Data Protection

1 General

For Ms. Norayma Lopez ("we" or "us") as the controller responsible for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR), the protection of your personal data has the highest priority. When processing personal data, we therefore comply with all requirements of the EU General Data Protection Regulation (GDPR), the Data Protection Act (DSG) as well as other national and European legal provisions and strive for the best possible transparency. With regard to data security, we take the appropriate technical and organizational measures so that your personal data is secure with us.

We process personal data in accordance with the principles of lawfulness, fairness, transparency, accuracy, purpose limitation, data minimization, storage limitation and integrity as well as confidentiality.

Please read this privacy policy carefully. You can contact us at any time for questions or further information. You will find our contact details under point 2.

We would also like to point out that various data transmissions, such as sending unencrypted emails, do not offer comprehensive protection against access by third parties.

2 Controller

Ms. Norayma Lopez
Neue Welt Höhe 11
8042 Graz
Austria
+43 699 17139872
noraymalopez@yahoo.de
lilians-apartments.com

3 Recipients

Depending on the respective processing, it may be necessary to forward your personal data to common industry service providers such as postal service providers, lawyers, tax consultants, auditors, payment service providers or other third parties. Against the background that some of these industry service providers are commissioned on a project basis, no exact naming of the service providers is currently possible.

Depending on the purpose of the processing, we pass on your personal data to processors commissioned by us, provided this is necessary to fulfill the respective task. When selecting our processors, we ensure compliance with data protection regulations. In addition, agreements have been made with the processors to ensure that the personal data is processed confidentially and carefully.

We forward your personal data to the following recipients (AV: Processor; V: Controller; GV: Joint Controller)

No.	Name	Address	Service	AV / V / GV	EU / Third Country
1	Waymark GmbH	Kärntner Straße 518, 8054 Seiersberg-Pirka	Web Hosting	AV	EU
2	Google Ireland Limited	Gordon House, Barrow Street, Dublin 4	Font Analysis (TagManager) Advertising (AdSens) Security Services (ReCaptcha)	AV	EU/USA
3	Google LLC	1600 amphitheatre pkwy mountain view ca 94043 (USA)	Google Maps Service	AV	USA
4	Updraft WP Software Ltd.	Welsh Ice Britannia House, Caerphilly Business Park, Caerphilly, Wales, CF83 3GG (UK)	Backup and Recovery	AV	UK
5	Adobe Systems Incorporated	345 Park Avenue, San Jose, CA 95110-2704 (USA)	Fonts	AV	US

4 Processing of your personal data

Below we describe how we process your personal data.

Categories of personal data

The following categories of personal data may - depending on the purpose - be subject to processing:

Personal details: Name/Company/other business designation, address, phone number, email address, date of birth, etc.
Log Files: IP address, operating system, referrer URL, entry and exit page, browser type, browser version, country, date and time of the server request, mail data (IP address sender/recipient, date and time of the mail, mail server, etc.), etc.
Payment data: Bank and credit card data, transfer information, etc.

Guests of our website

If you visit our website, we will process your personal data.

Processing of personal data: Log Files
Purpose of data processing: We process your personal data to ensure stable website use, to identify, analyze and correct problems and to prevent attacks on our website. Thus, our website can be operated properly, stably and securely and our web presence can be improved and further developed.
Legal basis of data processing: The data processing is based on our legitimate interest. We have a legitimate interest in ensuring that our website can be operated properly and securely. On the one hand, we want to protect our website visitors and, on the other hand, convey our website content appropriately to our website visitors. A combination of this data with other data sources is not undertaken. To implement these goals, we use external service providers.
Recipients: Your data will be transmitted to Waymark GmbH, Google Ireland Limited, Google LLC, Updraft WP Software Ltd., and Adobe Systems Incorporated.

Please do not visit our website if you do not want us to process your data.

Business partners and customers

We process your personal data, provided you are our (future) business partner or customer, as follows:

Processing of personal data: Personal details, log files, payment data or data regarding (i) the delivery of goods, (ii) provision of services and/or (iii) other contracts.
Purpose of data processing: The personal data is processed to (i) process or fulfill the respective contract with you, in particular to process the payment or assert our claims arising from or in connection with the respective contract, (ii) be able to conclude new contracts and/or (iii) be able to maintain existing contracts. Furthermore, we may use your personal data for direct marketing, i.e., to send you information about our products, services, our company and promotions. We also process your personal data as part of the management of the company (e.g., accounting, controlling).
Legal basis of data processing: The legality of the processing of personal data is based on Art 6 Para 1 lit b GDPR; this means that the processing of personal data serves the fulfillment of a contract, the initiation of a contract and/or the maintenance of the contract. Furthermore, we are also legally obliged to process your personal data (e.g. money laundering suspicion report). In addition, we have a legitimate interest in data processing to carry out proper and efficient business management and to make various process and management optimizations and to offer you our products and services. In addition, we have a legitimate interest in processing your personal data for direct marketing in order to be able to make you appropriate offers and to inform you about new products and services as well as about our company. In some cases, we send you direct marketing based on your consent.
Recipients: Your data will be transmitted to Waymark GmbH, Google Ireland Limited, Google LLC, and Updraft WP Software Ltd.

As part of our business relationship, you are only required to provide personal data that is necessary for the establishment, execution and termination of a business relationship or that we are legally obliged to collect. Without this personal data, we usually have to refuse the conclusion of the contract or can no longer fulfill an existing contract or may have to terminate the contract.

Google Maps

We use Google Maps on our website.

Processing of personal data: Log Files
Purpose of data processing: The purpose of the processing is to make certain places (e.g. our location) visible on a map to ensure easier discoverability.
Legal basis of data processing: The legality of data processing is based on your consent, which you have given in the Consent Manager.
Recipients: Your data will be transmitted to Google LLC.

Please do not visit our website if you do not want us to process your data.

5 Processing of special categories of data

No special categories of personal data are processed.

6 Cookies

General

When using our website lilians-apartments.at, so-called cookies and similar technologies (e.g. pixel tags) are used. A cookie is a small text file that is downloaded and stored on your device's hard drive via your browser. Cookies serve to enable the correct functioning of our website, to expand the functionality of the website, to optimize its functions and to make our offer user-friendly. In addition, cookies can also be used to collect statistical data and for marketing purposes. Cookies, with the exception of essential and certain functional cookies (see also point 6.2.), can be activated and deactivated via the Consent Manager of our website. If cookies are deactivated, the functionality of our website may be restricted. Further information is available in the Consent Manager.

Types of Cookies

The least privacy-invasive type of cookies are essential cookies (also called necessary cookies). Essential cookies are technically strictly necessary for the operation or visit of our website. We use these cookies without the user's consent in accordance with § 165 Para 3 TKG 2021. Essential cookies cannot be deactivated either. There are also functional cookies (sometimes called convenience cookies). These cookies allow a website to "remember" choices a user makes (including saved user IDs, consents given, or languages chosen) and other personalization options you have selected while browsing. Functional cookies that are necessary for the services you have requested are set without your consent in accordance with § 165 Para 3 TKG 2021. Necessary functional cookies cannot be deactivated. These are mainly cookies in connection with a digital shopping cart. In addition, there are also analytical and performance cookies used to monitor and improve the functions and services of a website. These can track down problems when using a website, facilitate online surveys, record visitor numbers and provide analytical metrics. So-called session cookies are only stored for the duration of the respective session. Persistent cookies remain permanently or for the respective storage period. First-party cookies are set by us, while third-party cookies are set by third-party providers. Detailed information can be found in the Consent Manager on our website.

Legal basis

Cookies, with the exception of essential cookies and necessary functional cookies (see also point 6.2.), are set on the basis of the user's consent. Consent can be revoked at any time without giving reasons. Revoking your consent does not affect the legality of the data processing carried out on the basis of your consent until revocation. The revocation of the processing of your personal data in connection with the storage of cookies can in particular be done by deleting the cookies.

7 Data transmission

General

Data transfers to a third country are permitted under the GDPR if the third country has an adequate level of data protection (safe third country). The EU Commission has adopted an adequacy decision for some third countries, confirming an adequate level of data protection. An overview can be found here.

Data transfer to the USA

For data transmission to the USA, an agreement ("Data Privacy Framework") was concluded between the USA and the EU. On the basis of this agreement, the Commission adopted an adequacy decision (see point 7.1.). However, data transmission to the USA based on the aforementioned adequacy decision is only permitted if the recipient has joined the Data Privacy Framework. The list of companies that have joined the Data Privacy Framework can be found here.

8 Data storage

Unless another storage period is announced to you, we process, in particular store, your personal data as long as this is necessary to achieve the respective purpose (e.g. contract fulfillment, processing of your inquiry, etc.). However, we will not delete your personal data even if we are legally obliged to retain this data, for example in the context of corporate or tax law provisions. We also continue to retain your personal data as long as you can assert claims against us. In this regard, we will continue to retain the personal data from you that is necessary to ward off claims. According to the Austrian General Civil Code (ABGB), the statutory limitation periods are generally between three and thirty years.

9 Confidentiality

All our employees have been subjected to confidentiality obligations regarding the information entrusted to them or made known to them in the course of their work, even beyond the end of the employment relationship.

10 Data security

Data security is a major concern for us. We have taken all necessary technical and organizational measures in accordance with Art 32 GDPR to ensure the security of data processing and to process the personal data in such a way that they are protected against loss, destruction, access, modification or distribution by unauthorized persons. Our IT infrastructure complies with popular security requirements and is reviewed regularly. Our website uses the industry-standard SSL (Secure Sockets Layer) for encryption. This ensures the confidentiality of your personal data over the Internet. You can recognize whether an encrypted transmission is taking place by the closed key/lock symbol in the display of your browser. Databases or data sets containing personal data can be breached accidentally or through unlawful intrusion. As soon as we become aware of a data breach, we notify all affected individuals whose personal data may have been compromised. The notification is accompanied by a description of the measures taken to remedy any damage resulting from the data breach. The notification takes place as soon as possible after the discovery of the breach.

11 Information for children

Our website and services are not directed at children under 16 years of age. If we learn that we have collected personal information from a child under 16, we will take reasonable steps to delete this information from our files as soon as possible, unless we are legally required to retain it. Please contact us if you believe we have information from or about a child under 16.

12 Exercising data subject rights / Contact

Valid since February 22, 2024