Data
policy

We Take the Protection of Your Personal Data Seriously

​

This privacy policy provides information about how we handle your personal data

on this website, during the conclusion and execution of your contract with us, and

your rights. Personal data includes all information relating to an identified or identifiable

individual, representing an expression of their identity.

Examples of personal data include names, addresses, phone numbers, email addresses,

or information in contracts related to your identity.

​

I. Data Controller

1. The data controller responsible for the processing of personal data in connection with the initiation, execution, and termination of your contractual relationship is L15 Gastro GmbH, Lindau 15, A-6391 Fieberbrunn, Austria. Contact: datenschutz@upsidedown.tirol.

 

II. How We Process Your Data

1. Website Access: When you visit our website, the browser on your device automatically sends information to our website’s server. This data is temporarily stored in log files and includes:

   • The IP address of the requesting device.

   • Date and time of access.

   • Name and URL of the accessed file.

   • Referrer URL (the website from which you accessed ours).

   • Browser type, operating system, and the name of your internet provider.

2. Legal Basis: Article 6(1)(f) GDPR. No conclusions about your identity are drawn. The purposes include:

   • Ensuring smooth connection setup.

   • Comfortable website use.

   • Evaluation of system security and stability.

   • Administrative purposes.

3. Contact Form: When using our website’s contact form, we require your first and last name and email address as mandatory fields. Additional details are optional. This data is processed to initiate a contract under Article 6(1)(b) GDPR.

4. Contracts: When concluding a contract with us or contacting us outside the website, we process data like your name, payment information, address, and contact details for contract execution. Legal Basis: Article 6(1)(b) GDPR.

5. Legal Obligations: As part of anti-money laundering laws, we may collect and process specific data to verify your identity and financial participation. Legal Basis: Article 6(1)(c) GDPR in conjunction with §11 and §11a GwG.

6. Marketing: We use your name and email or postal address for marketing activities. For email marketing, we rely on your consent under Article 6(1)(a) GDPR. For postal advertising or email to existing customers, our legitimate interests form the basis under Article 6(1)(f) GDPR.

 

III. Joint Data Responsibility with the Auszeit Group

1. Group Structure: We are a subsidiary of Auszeit Hotel & Resort AG and part of the Auszeit Group. Customer data (e.g., name, email, address) is stored and managed in a shared infrastructure operated by the group.

2. Purpose: This joint responsibility ensures optimal data management and avoids duplication. Legal Basis: Article 6(1)(f) GDPR (legitimate interests). With your consent, data may be used for marketing by other group companies under Article 6(1)(a) GDPR.

3. Rights and Agreements:

   • Data protection inquiries are handled by Auszeit Hotel & Resort AG.

   • You can exercise your rights with any company in the group.

 

IV. Data Sharing with Service Providers

1. Marketing & Customer Management: Data may be shared with advertising agencies (e.g., Brandnamic GmbH) and postal services for marketing purposes.

2. IT Services: Customer data is managed using Bitrix24 Limited (EU and USA). Data may also be accessed by Linxys GmbH (Switzerland) under GDPR-compliant agreements.

3. Accounting & Hosting: Data is shared with accountants (e.g., Datev eG), website hosts (domainfactory GmbH), and IT providers for infrastructure maintenance.

 

V. Data Storage and Deletion

We delete your data when it’s no longer needed for the purposes stated above. Exceptions include:

• Legal retention obligations (e.g., tax and commercial law require data retention for 10 years).

• Log files are stored for up to 30 days before automatic deletion.

 

VI. Your Rights Under GDPR

1. Withdrawal of Consent: You may withdraw your consent at any time, affecting future data processing. Contact: datenschutz@upsidedown.tirol.

2. Access and Copies: Request information about whether we process your data and receive a copy (Article 15 GDPR).

3. Correction and Completion: Request correction or completion of inaccurate or incomplete data (Article 16 GDPR).

4. Deletion: Request deletion of your data under certain conditions (Article 17 GDPR). Exceptions apply.

5. Restriction of Processing: Request limited processing of your data under specific circumstances (Article 18 GDPR).

6. Data Portability: Receive your data in a machine-readable format or have it transferred to another controller (Article 20 GDPR).

7. Objections and Complaints: Object to data processing based on legitimate interests or direct marketing (Article 21 GDPR). File complaints with a supervisory authority.

 

VII. Updates to This Privacy Policy

This policy may be updated due to legal changes or new processing activities. Significant changes will be communicated directly.

​

Last Updated: November 21, 2023