Jakob Pürzelmayer
Gassergasse 34
1050 Vienna
Phone: +43 680 2049264
Email: hello@finca-higo.com
VAT exempt (small business regulation)
Supervisory authority according to ECG: District Authority of the 5th District of Vienna
Business activity: Holiday home brokerage
Platform of the EU Commission for online dispute resolution: https://ec.europa.eu/consumers/odr
We are neither obliged nor willing to participate in a dispute resolution procedure before a consumer arbitration board.
1) Introduction and Contact Details of the Controller
1.1 We are pleased that you are visiting our website and you for your interest. In this privacy policy, we inform you about the handling of your personal data when using our website. Personal data means any information that can personally identify you.
1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is
Jakob Pürzelmayer
Gassergasse 34,
1050 Vienna,
Phone: +43 680 2049 264,
Email: hello@finca-higo.com
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
2) Data Collection When Visiting Our Website
2.1 When using our website for informational purposes on thankly(i.e., without registration or providing information), we only collect data that your browser transmits to our server (so-called “server log files”).
This includes:
- Visited website
- Date and time of access
- Amount of data transferred (in bytes)
- Referring source/website
- Browser used
- Operating system used
- IP address (possibly anonymized)
Processing is carried out in accordance with Art. 6(1)(f)GDPR based on our legitimate interest in improving the stability andfunctionality of our website. This data is not shared or used in any other way.However, we reserve the right to review the server log files retrospectively ifthere are specific indications of unlawful use. 2.2 For security reasons and to protect the transmission ofpersonal data and confidential content (e.g., orders or inquiries), our websiteuses SSL or TLS encryption.
You can recognize an encrypted connection by the“https://” prefix and the lock icon in your browser address bar.
3) Hosting & Content Delivery Network
3.1 Webflow
Our website is hostedon servers provided by Webflow, Inc., 398 11th Street, 2nd Floor, SanFrancisco, CA 94103, USA.
All data collected on our website is processed on Webflow’s servers. We have entered into a data processing agreement with Webflow that ensures theprotection of our visitors' data and prohibits unauthorized disclosure to thirdparties.
Webflow is certified under the EU-U.S. Data Privacy Framework, which ensurescompliance with EU data protection levels.
3.2 Cloudflare
We use a Content Delivery Network (CDN) by Cloudflare Inc., 101 Townsend St.,San Francisco, CA 94107, USA.
This service enables faster delivery of large media files via regional servers.
Processing is based on our legitimate interest in improved stability andfunctionality of our website, per Art. 6(1)(f) GDPR.
We have a data processing agreement with Cloudflare.
Cloudflare is also certified under the EU-U.S. Data Privacy Framework.
4) Contact
4.1 Calendly
We use the services of Calendly, LLC, BB&T Tower, 271 17th St NW, Atlanta,GA 30363, USA for online appointment scheduling.
For scheduling, we collect your name, email address, and optionally your phonenumber (if a call is requested).
Processing is based on Art. 6(1)(b) GDPR and our legitimate interest under Art.6(1)(f) GDPR in effective customer and appointment management.
Data is stored by Calendly and deleted after the appointment.
We have a data processing agreement with Calendly.
Calendly is certified under the EU-U.S. Data Privacy Framework.
4.2 Contact via Form or Email
When you contact us (e.g., via contact form or email), we collect personal dataas shown in the form or email.
Data is stored and used solely for responding to your request and associatedtechnical administration.
The legal basis is our legitimate interest under Art. 6(1)(f) GDPR or, if thecontact aims to conclude a contract, Art. 6(1)(b) GDPR.
Your data will be deleted once your request has been completely resolved,unless legal retention obligations apply.
5) Website FeaturesGoogle Maps
We use Google Maps (API) from Google Ireland Limited, Gordon House, 4 BarrowSt, Dublin, D04 E5W5, Ireland.
Google Maps displays interactive maps and helps you locate us.
When using Google Maps, your data (e.g., IP address) is transferred to Googleservers and may be processed in the USA.
If you're logged into a Google account, your data may be linked to yourprofile. To avoid this, log out before using the feature.
Google stores this data as usage profiles for purposes such as personalizedadvertising and market research.
Processing is based on Art. 6(1)(f) GDPR. You can object directly to Google.
If you do not agree to this data transmission, you can disable JavaScript inyour browser. This will disable Google Maps.Where legally required, we obtain your consent under Art.6(1)(a) GDPR before processing. You may revoke your consent at any time.
6) Data Subject Rights
You have the following rights under the GDPR:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to notification(Art. 19 GDPR
- Right to data portability (Art. 20 GDPR)
- Right to withdraw consent (Art. 7(3) GDPR)
- Right to lodge a complaint (Art. 77 GDPR)
Right to Object
If your data is processed based on our legitimate interest under Art. 6(1)(f)GDPR, you have the right to object at any time for reasons arising from yourparticular situation.
If you object, we will stop processing your data unless we can demonstratecompelling legitimate grounds.
If your data is used for direct marketing, you may object at any time, and wewill immediately stop processing for this purpose.
7) Data Retention
The duration of data storage depends on the legal basis,purpose, and statutory retention periods.
- Data processed based on consent (Art. 6(1)(a) GDPR) is stored until consent is revoked.
- Data subject to retention laws (e.g., tax, commercial) is deleted after the retention period unless further processing is needed.
- Data processed under Art. 6(1)(f) GDPR is stored until you object, unless we can demonstrate overriding legitimate grounds.
- Data used for direct marketing is stored until you object. Unless otherwise specified, personal data is deleted once it is no longer needed for its original purpose.