+43 664 / 509 44 14
Mountain HostelBook Now

Privacy Policy

Privacy Notice

Data Protection, Responsibility and Scope

We respect the privacy of our customers and other interested individuals and comply with applicable laws regarding the protection of your privacy. These laws include in particular:

  • the European Union General Data Protection Regulation (“GDPR”)

This privacy notice applies to:

  • Website: mhostel.at

The following categories of data subjects are covered by this privacy notice:

  • Website visitors

The controller responsible for processing your personal data under this privacy policy is:

Jugendhotel Edelweiss GmbHLeiten 1108972 Ramsau am DachsteinKlagenfurt, Austriainfo@mhostel.at

Purpose of this Privacy Notice

This notice explains:

  • for what purposes personal data is collected and processed

  • which categories of personal data are affected

  • on what legal basis we process personal data

  • which third-party processors are involved in the processing

  • to which third parties personal data is transferred

  • additional information such as storage duration, data subject rights, and other relevant details regarding data processing

Purposes for Processing Personal Data

Website Hosting

To provide access to our website and ensure its secure and reliable operation, we use website hosting services. This includes storing website content, managing technical infrastructure, and processing certain personal data automatically transmitted when you visit our website. Processing is necessary to maintain functionality, security, and performance, as well as to detect and prevent misuse or technical issues.

Categories of data processed:

  • User behavior relevant for error analysis

  • Device information

  • Log data

  • Technical information

Legal basis:

  • Legitimate interest pursuant to Art. 6 (1) (f) GDPR

Processors involved:

  • Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany

Additional information:Our legitimate interest lies in ensuring the security, stability, and proper functioning of our website, as well as preventing misuse, technical disruptions, or unauthorized access.

Data center location: Germany

Website Maintenance

To ensure proper functionality, security, and continuous improvement of our website, we process personal data as part of ongoing maintenance activities. This includes monitoring performance, identifying and fixing technical issues, and applying updates to improve usability and protect against cyber threats.

Categories of data processed:

  • Log data

  • Technical information

Legal basis:

  • Legitimate interest pursuant to Art. 6 (1) (f) GDPR

Processors involved:

  • SEEL OG, Urstein Süd 15, 5412 Puch bei Hallein, Austria

Additional information:Our legitimate interest is to provide a secure, reliable website, protect against cyber threats, and continuously improve our services.

Facebook Fan Page

The collection and processing of personal data via Meta services takes place under joint controllership with Meta Platforms Ireland Limited.

We operate a Facebook fan page to provide information about our company, interact with users, respond to inquiries, and promote our products and services. The page enables communication with interested users, customers, and the public, as well as sharing updates and building a community.

Categories of data processed:

  • Demographic and interest-based information

  • Advertising effectiveness data

  • Messages sent via Facebook or Messenger

  • Profile information

  • Reactions, comments, and shared content

  • Video views and viewing behavior

Legal basis:

  • Legitimate interest (Art. 6 (1) (f) GDPR)

  • EU–US Data Privacy Framework (Art. 45 (3) GDPR)

  • Consent (Art. 6 (1) (a) GDPR)

Processors involved:

  • Meta Platforms Ireland Ltd., Dublin, Ireland

Additional information:Data is available for up to two years after collection.

Further information is provided in Meta’s privacy policies and cookie policies.

Email Contact

When you contact us via email, we process your personal data to handle your inquiry and communicate with you effectively.

Categories of data processed:

  • Information you provide via email

  • Contact details

Legal basis:

  • Legitimate interest pursuant to Art. 6 (1) (f) GDPR

We kindly ask you not to send sensitive personal data via email, including:

  • ethnic origin

  • political opinions

  • religious or philosophical beliefs

  • trade union membership

  • genetic or biometric data

  • health data

  • data concerning sex life or sexual orientation

If such data is received, it will be deleted where appropriate.

Consent Management System

To comply with data protection regulations and manage your privacy preferences, we use a consent management system. This allows users to make informed choices regarding data collection and usage.

Categories of data processed:

  • Consent records

  • User identifiers

  • Website usage data

  • Device information

  • IP address

  • Location data

  • Technical and behavioral data

Legal basis:

  • Consent pursuant to Art. 6 (1) (a) GDPR

Processor:

  • Borlabs GmbH, Hamburg, Germany

Website Visitor Analytics

We analyze how users interact with our website to improve usability, performance, and marketing effectiveness.

Technologies used include:

  • Matomo On-Premise

  • Google Analytics

  • Google Tag Manager

  • Meta Pixel

Categories of data processed:

  • Browser information

  • Cookies and tracking technologies

  • Website usage data

  • Interaction and behavioral data

  • Device information

  • IP address

  • Conversion data

  • Access statistics

Legal basis:

  • Consent (Art. 6 (1) (a) GDPR)

  • EU–US Data Privacy Framework (Art. 45 (3) GDPR)

Processors involved:

  • Google Ireland Limited

  • Meta Platforms Ireland Ltd.

  • Hosting provider (as applicable)

Contact Form

We provide a contact form to allow users to reach out to us easily. Submitted information is used exclusively to process and respond to inquiries.

Categories of data processed:

  • Identification data

  • Contact details

  • Free-text information provided by the user

Legal basis:

  • Legitimate interest pursuant to Art. 6 (1) (f) GDPR

Data is shared only with authorized staff or service providers involved in processing your request.

Additional Information

Storage Duration

We store personal data only as long as necessary for the purposes stated in this notice or as required by law. Once no longer needed, data is deleted or anonymized.

Protection of Personal Data

We implement appropriate technical and organizational measures to protect personal data, including encryption and pseudonymization where possible. Security measures are regularly reviewed and updated.

Withdrawal of Consent

If processing is based on consent, you may withdraw it at any time. This does not affect the legality of processing carried out before withdrawal.

Data Sharing

We only share personal data when required by law, necessary for service delivery, or with authorized processors under contractual agreements. We do not sell personal data.

Data Subject Rights

You have the right to:

  • access your personal data

  • correct inaccurate data

  • request data portability

  • restrict processing

  • request deletion (where legally permitted)

  • object to processing

  • lodge a complaint with a supervisory authority

Data Transfers to the USA and Data Privacy Framework

Where US-based providers are used, we ensure they are certified under the EU–US Data Privacy Framework, ensuring an adequate level of data protection in accordance with EU standards.

Changes to This Privacy Notice

We may update this privacy notice from time to time. The latest version will always be published on this page.

Publication date of the current version: 14 April 2026

This privacy notice was generated using the Metasoul privacy generator.