top of page

Data protection

Information in accordance with the EU General Data Protection Regulation (GDPR)

Protecting your personal data is important to us. On this page, we inform you about which personal data we process during your website visit, inquiry, or booking, for what purposes this is done, and what rights you have under the General Data Protection Regulation (GDPR). If you have any questions about data protection, you can contact us at any time.

Preliminary data protection notice

The GRETI – Alpine Boutique Hotel is currently in its final preparation phase.
The complete, legally reviewed data protection text will be added shortly.
Until then, we will keep you transparently informed about the most important aspects of current data processing:

1. Basics

The protection of your personal data is of particular importance to us. We process your personal data exclusively on the basis of the legal provisions (GDPR, TKG 2021).

Responsible party:
GRETI – Alpine Boutique Hotel Gruber GmbH
Pfarrgasse 4
5630 Bad Hofgastein
Austria

Email: servus@greti-gastein.at
Telephone: +43 6432 26608

Data Protection Officer:
Benjamin Johannes Gruber

This privacy policy describes the type, scope and purpose of the processing of personal data within the framework of our hotel operations, our website and all related services.

2. Purposes of data processing

We process personal data from:

  • Interested parties:

  • Guests & Customers:

  • Website visitors:

  • Inquiry and contact persons

  • Newsletter subscribers:

  • Applicants (if submitted)

Main purposes:

  • Hotel operation & booking management

  • Handling of requests

  • Marketing & Communication

  • Newsletter (if activated)

  • Analysis & Improvement of our Website

  • Technical operation & security of the website

  • Online map display (Google Maps)

  • Use of tracking and advertising tools (Google, Meta)

  • Cookie management via Usercentrics

3. Business activities (hotel operations)

In connection with inquiries, reservations and stays, we process in particular the following data:

Types of processed data

  • Master data (name, address, telephone number, email, date of birth, country of origin)

  • Data from travel documents (passport, identity card – according to registration law)

  • Booking details (travel dates, room category, prices, number of people)

  • Payment details (type of payment, amount; currently no online payment)

  • Data on special requests, preferences or additional services

  • Vehicle registration number (when using parking spaces)

  • Data of fellow travelers (if transmitted)

Legal basis

  • Contract or pre-contractual measures (Art. 6 para. 1 lit. b GDPR)

  • Legal obligations (registration law, tax law)

  • Consent (Art. 6 para. 1 lit. a GDPR)

  • Legitimate interest (Art. 6 para. 1 lit. f GDPR) – in particular communication, service improvement and documentation

Storage duration

  • Registration law data: 7 years

  • Booking and billing data: 7 years

  • Inquiries without booking: max. 3 years

  • Data stored based on your consent: until revoked (max. 3 years after last contact)

We do not engage in profiling with legal implications.

4. Marketing & Direct Advertising

We will inform you about offers via:

  • post

  • Email (with consent)

  • electronic existing customer marketing in accordance with § 174 TKG

Legal basis

  • Legitimate interest (Art. 6 para. 1 lit. f GDPR)

  • Consent (Art. 6 para. 1 lit. a GDPR)

You can withdraw your consent at any time.

Marketing data is stored for up to 3 years after the last contact.

5. Newsletter

If you register:

  • We process your email address

  • optional information about interests

  • Store open and interaction rates to improve service

Legal basis: Consent
Cancellation is possible at any time.

6. Contact form & inquiries

When you contact us via form or email, we process the following data:

  • Contact details

  • Message contents

  • technical metadata (date, time)

Legal basis:

  • pre-contractual measures / contract (Art. 6 para. 1 lit. b GDPR)

  • legitimate interest (Art. 6 para. 1 lit. f GDPR)

Storage: up to 3 years after last contact.

7. Cookies & Website Tracking

Consent management via Usercentrics
Our website uses a cookie banner from the company Usercentrics.
He manages all consents in accordance with GDPR and TKG.

Technically necessary cookies

Legal basis: legitimate interest (Art. 6 para. 1 lit. f GDPR)

Marketing & tracking cookies

They will only be set after consent has been given.

The following services use cookies or process personal data:

7.1 Google Tag Manager

Serves the technical integration of tools.
It does not process any personal data itself.
(USA, EU-US Data Privacy Framework)

7.2 Google Analytics 4

Includes, among other things:

  • Page views

  • Device information

  • Interactions

  • shortened IP address (IP anonymization active)

Legal basis: Consent

Data transfer: USA (DPF-certified)

7.3 Google Ads Conversion Tracking

It measures the effectiveness of advertising campaigns.
Only with consent.

7.4 Meta Pixels (Facebook / Instagram)

It tracks the behavior of website visitors to optimize advertising.
Only with consent.

Recipient: Meta Platforms Ireland Ltd.
Data transfer: USA (DPF)

7.5 Google Maps

Embedded on our contact page.
Only loaded after consent.

7.6 Google Fonts (locally hosted!)

We use Google Fonts, which are stored locally in the Wix system.
No connection to Google is established.
No data transmission, no cookies.

7.7 Wix Platform & Wix Analytics

Host & Website Builder:

Wix.com Ltd
40 Namal Tel Aviv St., Tel Aviv 6350671, Israel

Wix is a platform provided by Wix.com, Ltd. that allows the owner to build, host, and operate www.greti-gastein.at . Wix is highly customizable and can host websites with content ranging from simple blogs to complex e-commerce platforms.


Personal data processed: Email address; device information; delivery address; last name; usage data; billing address; telephone number; tracker; first name; payment data.
Place of processing: Israel – Wix Privacy Policy .

Data is processed in accordance with the EU adequacy decision for Israel.

8. Recipient / Processor

  • Wix.com Ltd. (Web hosting & system)

  • Usercentrics GmbH (Consent Management)

  • Google LLC (after consent)

  • Meta Platforms Ireland Ltd. (with consent)

Data will only be transferred if there is an adequacy decision or standard contractual clauses.

9. Rights of data subjects

You have the right to:

  • Information

  • Correction

  • deletion

  • restriction

  • Data portability

  • Revocation of granted consent

  • Objection to processing based on legitimate interests

Contact us to exercise your rights:

GRETI – Alpine Boutique Hotel Gruber GmbH
Pfarrgasse 4, 5630 Bad Hofgastein
Email: servus@greti-gastein.at

Complaints can be addressed to the Austrian Data Protection Authority ( www.dsb.gv.at ).

bottom of page