Privacy – Your Data, Our Responsibility

Information on the protection and processing of your data

Privacy Policy

We take the protection of our users‘ data very seriously and are committed to safeguarding the information users provide to us in connection with the use of our website and/or mobile app (collectively: „digital assets“). Furthermore, we are committed to protecting and using your data in accordance with applicable law.

This privacy policy explains our practices regarding the collection, use, and disclosure of your data through the use of our digital assets (the „services“) when you access the services via your devices.

Please read this privacy policy carefully and ensure that you fully understand our practices regarding your data before using our services. If you have read, fully understood, and do not agree with our approach, you must discontinue the use of our digital assets and services. By using our services, you acknowledge the terms of this privacy policy. Your continued use of the services constitutes your consent to this privacy policy and any amendments made to it.

In this privacy policy, you will learn:

  • How we collect data
  • What data we collect
  • Why we collect this data
  • With whom we share the data
  • Where the data is stored
  • How long the data is retained
  • How we protect the data
  • How we handle minors
  • Updates or changes to the privacy policy

What data do we collect?

Category: Always

Below is an overview of the data we may collect:

  • Unidentified and non-identifiable information provided during the registration process or collected through the use of our services („non-personal data“). Non-personal data does not allow us to identify the individual from whom it was collected. The non-personal data we collect primarily consists of technical and aggregated usage information.
  • Individually identifiable information, meaning any information that can identify you or could reasonably be used to identify you („personal data“). The personal data we collect through our services may include details requested from time to time, such as names, email addresses, addresses, phone numbers, IP addresses, and more. If we combine personal and non-personal data, it will be treated as personal data for as long as it remains combined.

How do we collect data?

Category: Always

Below are the primary methods we use to collect data:

  • We collect data when you use our services. When you visit our digital assets and use our services, we may collect, record, and store usage sessions and related information.
  • We collect data that you provide to us directly, for example, when you contact us via a communication channel (e.g., an email with a comment or feedback).
  • We may collect data from third-party sources as described below.
  • We collect data you provide when you log in to our services via a third party such as Facebook or Google.

Why do we collect this data?

Category: Always

We may use your data for the following purposes:

  • To provide and operate our services;
  • To develop, customize, and improve our services;
  • To respond to your feedback, inquiries, and requests, and provide assistance;
  • To analyze demand and usage patterns;
    for internal, statistical, and research purposes;
  • To improve our data security and fraud prevention capabilities;
  • To investigate and prevent unlawful activities, violations of our policies, or other misconduct;
  • To send you updates, promotional materials, and other information related to our services. You can choose whether or not to continue receiving promotional emails. If not, simply click the unsubscribe link in those emails.

With whom do we share this data?

Category: Always

We may share your data with our service providers to operate our services (e.g., data storage via third-party hosting services, providing technical support, etc.).

We may also disclose your data under the following circumstances: (i) to investigate, detect, prevent, or address illegal activities or misconduct; (ii) to establish or exercise our rights of defense; (iii) to protect our rights, property, or personal safety, as well as that of our users or the public; (iv) in the event of a control change in our company or one of our affiliated companies (e.g., through a merger, acquisition, or purchase of substantially all assets, etc.); (v) to collect, store, and/or manage your data through authorized third-party providers (e.g., cloud service providers) as appropriate for business purposes; (vi) to collaborate with third-party providers to improve your user experience. To avoid misunderstandings, we emphasize that we may transmit, share, or otherwise use non-personal data at our sole discretion.

Where do we store the data?

Category: Always

Non-personal data

Please note that our companies and our trusted partners and service providers are located worldwide. For the purposes described in this privacy policy, we store and process all non-personal data we collect in various jurisdictions.

How do we protect the data?

Category: Always

The hosting service for our digital assets provides us with the online platform through which we offer our services. Your data may be stored via our hosting provider’s data storage, databases, and general applications. It stores your data on secure servers behind a firewall and provides secure HTTPS access to most areas of its services.

How do we handle minors?

Category: User does not collect data from minors

The services are not intended for users who have not yet reached the legal age of majority. We do not knowingly collect data from children. If you are not of legal age, do not download or use the services and do not provide any information to us.

Updates or changes to the privacy policy

Category: Always

We may revise this privacy policy at our discretion from time to time. The version posted on the website is always current (see „Last Updated“ statement). We encourage you to review this privacy policy regularly for any changes. If we make any material changes, we will post a notice on our website. Your continued use of the services after notification of changes will be deemed acceptance of the changes and agreement to be bound by the terms of those changes.

Contact

Category: Always

If you have general questions about the services or the data we collect and how we use it, please contact us at:

Name: Traditional Thai Massage in Innsbruck. Lamoon Thai Spa

Address: Gumppstraße 57, 6020 Innsbruck, Tirol, Austria

Email: termin@lamoon-thaispa.at

DISCLAIMER

The information contained herein does not constitute legal advice, and you should not rely solely on it. Specific requirements regarding legal terms and policies may vary from state to state and/or jurisdiction to jurisdiction. As stated in our Terms of Use, you are responsible for ensuring that your services comply with the applicable law and that you adhere to it.

To ensure that you fully comply with your legal obligations, we strongly recommend that you seek professional legal advice to better understand the specific requirements applicable to you.

What are your rights regarding your data?

You have the right to receive free information at any time about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. In addition, you have the right to file a complaint with the competent supervisory authority.

If you have any questions about data protection, you can contact us at any time.

Analytics Tools and Third-Party Tools

When you visit this website, your browsing behavior may be statistically analyzed. This is mainly done using analytics programs. Detailed information on these analytics programs can be found in the following privacy policy.

External Hosting

This website is externally hosted. The personal data collected on this website is stored on the servers of the hosting provider(s). This may include IP addresses, contact requests, metadata and communication data, contract data, contact details, names, website accesses, and other data generated via a website.

External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast, and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). If corresponding consent has been requested, processing is carried out exclusively based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Our hosting provider will process your data only to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.

We use the following hosting provider:

strg-S Webdesign mit Sinn
Michael-Gaismair-Straße 95
6410 Telfs
https://strg-s.at

Data Processing Agreement

We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a legally required agreement that ensures that this service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

General Information and Mandatory Disclosures

Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations as well as this privacy policy.

When you use this website, various personal data is collected. Personal data refers to data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.

We would like to point out that data transmission over the Internet (e.g., when communicating via email) may have security gaps. A complete protection of data against access by third parties is not possible.

Retention Period

Unless a more specific retention period is specified within this privacy policy, your personal data will remain with us until the purpose for data processing ceases to exist. If you make a legitimate request for deletion or revoke your consent for data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, the deletion will take place after these reasons no longer apply.

General Information on the Legal Basis of Data Processing on This Website

If you have consented to data processing, we process your personal data based on Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, if special categories of data under Art. 9(1) GDPR are processed. In the case of explicit consent for the transfer of personal data to third countries, data processing is also based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing is additionally based on Section 25(1) TTDSG. Consent can be revoked at any time. If your data is required for contract fulfillment or for pre-contractual measures, we process your data based on Art. 6(1)(b) GDPR. Furthermore, we process your data if required to fulfill a legal obligation based on Art. 6(1)(c) GDPR. Additionally, data processing may be based on our legitimate interest under Art. 6(1)(f) GDPR. The specific legal bases for each case are outlined in the relevant sections of this privacy policy.

Note on Data Transfer to the USA and Other Third Countries

We use, among other things, tools from companies based in the USA or other countries that do not have adequate data protection standards. When these tools are active, your personal data may be transferred to and processed in these third countries. We point out that these countries may not guarantee a data protection level comparable to that of the EU. For example, US companies are obligated to disclose personal data to security authorities without you being able to legally challenge this. Therefore, it cannot be ruled out that US authorities (e.g., intelligence agencies) process, analyze, and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You can revoke your consent at any time. The legality of data processing carried out until the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases and to Direct Advertising (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN PROVE COMPELLING LEGITIMATE REASONS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS, AND FREEDOMS OR THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING IN CONNECTION WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21(2) GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of GDPR violations, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, their workplace, or the place of the alleged infringement. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract in a structured, commonly used, and machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent technically feasible.

Access, Rectification, and Deletion

Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients, and the purpose of data processing and, if necessary, a right to correction or deletion of this data. For further questions on the subject of personal data, you can contact us at any time.

Right to Restriction of Processing

You have the right to request the restriction of processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing applies in the following cases:

  • If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of processing of your personal data.
  • If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.
  • If we no longer need your personal data, but you need it to exercise, defend, or assert legal claims, you have the right to request the restriction of processing of your personal data instead of deletion.
  • If you have objected under Art. 21(1) GDPR, a balance must be struck between your and our interests. As long as it is not yet determined whose interests prevail, you have the right to request the restriction of processing of your personal data.

If you have restricted the processing of your personal data, these data may—apart from being stored—only be processed with your consent or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

SSL or TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the browser’s address bar changes from „http://“ to „https://“ and the lock symbol appears in your browser’s address bar.

When SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

Objection to Advertising Emails

The use of contact details published as part of the legal notice for sending unsolicited advertisements and informational materials is hereby objected to. The site operators expressly reserve the right to take legal action in the case of unsolicited advertising information, such as spam emails.

Data Collection on this Website

Cookies

Our website uses so-called „cookies.“ Cookies are small data packets and do not harm your device. They are either temporarily stored for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after the end of your visit. Persistent cookies remain on your device until you delete them or until they are automatically deleted by your web browser.

Cookies can come from us (first-party cookies) or from third parties (third-party cookies). Third-party cookies enable the integration of certain third-party services within websites (e.g., cookies for processing payment services).

Cookies have different functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or displaying videos). Other cookies can be used for analyzing user behavior or for advertising purposes.

Cookies that are necessary for conducting the electronic communication process, for providing certain functions requested by you (e.g., the shopping cart function), or for optimizing the website (e.g., cookies for measuring website audience) are stored based on Article 6, paragraph 1, letter f of the GDPR, unless another legal basis is provided. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of services. If consent for the storage of cookies and similar recognition technologies was requested, processing occurs solely based on this consent (Article 6, paragraph 1, letter a of the GDPR and Section 25, paragraph 1 TTDSG); consent can be withdrawn at any time.

You can configure your browser to be informed about the placement of cookies, allow cookies only on a case-by-case basis, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are disabled, the functionality of this website may be limited.

The cookies and services used on this website can be found in this privacy policy.

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files that your browser automatically transmits to us. These include:

  • Browser type and browser version
  • Used operating system
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

These data will not be merged with other data sources.

The collection of this data is based on Article 6, paragraph 1, letter f of the GDPR. The website operator has a legitimate interest in ensuring the technically error-free display and optimization of its website – for this purpose, the server log files must be collected.

Contact Form

If you send us inquiries via contact form, your information from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not share this data without your consent.

The processing of this data is based on Article 6, paragraph 1, letter b of the GDPR, provided that your inquiry is related to the fulfillment of a contract or is necessary for the execution of pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling the inquiries directed to us (Article 6, paragraph 1, letter f of the GDPR) or on your consent (Article 6, paragraph 1, letter a of the GDPR) if this was requested; consent can be withdrawn at any time.

The data you enter in the contact form will remain with us until you request its deletion, withdraw your consent for storage, or the purpose for storing the data no longer applies (e.g., after completing the processing of your inquiry). Mandatory legal provisions – in particular retention periods – remain unaffected.

Inquiries via Email, Phone, or Fax

If you contact us by email, phone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of handling your concern. We will not share this data without your consent.

The processing of this data is based on Article 6, paragraph 1, letter b of the GDPR, provided that your inquiry is related to the fulfillment of a contract or is necessary for the execution of pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling the inquiries directed to us (Article 6, paragraph 1, letter f of the GDPR) or on your consent (Article 6, paragraph 1, letter a of the GDPR) if this was requested; consent can be withdrawn at any time.

The data you send us via contact inquiries will remain with us until you request its deletion, withdraw your consent for storage, or the purpose for storing the data no longer applies (e.g., after completing the processing of your concern). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

Social Media

Facebook

Elements of the social network Facebook may be integrated into this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data are also transferred to the USA and other third countries.

An overview of the Facebook social media elements can be found here:
https://developers.facebook.com/docs/plugins/?locale=de_DE.

When the social media element is active, a direct connection is established between your device and the Facebook server. This enables Facebook to receive the information that you visited this website with your IP address. If you click the Facebook „Like“ button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that we, as the site operator, have no knowledge of the content of the transmitted data or how it is used by Facebook. Further information can be found in Facebook’s privacy policy at:
https://de-de.facebook.com/privacy/explanation.

If personal data is collected on our website using this tool and transferred to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Article 26 GDPR). The joint responsibility is limited to the collection of data and its transfer to Facebook. The subsequent processing by Facebook is not part of the joint responsibility. Our joint obligations are documented in an agreement on joint processing. The wording of the agreement can be found at:
https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the privacy-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. Data subject rights (e.g., access requests) regarding data processed by Facebook can be asserted directly with Facebook. If you assert data subject rights with us, we are required to forward them to Facebook.

Data transmission to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum,
https://de-de.facebook.com/help/566994660333381
and
https://www.facebook.com/policy.php.

In Facebook’s privacy policy, you can find further information on how your privacy is protected:
https://de-de.facebook.com/about/privacy/.

You can also deactivate the „Custom Audiences“ remarketing feature in the Ad Settings section at
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
To do this, you need to be logged in to Facebook.

If you do not have a Facebook account, you can disable Facebook’s usage-based advertising on the website of the European Interactive Digital Advertising Alliance:
http://www.youronlinechoices.com/de/praferenzmanagement/.

Facebook Custom Audiences

We use Facebook Custom Audiences. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

When you visit or use our websites and apps, take advantage of our free or paid offerings, send us data, or interact with the Facebook content of our company, we collect your personal data. If you give us consent to use Facebook Custom Audiences, we will transmit this data to Facebook, which can then display relevant advertisements to you. Furthermore, your data may be used to define target audiences (Lookalike Audiences).

Facebook processes this data as our processor. Details can be found in Facebook’s terms of use:
https://www.facebook.com/legal/terms/customaudience.

The use of this service is based on your consent in accordance with Article 6, paragraph 1, letter a of the GDPR and § 25, paragraph 1 of the TTDSG. Consent can be withdrawn at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.facebook.com/legal/terms/customaudience
and
https://www.facebook.com/legal/terms/dataprocessing.

Newsletter

Newsletter Data

If you wish to receive the newsletter offered on the website, we require an email address from you, along with information that allows us to verify that you are the owner of the given email address and agree to receive the newsletter. No additional data will be collected, or only voluntarily. These data will be used solely for sending the requested information and will not be shared with third parties.

The processing of the data entered in the newsletter registration form is carried out solely based on your consent (Article 6, paragraph 1, letter a of the GDPR). The consent you give for storing the data, the email address, and their use for sending the newsletter can be withdrawn at any time, e.g., via the „Unsubscribe“ link in the newsletter. The lawfulness of any data processing operations that took place prior to the withdrawal remains unaffected.

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider, and will be deleted from the mailing list once the newsletter is unsubscribed or the purpose no longer applies. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion, based on our legitimate interest as per Article 6, paragraph 1, letter f of the GDPR.

Data that have been stored for other purposes remain unaffected.

After unsubscribing from the newsletter distribution list, your email address may be stored in a blacklist with us or the newsletter service provider if necessary to prevent future mailings. The data in the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements for sending newsletters (legitimate interest as per Article 6, paragraph 1, letter f of the GDPR). The storage in the blacklist is not time-limited. You may object to the storage if your interests outweigh our legitimate interest.

Plugins and Tools

This site may use Google Fonts, provided by Google, to ensure uniform font display. When you visit a page, your browser loads the required fonts into its browser cache to correctly display text and fonts.

For this purpose, the browser you are using must establish a connection to Google’s servers. This allows Google to know that your IP address has visited this website. The use of Google Fonts is based on Article 6, paragraph 1, letter f of the GDPR. The website operator has a legitimate interest in the consistent presentation of the typography on the website. If consent was requested, processing occurs solely based on Article 6, paragraph 1, letter a of the GDPR and § 25, paragraph 1 of the TTDSG, if the consent includes storing cookies or accessing information on the user’s device (e.g., device fingerprinting) as per the TTDSG. Consent can be withdrawn at any time.

If your browser does not support Google Fonts, a standard font from your computer will be used.

Further information on Google Fonts can be found at:
https://developers.google.com/fonts/faq
and in Google’s privacy policy:
https://policies.google.com/privacy?hl=de.

Google Maps

This site uses the Google Maps service. The provider is Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the features of Google Maps, it is necessary to store your IP address. This information is typically transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. When Google Maps is activated, Google may use Google Fonts to display fonts uniformly. When you access Google Maps, your browser loads the required web fonts into its browser cache to display text and fonts correctly.

The use of Google Maps is in the interest of providing an attractive representation of our online offerings and to make the locations we specify on the website easily accessible. This constitutes a legitimate interest under Article 6, paragraph 1, letter f of the GDPR. If consent is requested, processing occurs solely based on Article 6, paragraph 1, letter a of the GDPR and § 25, paragraph 1 of the TTDSG, if the consent includes storing cookies or accessing information on the user’s device (e.g., device fingerprinting) as per the TTDSG. Consent can be withdrawn at any time.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here:
https://privacy.google.com/businesses/gdprcontrollerterms/ and
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

For more information on how user data is handled, refer to Google’s privacy policy:
https://policies.google.com/privacy?hl=de.

GumPpstraße 57, 6020 Innsbruck
Mon – Fri: 10:00 AM – 8:00 PM
Sat: 10:00 AM – 7:00 PM

© Lamoon Thai Spa