Data protection

As of April 2026

The protection of your personal data is of particular importance to us at the Alpenhotel Ensmann. We therefore process your data exclusively in accordance with legal requirements (in particular the GDPR, DSG, and TKG 2021). In this privacy policy, we inform you about the most important aspects of data processing in connection with our website and our hotel operations.

1. Person in charge

Alpenhotel Ensmann

Lassing 55,
3345 Göstling an der Ybbs

Tel.: +43 7484 7014

E-Mail: office@alpenhotel-ensmann.at

2. Data Protection Officer

Our Data Protection Officer is:
Frau Daniela Kronsteiner

E-Mail: office@alpenhotel-ensmann.at

3. Processing of Personal Data

We process personal data only to the extent necessary to provide our services, fulfill contractual obligations, or comply with legal requirements.
This applies in particular to:

• Name
• Contact information (email, phone numbers)
• Booking details
• Payment information (if required)

4. Video surveillance

Video surveillance is installed in the lobby of our hotel.

Purpose of processing:

• Protection of guests, employees, and property
• Prevention and Education Regarding Criminal Offenses

Legal basis:

• Legitimate interest pursuant to Article 6(1)(f) of the GDPR

Retention period:

• The records are stored only for as long as necessary to fulfill the purpose and are deleted thereafter.
• Video surveillance is conducted in compliance with legal requirements (Section 12 of the Data Protection Act).

5. Website and server log files

Our website does not use cookies.
However, when you visit our website, the web server automatically collects certain information (so-called server log files), in particular:

• IP-Adress
• Date and time of access
• pages viewed
• Browser and operating system

This data is used solely to ensure the smooth operation of the website and for technical analysis.

Legal basis:

• Legitimate interest pursuant to Article 6(1)(f) of the GDPR

7. Online booking (easy-booking)

For online bookings, we use an external booking system:

easy-booking

When you make a booking, you will be redirected to the provider’s platform or content from the provider will be embedded.

Note

• In this case, your data is processed directly by the provider.
• The easy-booking Privacy Policy applies.

8. Links to external websites

Our website contains links to external websites (e.g., booking platforms or tourism partners).

Important note:

• We have no control over the content or privacy practices of these external sites.
• In particular, cookies or tracking technologies may be used there over which we have no control.
• The respective operators are solely responsible for data processing on these websites.

We expressly disassociate ourselves from the cookies and data processing used on that site.

9. Your rights

You generally have the following rights:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)

If you believe that the processing of your data violates data protection laws, you have the right to file a complaint with the supervisory authority:

Austrian Data Protection Authority

10. Data security

We use technical and organizational security measures to protect your data from loss, tampering, or unauthorized access.

11. Contact

If you have any questions regarding data protection, you can contact us at any time using the contact information provided above.

12. Payment processing

Payments for bookings can be processed through the following providers:

• VISA Card Complete
• Mastercard

Payment data is processed for the purpose of processing payments and fulfilling the contract. Depending on the selected payment method, data is transmitted to the respective payment service providers or credit card companies. The privacy policies of the respective providers apply.

Legal basis:

• Performance of a contract pursuant to Article 6(1)(b) of the GDPR
• Legitimate interest pursuant to Article 6(1)(f) of the GDPR (proper processing of payments)

Only the data that is absolutely necessary to process the payment will be shared.

13. Form data:

All forms on this website are primarily intended to allow visitors to contact us. All data entered is treated as strictly confidential and will not be disclosed to third parties. After a form is submitted, the entered data is stored on the server for the purpose of processing the inquiry and in case of follow-up questions, and is also sent in an email to the visitor and the website operator for further processing. Optional input fields are provided to facilitate contact and subsequent correspondence. We make a point of marking only truly necessary entries as required fields.

Inquiries that do not result in a specific business transaction with corresponding retention periods are also stored in our business contacts database to facilitate any correspondence in connection with future inquiries and business transactions. Furthermore, if we can identify a legitimate interest in our products or services from this data, it will be used to provide future information about them. Inactive contacts and inquiry details are deleted after a certain period of time following the last correspondence, in accordance with our privacy policy.v

14. Newsletter:

If you provide your consent, your email address will be stored in our email distribution list until further notice so that you can receive our newsletter, which includes promotional information. As part of the registration process, we store the time of registration and confirmation, as well as the user’s IP address. We are legally required to log registrations in order to verify that they were completed properly. After subscribing to the newsletter, you will receive a confirmation email. You can unsubscribe from the newsletter at any time by sending us an email with the subject line: Unsubscribe from Newsletter.

Messages sent as part of a contractual relationship do not fall into this category. This includes the sending of technical information, payment processing information, inquiries regarding orders, and similar messages, which you will continue to receive even after unsubscribing from the newsletter.

15. Social Media (Facebook & Instagram)

Our website includes links to our profiles on the social media platforms Instagram and Facebook:

• Instagram
• Facebook
.

Clicking on these links will redirect you to the respective platforms.

Note:

No data is transmitted to these services unless you actively leave our website via the link. A connection to the respective providers’ servers is established only when you click on the link. The providers may collect personal data (e.g., IP address) and use cookies or tracking technologies.

The respective operators are solely responsible for data processing on these platforms:

• Facebook (Meta Platforms Ireland Ltd.)
• Instagram (Meta Platforms Ireland Ltd.)

The privacy policies of the respective providers apply.

16. Google Maps

To make it easy for you to find us, we use Google Maps on our website to show our location. This feature is intended solely to help you find your way here easily and conveniently.

Note:

When you use this service, data (including your IP address) may be transmitted to Google's servers. This occurs regardless of whether you have a Google account or are signed in to one.

The provider's privacy policy applies.