We have prepared this Privacy Policy (version 07.01.2026-313093324) in order to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter referred to as “data”) we, as the controller – and the processors commissioned by us (e.g. service providers) – process, will process in the future, and what lawful options you have. The terms used are to be understood as gender-neutral.
In short: We provide you with comprehensive information about the data we process about you.
Privacy policies usually sound very technical and use legal terminology. This privacy policy, however, is intended to describe the most important matters as simply and transparently as possible. Where transparency is helpful, technical terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. We clearly and plainly inform you that, in the course of our business activities, we only process personal data if there is an appropriate legal basis.
This is certainly not possible with very brief, unclear, and highly legalistic explanations, as are often standard on the internet when it comes to data protection. We hope you find the following explanations interesting and informative and that you may discover one or two pieces of information that were previously unknown to you.
If you still have questions, we kindly ask you to contact the responsible entity listed below or in the imprint, follow the available links, and consult further information on third-party websites. Our contact details can, of course, also be found in the imprint.
This privacy policy applies to all personal data processed by our company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Article 4(1) GDPR, such as a person’s name, email address, or postal address.
The processing of personal data enables us to offer and bill our services and products, whether online or offline. The scope of this privacy policy includes:
all online presences (websites, online shops) operated by us
social media presences and email communication
mobile apps for smartphones and other devices
In short: this privacy policy applies to all areas in which personal data is processed in a structured manner within the company via the channels mentioned above. If we enter into legal relationships with you outside of these channels, we will inform you separately where appropriate.
In the following privacy policy, we provide you with transparent information on the legal principles and provisions, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data.
With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation online on EUR-Lex, the access point to EU law, at:
https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679
We only process your data if at least one of the following conditions applies:
Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be storing the data you enter in a contact form.
Contract (Article 6(1)(b) GDPR): In order to fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we require personal information in advance.
Legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to retain invoices for accounting purposes, which usually contain personal data.
Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we must process certain data to operate our website securely and economically efficiently. This processing therefore constitutes a legitimate interest.
Other conditions, such as processing in the public interest, the exercise of official authority, or the protection of vital interests, generally do not apply to us. If such a legal basis should nevertheless become relevant, it will be indicated at the appropriate place.
In addition to the EU regulation, national laws also apply:
In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act – DSG).
In Germany, the Federal Data Protection Act (BDSG) applies.
If further regional or national laws apply, we will inform you about them in the following sections.
If you have any questions regarding data protection or the processing of personal data, you will find below the contact details of the controller pursuant to Article 4(7) GDPR:
Maria-Viorica Pavel
Straußstraße 3
4850 Timelkam
Austria
Email: [email protected]
Phone: +43 664 99150594
Imprint: https://alpinlake.at/de/impressum/
As a general principle, we only store personal data for as long as it is absolutely necessary for the provision of our services and products. This means that we delete personal data as soon as the reason for processing no longer exists. In some cases, however, we are legally obliged to store certain data even after the original purpose no longer applies, for example for accounting purposes.
If you request the deletion of your data or revoke your consent to data processing, the data will be deleted as quickly as possible, provided there is no legal obligation to retain it.
We will inform you below about the specific duration of the respective data processing if we have further information available.
In accordance with Articles 13 and 14 GDPR, we inform you of the following rights to which you are entitled in order to ensure fair and transparent data processing:
Right of access (Article 15 GDPR): You have the right to obtain confirmation as to whether or not we process data concerning you. If this is the case, you have the right to receive a copy of the data and the following information:
the purposes of the processing;
the categories of data processed;
the recipients of the data and, if data is transferred to third countries, how security is ensured;
the storage period;
the existence of the right to rectification, erasure, restriction of processing, or objection;
the right to lodge a complaint with a supervisory authority;
the origin of the data if it was not collected from you;
whether profiling is carried out.
Right to rectification (Article 16 GDPR): You have the right to have inaccurate data corrected.
Right to erasure (Article 17 GDPR – “right to be forgotten”): You may request the deletion of your data.
Right to restriction of processing (Article 18 GDPR): We may only store the data but not further process it.
Right to data portability (Article 20 GDPR): You may request that we provide your data in a commonly used format.
Right to object (Article 21 GDPR): If processing is based on Article 6(1)(e) or (f) GDPR, you may object to the processing.
Right not to be subject to automated decision-making (Article 22 GDPR): Under certain circumstances, you have the right not to be subject to a decision based solely on automated processing.
Right to lodge a complaint (Article 77 GDPR): You may lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.
In short: You have rights – do not hesitate to contact the responsible entity listed above.
If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been infringed, you may lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, available at https://www.dsb.gv.at/. In Germany, each federal state has its own data protection authority. Further information can be obtained from the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:
We only transfer or process data in countries outside the scope of the GDPR (third countries) if you have consented to such processing or if there is another legal authorization. This applies in particular if processing is legally required or necessary for the performance of a contractual relationship, and only to the extent permitted by law.
In most cases, your consent is the most important reason for processing data in third countries. The processing of personal data in third countries such as the United States, where many software providers operate and host their servers, may result in personal data being processed and stored in unexpected ways.
We expressly point out that, in the opinion of the European Court of Justice, an adequate level of protection for data transfers to the United States currently exists only if a U.S. company processing personal data of EU citizens actively participates in the EU–US Data Privacy Framework. More information can be found at:
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en
Data processing by U.S. services that are not active participants in the EU–US Data Privacy Framework may result in data being processed and stored without anonymization. In addition, U.S. governmental authorities may gain access to individual data. Furthermore, collected data may be linked with data from other services provided by the same provider if you have a corresponding user account. Where possible, we endeavor to use server locations within the EU, provided this option is available.
We provide more detailed information about data transfers to third countries at the appropriate sections of this privacy policy, where applicable.
👥 Data subjects: Visitors to the website
🤝 Purpose: Depends on the respective cookie. More details can be found below or from the software provider that sets the cookie.
📓 Processed data: Depends on the respective cookie. More details can be found below or from the software provider that sets the cookie.
📅 Storage duration: Depends on the respective cookie; may range from a few hours to several years
⚖️ Legal bases: Article 6(1)(a) GDPR (consent), Article 6(1)(f) GDPR (legitimate interests)
Our website uses HTTP cookies to store user-specific data.
Below, we explain what cookies are and why they are used so that you can better understand this privacy policy.
Whenever you browse the internet, you use a browser. Common browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
One thing is undeniable: cookies are very useful helpers. Almost all websites use cookies. More precisely, they use HTTP cookies, as there are also other types of cookies for different applications. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically stored in the cookie folder—essentially the “brain” of your browser.
A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.
Cookies store certain user data, such as language preferences or personal page settings. When you revisit our site, your browser sends this “user-related” information back to our website. Thanks to cookies, our website recognizes you and offers you the settings you are accustomed to.
In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.
The following graphic shows a possible interaction between a web browser (e.g., Chrome) and a web server. The web browser requests a website and receives a cookie from the server, which the browser uses again when another page is requested.
HTTP cookie interaction between browser and web server
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our website, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie can range from a few minutes to several years.
Cookies are not software programs and do not contain viruses, trojans, or other malware. Cookies also cannot access information on your PC.
Example cookie data may look like this:
Name: _ga
Value: GA1.2.1326744211.152313093324-9
Purpose: Distinguishing website visitors
Expiration date: After 2 years
A browser should be able to support at least the following minimum sizes:
At least 4,096 bytes per cookie
At least 50 cookies per domain
At least 3,000 cookies in total
Which cookies we use in detail depends on the services used and is explained in the following sections of this privacy policy. At this point, we would like to briefly explain the different types of HTTP cookies.
There are four types of cookies:
These cookies are necessary to ensure basic website functionality. For example, these cookies are required when a user adds a product to the shopping cart, continues browsing other pages, and only later proceeds to checkout. These cookies ensure that the shopping cart is not deleted even if the user closes the browser window.
These cookies collect information about user behavior and whether the user receives error messages. In addition, these cookies are used to measure loading times and website behavior across different browsers.
These cookies improve user experience. For example, entered locations, font sizes, or form data are stored.
These cookies are also known as targeting cookies. They are used to deliver individually tailored advertising to users. This can be very practical—but also annoying.
Typically, when you visit a website for the first time, you are asked which of these types of cookies you want to allow. Naturally, this decision is also stored in a cookie.
If you would like to learn more about cookies and do not shy away from technical documentation, we recommend
https://datatracker.ietf.org/doc/html/rfc6265
— the “HTTP State Management Mechanism” Request for Comments (RFC) of the Internet Engineering Task Force (IETF).
The purpose ultimately depends on the respective cookie. More details can be found below or from the software provider that sets the cookie.
Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalize which data is stored in cookies, but we will inform you about the processed or stored data within the scope of this privacy policy.
The storage duration depends on the respective cookie and is specified further below. Some cookies are deleted after less than an hour, while others may remain stored on a computer for several years.
You also have control over the storage duration yourself. You can manually delete all cookies at any time via your browser (see “Right to Object” below). Furthermore, cookies that are based on consent will be deleted at the latest once you revoke your consent, without affecting the lawfulness of the storage up to that point.
You decide how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, deactivate, or partially allow cookies. For example, you can block third-party cookies while allowing all other cookies.
If you want to find out which cookies are stored in your browser or if you want to change or delete cookie settings, you can do so in your browser settings:
Chrome: Delete, enable, and manage cookies in Chrome
Safari: Manage cookies and website data with Safari
Firefox: Delete cookies to remove data stored by websites on your computer
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete and manage cookies
If you generally do not want cookies, you can configure your browser to always inform you when a cookie is about to be set. This allows you to decide individually for each cookie whether to allow it. The procedure varies depending on the browser. It is best to search Google for instructions such as “delete cookies Chrome” or “disable cookies Chrome.”
Since 2009, there have been so-called “cookie guidelines.” These state that storing cookies requires your consent (Article 6(1)(a) GDPR). However, there are still significant differences in how these guidelines are implemented across EU member states.
In Austria, these guidelines were implemented in Section 165(3) of the Telecommunications Act (2021). In Germany, the cookie guidelines were not implemented as national law. Instead, they were largely implemented in Section 15(3) of the Telemedia Act (TMG), which was replaced in May 2024 by the Digital Services Act (DDG).
For strictly necessary cookies, legitimate interests (Article 6(1)(f) GDPR) exist even without consent, which are generally of an economic nature. We aim to provide visitors with a pleasant user experience, and certain cookies are often essential for this purpose.
Where non-essential cookies are used, this only occurs with your consent. The legal basis in this case is Article 6(1)(a) GDPR.
The following sections provide more detailed information about the use of cookies, provided that the software used employs cookies.
👥 Data subjects: Visitors to the website
🤝 Purpose: Handling contact inquiries and general communication between us and you
📓 Processed data: Data such as name, address, email address, telephone number, general content data, and possibly IP address
More details can be found in the respective tools used.
📅 Storage duration: Depends on the chatbots and chat functions used
⚖️ Legal bases: Article 6(1)(a) GDPR (consent), Article 6(1)(f) GDPR (legitimate interests), Article 6(1), sentence 1, letter (b) GDPR (contractual or pre-contractual obligations)
You can also communicate with us via chatbots or similar chat functions. A chat allows you to exchange messages or speak with us with only minimal time delay. A chatbot is software that attempts to answer your questions and may also inform you about news or updates. By using these communication tools, personal data may be processed and stored.
Communication with you is important to us. After all, we want to engage with you and answer any questions about our services as effectively as possible. Well-functioning communication is an essential part of our service offering.
Chatbots offer the great advantage that frequently asked questions can be answered automatically using this software. This saves us time while still providing you with detailed and helpful responses. If the chatbot cannot assist you further, you always have the option to contact us personally.
Please note that when using our integrated elements, data may be processed outside the European Union, as many providers are US-based companies. This may make it more difficult for you to exercise or enforce your rights regarding your personal data.
You may also use chat services on other websites or platforms. In such cases, your user ID may be stored on the servers of the respective website. We may also be informed about which user used the chat service and at what time. The content of the communication is also stored.
Which specific data is stored depends on the respective service. Generally, however, this includes contact data such as email address or telephone number, IP address, and various usage data.
If you have consented to the use of the chat function, this consent—including any registration—will be stored or logged. This is done so that we can provide proof of consent if legally required.
The provider of a chat platform may also learn when you use the chat and receive technical information about the device you are using. The exact information stored and processed also depends on your device and browser settings. In many cases, approximate location data may be collected. This is done both to optimize chat services and to ensure greater security.
In addition, this information may be used for personalized advertising and marketing purposes.
If you have consented to receive messages from a chatbot, you may revoke this activation at any time. The chatbot itself can assist you in unsubscribing from this function. All related data will then be deleted from the recipient directory.
We use the above-mentioned data to address you personally via chat, respond to your inquiries, provide content if applicable, and improve our chat services overall.
The duration of data processing and storage depends primarily on the tools used. Further details about the data processing of individual tools can be found below. The privacy policies of the respective providers usually specify which data is stored and for how long.
In general, personal data is processed only for as long as necessary to provide our services. If data is stored in cookies, the storage duration can vary significantly. Data may be deleted immediately after leaving a website or stored for several years.
Therefore, you should review each individual cookie in detail if you want precise information about data storage. In most cases, the privacy policies of the providers contain detailed information about their cookies.
You have the right and the option at any time to revoke your consent to the use of cookies or third-party providers. This can be done via our cookie management tool or through other opt-out functions.
You can also prevent data collection through cookies by managing, disabling, or deleting cookies in your browser.
Since chat services may use cookies, we also recommend reviewing our general cookie privacy policy. To find out exactly which data is stored and processed, please consult the privacy policies of the respective tools.
We request your permission via a pop-up window to process your data as part of our chat services. If you consent, this consent constitutes the legal basis (Article 6(1)(a) GDPR) for data processing.
In addition, we process your inquiries and manage your data within the scope of contractual or pre-contractual relationships in order to fulfill our contractual obligations or respond to inquiries. The legal basis for this is Article 6(1)(b) GDPR.
Furthermore, your data may also be stored and processed on the basis of our legitimate interest (Article 6(1)(f) GDPR) in fast and efficient communication with you or other customers and business partners. However, we only use these tools if you have given your consent.
👥 Data subjects: Visitors to the website
🤝 Purpose: Enabling and optimizing the payment process on our website
📓 Processed data: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address, and contract data
Further details can be found in the respective payment provider’s privacy policy.
📅 Storage duration: Depends on the payment provider used
⚖️ Legal basis: Article 6(1)(b) GDPR (performance of a contract)
We use online payment systems on our website to enable secure and smooth payment processing for you and for us. In this process, personal data may be transmitted to, stored by, and processed by the respective payment provider.
Payment providers are online payment systems that allow you to complete a transaction via online banking. Payment processing is carried out by the payment provider you select. We then receive confirmation that the payment has been completed.
This method can be used by any user with an active online banking account with PIN and TAN. There are very few banks that do not support or accept such payment methods.
We want to offer you the best possible service through our website and integrated online shop so that you feel comfortable and can easily use our offers. We know that your time is valuable and that payment processing must be fast and smooth.
For this reason, we offer various payment providers. You can choose your preferred provider and pay in the way you are accustomed to.
The specific data processed depends on the respective payment provider. In general, however, data such as name, address, and bank details (account number, credit card number, passwords, TANs, etc.) is processed. This data is required to complete a transaction.
In addition, contractual and usage data—such as when you visit our website, which content you are interested in, or which subpages you access—may also be stored. Most payment providers also store your IP address and information about your device.
The data is generally stored and processed on the servers of the payment provider. As the website operator, we do not receive this data. We are only informed whether a payment was successful or not.
For identity and credit checks, payment providers may transmit data to relevant authorities or agencies. All payment transactions are subject to the terms and privacy policies of the respective provider. Please review these carefully.
You have the right at any time to request deletion or correction of your data. For questions regarding your rights (right of withdrawal, right of access, right to data subject rights), please contact the respective payment provider directly.
Information about the duration of data processing is provided below where available. In general, we process personal data only for as long as necessary to provide our services and products.
If legally required (e.g., for accounting purposes), storage periods may be extended. For example, accounting records related to contracts (invoices, contracts, bank statements, etc.) are retained for 10 years, while other relevant business documents are retained for 6 years in accordance with statutory requirements.
You always have the right to access, correct, and delete your personal data. If you have questions, you can also contact the responsible payment provider directly. Contact details can be found in the respective privacy policies or on the provider’s website.
Cookies used by payment providers can be deleted, disabled, or managed in your browser. Please note that disabling cookies may prevent the payment process from functioning properly.
We use payment service providers to process contractual and legal relationships in accordance with Article 6(1)(b) GDPR. In addition to traditional banks and credit institutions, we also use other payment service providers.
The privacy policies of the respective payment providers (e.g., Amazon Payments, Apple Pay, Discover) provide detailed information on data processing and storage. You may also contact the responsible parties directly regarding data protection issues.
Information on specific payment providers is provided below where applicable.