SalzGuide

Explore
AI-Guide
Bookmarked
Profile
Menu
🇦🇹 Deutsch
Login
Menu
Privacy Policy

Data Controller

Anton Steiner

Funkestraße 5

5020 Salzburg

Austria

Tel.: +43 664 5279354

Email: anton@steinermedia.at

We process personal data exclusively on the basis of statutory provisions (GDPR, TKG 2021). The protection of your data is particularly important to us. Below, we inform you about the type, scope, and purpose of data processing on the website www.salzguide.com.

1. Access Data / Server Log Files

When you visit this website, the hosting provider automatically collects data (server log files): IP address, date and time of access, pages viewed, browser type, operating system, and referrer URL. This data is technically necessary to display the website correctly and is processed for security purposes (e.g., to detect misuse).

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in the operation and security of the website).

2. Cookies and Local Storage (Tour Personalization)

Our website uses cookies and similar storage technologies (such as your browser’s local storage) to provide certain functions and improve user experience.

  • Tour Personalization (Functional Cookies): On certain subpages, we offer you the opportunity to answer questions about your preferences to provide you with tailored recommendations. Your answers are stored locally in your browser in the form of a functional cookie. This is technically necessary so that your selection is not lost while navigating the site. Legal basis: § 165 (3) TKG 2021 in conjunction with Art. 6 (1) lit. b GDPR (performance of a contract) or lit. f (legitimate interest).

  • Consent-requiring Cookies: Other cookies are only set with your explicit consent (e.g., for statistics or analysis). Legal basis: Art. 6 (1) lit. a GDPR (consent).

3. User Account and Membership (SalzGuide Pro)

To use extended features (SalzGuide Pro), the creation of a user account is required. Registration and management are handled via the “Simple WP Membership” plugin. The data you provide in the registration form (especially name, email address, username, and membership status) will be processed.

This data is required to grant you access to protected content and manage your Pro membership. The password is encrypted and cannot be viewed by us.

Legal basis: Art. 6 (1) lit. b GDPR (performance of a contract).

4. Payment Processing (Stripe)

For the purchase of the “SalzGuide Pro” membership, we use the payment service provider Stripe (Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Dublin 2, Ireland). When you make a booking via the payment button, your payment data (e.g., credit card number, billing address) is transmitted directly to Stripe.

We only receive a confirmation of successful payment from Stripe and do not store full credit card details on our own servers.

Data transfer to the US: Stripe Inc. is certified under the EU-US Data Privacy Framework (DPF). This guarantees an adequate level of data protection. Further information can be found at: https://stripe.com/at/privacy.

Legal basis: Art. 6 (1) lit. b GDPR (performance of a contract).

5. Bookmark Function (CBX Bookmarks)

Logged-in “SalzGuide Pro” users have the option to save subpages and tours using the “CBX Bookmarks” plugin. This selection is linked to your user account in our database so that you can access your saved favorites each time you log in.

Legal basis: Art. 6 (1) lit. b GDPR (provision of the contractually agreed service).

6. Web Analytics (Independent Analytics / Google Analytics)

To analyze user behavior, we use:

  • Independent Analytics: A locally operated, privacy-friendly plugin without cookies for statistical analysis.

  • Google Analytics: If activated, data is transmitted to Google (USA). Google Analytics uses cookies. Legal basis: Your consent (Art. 6 (1) lit. a GDPR). Further information: https://policies.google.com/privacy.

7. AI Features (Chatbot, AI Guide & Voice Input via OpenAI)

Our website uses AI features in several places, which are powered
by the OpenAI API (OpenAI Ireland Ltd. / OpenAI, Inc., USA):

a) AI Chatbot (plugin “AI Engine”):
On individual subpages, a chatbot is available that answers inquiries
via the OpenAI API. Data is not used to train AI models.

b) AI Guide (spot finder with free-text input):
Through the “AI Guide”, you can describe in your own words what you
are looking for. The text you enter is transmitted together with our
curated spot list to OpenAI to generate matching recommendations.
The data is not used to train AI models, in accordance with the
OpenAI API Policy.

c) Voice Input via Whisper:
In the AI Guide, you also have the option to use the microphone
instead of typing. When you actively press the microphone button,
your audio recording is transmitted via our server to OpenAI’s
Whisper API, converted into text there, and subsequently deleted.
We do not store any audio files permanently. Activation only happens
upon your active input; without clicking the microphone button, no
audio transmission takes place. Before the first recording, you will
receive a corresponding notice.

Technical data processed (AI Guide):
Your IP address is stored locally in WordPress transients for a
maximum of 24 hours for rate-limiting and abuse prevention.
Additionally, we set a technical session cookie (sg_kifree_v1) that
caches your latest results for up to 30 days, so you can still access
them after navigating away from the page.

Data transfer to the US:
OpenAI is certified under the EU-US Data Privacy Framework (DPF).
This guarantees an adequate level of data protection. Further
information: https://openai.com/policies/privacy-policy.

Legal basis:
Art. 6 (1) lit. b GDPR (provision of the service you actively
requested) and Art. 6 (1) lit. f GDPR (legitimate interest in
abuse prevention through rate-limiting). By actively using the AI
features, you consent to the processing described here (Art. 6 (1)
lit. a GDPR).

8. Interactive Maps and Navigation (Mapbox)

We use Mapbox (USA) for our maps. Since this is the essential core feature of SalzGuide, integration takes place on the basis of our legitimate interest (Art. 6 (1) lit. f GDPR) and for the performance of a contract (Art. 6 (1) lit. b GDPR). Mapbox is DPF-certified. Further information: https://www.mapbox.com/legal/privacy.

9. Integration of External APIs (Weather and Opening Hours)

To offer you an optimal experience when planning your tour, we integrate live data via external Application Programming Interfaces (APIs):

  • Meteoblue (Weather Data): To display the current local weather, we use an interface from meteoblue AG (Basel, Switzerland). Under data protection law, Switzerland is considered a secure third country with an adequate level of data protection.

  • Google Places API (Opening Hours): To show you in real-time whether recommended places are open, we use the Google Places API from Google (Google Ireland Limited, Dublin, Ireland). Data may also be transferred to servers in the USA. Google is certified under the EU-US Data Privacy Framework (DPF).

When accessing this live data, your browser establishes a direct connection to the respective provider’s servers, transmitting your IP address for technical reasons. Legal basis: Art. 6 (1) lit. f GDPR.

10. Local Fonts (Google Fonts)

Google Fonts are integrated locally on our server. No connection to Google servers is established.

11. Caching, Performance, and Image Optimization (Autoptimize, WP Fastest Cache, Smush)

To optimize loading times and reduce data traffic, we use performance plugins (e.g., Autoptimize, WP Fastest Cache). Generally, no personal data is stored here.

To compress our images, we use the “Smush” plugin by the provider WPMU DEV (Incsub, LLC, USA). To improve loading times, images are sent via an interface to WPMU DEV servers for optimization. Your IP address is transmitted for technical reasons. The servers do not store this data permanently but delete the images immediately after processing. Legal basis: Art. 6 (1) lit. f GDPR.

12. Content Delivery Network (Cloudflare) and Media Hosting

To provide our website securely, quickly, and reliably worldwide, as well as for the secure exchange of API keys, we use the Content Delivery Network (CDN) and Object Storage service from Cloudflare (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA).

All data traffic between your browser and our website (including our self-hosted audio and video files) is routed through Cloudflare’s infrastructure. Cloudflare processes your IP address and access data for technical reasons. We use Cloudflare purely for performance and security optimization, which is why no extensive behavioral analyses or bot defense challenges take place on the user end.

The audio and video files (.mp3, .mp4) on our website are hosted either directly on our server or via Cloudflare. There is no integration of external third-party platforms like YouTube or TikTok, meaning no user data flows to such networks.

Additionally, we use the Cloudflare R2 object storage service for the temporary storage of videos that you upload via our Video Maker (see Section 19). The R2 servers are operated in the EU region. Cloudflare processes the uploaded content and your IP address as a data processor in accordance with Art. 28 GDPR. A corresponding Data Processing Agreement is in place.

Data transfer to the US: Cloudflare is certified under the EU-US Data Privacy Framework (DPF). This guarantees an adequate level of data protection.

Legal basis: Art. 6 (1) lit. f GDPR (our legitimate interest in a secure and fast provision of our online offering) and Art. 6 (1) lit. b GDPR (performance of a contract for the Video Maker).

13. Contact by Email

If you contact us via email, the personal data you transmit (such as your email address and the content of your inquiry) will be stored by us for the purpose of processing your request. We will not pass on this data without your consent.

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in responding to user inquiries) and, if applicable, Art. 6 (1) lit. b GDPR (if the inquiry is aimed at the conclusion or fulfillment of a contract).

14. Hosting

Our website is hosted on servers within the European Union. A Data Processing Agreement in accordance with Art. 28 GDPR is in place.

15. Data Disclosure to Third Parties

Data is only passed on if this is necessary for the performance of a contract (e.g., payment processing via Stripe), if a legal obligation exists, or if you have given your consent.

16. Your Rights

You have the right to information, rectification, deletion, restriction of processing, data portability, withdrawal of consent, and objection. Complaints can be directed to the Austrian Data Protection Authority (www.dsb.gv.at).

17. Contact for Data Protection Matters

Anton Steiner

Funkestraße 5

5020 Salzburg

Tel.: +43 664 5279354

Email: anton@steinermedia.at

18. Amendments to this Privacy Policy

We reserve the right to make adjustments in the event of technical or legal changes. The current version is always available here.

19. Video Maker (Create Your Own Story Videos)

On certain spot pages, we offer you the option to upload a short video of your own hike to create a personalized story video together with our 3D animation. This feature is voluntary and is only triggered upon your active request.

Data processed:

— The video you upload
— Your IP address (for abuse prevention and to limit the number of videos per user)
— Technical metadata about the render process (e.g., a randomly generated render ID, request timestamp)

We process this data exclusively for the purpose of video creation and engage the following external service providers:

a) Cloudflare R2 (Cloudflare, Inc., USA) — temporary storage of your uploaded original video and the finished story video. Server region: EU. See also Section 12. Cloudflare is certified under the EU-US Data Privacy Framework (DPF).

b) Creatomate (Creatomate B.V., Stadhuiskade 47, 3811 LB Amersfoort, Netherlands) — automated merging of your video with our 3D animation. The provider is based in the EU. During the render process, Creatomate retrieves your uploaded video from Cloudflare R2.

c) n8n (self-hosted on a server in Frankfurt, Germany) — workflow automation for managing the render process.

Storage duration: Uploaded original videos are automatically deleted after 24 hours. The finished story videos are also automatically deleted after 24 hours. You will be informed accordingly in the modal before uploading.

Data Processing Agreements pursuant to Art. 28 GDPR are in place with all of the providers mentioned.

Legal basis: Art. 6 (1) lit. b GDPR (provision of the service you actively requested) and Art. 6 (1) lit. f GDPR (legitimate interest in the security of the service and abuse prevention).

Note: Please do not upload videos in which third parties (e.g., other people) are clearly identifiable without their explicit consent. As the uploading person, you are responsible for the content.