You are here: The Storks
Privacy Policy
Book now
Book now

Data Protection

All personal designations are always meant to be gender-neutral and solely for the purpose of simplified readability.

1 Controller for Data Processing

Controller pursuant to Art. 4(7) of the EU General Data Protection Regulation (GDPR) is


Pfarrgasse 4
5630 Bad Hofgastein
Telefon: +43 (0) 6432 / 27 200

2 Data Processing of Individuals in a Business Context

We process data provided by various individuals through their own statements, such as in the context of an email inquiry, for the initiation and conclusion of a contract or business relationship. Furthermore, we process data of individuals participating in events or attending training.

2.1 Data Subjects

For interested parties, we process the following data: company name, name of the contact person, professional contact and address data. For customers, we process the following data: company name, titles and names of contact persons, professional address and contact data, bank details, contract data including creditworthiness data. For suppliers and business partners, we process the following data: company name, titles and names of contact persons, professional address and contact data, bank details, contract data.

2.2 Data Disclosure

We only disclose personal data to third parties if it is necessary for the purpose of contract processing and fulfillment or is required by legal regulations.

2.3 Storage/Deletion of Data

We will delete the data as soon as storage is no longer necessary, or when legal retention obligations, such as tax retention requirements, have expired. If the basis for processing is consent, we restrict processing or delete the data upon withdrawal of consent, unless legal requirements prevent this.

2.4 Contact via Email

When you contact us via email, the data you provide will be stored by us based on your consent to answer your questions. We will delete the data associated with this as soon as processing is no longer necessary, or we will restrict processing if legal retention obligations exist.

2.5 Legal Basis

The legal basis for data processing includes:

• Contract initiation and performance according to Art. 6(1)(b) GDPR.

• Legal obligations according to Art. 6(1)(c) GDPR (e.g., legally required retention and documentation obligations).

• Legitimate interests of our company pursuant to Art. 6(1)(f) GDPR (e.g., statistical evaluations).

• Art. 6(1)(a) GDPR for obtaining consent (e.g., processing of image data or for advertising purposes).

3 Data Processing When Contacting Us Through Our Website, Newsletter, and Application

3.1 Contact

If you have requested us to contact you through our web form or sent us a message, we will store the data necessary for contact. This includes your first and last name, email address, phone number, and any data you provide us through the contact form. We will delete this data as soon as it is no longer necessary for storage purposes or if you object to the processing.

Legal basis: Art. 6(1)(a) GDPR.

3.2 Newsletter

You have the option to subscribe to our newsletter. For this, we require your email address. You can unsubscribe from the newsletter at any time. After unsubscribing, we will no longer use your data for newsletter delivery. If we have no business relationship with you and are not subject to any legal retention obligations, your data will be deleted after unsubscribing from the newsletter.

Legal basis: Art. 6(1)(a) GDPR.

3.3 Applicants

If you submit your application documents to us, we process the personal data contained therein, as well as your resume and certificates, for the purpose of personnel selection and filling positions. In case of rejection, we will delete your documents 7 months after sending the rejection to you.

Legal basis: Art. 6(1)(b) GDPR.

If you consent to being kept on record for contact at a later date, we will contact you with a separate request for consent. If you explicitly grant this consent, we will store it. If there is no further opportunity for employment with us within one year, we will delete all your applicant data one year after receiving your consent.

Legal basis: Art. 6(1)(a) GDPR.

4 Data Processing When Visiting Our Website

4.1 Informational Use of the Website

When you use our website for informational purposes only, we only collect the personal data that your browser transmits to our server. If you want to view our website, we collect only the data that is technically necessary for us to display our website to you and ensure its stability and security:

• Date and time of the request

• Time zone difference to Coordinated Universal Time (UTC)

• Content of the request (specific page)

• Access status/HTTP status code

• Website from which the request originates

• Browser

• Operating system and its interface

• Language and version of the browser software.

Legal basis: Art. 6(1)(f) GDPR.

4.2 Cookies

In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and associated with the browser you are using and through which certain information flows to the entity that sets the cookie (in this case, us). Cookies cannot execute programs or transmit viruses to your computer.

The cookie allows you to be recognized when you visit the website without having to re-enter data that you have already entered. The information contained in cookies, for example, is used to determine whether you are logged in or which data you have already entered, or to recognize you as a user when a connection is established between our web server and your browser. Most web browsers automatically accept cookies. By using our websites, you agree to the use of these cookies, provided that cookies are accepted according to your browser settings.

4.2.1 Transient Cookies

Transient cookies are automatically deleted when you close the browser. This includes session cookies in particular.

They store a so-called session ID, which can be used to assign various requests from your browser to the common session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.

4.2.2 Persistent Cookies

Persistent cookies are automatically deleted after a specified duration, which can vary depending on the cookie. You can delete cookies at any time in your browser’s security settings.

4.2.3 Third-Party Cookies

These are from providers other than the website operator. They can be used, for example, to collect information for advertising, custom content, and web statistics.

4.2.4 Browsers

Most browsers are set by default to accept all cookies. You can configure your browser to inform you about the placement of cookies and only allow cookies on a case-by-case basis, block the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when you close the browser. Disabling cookies may limit the functionality of our website.

You can also remove cookies stored on your computer at any time by deleting temporary internet files.

Legal basis: Art. 6(1)(f) GDPR (for technical cookies), Art. 6(1)(a) GDPR (for all other cookies).

4.3 Data Processing in the United States

It cannot be ruled out that when visiting our website, personal data may be transferred to the United States. If this is the case, we will point this out in a separate section of this privacy policy.

The GDPR requires suitable safeguards under Article 46 GDPR for data transfers to a third country or an international organization. Such safeguards are not in place for the United States.

Possible risks that cannot currently be excluded for you as a data subject in connection with the aforementioned information include:

• Your personal data may possibly be further disclosed to other third parties (e.g., U.S. authorities) by the respective service provider beyond the actual purpose of order fulfillment.

• You may not be able to effectively assert or enforce your rights to access your data against the respective service provider.

• There may be a higher probability of incorrect data processing because the technical and organizational measures for the protection of personal data may not fully meet the requirements of the GDPR, both quantitatively and qualitatively.

By consenting to the processing of (advertising and marketing) cookies, you explicitly consent to the transfer of data to the United States. You can remove cookies stored on your PC at any time by deleting temporary internet files.

Legal basis: Art. 6(1)(a) GDPR.

5 Data Processing When Using Facebook Connect

For registration on the website, you can also use your Facebook profile via Facebook Connect from the social network Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

By clicking on the provided button, a pop-up in the design of the Facebook login mask will open. Here, you enter your Facebook login data, agree to the data transfer, and are thus logged into our website.

If you are already logged into Facebook, you do not need to perform a separate registration on our website. The connection between Facebook and our website is established automatically. Consent to access specific data on Facebook must still be given.

We have entered into an agreement with Facebook Ireland; nevertheless, it may happen that Facebook Ireland transfers personal data to Facebook USA.

The use of this service involves the transfer of personal data to the United States or cannot be excluded! – More details can be found in section 4.3 of this statement.

For further information, please refer to Facebook’s data policy at

For specific information on Facebook Pixels, please visit

Legal basis: Art. 6(1)(a) GDPR.

Durch den Einsatz dieses Dienstes findet eine Übermittlung personenbezogener Daten in die USA statt bzw. kann eine solche nicht ausgeschlossen werden! – Näheres dazu unter 4.3 dieser Erklärung.

Weitere Informationen entnehmen Sie bitte der Datenrichtlinie von Facebook unter

Spezifische Informationen zu Facebook Pixeln entnehmen Sie bitte aus

Rechtsgrundlage: Art. 6 Abs. 1 lit. a DSGVO

6 Data Processing with Google Services

We have entered into an agreement with Google Ireland Limited (“Google”), a company registered and operating under Irish law (registration number: 368047), with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. Nevertheless, it may happen that data from Europe is transmitted to the United States, over which we as a company have no control.

The use of this service involves the transfer of personal data to the United States or cannot be excluded! – More details can be found in section 4.3 of this statement.

Legal basis: Art. 6(1)(a) GDPR

6.1 Google Analytics

This website uses the “IP anonymization” function (i.e., Google Analytics has been extended with the code “gat._anonymizeIp();” to ensure anonymized collection of IP addresses, also known as IP masking). As a result, your IP address will be truncated by Google within the European Union member states or in other contracting states of the Agreement on the European Economic Area before being transmitted to a server in the United States, where it will be further truncated in exceptional cases.

According to Google, Google will use the information obtained to evaluate your use of the website, compile reports on website activity, and provide us with additional services related to website usage and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. However, Google may transfer this information to third parties if required by law or if third parties process this data on behalf of Google. You can prevent the storage of cookies by adjusting your browser software accordingly. However, we would like to point out that in this case, you may not be able to use all the functions of the website to their full extent. You can also prevent Google from collecting and processing data generated by the cookie related to your use of the website (including your anonymized IP address) by downloading and installing the browser plugin available at the following link:

For more information on terms of use and data protection, please visit and

6.2 Google Analytics Conversion Tracking (Google Ads)

This website also uses Google Conversion Tracking. Google Ads sets a cookie on your computer if you have arrived at our website via a Google ad. These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of the Ads customer’s website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to that page. Each Ads customer receives a different cookie, so cookies cannot be tracked across the websites of Ads customers. The information obtained through the conversion cookie is used to create conversion statistics for Ads customers who have opted for conversion tracking. Ads customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that personally identifies users. If you do not wish to participate in the tracking process, you can also reject the setting of a cookie required for this purpose – for example, through browser settings that generally disable the automatic setting of cookies. You can also disable cookies for conversion tracking by configuring your browser to block cookies from the domain “” You can find Google’s privacy policy here.

If you use Google’s encrypted search function, the search terms are usually not sent as part of the URL in the referrer URL. However, there are some exceptions, for example, if you use certain less common browsers. Further information on SSL search can be found here. Search queries or information in the referrer URL may also be viewed through Google Analytics or an Application Programming Interface (API). In addition, advertisers may receive information about the exact search terms that triggered a click on an ad. More information can be found here:

6.3 Google Fonts

We use Google Fonts. The use of Google Fonts does not require authentication, and no cookies are sent to the Google Fonts API. If you have a Google account, none of your Google account data is transmitted to Google when using Google Fonts. Google only records the usage of CSS and the fonts used, and securely stores this data. You can find more information on this and other questions at

For information about what data is collected by Google and how it is used, you can refer to

6.4 Google APIS /AJAX und JQUERY

For the optimization of loading speed, usability, and indexing of our website, we use JavaScript technologies as well as corresponding program libraries and Content Delivery Networks (CDNs) from external providers. In this specific case, we use the JavaScript library jQuery from the jQuery Foundation, the program interface Google APIs, and the Google AJAX Search API from Google. When you access our website, these external providers may potentially receive personal information about your visit to our website, especially through the transmission of your IP address. Processing of this data outside the EU is possible. You can prevent this by installing a JavaScript blocker or disabling JavaScript in your browser. Disabling or blocking JavaScript may lead to reduced functionality on websites that rely on JavaScript technologies. For more information on data processing by Google, please refer to Google’s privacy policy, currently available at: In the case of jQuery, you can find information on the JS Foundation’s pages at:

6.5 Google+ Button

We have integrated the +1 button from Google Plus on our website. When you visit our website, your browser establishes a connection with Google’s server. According to Google, if you do not click the button, no personal data is processed. Personal data is only processed if you are logged into your Google Plus account. If you want to prevent data processing by Google Plus, you can log out of Google Plus before visiting our website.

6.6 Google Gstatic

Gstatic is a domain used by Google to load static content into another domain name in order to reduce bandwidth usage and improve network performance for end-users.

6.7 Google Maps

On this website, we use Google Maps to provide you with interactive maps directly on the website, enabling you to conveniently use the map functionality. When you visit the website, Google receives information that you have accessed the respective subpage of our website. Additionally, the data mentioned under the “Informative Use of the Website” section is transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or if you do not have a user account. If you are logged into Google, your data is directly associated with your account. If you do not wish for this association with your Google profile, you must log out before activating the button. Google stores your data as user profiles and uses them for advertising, market research, and/or tailoring its website to your needs. Such evaluation is performed, especially (even for users not logged in) to provide tailored advertising and inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you must contact Google to exercise this right.

For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the provider’s privacy policy. You can also find further information about your rights and privacy protection settings here:

6.8 Google Remarketing

We use Google Remarketing on our website. Google Remarketing allows us to display ads to users who have previously visited our website. Within the Google advertising network, ads can be displayed on our site that are tailored to the user’s interests. Google Remarketing uses cookies for this evaluation.

6.9 Google Tag Manager

To track your user behavior, we use Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through an interface. The tool itself (which implements the tags) is a cookie-less domain and does not collect personal data. The tool triggers other tags that may collect data in some cases. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it remains in effect for all tracking tags implemented with Google Tag Manager.

For more detailed information, please visit:

Legal basis: Art. 6(1)(a) GDPR

7 Data processing with the use of Hotjar

We use Hotjar, an analysis software from Hotjar Ltd. (“Hotjar”) (, Malta, Europe), to better understand the needs of our users and optimize the offerings on this website. With the help of Hotjar’s technology, we gain a better understanding of our users’ experiences (e.g., how much time users spend on which pages, which links they click, what they like, and what they don’t, etc.), which helps us tailor our offerings based on user feedback.

Hotjar works with cookies and other technologies to collect information about the behavior of our users and their devices (particularly the IP address of the device, which is only collected and stored in anonymized form, screen size, device type (Unique Device Identifiers), information about the browser used, location (country only), preferred language for displaying our website). Hotjar stores this information in a pseudonymized user profile.

The information is not used by Hotjar or us to identify individual users or merged with further data about individual users. Further information can be found in Hotjar’s privacy policy here. You can prevent Hotjar from collecting data by clicking on the following link and following the instructions provided there: Hotjar Privacy Policy

8 Data Processing when using Instagram

On our website, we use features of the Instagram social media network from Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. The use of this service may result in the transfer of personal data to the USA or such transfer cannot be excluded! – For more details, see section 4.3 of this statement.

The embedding features of Instagram (Embed function) allow us to display images and videos. When you access pages that use such functions, data (IP address, browser data, date, time, cookies) are transmitted, stored, and evaluated by Instagram.

If you are logged into your Instagram account while browsing our website, this data is associated with your personal account. Instagram’s privacy policies, which describe the information Instagram collects and how they use it, can be found at Legal basis: Art. 6(1)(a) GDPR

9 Data Processing when using Server Log Files

To optimize this website in terms of system performance, user-friendliness, and the provision of useful information about our services, the website’s provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This includes the internet protocol address (IP address) of the requesting computer (including mobile devices), browser and language settings, operating system, referrer URL, your internet service provider, and date/time. These data are not merged with personal data sources. We reserve the right to subsequently check these data if we become aware of concrete indications of unlawful use and, in the event of a hacking attack, to pass the data on to law enforcement authorities. There is no further disclosure to third parties.

Legal basis: Art. 6(1)(f) GDPR

10 Data Processing when using hCaptcha

We use hCaptcha from Intuition Machines, Inc., based in the USA, on our website. This service allows us to distinguish whether a contact request comes from a natural person or is automated by a program. The use of this service may result in the transfer of personal data to the USA, or such transfer cannot be excluded! – The GDPR requires suitable safeguards under Article 46 GDPR for data transfers to a third country or an international organization.

Such safeguards are currently not in place for the USA, as US intelligence agencies can access your data without informing you in advance. For this reason, the European Court of Justice declared the previous adequacy decision (Privacy Shield) in Case C-311/18 to be invalid. For more details, see section 4.3 of this statement. Further information can be found in hCaptcha’s privacy policy:

Legal basis for data processing: Consent pursuant to Article 49(1)(a) in conjunction with Article 6(1)(a) GDPR

11 Your Rights

You have the following rights concerning your personal data:

• Right to information, correction, and deletion

• Right to restrict processing

• Right to object to processing

• Right to data portability

Please address your requests and concerns via email to or contact us using the provided contact details.

If you believe that we have violated Austrian or European data protection laws in processing your data, thus infringing on your rights, please contact us to clarify any issues.

You also have the right to lodge a complaint with the supervisory authority, which is the Austrian Data Protection Authority:

Austrian Data Protection Authority

Barichgasse 40 – 42, 1030

Vienna Phone: +43 1 52 152-0


12 Changes to this Privacy Policy

We reserve the right to make adjustments to our privacy policy from time to time. All changes to the privacy policy will be published on this page. Please refer to the most current version of our privacy policy.