Privacy Policy – Contact Form (schlossmuehlhof.com)

Effective date/version: · Version 1.1

1. Controller

Haidacher GmbH
Laurenzgasse 15/10, 1050 Vienna, Austria
Email: info@schlossmuehlhof.at
Website/domain: schlossmuehlhof.com

2. Data protection officer

Not appointed (no data protection officer required for the company).

3. Purposes of processing

Handling and responding to enquiries; for wedding/event enquiries also pre-contractual communication and organisation.

4. Categories of personal data

Mandatory
Name, email address, date, number of guests
Optional
Phone number
Free text
Your message/enquiry

5. Mandatory fields & consequences of not providing data

Without your name, email address, desired date, and guest count, we cannot review, assign, or respond to your inquiry.

6. Submission process (checkbox / TLS)

Data is transmitted only after you tick the checkbox “I have read and acknowledge the Privacy Policy.”. This checkbox merely documents awareness – it is not consent to additional purposes. Transmission is encrypted (TLS).

7. Legal bases

  • Art. 6(1)(b) GDPR (pre-contractual measures / contract performance), if your enquiry is aimed at concluding or performing a contract (e.g. wedding/event).
  • Alternatively Art. 6(1)(f) GDPR (legitimate interests) in efficient communication, IT/operational security and documentation.
  • Consent (Art. 6(1)(a) GDPR) only for additional purposes (e.g. newsletter/marketing) – separate, voluntary, and revocable at any time. (The checkbox is not consent.)

8. Recipients / processors

Access internally only for personnel who need it to process the enquiry. External service providers (with data processing agreements under Art. 28 GDPR):

  • Hosting/domain/email hosting: World4You Internet Services GmbH (AT; data centres in Austria).
  • Email transport (SMTP): smtp.world4you.com (port 587, STARTTLS); inbound: imap.world4you.com (port 993, SSL/TLS) or pop3.world4you.com (port 995, SSL/TLS).
  • Form/spam protection: none.
  • Other IT/support providers: none.

9. Transfers to third countries

Currently none. Processing and hosting take place in Austria/EU (World4You). If a non-EEA service is used in the future, this will only occur with appropriate safeguards (e.g. adequacy decision under Art. 45 GDPR or EU standard contractual clauses under Art. 46 GDPR) and, where necessary, additional measures; any residual risks will be transparently communicated.

10. Retention

  • General enquiries without contractual context: up to 12 months after last contact (for follow-up and documentation),
  • Event/wedding enquiries and bookings: until after fulfilment and post-processing (e.g. invoicing, complaints). Statutory retention periods then apply (in AT typically 7 years for tax/commercial records).

After expiry, data will be deleted or anonymised in accordance with our deletion/retention policy.

11. Technical & organisational measures (TOMs)

TLS encryption; access restrictions (roles/permissions, need-to-know); secure servers in AT; regular updates/patching; backups & recovery; deletion/permission concept; logging of security-relevant events.

12. Logging

We log the form submission (timestamp, technical metadata) and the activation of the checkbox as acknowledgement – not as marketing consent – based on Art. 6(1)(f) GDPR (security/documentation).

13. Cookies/tracking on the form

No marketing or profiling tracking. No non-essential cookies on public form pages. Technically necessary cookies exist only in the admin area, which is not accessible to site visitors.

14. Data subject rights

Subject to legal requirements, you have the rights of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20) and to object to processing based on Art. 6(1)(e) or (f) GDPR (Art. 21). You may withdraw consent at any time with effect for the future. Contact: info@schlossmuehlhof.at.

15. Right to lodge a complaint

You may lodge a complaint with the Austrian Data Protection Authority: Barichgasse 40–42, 1030 Vienna, Austria · Email: dsb@dsb.gv.at · Web: www.dsb.gv.at

16. No automated decision-making/profiling

No automated decision-making including profiling takes place.

17. Changes to this policy

We may adjust this policy if laws, our services or processing operations change. The version published here applies.