Duration of Validity:
This privacy policy applies from May 25, 2018, and replaces all previous data protection policies.
