DATA PROTECTION

control over data

Status: 31.07.2025

Introduction

We take the protection of the data of users of our website and/or mobile app very seriously and are committed to safeguarding the information that users provide to us in connection with the use of our website and/or mobile app (collectively, "digital assets"). Furthermore, we commit to protecting and using your data in accordance with applicable laws.

This document informs you about the handling and use of your data (type, scope, and purpose of collection) and the data protection on this online service (short "website") in accordance with the European General Data Protection Regulation (EU 2016/679, hereinafter "GDPR").

Responsible for Data Processing

Thomas Ebner

Göllerweg 11

39040 Aldein

Tax Number: BNRTMS88T01A952

VAT Number: IT02985960216

Type of Processed Data

According to Article 13 of the European General Data Protection Regulation, we process the following data:

- Your personal data (first name, last name, address, phone number, email, date of birth, place of birth, language, etc.)

- Your data in travel documents and ID cards

- Your payment data, EC cards, credit cards, and bank cards

- The duration of the stay you requested and personal preferences related to the stay that you provide us

The data is stored, processed, and, if necessary and legally required, transferred to third parties (e.g., public authorities, tourist associations). Your data will not be transferred to third countries.

If you refuse to provide personal data, travel document data, and bank data, it will not be possible for us to fulfill our contractual obligations and host you on our premises. We do not use profiling or automated decision-making.

Legal Basis for Data Processing

The legal basis for these data processing activities are:

- The fulfillment of our pre-contractual and contractual obligations towards you

- Your consents

- Legal, contractual, or other legal obligations on our part (e.g., documentation rights and obligations according to accounting, tax, and customs law, contract law, reporting, or legal disputes)

- Our legitimate interests (e.g., improving our customer service, including direct advertising, or the enforcement of our own legal interests)

The retention period for the data is determined by the duration of our business relationship, your consents, and the statutory retention obligations and legal requirements applicable to us.

Your Rights

You may request free of charge at any time information about the personal data we store about you. As a data subject, you also have the right to withdraw, access, delete, correct, restrict, and transfer your personal data, provided there are no legal retention obligations on our part. When exercising your right to withdraw, all your data will be irrevocably deleted, unless higher legal regulations are violated.

For more information about your rights as a data subject, please contact us at the email address above. We will be happy to assist you. For complaints, the supervisory authority "Garante per la protezione dei dati personali" is responsible: Piazza di Monte Citorio n. 121 00186 ROMA, Fax: (+39) 06.69677.3785, Phone: (+39) 06.696771, Email: garante@gpdp.it.

Disclaimer

We strive to provide accurate and complete information on this website. However, we assume no liability or guarantee for the timeliness, accuracy, and completeness of the provided information. We reserve the right to make changes or additions to the provided information without prior notice. The applicable offer or booking confirmation is binding. We accept no responsibility for the content of external links, despite careful control. The operators of the linked sites are solely responsible for their content.

---

INFORMATION ON THE PROCESSING OF PERSONAL DATA under EU Regulation No. 679/2016

This privacy policy explains our practices regarding the collection, use, and disclosure of your data when using our digital services, when you access the services through your devices.

Please read this privacy policy carefully to ensure that you fully understand our practices concerning your data before using our services. If you have read and fully understood this policy and do not agree with our approach, you must cease using our digital assets and services. By using our services, you acknowledge the terms of this privacy policy. Continued use of the services after any updates indicates your agreement to the changes.

In this privacy policy, you will learn:

- What data we collect

- How we collect data

- Why we collect this data

- To whom we disclose the data

- Where the data is stored

- How long the data is retained

- How we protect the data

- How we handle minors

- Updates or changes to the privacy policy

- Transfer of your data to use Guest Pass (Südtirols Süden Card)

What Data Do We Collect?

Here is an overview of the data we may collect:

- Non-identifiable and non-personally identifiable information you provide during registration or which is collected through the use of our services ("non-personal data"). Non-personal data does not allow conclusions about who it was collected from. Non-personal data primarily consists of technical and aggregated usage information.

- Personally identifiable information, i.e., information that can identify you or be reasonably used to identify you ("personal data"). The personal data we collect may include information such as names, email addresses, addresses, phone numbers, IP addresses, and more. If we combine personal and non-personal data, as long as they remain combined, we treat them as personal data.

How Do We Collect Data?

Here are the main methods we use to collect data:

- We collect data during your use of our services. By visiting and using our digital assets, we may collect, store, and track session and usage data.

- We collect data you provide directly to us, for example, when you contact us via communication channels (e.g., an email with a comment or feedback).

- We may collect data from third-party sources.

- We collect data you provide when you sign up through third parties like Facebook or Google.

Why Do We Collect This Data?

We may use your data for the following purposes:

- To provide and operate our services

- To develop, customize, and improve our services

- To respond to your feedback, requests, and offer support

- To analyze demand and usage patterns

- For internal, statistical, and research purposes

- To improve our data security and fraud prevention

- To investigate violations and enforce our terms and policies, and to comply with applicable law, regulations, and orders from authorities

- To send you updates, news, promotional materials, and other information related to our services. For promotional emails, you can choose whether to continue receiving them. If not, you can simply click the unsubscribe link.

To Whom Do We Disclose This Data?

We may disclose your data to our service providers to operate our services (e.g., data hosting services, technical support, etc.).

▪ Recipient

▪ Legal basis

The personal data provided will be transmitted to the single coordinating body of the Guest Pass in order to enable the creation and use of the Guest Pass and to provide the associated services.

In connection with the issue of the Guest Pass, your data will be transmitted to the Mobilitätskonsortium, VAT Nr. 02735170215, which acts as the cardholder and unified coordinating body and assumes the role of autonomous data controller in processing the transferred data. For further information regarding the processing to which the data will be subjected, you can send an email to privacy@moko.bz.it.

The legal basis for processing is Art. 6 (1) (b) of the GDPR.

We may also disclose your data under the following circumstances:

(i) to investigate, uncover, prevent, or act against unlawful activities or misconduct, (ii) to assert or defend our rights, (iii) to protect our rights, property, or personal safety, as well as the safety of our users or the public, (iv) in the event of a change of control of our company or one of our affiliates (e.g., through a merger, acquisition, or sale of assets), (v) to collect, store, and/or manage your data through authorized third parties (e.g., cloud service providers) for business purposes, (vi) to collaborate with third parties to enhance your user experience. For clarification, we may transfer non-personal data to third parties for their use at our discretion.

Please note that our services allow social interactions (e.g., posting content, information, and comments publicly, or chatting with other users). We remind you that any content or data you provide in these areas can be read, collected, and used by others. We advise against posting or sharing information you do not wish to make public. If you upload content or otherwise provide it while using the service, it is done at your own risk. We cannot control the actions of other users or members of the public who have access to your data or content.

---

Cookies and Similar Technologies

When you visit or access our services, we authorize third parties to use web beacons, cookies, pixel tags, scripts, and other technologies and analytics services ("tracking technologies"). These tracking technologies enable third parties to automatically collect your data to improve your navigation experience, optimize performance, and offer a customized user experience, as well as for security and fraud prevention purposes.

To learn more, please read our Cookie Policy.

We may also provide advertisements tailored to you on our services and digital assets (including websites and applications using our services). These advertisements may be based on your recent browsing behavior on websites, devices, or browsers.

We use cookies, JavaScript, web beacons (including clear GIFs), HTML5 local storage, and other technologies to deliver these ads to you. We may also engage third-party network advertisers to display targeted ads. External providers of advertising networks, advertisers, sponsors, and/or website traffic measurement services may also use cookies, JavaScript, web beacons, Flash cookies, and other technologies to measure ad effectiveness and tailor content for you.

---

Where Do We Store Data?

- Non-personal Data: Our companies and trusted partners and service providers are located worldwide. Non-personal data may be stored and processed in various jurisdictions for the purposes outlined in this privacy policy.

- Personal Data: Personal data may be maintained, processed, and stored in the United States, Ireland, South Korea, Taiwan, Israel, and other jurisdictions as necessary for the proper provision of our services and/or as required by law.

---

How long is the data retained?

Please note that we retain the collected data for as long as necessary to provide our services, to comply with our legal and contractual obligations to you, to resolve disputes, and to enforce our agreements.
We may correct, supplement, or delete inaccurate or incomplete data at our sole discretion at any time.

How do we protect the data?

The hosting service for our digital assets provides us with the online platform that enables us to offer our services to you. Your data may be stored through our hosting provider’s data storage, databases, and general applications. It stores your data on secure servers behind a firewall and provides secure HTTPS access to most areas of its services.

All payment options offered by us and our hosting provider for our digital assets comply with the PCI-DSS (Payment Card Industry Data Security Standard) as managed by the PCI Security Standards Council – a joint effort of brands like Visa, MasterCard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers, including physical, electronic, and procedural safeguards.

Despite the measures and efforts taken by us and our hosting provider, we cannot and do not guarantee the absolute protection and security of any data you upload, post, or otherwise share with us or others.
For this reason, we encourage you to set strong passwords and avoid providing us or others with any sensitive information whose disclosure you believe could cause significant or lasting harm. Since email and instant messaging are not recognized as secure forms of communication, we ask that you do not share any confidential information via these channels.

How do we handle minors?

Children may use our services. However, if they wish to access certain features, they may be required to provide certain information. Some data (including information collected via cookies, web beacons, and similar technologies) may be collected automatically.
If we knowingly collect, use, or disclose data from a child, we will provide notice and obtain parental consent as required by applicable law. We do not condition a child's participation in an online activity on providing more contact information than is reasonably necessary for that activity. We use the information we collect only in connection with the services requested by the child.

We may also use a parent’s contact information to communicate about the child’s activities within the services.
Parents may review the data we have collected from their child, prohibit us from collecting further data from their child, and request that any data we have collected be deleted from our records.

Please contact us to review, update, or delete your child’s data. For your child’s protection, we may ask for proof of your identity. We may deny access to the data if we believe your identity is questionable. Please note that certain data may not be deleted due to other legal obligations.

We use your personal data only for the purposes set out in the Privacy Policy, and only when we believe that:

The use of your personal data is necessary to perform or enter into a contract (e.g., to provide you with the services or customer or technical support);
The use of your personal data is necessary to comply with relevant legal or regulatory obligations; or
The use of your personal data is necessary to support our legitimate business interests (provided this is done in a way that is proportionate and respects your privacy rights at all times).

As an EU resident, you may:

Request confirmation as to whether or not personal data concerning you is being processed, and access your stored personal data, along with certain supplementary information;
Request to receive personal data you have provided to us in a structured, commonly used, and machine-readable format;
Request the correction of your personal data that we hold;
Request the deletion of your personal data;
Object to the processing of your personal data by us;
Request the restriction of the processing of your personal data; or
File a complaint with a supervisory authority.

Please note, however, that these rights are not absolute and may be subject to our own legitimate interests and regulatory requirements. If you have general questions about the personal data we collect and how we use it, please contact us as indicated below.

In the course of providing the services, we may transfer data cross-border to affiliated entities or other third parties, and from your jurisdiction to other countries or jurisdictions around the world. By using the services, you consent to the transfer of your data outside the EEA.

If you are located in the EEA, your personal data will only be transferred to locations outside the EEA where we are satisfied that an adequate or comparable level of protection is in place. We will take appropriate steps to ensure that we have suitable contractual agreements with our third parties to ensure that appropriate safeguards are in place, so as to minimize the risk of unlawful use, alteration, deletion, loss, or theft of your personal data, and to ensure that such third parties act at all times in compliance with applicable laws.

Rights under the California Consumer Privacy Act
If you use the services as a California resident, you may be entitled under the California Consumer Privacy Act (CCPA) to request access to and deletion of your data.

To exercise your right to access or delete your data, please see how to contact us below.

We do not sell users’ personal data for the purposes and intents of the CCPA.

Users of the services who are California residents under the age of 18 may request and obtain removal of their posted content by emailing us at the address listed in the "Contact" section below. These requests must be labeled "California Removal Request." All requests must include a description of the content you want removed and sufficient information to help us locate the material. We do not accept requests that are not properly labeled or submitted, and we may not be able to respond if you do not provide sufficient information. Please note that your request does not ensure complete or comprehensive removal of the material. For example, material you posted may be reposted by others or by third parties.

Updates or changes to the Privacy Policy

We may revise this Privacy Policy at our sole discretion from time to time; the version posted on the website will always be the most current (see “Effective Date”). We encourage you to review this Privacy Policy regularly for any changes.
In the event of significant changes, we will post a notice on our website. Your continued use of the services after being notified of changes on our website shall constitute your acknowledgment and consent to such changes to the Privacy Policy and your agreement to be bound by the terms of such changes.

Transfer of your data to use Guest Pass (Südtirols Süden Card)

Purpose

▪ Recipient

▪ Legal basis

The personal data provided will be transmitted to the single coordinating body of the Guest Pass in order to enable the creation and use of the Guest Pass and to provide the associated services.

The legal basis for processing is Art. 6 (1) (b) of the GDPR.

Contact

If you have general questions about the services or the data we collect about you and how we use it, please contact us at:

Thomas Ebner
Göllerweg 11
39040 Aldein
Phone: +39 340 106 5435
Email: info@ebnerappartements.com

DISCLAIMER

The information contained herein does not constitute legal advice and should not be relied upon as such. Specific requirements regarding legal terminology and policies may vary from state to state and/or jurisdiction to jurisdiction. As outlined in our Terms of Use, it is your responsibility to ensure that your use of the services is lawful under the laws applicable to you and that you remain in compliance with them.
To ensure that you fully meet your legal obligations, we strongly recommend seeking professional legal advice to better understand the specific requirements that apply to you.