Privacy Policy

[Company name to be added] [Address to be added] Vienna, Austria Email: [email to be added] Phone: [phone to be added]

When you use our website or book an apartment, we may collect the following personal data: - Name, email address, phone number (provided during booking) - Payment information (processed securely through our payment provider) - IP address, browser type, and usage data (collected automatically) - Check-in/check-out dates and guest preferences - Communication records (emails, inquiries)

We process your personal data for the following purposes: - Processing and managing apartment bookings - Communicating with you about your reservation - Providing guest services during your stay - Sending booking confirmations and invoices - Complying with legal obligations (e.g., guest registration requirements under Austrian law) - Improving our website and services

We process your data based on: - Contract performance (Art. 6(1)(b)) - to fulfill your booking - Legal obligation (Art. 6(1)(c)) - guest registration, tax obligations - Legitimate interest (Art. 6(1)(f)) - website analytics, service improvement - Consent (Art. 6(1)(a)) - marketing communications, where applicable

Our website uses two kinds of cookies: - Essential cookies - required for the site to function (e.g., your consent choice, currency preference). - Analytics cookies - Google Analytics 4 (Measurement ID G-GVGXZFKJ8W), used to understand how visitors discover and use Mint @Naschmarkt. Analytics is on by default; you can turn it off at any time via the "Cookie Preferences" link in the footer. Google Consent Mode v2 is used so that, when you turn analytics off, Google receives only anonymized signals (no client identifier, no advertising data). You can change or withdraw your consent at any time via the "Cookie Preferences" link in the footer.

We may share your data with the following third-party services: - Beds24 - booking and availability management - Stripe - secure payment processing - Vercel - website hosting - Supabase - database services - Google LLC (Google Analytics 4) - visitor analytics, on by default with opt-out. Data is processed in EU regions where available; Standard Contractual Clauses are in place for any transfers to the United States. EU-US Data Privacy Framework certification: active. These providers process data on our behalf under appropriate data processing agreements.

We retain your personal data only as long as necessary: - Booking data: 7 years (Austrian tax law requirements) - Guest registration data: as required by local regulations - Website analytics: 26 months - Marketing data: until you withdraw consent

Under the GDPR, you have the right to: - Access your personal data - Rectify inaccurate data - Erase your data ("right to be forgotten") - Restrict processing - Data portability - Object to processing - Withdraw consent at any time To exercise these rights, contact us at [email to be added].

We implement appropriate technical and organizational measures to protect your personal data, including encrypted data transmission (TLS/SSL), secure storage, and access controls.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with: Österreichische Datenschutzbehörde (Austrian Data Protection Authority) Barichgasse 40-42 1030 Vienna, Austria dsb@dsb.gv.at www.dsb.gv.at

When you submit your email address in our welcome offer (the on-site popup), we store it to send you our neighbourhood guide and occasional direct-booking offers. - Lawful basis: your consent (Art. 6(1)(a) GDPR). - We store your email address, the consent wording you were shown, a timestamp, and your IP address as proof of consent. - You can withdraw your consent and unsubscribe at any time; every marketing email contains an unsubscribe link. - We only begin sending marketing emails after you confirm your address (double opt-in). Until then your address is stored but not used to email you. - Your address may be processed by our email service provider (named here once selected) under a data processing agreement.

We may update this privacy policy from time to time. The current version is always available on this page. Last updated: [date to be added].