Privacy Policy of the
Wilderer Group

This privacy policy explains which personal data are processed when you use our website. Personal data are information relating to an identified or identifiable natural person (e.g. name, address, email address, IP address, user behaviour).

We process personal data in particular on the basis of Art. 6(1) GDPR – e.g. for performance of a contract or pre-contractual measures (lit. b), due to legal obligations (lit. c), based on consent (lit. a), or to safeguard legitimate interests (lit. f), provided that the rights of the data subject do not override those interests.

When you use our website for information purposes only – i.e. if you do not register and do not otherwise transmit information to us – we process technically necessary data that your browser transmits. This data is required in order to display our website to you in a stable and secure manner (Art. 6(1) lit. f GDPR).

Our website is operated on infrastructure of Amazon Web Services (AWS). AWS processes data on our behalf for the provision, delivery and protection of the website (processing under Art. 28 GDPR).

Server log data are processed for troubleshooting, detecting abuse and attacks and for system security, and are generally stored for 30 days and then deleted, unless longer retention is required in individual cases for security reasons.

If you contact us by email or via a contact form, we process the data you provide (e.g. name, email address, optionally telephone number and the content of the message) in order to handle your request and answer follow-up questions.

The legal basis is regularly Art. 6(1) lit. b GDPR (pre-contractual measures or contract performance) or – in the case of general inquiries – our legitimate interest in efficient communication (Art. 6(1) lit. f GDPR).

We store data from inquiries until processing is completed, but no longer than 12 months, unless statutory retention obligations require longer storage.

For email communication, we use Microsoft 365 as a service provider (processing under Art. 28 GDPR).

Our website uses cookies and similar technologies. These are small text files or technical identifiers that are stored on your device and through which certain information flows back to us or to the services used. Cookies cannot run programs or transmit viruses.

Statistics and marketing technologies (e.g. Google Analytics / Google Tag Manager) are only used after you have consented in the cookie banner (Art. 6(1) lit. a GDPR). Consent given can be withdrawn or changed at any time via the cookie settings.

You can also delete or block cookies in your browser settings. Please note that in this case not all functions of our website may be fully available.

If you request a booking or make a reservation, we process the data required for this (e.g. name, contact details, travel dates, number of guests and other booking-related information).

Processing is carried out to perform pre-contractual measures and to perform the contract (Art. 6(1) lit. b GDPR) and – where necessary – to comply with legal obligations (Art. 6(1) lit. c GDPR), e.g. in connection with invoicing and retention.

We use external systems to handle booking processes and manage reservations (e.g. Odoo as a booking/administration system and Avantio as a property management system). These providers process data on our behalf or as independent controllers – depending on the specific integration and role in the booking process.

Payments can be processed via Stripe (via Odoo integration). Payment data (e.g. card information) are generally processed directly by Stripe. We typically only receive information required for payment confirmation and processing (e.g. payment status, transaction reference).

If you have consented in the cookie banner, we use Google Analytics 4 to analyse use of our website and improve our offering. Among other things, usage data (e.g. page views, interactions, technical information) are processed. The legal basis is your consent (Art. 6(1) lit. a GDPR).

We also use Google Tag Manager to integrate and manage website tags. The tag manager itself generally does not create user profiles, but depending on configuration it can load tags that collect data (e.g. analytics).

Google may also transfer data to third countries (in particular the USA). For such transfers, appropriate safeguards pursuant to Art. 46 GDPR are used (e.g. standard contractual clauses) and/or, where applicable, certification under the EU-U.S. Data Privacy Framework may be relied upon.

You can withdraw your consent at any time via the cookie settings. From the moment of withdrawal, analytics/tags will no longer be loaded.

Google Maps may be embedded on our website (e.g. on the contact page) to provide convenient directions and location display. In doing so, data (e.g. IP address, technical information) may be transmitted to Google.

Depending on implementation, Google Maps is embedded only after your consent via the cookie/consent banner or via upstream activation (e.g. “Load map”). The legal basis is then Art. 6(1) lit. a GDPR.

Google may also transfer data to third countries (in particular the USA). For such transfers, appropriate safeguards pursuant to Art. 46 GDPR are used (e.g. standard contractual clauses) and/or, where applicable, certification under the EU-U.S. Data Privacy Framework may be relied upon.

Our services are generally intended for adults. Persons under 18 should not submit personal data to us without the consent of a parent or guardian.

You have extensive rights with regard to the processing of your personal data. A summary of the most important rights under the GDPR can be found below.

We implement technical and organisational security measures to protect your data against manipulation, loss, unauthorised access or other misuse. This includes in particular encrypted transmission of content where technically provided (e.g. via TLS/SSL).

Our security measures are regularly reviewed and continuously improved in line with technological developments.

We update this privacy policy as soon as changes to the data processing we carry out or to legal requirements make this necessary. The version currently published on this website applies in each case.