Privacy Notice

The protection of your personal data ("Data") is a special concern for us. In this statement, we inform you about how we, 4U Hospitality GmbH (FN 614865 p), Bandgasse 29/5, 1070 Vienna ("4U Hospitality") as the data controller, process your data. If you have any questions about data processing, please contact max@4u-hospitality.com.

When you visit our website, we process data including IP address, IP location, and other access data (such as browser information, system data about devices and operating systems used, date and time of the server request, referrer URL, amount of data sent in bytes). This processing is carried out to protect our legitimate interest in safeguarding our website and infrastructure from attacks and abusive access, and to take legal action if necessary.
The mentioned data categories are irrevocably deleted from the web server log after 30 days, unless they are required for evidentiary purposes for asserting, exercising, or defending legal claims or for judicial actions. In this case, the data will be deleted three months after the legal resolution or cessation of the matter. Providing this data is neither legally required nor necessary for the conclusion of a contract. If you do not provide the data, you may not be able to access the website.
The mentioned data categories are processed for the purposes stated above and, if necessary, disclosed to our hosting provider and, in the event of specific cases, to legal representatives, notaries, public prosecutors, courts, and administrative authorities.

We use a hosting provider for hosting the website. This provider processes the mentioned data on our behalf. In this context, data is transferred to the United States of America. The transfer is based on the European Commission’s adequacy decision EU – U.S. (C(2023) 4745 final), which confirms that the United States provides an adequate level of data protection comparable to that of the European Union. Our hosting provider is certified by the U.S. Department of Commerce in accordance with this decision. You can access the adequacy decision at the following link:
https://commission.europa.eu/system/files/2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework_en.pdf

On our website, the following functional cookies, which are technically necessary for the operation of the website, are set:

Subject to your consent given via the cookie banner, we use the web analytics service PostHog (PostHog, Inc., 2261 Market Street #4008, San Francisco, CA 94114, USA). PostHog allows us to understand, on an anonymised basis, how our website and platform are being used, which features are used and where users drop off, with the goal of continuously improving the platform.

Processing takes place in PostHog's EU region (hosted in Frankfurt, Germany, by AWS). We do not perform any advertising tracking, no cross-site tracking and no sharing with third parties for marketing purposes. In individual cases (e.g. for support or maintenance), there may be access from the United States of America. Such transfers are based on the European Commission's adequacy decision EU – U.S. (C(2023) 4745 final). PostHog acts on the basis of a Data Processing Addendum concluded with us in accordance with Art 28 GDPR.

Processing is based on your consent in accordance with Art 6(1)(a) GDPR. You may withdraw this consent at any time with effect for the future via the cookie settings in the footer. The following data categories are processed in particular: pseudonymous user identifier (distinct_id), pages visited, events triggered (e.g. clicks, form steps), device and browser information, truncated IP address, timestamps.

The following cookies and local-storage entries are set as part of using PostHog:

To ensure the stability and security of our website and mobile app, we use the error-monitoring service Sentry, operated by Functional Software, Inc. d/b/a Sentry (45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA). When an error occurs in your browser or in the app, Sentry automatically transmits technical diagnostic data to a server in the European Union (Sentry EU region, Frankfurt, Germany) so that we can fix the issue.

Sentry does not set cookies and does not track usage behaviour. The data processed includes technical diagnostic information such as the error message and stack trace, truncated IP address, browser or app version, operating system, timestamps and, where applicable, a pseudonymous user identifier (if you were logged in at the time of the error) so that the error context can be reconstructed. Processing is based on our legitimate interest in ensuring a secure and reliable operation of our website and app (Art 6(1)(f) GDPR).

In individual cases (e.g. for support or maintenance), there may be access from the United States of America. Such transfers are based on the European Commission's adequacy decision EU – U.S. (C(2023) 4745 final). Sentry acts on the basis of a Data Processing Addendum concluded with us in accordance with Art 28 GDPR. Diagnostic data is retained by Sentry for 90 days by default and is then automatically deleted.

You have the option to subscribe to the 4U Hospitality newsletter for free on our website. By subscribing, we will inform you via email about news, developments, and new products and offers from 4U Hospitality.\n
\n
\nIn this context, we process your contact details. Additionally, we may note if you have signed up for specific information and news (e.g., to be immediately informed about the launch of our application).\n
\n
\nThe processing of this data is based on your consent to be contacted by us via email for the stated purposes. You have the right to withdraw this consent at any time for the future, thereby rejecting further receipt of the 4U Hospitality newsletter. We will therefore store the data until you refuse further receipt.\n
\n
\nOur newsletters include web beacons and tracking pixels. This allows us to track which newsletters we have sent, whether and when you opened them or marked them as spam, whether they were temporarily or permanently undelivered, whether you subscribed or unsubscribed from the newsletter, and which links you clicked on in the newsletters. This information is stored for 90 days after dispatch.\n
\n
\nThe processing of this data is covered by your consent when subscribing to our newsletter. You can withdraw your consent at any time for the future by unsubscribing directly from the newsletter (e.g., using the unsubscribe link in the newsletter) or by email to max@4u-hospitality.com. Providing this data is neither legally required nor necessary for the conclusion of a contract. If you do not provide the data, we cannot contact you. If you do not wish to provide this information, please do not subscribe to the newsletter.\n
\nIn addition to the service providers for operating the website, we use a specialized service provider for sending the 4U Hospitality newsletter. This provider processes the mentioned data on our behalf.

In this section, we inform you about how we process your data in connection with the provision, operation, and use of our platform. Our platform is only available to individuals who are employed in the gastronomy and/or hospitality industry at the time of registration.

All data processed in connection with the platform is stored with a hosting provider. This provider processes the data on our behalf. Member data is stored in Frankfurt, Germany. However, it cannot be definitively ruled out that there may be access or transmission to the United States of America. Such transmission occurs based on the European Commission’s adequacy decision EU – U.S. (C(2023) 4745 final), which confirms that the U.S. provides an adequate level of data protection comparable to that of the European Union. Our hosting provider is certified by the U.S. Department of Commerce in accordance with this decision. You can access the adequacy decision at the following link:
https://commission.europa.eu/system/files/2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework_en.pdf

You have the option to create an account on our platform to reserve or redeem offers provided by hosts on the platform. The processing is based on Art 6 Abs 1 lit b GDPR (pre-contractual and contractual obligations).

In this context, we collect your email address, user data, and a proof of industry (see point 4.3 of the Terms and Conditions) If you have used a code to access our platform free of charge, we also store the code and the period of use. Processing this data is necessary to provide you with the platform. If you do not provide the data, we cannot provide the service.

The collected data is stored for 5 years after the end of the membership period and/or the contractual relationship. This is in line with the legal retention periods.

Access to our platform is only possible for individuals with an active membership. This membership is either free of charge for you because your employer has provided you with an access code, or it is fee-based.

If you have received an access code, the processing of the industry proof mentioned in point 3.2 is not required; however, the corresponding access code will be processed. If you have not received an access code, your payment data will be processed for the membership fee (see point 3.4 of the GTC). The information mentioned is necessary to enable your membership. The processing is carried out on the basis of Art. 6 (1) (b) GDPR (contract initiation and fulfillment). If you do not provide this data, you cannot acquire a membership. However, providing this data is not legally required.

You also have the option to switch between monthly and annual subscription models (see point 3.4 of the GTC). In this context, it is possible that a credit in your favor may arise. In such a case, we also process this to comply with our legal obligation to maintain accounting accuracy (§ 195 ff UGB). Providing this is legally required.

For payment processing, we use a payment processing service provider. This provider processes the aforementioned data on our behalf. In this context, there is a transfer to the United States of America. The transfer is based on the European Commission's adequacy decision EU – U.S. (C(2023) 4745 final), which confirms that the United States has an adequate level of data protection equivalent to that of the European Union. Our service provider is certified by the U.S. Department of Commerce in accordance with the terms of this decision. You have the option to view the adequacy decision at the following link:
https://commission.europa.eu/system/files/2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework_en.pdf

We store your payment data for the duration of the active membership and for three years thereafter (see point 9.3 of the GTC). The storage beyond the membership period is intended to enable you to renew the membership conveniently and without friction during this period. The processing is carried out to protect our legitimate interest in making re-entry for former members as convenient as possible within a year, which could not be achieved by immediate deletion of the data upon membership expiration. This is without prejudice to the legal retention period of § 132 BAO, according to which we must keep books and records, the associated documents, and other relevant business papers and documents in original form for seven years.

Hosts provide exclusive offers on the platform that can only be reserved and redeemed by members. The offers consist either of timeslot offers or walk-in offers.

For timeslot offers, you select the date, time, and number of people for your visit to a host. This reservation request is transmitted to the host you have chosen for confirmation purposes. In this context, your name and email address (as identifiers) are also disclosed. The processing is carried out on the basis of Art. 6 (1) (b) GDPR (contract initiation and fulfillment). A reservation is not possible without this disclosure. However, providing this data is not legally required. For information on further processing of your data by the host, please refer to the host’s privacy notice.

You can view all upcoming and past booked timeslot offers or walk-in offers on the platform. This information is stored for the duration of the active membership and for three years thereafter (see point 9.3 of the GTC). The storage beyond the membership period is intended to enable you to conveniently and frictionlessly track redeemed offers during this period. The processing is carried out to protect our legitimate interest in making retrospective review and possible re-entry for former members as convenient as possible within a year, which could not be achieved by immediate deletion of the data upon membership expiration. This is without prejudice to the legal retention period of § 132 BAO, according to which we must keep books and records, the associated documents, and other relevant business papers and documents in original form for seven years.

Do you want to become a host at 4U Hospitality? In this case, you have the option to submit your contact details to us via a contact form. We will be happy to get in touch with you!\n
\n
\nThe processing of contact details is for the purpose of initiating contractual relationships. We will store your contact details for up to 36 months and will delete them if no contract is concluded between you and 4U Hospitality by then.\n
\n
\nFurthermore, you have the option to receive updates on news, developments, and new products and offers from 4U Hospitality via email (see point 2).\n
\n
\nYou are neither legally nor contractually obligated to provide the data. Providing the data is also not required for the conclusion of a contract.

In connection with the processing of your data, you have the following rights:

If we process your data, you have the right to obtain information about the processing purposes, the categories of processed data, the recipients of this data, the storage duration, the rights available to you, the origin of the data, and the existence of automated decision-making. You may also request a copy of the data that is subject to processing.

If the processing is carried out in the interest of a public concern, in the exercise of public authority, or in the pursuit of a legitimate interest of 4U Hospitality or a third party, you have the right to request the correction of incorrect or incomplete data concerning you. You have the right to request the deletion of data concerning you if the processing of the data is not lawful and no legal obligations on our part prevent the deletion.

You have the right, in certain cases, to request the restriction of the processing of your data.

You have the right to request the transfer of your data, which you have provided to us, in a structured, commonly used, and machine-readable format. You have the right to request that the data be transmitted directly from us to another responsible party, where technically feasible.

You have the right to object at any time to the processing of your data on grounds relating to your particular situation. If you object, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests.

You have the right to revoke the processing of your data, which is based on your consent, at any time. The lawfulness of the data processing carried out up to that point is not affected by this.

If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed in any other way, you can file a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, Barichgasse 40-42, 1030 Vienna (www.dsb.gv.at).