Privacy Policy

[Company name to be added] [Address to be added] Vienna, Austria Email: [email to be added] Phone: [phone to be added]

When you use our website or book an apartment, we may collect the following personal data: - Name, email address, phone number (provided during booking) - Payment information (processed securely through our payment provider) - IP address, browser type, and usage data (collected automatically) - Check-in/check-out dates and guest preferences - Communication records (emails, inquiries)

We process your personal data for the following purposes: - Processing and managing apartment bookings - Communicating with you about your reservation - Providing guest services during your stay - Sending booking confirmations and invoices - Complying with legal obligations (e.g., guest registration requirements under Austrian law) - Improving our website and services

We process your data based on: - Contract performance (Art. 6(1)(b)) — to fulfill your booking - Legal obligation (Art. 6(1)(c)) — guest registration, tax obligations - Legitimate interest (Art. 6(1)(f)) — website analytics, service improvement - Consent (Art. 6(1)(a)) — marketing communications, where applicable

Our website uses two kinds of cookies: - Essential cookies — required for the site to function (e.g., your consent choice, currency preference). - Analytics cookies — Google Analytics 4 (Measurement ID G-GVGXZFKJ8W), used to understand how visitors discover and use Mint @Naschmarkt. These are set only after you grant consent. Default state: denied. Google Consent Mode v2 is used to ensure that, until you accept, Google receives only anonymized signals (no client identifier, no advertising data). You can change or withdraw your consent at any time via the "Cookie Preferences" link in the footer.

We may share your data with the following third-party services: - Beds24 — booking and availability management - Stripe — secure payment processing - Vercel — website hosting - Supabase — database services - Google LLC (Google Analytics 4) — visitor analytics, consent-gated. Data is processed in EU regions where available; Standard Contractual Clauses are in place for any transfers to the United States. EU-US Data Privacy Framework certification: active. These providers process data on our behalf under appropriate data processing agreements.

We retain your personal data only as long as necessary: - Booking data: 7 years (Austrian tax law requirements) - Guest registration data: as required by local regulations - Website analytics: 26 months - Marketing data: until you withdraw consent

Under the GDPR, you have the right to: - Access your personal data - Rectify inaccurate data - Erase your data ("right to be forgotten") - Restrict processing - Data portability - Object to processing - Withdraw consent at any time To exercise these rights, contact us at [email to be added].

We implement appropriate technical and organizational measures to protect your personal data, including encrypted data transmission (TLS/SSL), secure storage, and access controls.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with: Österreichische Datenschutzbehörde (Austrian Data Protection Authority) Barichgasse 40–42 1030 Vienna, Austria dsb@dsb.gv.at www.dsb.gv.at

We may update this privacy policy from time to time. The current version is always available on this page. Last updated: [date to be added].