Privacy Policy

[Company name to be added] [Address to be added] Vienna, Austria Email: [email to be added] Phone: [phone to be added]

When you use our website or book an apartment, we may collect the following personal data: - Name, email address, phone number (provided during booking) - Payment information (processed securely through our payment provider) - IP address, browser type, and usage data (collected automatically) - Check-in/check-out dates and guest preferences - Communication records (emails, inquiries)

We process your personal data for the following purposes: - Processing and managing apartment bookings - Communicating with you about your reservation - Providing guest services during your stay - Sending booking confirmations and invoices - Complying with legal obligations (e.g., guest registration requirements under Austrian law) - Improving our website and services

We process your data based on: - Contract performance (Art. 6(1)(b)) — to fulfill your booking - Legal obligation (Art. 6(1)(c)) — guest registration, tax obligations - Legitimate interest (Art. 6(1)(f)) — website analytics, service improvement - Consent (Art. 6(1)(a)) — marketing communications, where applicable

Our website uses cookies to ensure basic functionality and improve your experience. We use: - Essential cookies — required for the website to function - Analytics cookies — to understand how visitors use our site (only with your consent) You can manage cookie preferences through your browser settings. Disabling essential cookies may affect website functionality.

We may share your data with the following third-party services: - Beds24 — booking and availability management - Stripe — secure payment processing - Vercel — website hosting - Supabase — database services These providers process data on our behalf under appropriate data processing agreements.

We retain your personal data only as long as necessary: - Booking data: 7 years (Austrian tax law requirements) - Guest registration data: as required by local regulations - Website analytics: 26 months - Marketing data: until you withdraw consent

Under the GDPR, you have the right to: - Access your personal data - Rectify inaccurate data - Erase your data ("right to be forgotten") - Restrict processing - Data portability - Object to processing - Withdraw consent at any time To exercise these rights, contact us at [email to be added].

We implement appropriate technical and organizational measures to protect your personal data, including encrypted data transmission (TLS/SSL), secure storage, and access controls.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with: Österreichische Datenschutzbehörde (Austrian Data Protection Authority) Barichgasse 40–42 1030 Vienna, Austria dsb@dsb.gv.at www.dsb.gv.at

We may update this privacy policy from time to time. The current version is always available on this page. Last updated: [date to be added].