GDPR Compliance

Your rights under the General Data Protection Regulation

Our Commitment to Data Protection

AntiClathe Tours operates in full compliance with the General Data Protection Regulation, the comprehensive privacy law governing how businesses handle personal data throughout the European Union. As an Austrian company, we take these obligations seriously and have implemented robust practices to safeguard your information.

This page outlines your specific rights under GDPR and explains how we fulfill our responsibilities as a data controller.

Legal Basis for Processing

We process your personal data under the following legal grounds:

Contractual Necessity

When you book a tour, we need certain information to fulfill our agreement with you. This includes your name, contact details, and payment information. Without this data, we cannot provide the services you've requested.

Legitimate Interest

We have legitimate business interests in operating our website, analyzing usage patterns, and improving our services. These interests are balanced against your privacy rights and do not override your fundamental freedoms.

Legal Obligation

Austrian law requires us to retain financial records for tax purposes. We keep booking and payment data for the legally mandated period.

Consent

For non-essential cookies and any marketing communications, we rely on your explicit consent, which you can withdraw at any time.

Your Data Protection Rights

GDPR grants you comprehensive rights regarding your personal information. Here's what you can do:

Right of Access

You can request a copy of all personal data we hold about you. We'll provide this information in a structured, commonly used format within one month of your request.

Right to Rectification

If any information we hold is inaccurate or incomplete, you have the right to have it corrected. This ensures our records remain current and reliable.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data when it's no longer necessary for the purposes we collected it, when you withdraw consent, or when there's no legal basis for continued processing. Note that we may need to retain certain data to comply with legal obligations.

Right to Restriction

You can ask us to limit how we use your data in specific situations, such as when you contest its accuracy or object to processing. During this period, we can store but not actively use the information.

Right to Data Portability

For data you've provided and we process based on consent or contract, you can receive it in a machine-readable format and transmit it to another service provider.

Right to Object

You may object to processing based on legitimate interests or for direct marketing purposes. Once you object, we must stop processing unless we demonstrate compelling grounds that override your interests.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects. All booking decisions involve human review.

How to Exercise Your Rights

To exercise any of these rights, send an email to [email protected] with the subject line "GDPR Request." Please include:

  • Your full name and contact information
  • A clear description of which right you wish to exercise
  • Any relevant details that help us locate your data
  • Proof of identity if we need to verify your request

We will respond within one month. If your request is complex, we may extend this by two additional months and will inform you of the delay.

There is no fee for most requests. However, if requests are manifestly unfounded or excessive, we may charge a reasonable administrative fee or refuse the request.

Data Protection Officer

While not legally required for a business of our size, we have designated a team member responsible for overseeing data protection compliance. For specific concerns about how we handle your information, you can reach our data protection contact at [email protected].

International Data Transfers

Your data is primarily stored on servers within the European Economic Area. If we transfer data outside the EEA, we ensure adequate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

We work only with service providers who demonstrate strong data protection standards and comply with GDPR requirements.

Data Breach Notification

In the unlikely event of a data breach that poses risks to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach. This notification will include details about what happened, potential consequences, and measures we're taking to address the situation.

Filing a Complaint

We hope to resolve any concerns directly, but you have the right to lodge a complaint with a supervisory authority. In Austria, this is:

Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna, Austria
Website: dsb.gv.at

You may also contact the data protection authority in your country of residence if located within the EU.

Updates to Our Practices

We regularly review our data protection practices to ensure ongoing compliance with GDPR. Any significant changes will be reflected in our Privacy Policy and communicated through our website.

Questions and Contact

If you have questions about GDPR compliance or how we protect your data, please contact:

AntiClathe Tours
Kärntner Straße 42
1010 Vienna, Austria
Email: [email protected]