Privacy Policy (version of January 13, 2026)

1. Controller and scope

This privacy policy applies to all processing activities of LHG GmbH,
Lindenplatz 3, 9082 Maria Wörth, Austria (“Controller”) in connection with the operation of the
domain www.hotellinde.at and the contact and application forms provided there.
The controller is registered in the company register of the Klagenfurt Regional Court under
number FN 458151 b, UID: ATU 78065647, and is represented by Mr. Trattnig Matthias
(Managing Director). For data protection concerns, you can contact us at
info@h‑linde.at.

2. Legal bases and purposes of data processing

The processing of personal data is carried out exclusively in compliance with Regulation (EU) 2016/679
(GDPR) and the Data Protection Act 2018. Depending on the case, we rely on different
permissive facts: If the processing is necessary for the performance of a contract or pre-contractual measures
(e.g. processing booking inquiries), it takes place in accordance with Art. 6 para. 1 lit. b GDPR.
Processing that is necessary to protect our legitimate interests in the proper and secure
provision of the website (e.g. server log files) is based on Art. 6 para. 1 lit. f GDPR.
For all non-essential third-party services (web analysis, typography integration, geo-service), we obtain
prior express consent (Art. 6 para. 1 lit. a GDPR).

3. Log data and hosting

When you access our website, your device automatically transmits technical information to our
web server. This includes in particular IP address, date and time, resources accessed, referrer URL,
browser and operating system information. This data is stored in server log files to ensure the
functionality of the website, to defend against attacks and to ensure system security.
We evaluate this data exclusively for technical purposes and delete it as soon as the
stated purposes no longer apply (standard period of seven days), unless longer storage is necessary to clarify
security incidents.

4. Consent Management

For the data protection-compliant management of consents, we use a Consent Management Platform (CMP)
that works with a conditional cookie banner. This system enables region-specific
cookie notices and can block third-party scripts and embeds until consent is given.
The CMP records the time and category of the consent given, stores it for
verification purposes (Art. 7 para. 1 GDPR) and supports a revocation/opt-out procedure. The CMP configures
our website automatically based on services and plugins and blocks iFrames and scripts (especially
analysis and marketing tools) until the visitor consents. The use of the CMP serves our legal
obligation to provide proof and is based on Art. 6 para. 1 lit. c GDPR and our
legitimate interest in the legally compliant design of our online offer (Art. 6 para. 1 lit. f GDPR).

5. Web analysis with Google Analytics

If you have consented to the collection of data subject to consent via our CMP, we use the
web analysis service Google Analytics. The integration takes place exclusively on the basis of your consent
(Art. 6 para. 1 lit. a GDPR). Google Analytics collects technical connection data (IP address, date,
time, page accessed, browser information) and usage data (interactions, clicks, scrolling behavior) to
create pseudonymized statistics and usage reports. The processing serves to analyze the
user behavior and the optimization of our content offer.

The data recipient is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, which forwards certain
data to Google LLC (USA). A transfer to the USA takes place on the basis of your consent
and the adequacy decision C(2023) 4745 of the European Commission (Data Privacy Framework). Before
consent is given, no transfer to Google takes place. You can revoke your consent at any time
without affecting the lawfulness of the processing carried out until revocation.

6. Fonts via external typography services

For the uniform display of typography, we do not use web font libraries stored on our own server.
When externally integrated, a connection to the servers of the typography provider is established when the website is accessed.
Browser and device data, in particular your IP address, is transmitted to the service provider.
The data is transferred in particular to servers in the USA,
which results in a third-country transfer. Since the use of external font libraries is not mandatory
and would not be lawful on the basis of “legitimate interests”, we only load them after your
consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time; until then, the CMP blocks the establishment of a connection to the servers.

7. External map service

We use an external map service to display geobased content. This service is only activated after
your express consent. Without your consent, no data will be transmitted to the provider.
By activating it, a connection is established to servers of the provider (Google Ireland Limited); in this process,
technical connection data (e.g. IP address, date, time, requested resources,
browser information) and usage data are processed to create usage statistics. The legal basis
for the processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR; the data collected within the scope of the map service
is transmitted to Google Ireland Limited and, if applicable, Google LLC (USA). The
data transfer to the USA takes place under the Data Privacy Framework. You can revoke your consent
at any time via the cookie settings.

8. Communication forms

We provide a contact form for general inquiries. We process the data entered therein (e.g.
name, e-mail address, telephone, message) exclusively to answer your inquiry.
Because the user contacts us with a request, the processing is permissible without further consent;
it is based either on our overriding legitimate interest (Art. 6 para. 1 lit. f GDPR) or – in the case of
contract-related inquiries – on Art. 6 para. 1 lit. b GDPR. We do not collect special categories of personal data
(Art. 9 GDPR); if you provide such data unsolicited, we will only process it
if you have expressly consented to it. The data will be deleted after your request has been processed
, provided that there are no statutory retention periods.

9. Application form and application documents

Applicants can submit their documents to us via an online form or by e-mail.
We process the personal data transmitted in the application process (e.g. master data,
contact details, qualifications, curriculum vitae, certificates, correspondence) to carry out the selection procedure
and to assess suitability. The legal bases are the implementation of pre-contractual measures in accordance
with Art. 6 para. 1 lit. b GDPR and our overriding legitimate interest in an efficient application process
pursuant to Art. 6 para. 1 lit. f GDPR. We generally delete application data six months after the conclusion of an
unsuccessful application process; longer storage in evidence only takes place with your express consent.
If you are hired, we will continue to process your application documents for the purpose of the employment relationship
and in accordance with statutory retention periods.

10. Recipients and data transfers

Within our company, only those departments receive access to personal data that require it to
fulfill the above-mentioned purposes. In addition, we use carefully selected
processors (e.g. hosting providers, IT service providers). These are bound by written
agreements pursuant to Art. 28 GDPR to process data only in accordance with our instructions and to
implement appropriate security measures. A transfer to third parties only takes place if we are legally obliged to do so
or you have consented to it.

11. Technical and organizational measures

We have taken appropriate technical and organizational measures to protect personal data from
accidental or unlawful destruction, loss, alteration or unauthorized disclosure. These
include in particular access controls, encryption (TLS/HTTPS), authorization concepts and regular
security audits.

12. Rights of data subjects

You have the right to information, rectification, deletion, restriction of processing, data portability
and objection to the processing of your personal data. You can revoke granted consents
at any time with effect for the future. To exercise your rights, you can contact the controller
using the contact details provided above. In addition, you have the right to lodge a complaint with the
Austrian Data Protection Authority (Barichgasse 40‑42, 1030 Vienna, Tel. +43 1 52 152‑0, E‑Mail:
dsb@dsb.gv.at).

13. Updating this privacy policy

We reserve the right to adapt this privacy policy in accordance with legal requirements, technical developments
or changed business processes. The current version, which can be accessed via our website, applies.