Privacy Policy

Status: 10 June 2025

Introduction

Protecting your personal data is a central concern for us – Hotel Alpenland P. Jochum GmbH. We process your data exclusively based on the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG), and – where applicable – Section 165 TKG 2021 and the Telecommunications and Digital Services Data Protection Act (TDDDG).

Controller

Hotel Alpenland P. Jochum GmbH
Anger 198, 6764 Lech am Arlberg, Austria
Phone: +43 5583 2351 Email: info@alpenland-lech.com

Hosting

Our website is hosted on servers provided by ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany. A data processing agreement (DPA) is in place. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in reliable provision).

Access Data & Server Log Files

When accessing the website, we automatically process data such as IP address, browser type, operating system, referrer URL, and time of access. These data are deleted after seven days and serve to ensure technical operation (Art. 6(1)(f) GDPR).

Consent Management with Real Cookie Banner

We use the WordPress plugin Real Cookie Banner (devowl.io GmbH, Germany) to legally obtain and document your consents. A necessary cookie is set in your browser to locally store your selection (timestamp, consent IDs). No data is transmitted to the provider. Legal basis: Art. 6(1)(c) GDPR in conjunction with Section 165 TKG 2021.

Cookies & Similar Technologies

The following categories may be set depending on your selection in the cookie banner:

Category	Purpose	Storage Duration*	Example Service
Essential	Website operation	Session – 1 year	Real Cookie Banner
Statistics	Audience measurement	up to 14 months	Google Analytics 4
External Media	Embedded content display	variable	YouTube, Google Maps, Panomax

*The exact lifetime of individual cookies may change; up-to-date details are always available in the cookie dialog.

Fathom Analytics

This website uses Fathom Analytics, a cookie-free web analytics service from Conva Ventures Inc. (DBA Fathom Analytics), 26 Bastion Sq., Victoria, BC V8W 1H9, Canada. Fathom Analytics is specifically designed to be compliant with GDPR, PECR, and CCPA – without using cookies or similar technologies.

• Data Processed – shortened IP address, user agent, visited URL, referrer URL, timestamp, country (only on country level), device type. IP addresses are anonymized immediately using a one-way hash with daily changing salts, making personal identification impossible.
• Purpose – Audience measurement and statistical analysis to optimize our website technically and in terms of content.
• Legal Basis – Art. 6(1)(f) GDPR (legitimate interest in privacy-friendly, low-interference analysis). Since no cookies or personal profiles are created, no consent is currently required under applicable law. However, you can still deactivate the "Statistics" category voluntarily in the cookie banner.
• Data Processing Agreement – We have entered into a DPA with Fathom pursuant to Art. 28 GDPR. Raw data is processed exclusively on servers within the EU, depending on the selected region ("EU Isolation").
• Opt-Out – If your browser sends a Do Not Track signal, Fathom automatically respects it. Additionally, you can disable "Statistics" in the consent banner.

For more information, see the Fathom Compliance Documentation.

Web Analytics with Google Analytics 4

With your consent, we use Google Analytics 4 (Google Ireland Ltd.). GA4 does not store full IP addresses; they are truncated within the EU before logging. Transfers to the USA are based on Standard Contractual Clauses (SCC) and the EU-US Data Privacy Framework (DPF). Legal basis: Art. 6(1)(a) GDPR, Section 165 TKG 2021.

Review & Social Widgets (Trustindex.io)

To display external reviews (e.g., Google, Facebook, or Instagram feeds), we use Trustindex Ltd., Hungary. When activated, your browser connects to Trustindex servers, possibly transmitting your IP address and device information. Legal basis: Art. 6(1)(a) GDPR.

Embedded Media

• YouTube (Google LLC) – Video embedding in enhanced privacy mode, data transfer to the USA under DPF; legal basis: Art. 6(1)(a) GDPR.
• Google Maps – Map display; consent required, Art. 6(1)(a) GDPR.
• Panomax Webcams – Live 360° webcams (Panomax GmbH, AT); transfer only after opt-in.
• Foto-Webcam.eu – Panorama images; connection established after consent.
• Feratel Webcams – Still image/stream embedding; activation only after click.

Security Tool Wordfence

To protect against cyberattacks, we use Wordfence (Defiant Inc., USA). The tool sets cookies, checks IP addresses, and compares them with real-time threat databases. Transfers to the USA are based on SCC. Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

Newsletter (MailerLite)

We use MailerLite Limited, Ireland, to send our newsletter. Your email address and, if provided, name and interaction data (opens, clicks) are processed. Subscription is via double opt-in; every email contains an unsubscribe link. Legal basis: Art. 6(1)(a) GDPR. Data may be transferred to MailerLite Inc. in the USA (DPF-certified, SCC).

Contact Forms & Communication

If you contact us via form, email, or phone, we process your details to handle the inquiry and follow-up questions (Art. 6(1)(b) or (f) GDPR). Your data will be deleted once the purpose is fulfilled, unless legal retention obligations apply.

Bookings & Contract Data

For room or package bookings, we process master data, payment information, and correspondence to fulfill the contract (Art. 6(1)(b) GDPR). Tax and commercial retention periods of seven or ten years remain unaffected.

Your Rights

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction (Art. 18 GDPR)
• Data Portability (Art. 20 GDPR)
• Objection (Art. 21 GDPR)
• Withdrawal of consent (Art. 7(3) GDPR)

To exercise your rights, simply send an informal message to the address above. You also have the right to lodge a complaint with the Austrian Data Protection Authority.

Data Security

Our website uses SSL/TLS encryption. Additionally, we implement organizational and technical measures (firewall, access restrictions, backups) to protect your data from unauthorized access.

Changes to this Privacy Policy

Legal changes, new services, or technical developments may require an update to this policy. The current version is always available here; we will inform you of significant changes – if necessary – by email or banner.

This privacy policy has been created with the greatest possible care but does not replace individual legal advice.