Privacy Notice

The protection of your personal data ("Data") is a special concern for us. In this statement, we inform you about how we, 4U Hospitality GmbH (FN 614865 p), Bandgasse 29/5, 1070 Vienna ("4U Hospitality") as the data controller, process your data. If you have any questions about data processing, please contact max@4u-hospitality.com.

When you visit our website, we process data including IP address, IP location, and other access data (such as browser information, system data about devices and operating systems used, date and time of the server request, referrer URL, amount of data sent in bytes). This processing is carried out to protect our legitimate interest in safeguarding our website and infrastructure from attacks and abusive access, and to take legal action if necessary.
The mentioned data categories are irrevocably deleted from the web server log after 30 days, unless they are required for evidentiary purposes for asserting, exercising, or defending legal claims or for judicial actions. In this case, the data will be deleted three months after the legal resolution or cessation of the matter. Providing this data is neither legally required nor necessary for the conclusion of a contract. If you do not provide the data, you may not be able to access the website.
The mentioned data categories are processed for the purposes stated above and, if necessary, disclosed to our hosting provider and, in the event of specific cases, to legal representatives, notaries, public prosecutors, courts, and administrative authorities.

We use a hosting provider for hosting the website. This provider processes the mentioned data on our behalf. In this context, data is transferred to the United States of America. The transfer is based on the European Commission’s adequacy decision EU – U.S. (C(2023) 4745 final), which confirms that the United States provides an adequate level of data protection comparable to that of the European Union. Our hosting provider is certified by the U.S. Department of Commerce in accordance with this decision. You can access the adequacy decision at the following link:
https://commission.europa.eu/system/files/2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework_en.pdf

On our website, the following functional cookies, which are technically necessary for the operation of the website, are set:

Our website uses Google Analytics, a service that allows us to analyze traffic on our website. This service examines, among other things, the origin of visitors (e.g., direct URL entry, search engines, social media platforms), their time spent on specific pages, and search engine usage, thus enabling better monitoring of our online advertising campaigns. Google uses this information on our behalf to compile evaluations about activities on our website and to provide us with website usage and internet usage-related services.\n
\n
\nIf you consent to the storage of the required cookies when visiting our website (§ 165 Abs 3 TKG 2021), the information generated by the cookie about your use of our website will be transferred to and stored on Google servers in the USA:

In this context, data is transferred to the United States. The transfer is based on the European Commission’s adequacy decision EU – U.S. (C(2023) 4745 final), which confirms that the U.S. provides an adequate level of data protection comparable to that of the European Union. Google LLC is certified by the U.S. Department of Commerce in accordance with this decision. You can access the adequacy decision at the following link:\n
\nhttps://commission.europa.eu/system/files/2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework_en.pdf\n
\n
\nProviding this data is neither legally required nor necessary for the conclusion of a contract. You can withdraw your consent at any time with future effect by clicking on the cookie settings in the website footer.

Our website uses Google Tag. Google Tag (gtag.js) is a single tag to use various Google products and services. This allows us to track the use of our website and, based on this, improve its functions.

If you consent when visiting our website (§ 165 Abs 3 TKG 2021), the corresponding information will be transferred to and stored on Google servers in the USA. The transfer is based on the European Commission’s adequacy decision EU – U.S. (C(2023) 4745 final), which confirms that the U.S. provides an adequate level of data protection comparable to that of the European Union. Google LLC is certified by the U.S. Department of Commerce in accordance with this decision. You can access the adequacy decision at the following link:
https://commission.europa.eu/system/files/2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework_en.pdf
Providing this data is neither legally required nor necessary for the conclusion of a contract. You can withdraw your consent at any time with future effect by clicking on the cookie settings in the website footer.

You have the option to subscribe to the 4U Hospitality newsletter for free on our website. By subscribing, we will inform you via email about news, developments, and new products and offers from 4U Hospitality.\n
\n
\nIn this context, we process your contact details. Additionally, we may note if you have signed up for specific information and news (e.g., to be immediately informed about the launch of our application).\n
\n
\nThe processing of this data is based on your consent to be contacted by us via email for the stated purposes. You have the right to withdraw this consent at any time for the future, thereby rejecting further receipt of the 4U Hospitality newsletter. We will therefore store the data until you refuse further receipt.\n
\n
\nOur newsletters include web beacons and tracking pixels. This allows us to track which newsletters we have sent, whether and when you opened them or marked them as spam, whether they were temporarily or permanently undelivered, whether you subscribed or unsubscribed from the newsletter, and which links you clicked on in the newsletters. This information is stored for 90 days after dispatch.\n
\n
\nThe processing of this data is covered by your consent when subscribing to our newsletter. You can withdraw your consent at any time for the future by unsubscribing directly from the newsletter (e.g., using the unsubscribe link in the newsletter) or by email to max@4u-hospitality.com. Providing this data is neither legally required nor necessary for the conclusion of a contract. If you do not provide the data, we cannot contact you. If you do not wish to provide this information, please do not subscribe to the newsletter.\n
\nIn addition to the service providers for operating the website, we use a specialized service provider for sending the 4U Hospitality newsletter. This provider processes the mentioned data on our behalf.

In this section, we inform you about how we process your data in connection with the provision, operation, and use of our platform. Our platform is only available to individuals who are employed in the gastronomy and/or hospitality industry at the time of registration.

All data processed in connection with the platform is stored with a hosting provider. This provider processes the data on our behalf. Member data is stored in Frankfurt, Germany. However, it cannot be definitively ruled out that there may be access or transmission to the United States of America. Such transmission occurs based on the European Commission’s adequacy decision EU – U.S. (C(2023) 4745 final), which confirms that the U.S. provides an adequate level of data protection comparable to that of the European Union. Our hosting provider is certified by the U.S. Department of Commerce in accordance with this decision. You can access the adequacy decision at the following link:
https://commission.europa.eu/system/files/2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework_en.pdf

You have the option to create an account on our platform to reserve or redeem offers provided by hosts on the platform. The processing is based on Art 6 Abs 1 lit b GDPR (pre-contractual and contractual obligations).

In this context, we collect your email address, user data, and a proof of industry (see point 4.3 of the Terms and Conditions) If you have used a code to access our platform free of charge, we also store the code and the period of use. Processing this data is necessary to provide you with the platform. If you do not provide the data, we cannot provide the service.

The collected data is stored for 5 years after the end of the membership period and/or the contractual relationship. This is in line with the legal retention periods.

Access to our platform is only possible for individuals with an active membership. This membership is either free of charge for you because your employer has provided you with an access code, or it is fee-based.

If you have received an access code, the processing of the industry proof mentioned in point 3.2 is not required; however, the corresponding access code will be processed. If you have not received an access code, your payment data will be processed for the membership fee (see point 3.4 of the GTC). The information mentioned is necessary to enable your membership. The processing is carried out on the basis of Art. 6 (1) (b) GDPR (contract initiation and fulfillment). If you do not provide this data, you cannot acquire a membership. However, providing this data is not legally required.

You also have the option to switch between monthly and annual subscription models (see point 3.4 of the GTC). In this context, it is possible that a credit in your favor may arise. In such a case, we also process this to comply with our legal obligation to maintain accounting accuracy (§ 195 ff UGB). Providing this is legally required.

For payment processing, we use a payment processing service provider. This provider processes the aforementioned data on our behalf. In this context, there is a transfer to the United States of America. The transfer is based on the European Commission's adequacy decision EU – U.S. (C(2023) 4745 final), which confirms that the United States has an adequate level of data protection equivalent to that of the European Union. Our service provider is certified by the U.S. Department of Commerce in accordance with the terms of this decision. You have the option to view the adequacy decision at the following link:
https://commission.europa.eu/system/files/2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework_en.pdf

We store your payment data for the duration of the active membership and for three years thereafter (see point 9.3 of the GTC). The storage beyond the membership period is intended to enable you to renew the membership conveniently and without friction during this period. The processing is carried out to protect our legitimate interest in making re-entry for former members as convenient as possible within a year, which could not be achieved by immediate deletion of the data upon membership expiration. This is without prejudice to the legal retention period of § 132 BAO, according to which we must keep books and records, the associated documents, and other relevant business papers and documents in original form for seven years.

Hosts provide exclusive offers on the platform that can only be reserved and redeemed by members. The offers consist either of timeslot offers or walk-in offers.

For timeslot offers, you select the date, time, and number of people for your visit to a host. This reservation request is transmitted to the host you have chosen for confirmation purposes. In this context, your name and email address (as identifiers) are also disclosed. The processing is carried out on the basis of Art. 6 (1) (b) GDPR (contract initiation and fulfillment). A reservation is not possible without this disclosure. However, providing this data is not legally required. For information on further processing of your data by the host, please refer to the host’s privacy notice.

You can view all upcoming and past booked timeslot offers or walk-in offers on the platform. This information is stored for the duration of the active membership and for three years thereafter (see point 9.3 of the GTC). The storage beyond the membership period is intended to enable you to conveniently and frictionlessly track redeemed offers during this period. The processing is carried out to protect our legitimate interest in making retrospective review and possible re-entry for former members as convenient as possible within a year, which could not be achieved by immediate deletion of the data upon membership expiration. This is without prejudice to the legal retention period of § 132 BAO, according to which we must keep books and records, the associated documents, and other relevant business papers and documents in original form for seven years.

Do you want to become a host at 4U Hospitality? In this case, you have the option to submit your contact details to us via a contact form. We will be happy to get in touch with you!\n
\n
\nThe processing of contact details is for the purpose of initiating contractual relationships. We will store your contact details for up to 36 months and will delete them if no contract is concluded between you and 4U Hospitality by then.\n
\n
\nFurthermore, you have the option to receive updates on news, developments, and new products and offers from 4U Hospitality via email (see point 2).\n
\n
\nYou are neither legally nor contractually obligated to provide the data. Providing the data is also not required for the conclusion of a contract.

In connection with the processing of your data, you have the following rights:

If we process your data, you have the right to obtain information about the processing purposes, the categories of processed data, the recipients of this data, the storage duration, the rights available to you, the origin of the data, and the existence of automated decision-making. You may also request a copy of the data that is subject to processing.

If the processing is carried out in the interest of a public concern, in the exercise of public authority, or in the pursuit of a legitimate interest of 4U Hospitality or a third party, you have the right to request the correction of incorrect or incomplete data concerning you. You have the right to request the deletion of data concerning you if the processing of the data is not lawful and no legal obligations on our part prevent the deletion.

You have the right, in certain cases, to request the restriction of the processing of your data.

You have the right to request the transfer of your data, which you have provided to us, in a structured, commonly used, and machine-readable format. You have the right to request that the data be transmitted directly from us to another responsible party, where technically feasible.

You have the right to object at any time to the processing of your data on grounds relating to your particular situation. If you object, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests.

You have the right to revoke the processing of your data, which is based on your consent, at any time. The lawfulness of the data processing carried out up to that point is not affected by this.

If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed in any other way, you can file a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, Barichgasse 40-42, 1030 Vienna (www.dsb.gv.at).