for the website operated under the domain name www.levestate.at.
The protection and security of your personal data are important to us. Our website therefore processes data exclusively in accordance with the EU General Data Protection Regulation (DSGVO), the Data Protection Act (DSG) and the Telecommunications Act (TKG 2003).
The controller of the personal data processed under this privacy policy is:
Name: Levestate GmbH
Registered office: Schlickgasse 2/9, 1090 Vienna
Company register number: 511975f
Tax number: ATU74427159
Phone number: +43 664 153 44 12
Website: www.levestate.net
E-mail address: office@levestate.net
Primary contact: Christoph Exel
Levestate GmbH has not appointed a data protection officer, as Levestate GmbH is not obliged to do so within the scope of its activities.
The purpose of this Privacy Policy is to set out the rules and conditions under which Levestate GmbH (hereinafter referred to as "LVE"), as data controller, may process information about any person (hereinafter referred to as "Customer") visiting the website operated under the domain name www.levestate.net (hereinafter referred to as "Website") and to inform Customers about the details of such processing.
LVE collects and processes information (including personal data) about the Customer and stores it in its records (including records in written, paper and electronic form). LVE undertakes to protect personal data and to comply with applicable data protection laws, including compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter "GDPR").
This document regulates the processing of personal data of customers in connection with the use of the website. The scope of the privacy policy extends to all employees of LVE involved in the operation and maintenance of the website, including officers and directors.
The processing of personal data, is always in accordance with the General Data Protection Regulation (in short: "DSGVO") and in accordance with the Austrian Data Protection Act 2018 (in short: "DSG 2018") and the Austrian Telecommunications Act (TKG 2003).
LVE collects personal information directly from the customer as part of this privacy policy.
The data protection declaration of LVE is based on the terms used by the EU in the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
We use the following terms, among others, in this Privacy Policy:
personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Person concerned
Data subject is any identified or identifiable natural person whose personal data are processed by the data controllers.
Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling
Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
Responsible
Controllers are the companies that jointly decide on the purposes and means of processing personal data.
Processor
Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.
Receiver
A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.
Third
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller or the processor.
Consent
Consent is any expression of will in the form of a declaration or other unambiguous affirmative action, which is voluntary and revocable at any time by the data subject and by which the data subject indicates that he or she consents to the processing of his or her personal data.
Your personal data will only be processed by us if you have provided it to us voluntarily (Art 6 para 1 lit a DSGVO). The data processing is used, for example, when you register on our website, create a customer account and also when you contact us via forms on our website, by email, post, telephone or other means of remote communication.
In the case of this data communication, we use the following personal data, if you have provided them to us: First name, last name, address, e-mail address, date of birth, gender, address, telephone number, payment data, order data. We use this data exclusively for the purposes of order processing (including payment processing and credit checks), for processing inquiries and for advertising products that may be of interest to you. This applies regardless of whether you subscribe to the newsletter. You can object to the use of your personal data for advertising purposes at any time. If you register on our website and/or create a customer account, the purpose of processing your data is the technical operation of this website, the operation and management of your customer account, the processing of your order(s) (in particular by electronic newsletter or e-mail). We use the personal data you provide only to the extent that your data is necessary to fulfill the respective purpose, and / or this is permitted by law.
If you book one of our apartments or services, the necessary processing of your data is based on the fulfillment of the contractual obligation that we have entered into with you and is based on Art. 6 (1) lit. b DSGVO as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures, e.g. the transmission of data and content in the course of the contact form.
The legal basis for the processing of data in connection with the registration and use of the customer account is Art. 6 para. 1 lit. a DSGVO if the user has given his consent. If the registration serves the fulfillment of a contract to which the user is a party, or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b DSGVO.
Also in our interest, your data may be processed pursuant to Art 6 para 1 lit f DSGVO, namely for the preparation of statistics, contract management and service provision, event management, for customer support incl. inquiry/complaint management, for billing and accounting purposes, for marketing purposes, for compliance purposes, for the settlement of claims and insurance cases, for ensuring IT security and IT operations, and similar cases.
A transfer of your personal data outside of Levestate GmbH only takes place if:
The service providers we use (e.g. payment service providers for processing payments and credit checks, IT companies for technical support of order processing, etc.) receive the data in order to perform the contracts concluded with you. The service providers we use may only use the data to fulfill their task. In these cases, a contract processing agreement has been concluded with the service providers in accordance with Art. 28 DSGVO, which precisely specifies the obligations and individual processing steps, as well as all categories of data processed. The adequacy of the safeguards and the qualification of the service provider is regularly reviewed by us.
Although these service providers act on our behalf, they are themselves responsible for the security and processing of your data, partly for legal or procedural reasons. We also regularly review the data protection policies of these service providers to ensure that your data is adequately protected.
We use the following payment service providers:
When paying via the payment method "Sofortüberweisung", Stripe Payments Europe, Limited (SPEL), 1 Grand Canal Street Lower, Grand Canal Dock , Dublin ,D02 H210 Ireland, will handle the online payment.
As part of the payment, you enter Verfüger, PIN/TAN or other identification options directly at Sofortüberweisung. We process and store this data in any case!
The integration of Sofortüberweisung in our website is based on a contract or pre-contractual measures in the context of your contract conclusion. The legal basis for data processing is therefore Art. 6 para. 1 b) DSGVO.
For more details on Sofortüberweisung, please visit: https://www.sofort.com/ger-DE/general/fuer-kaeufer/fragen-und-antworten/.
You can find more information on the data protection of Sofortüberweisung at: https://www.klarna.com/sofort/datenschutz/
When paying via the payment method "PayPal", PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg takes over the online payment. The forwarding of your data (name, address, email) to PayPal is part of the contract or pre-contractual measures in the context of your Vetragsabschluss. The legal basis for the data processing is therefore Art. 6 para. 1 b) DSGVO.
In this process, information is obtained from various credit reporting agencies to confirm your creditworthiness and identity. Paypal can provide you with the entire list of these recipients at any time. Under the following link you will find the privacy policy of Paypal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full/.
Based on your contract with VISA or Mastercard providers, you can make the payment directly with your credit card company. In this case, we do not store any data beyond the order and receive a transfer credit from the credit card company upon successful transaction.
In accordance with the Second EU Payment Services Directive, a so-called "credit card acquiring" company is also involved in the clearing process - in this case Global Payments.
You can find more details on data protection at: https://www.mastercard.de/de-de/datenschutz.html https://www.visa.de/legal/global-privacy-notice.html https://www.globalpayments.com/privacy-statement
Data security means ensuring the confidentiality, integrity and availability of personal data (for the permissible purposes). Confidentiality means that only those who are authorized to use the data can access it. Integrity means that the data must be accurate and appropriate for the purposes for which it is processed. Accessibility means that authorized users must be able to access the data when they need it for the authorized purpose.
In accordance with the foregoing, LVE shall ensure that appropriate measures are taken to prevent the unlawful or unauthorized processing of Personal Data and to prevent the accidental loss of or damage to Personal Data. These principles are implemented through the use of appropriate hardware and software security measures (including physical access and system access controls, locks, alarms, firewalls, etc.). LVE will implement appropriate procedures and technologies to ensure that Personal Data is protected from the time of collection to the time of deletion. LVE will treat Customer's personal data processed under this Privacy Policy as confidential and will not disclose it to third parties unless such disclosure is required by law and/or expressly authorized by Customer on a case-by-case basis.
Data will be transferred to third countries if the respective third country has been confirmed by the European Commission to have an adequate level of data protection or if other suitable data protection guarantees are in place (e.g. binding internal company data protection regulations or EU standard data protection clauses). With your express consent, data may be transferred to a third country (Art 49 para 1 lit a DSGVO). We hereby inform you about possible risks associated with an intended data transfer and the lack of appropriate data protection guarantees. We use various cookies and similar technologies on our website, with which we and third-party providers sometimes also process personal data. These third-party providers also include Google LLC and YouTube LLC, which are based in the USA and carry out data processing there. The USA has not been certified by the European Court of Justice as having an adequate level of data protection. In particular, there is a risk that your data may be subject to access by US authorities for control and monitoring purposes and that no effective legal remedies are available against this. Before we set cookies and transfer your data to these companies, we ask you for your express consent (Art 6 (1) (a) DSGVO in conjunction with Art 49 (1) (a) DSGVO) and inform you accordingly. You can revoke your consent at any time with effect for the future. The use of Facebook results in the transmission of data to non-EU countries. The transmission takes place in anonymized or pseudonymized form.
If you register on our website and/or create a customer account and have provided us with personal data in this regard as part of our user agreement, we will generally store this data until the expiry of three years after your last contact with us, unless you revoke your consent beforehand. In the event of a contract being concluded, we are obliged to store your personal data after the contract has been fully processed until the expiry of the applicable guarantee, warranty, limitation and retention periods in accordance with the Federal Tax Code, and beyond this until the end of any legal disputes in which the data is required as evidence. If you contact us via the contact form on the website or by mail, the data you provide will be stored by us for 18 months for the purpose of processing the request and in case of follow-up questions.
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer or from the browser of the end device used (in log files). This data is stored until automated deletion. The following data is collected
This data is not merged with other data sources; moreover, the data is deleted after a statistical evaluation that can no longer be traced back to the website visitor, but at the latest after one year.
The storage of data in log files is part of the normal operation of any website on the Internet and is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security and stability of our information technology systems.
Furthermore, we collect IP addresses in order to identify from where our servers may be attacked. We store these for a maximum of seven days, as is customary in the industry. After that, they are anonymized. For data protection reasons, you do not have access to these IP addresses.
Our website uses cookies, small text files that are stored by the Internet browser on your terminal device when you call up a website. Cookies contain a characteristic string of characters that enables unique identification of the browser when the website is called up again. Via the cookie, data stored on the web server is assigned to the accessing device, e.g. language settings, log-in information.
We also use cookies on our website, which enable an analysis of the user's surfing behavior in order to further improve the content and the underlying technology. In principle, the user can also use our pages without cookies. However, a login is required for certain services, which will not work without authentication cookies.
Apart from technically necessary cookies, which may be set on our website in particular in accordance with § 96 TKG and due to our legitimate interest (provision of a functioning online service) in accordance with Art 6 para 1 f DSGVO even without your consent, you can actively consent or reject the use of performance cookies and cookies for marketing purposes before they are set. When you access our website for the first time, a cookie banner will explain the cookies we use in more detail (in particular name, purpose, lifetime, provider). Here you can generally agree to the use of cookies before they are set or make your choice in more detail, depending on the cookie category or even within this cookie category again per cookie / respective cookie provider. You can revoke or change your consent and selection at any time. If further cookies or cookie providers are added after you have given your consent, a cookie banner will be displayed again and you can also make your active selection. In addition, you can also define in your browser settings whether cookies may be set or not. Furthermore, your end device may allow you to control cookies via its settings; you can find out how this works in detail from the instructions of your device manufacturer. If the storage of any consent-enabled cookies is rejected, this may lead to functional restrictions on the website.
Cookies are stored on the user's terminal device and transmitted from it to our website. Session cookies are deleted after the session ends (including closing the browser); permanent cookies are stored permanently. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your browser, you can disable or restrict the transfer of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.
Our website uses "Google Analytics", a web analytics service provided by Google Ireland Limited, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies, which are stored on your computer and which allow an analysis of your use of the website. The information generated by the cookie about your use of this website, such as browser type/version, operating system used, referrer URL (the previously visited page), IP address, time of server request are usually transmitted to and stored by Google on servers in the United States.
The information is used to perform analyses of Internet and website usage, such as anonymized evaluations and graphs on PageViews and Visits. The data is processed exclusively for market research, website optimization and the provision of other services related to Internet use. This information may also be transferred to third parties if required by law or if third parties process the data on our behalf. In no case will your IP address be merged with other data from Google. The IP addresses are anonymized so that an assignment is not possible (IP masking). Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics Help https://support.google.com/analytics/answer/6004245?hl=de.
The legal basis for the processing is your consent, taking into account the lower level of data protection in the U.S. and follows Art. 49 (1) lit. a DSGVO.
On our website we use the "Google Tag Manager" from "Google". Through this service, website tags can be managed via an interface. Tags are small code elements on a website that are used, among other things, to measure traffic and visitor behavior, to record the impact of online advertising and social channels, to use remarketing and targeting, and to test and optimize the website. Google Tag Manager only implements tags. Google Tag Manager tracks a set of trigger rules that determine when these tags should be deployed on a website. According to the configuration, when a user visits the website, the tags are triggered and the corresponding cookies are loaded into their browser. It contains instructions on which tags should be triggered. Using Google Tag Manager makes your use of our website more efficient and faster by managing the correct tags. If a deactivation of Google Tag Manager has been made at the domain or cookie level, it will remain in place for all tracking tags insofar as they are implemented with Google Tag Manager.
The legal basis for this processing activity is your consent, taking into account the lower level of data protection in the USA, and follows Art. 49 (1) lit. a DSGVO. You can object to the collection and storage of data at any time with effect for the future.
We use the online advertising program "Google Ads" from Google and as part of it the conversion tracking offered by Google. A cookie for conversion tracking is stored on your computer when you click on an ad placed by us in the Google search or advertising network. These cookies lose their validity after 30 days and are not used for personal identification. If you visit certain pages of our website while the cookie is valid, both we and Google can recognize that you clicked on an ad and were redirected to this page via it.
Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked across Ads customers' websites. The information obtained using the conversion cookie is used to create conversion statistics for us as an Ads customer. We learn the total number of users who clicked on our ad and were redirected to a page tagged with a conversion tracking tag. However, we do not receive any information with which you can be personally identified as a user.
If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this - for example, via a browser setting that generally disables the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the "www.googleadservices.com" domain. Google's privacy policy on conversion tracking can be found here https://services.google.com/sitestats/de.html.
The legal basis for the data processing is your consent, taking into account the lower level of data protection in the U.S. and follows Art. 49 (1) lit. a DSGVO.
In addition, we use Google's remarketing technology. Via this technology, users who have already visited our website and shown interest are addressed again by targeted advertising on the pages of the Google partner network. The advertising is displayed through the use of cookies. With the help of the text files, user behavior when visiting the website can be analyzed and then used for advertising according to your interests.
Further information on Google Remarketing and Google's privacy policy can be found at: https://www.google.com/privacy/ads/.
The legal basis for this processing activity lies in your consent, taking into account the lower level of data protection in the USA, and follows Art. 49 (1) lit. a DSGVO.
We have integrated components of the company Facebook on our website on the basis of legitimate interest to present customers with current information on events and offers. Facebook is a social network that provides so-called "page insights" in a joint processing.
"Page Insights" are page statistics on "likes", post reach, and other topics that we use primarily on an anonymized basis. You can find more information about this under the following link: https://www.facebook.com/business/a/page/page-insights
Details of the joint processing can be found at: https://www.facebook.com/legal/terms/page_controller_addendum.
This agreement states that Facebook has primary responsibility for processing. However, if you have concerns about security on our website, you can also contact us at any time at our privacy contact address and we will forward your request to Facebook.
Since Facebook is a worldwide social network, we have no influence on the technical and organizational aspects and can only influence the content of LVE.
A social network is a social meeting place operated on the Internet, an online community that usually enables users to communicate and interact with each other in virtual space. A social network can serve as a platform for sharing opinions and experiences, or allows the Internet community to provide personal or business-related information. Facebook allows social network users to create private profiles, upload photos, and network via friend requests, among other things.
Facebook's operating company is Facebook Ireland Ltd.,4 Grand Canal Square Grand Canal Harbour,Dublin 2, Ireland.
Each time one of the individual pages of this website operated by the person(s) responsible is called up and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the data subject is automatically caused by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. Within the scope of this technical procedure, Facebook receives knowledge of which specific sub-page of our website is visited by the data subject.
If the data subject is logged in to Facebook at the same time, Facebook recognizes which specific subpage of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject activates one of the Facebook buttons integrated on our website, for example the "Like" button, or if the data subject makes a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.
Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is logged into Facebook at the same time as calling up our website; this takes place regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook, he or she can prevent the transmission by logging out of his or her Facebook account before accessing our website.
The data policy published by Facebook, which is available at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains which setting options Facebook offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.
By using the service of Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA) Facebook Conversion Pixels, statistical data is collected, which can be used to measure the success of a Facebook ad. In addition, anonymous data about your usage behavior is collected on the website in order to create usage-based online advertising for you. As a user, you benefit from personalized advertising on other websites. This is the only way we can continuously optimize our offer to you. Here you can access the privacy policy of Facebook Inc: https://www.facebook.com/about/privacy.
If you are logged in to Facebook, you can object to the use of the conversion pixel at the following link: https://www.facebook.com/settings?tab=ads
The data processing is based on your consent, taking into account the lower level of data protection in the U.S. and follows Art. 49 para. 1 lit. a DSGVO.
The data collection and storage can be objected to at any time with effect for the future.
Our website uses web fonts (http://www.google.com/webfonts/) from Google Ireland Limited, located at Gordon House, Barrow Street, Dublin 4, Ireland ("Google") for the uniform display of fonts. When you access the first page, your browser loads the web fonts into its browser cache to display text and fonts correctly, without the use of cookies.
Data generated when downloading web fonts from fonts.googleapis.com or fonts.gstatic.com is not linked to data from other Google services. If you do not want to download web fonts, there is also the possibility to install browser extensions (e.g. NoScript or Ghostery). In this case the web fonts will be replaced by default fonts of your browser.
Here you can find the privacy policy of Google WebFonts: https://developers.google.com/fonts/faqPrivacy
The data processing is based on our legitimate interest in the use of synergies, the efficient design of our websites and follows Art.6 para.1 lit.f DSGVO.
With regard to the processing of personal data, the Customer may exercise the following rights:
All requests, including requests for access, rectification, erasure, restriction of processing and/or objection to processing, should be addressed to the main contact person of LVE mentioned in point I. above. All declarations and requests regarding the exercise of rights related to the processing of personal data may be made (i) electronically, by email or by changing the relevant settings in the personal profile area of the Website, or (ii) in writing. Depending on the case, the request must include all relevant facts and circumstances necessary to identify the case. Inquiries and requests will be carefully reviewed by LVE and will normally be responded to within 15 days.
In the event of a personal data breach, the Customer may lodge a complaint with the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, telephone: +43 1 52 152-0, e-mail: dsb@dsb.gv.at, or with the supervisory authority of the Member State in which the Customer has its habitual residence or place of work or in which the alleged breach took place. In addition, the Customer may bring an action against LVE before the competent court (including the competent court in the Customer's place of residence) or before the courts of the Member State in which the Customer has his habitual residence and seek an effective remedy. In all cases, it is recommended that the customer first contact office@levestate.net with their complaint or concern before contacting the Authority.
This privacy policy is currently valid and has the status October 2023. LVE reviews these rules regularly and changes them if necessary to take account of changed circumstances. The current privacy policy can be accessed and printed out at any time on the website at www.levestate.net.
By using this website, you agree to our privacy policy and the use of cookies.