Data Protection Regulation

The protection of your personal data is one of our prime concerns. 


Therefore, we process your data exclusively on the basis of the statutory provisions (GDPR, TKG [Telecommunications Act] 2003). In this data protection statement, we inform you about the most important aspects of data protection within the framework of our website.

Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

Hotel Garni & Apartments Serfaus
Sabine Hochenegger
Untere Dorfstraße 1, 6534 Serfaus

Phone: +43 5476 6321

We use the following data, if you conclude a contract with us:


Personal data which you transmit electronically on this website, such as name, email address, address or other personal information, will only be used by us for the purpose indicated, stored securely and not passed on to third parties. The provider automatically collects and stores information on the web server such as the browser used, operating system, link page, IP address, time of access, etc. These data cannot be associated with any specific individual without checking additional data sources and we also do not analyse these data as long as no unlawful use of our website has occurred.

Reporting requirement

Pursuant to the Austrian Reporting Law you are required to provide us with the data specified in § 5 and § 10 of the Reporting Law. This relates to the following data: Name, date of birth, gender, nationality, country of origin, address plus postal code and - for international guests - type, number, issue location and issuing authority of a travel document, and also the date of arrival and departure.

Core Data

Sur- and first name, address, other contact information (e.g. e-mail-address, telephone number), information about nature and content of our contractual relationship.

Other personal data

Other personal data, which you or third parties make available to us with your consent or otherwise permissibly when initiating a contract, during the contractual relationship (e.g. for the issue of a guest card) or for the fulfilment of legal obligations: Date of birth or age, marital status, gender, profession, proof of identity, bank details, authority to sign or represent, contractual obligation, notice/cancellation periods or further information about your person, which you have provided us.

Purpose limitation, legal basis, storage duration as well as data receivers

  • The collected personal data is required by us for contractual performance, settlement, asserting contractual claims, for customer service and for advertising purposes. The data will be collected, stored, processed and used for these purposes.
  • The legal principles for processing your personal data are, on the one hand, contractual performance, justified interests, the performance of our legal and/or contractual obligations as well as, on the other hand, your consent (e.g. contact form, newsletter, online booking, cookies). Non-provision of these data can have various consequences.
  • We process your personal data, to the extent required, for the duration of the entire business relationship (from the initiation, processing all the way to termination of a contract) and even beyond that in accordance with the legal storage and documentation obligations, which result from the Austrian Commercial Code (UGB), the Federal Fiscal Code (BAO) as well as until the conclusion of any legal disputes, running warranty periods, etc.


It is generally possible to use our website without entering personal data. If personal data (e.g. name, address or email address) is collected on our pages, this will always be on a voluntary basis, wherever possible. This data will not be forwarded to any third parties without your explicit consent. We would like to point out that data transfer via the internet (e.g. when communicating via email) may have security flaws. Flawless protection of your data against access by third parties is not possible.

web server log

For smooth functioning and, if necessary, troubleshooting, web pages generally save logs on the web server where IP addresses are stored. Like many other companies, we operate our website on servers of a professional service provider. While IP addresses by themselves do not allow identifying a person, they could theoretically be associated with people using more elaborate tracking tools, but our website doesn’t. In the logs, the time, the browser type and the page visited are saved. These logs are periodically deleted after a maximum period of one month.

Contact form

If you send us queries using the contact form, your information in the query form and the contact data entered by you therein will be stored by us to process the request and in case of any follow-up questions. However, your accommodation request can only be used by you and sent to us electronically, if you explicitly agree to this data privacy and data usage statement by clicking on the button.

We will not pass this data on without your consent. In this respect, please take note of our data privacy statement.


Our website uses so-called cookies. These are small text files that are stored on your end device with the help of the browser. They do not cause damage. We use cookies to make our website user-friendly. Some cookies will remain stored on your end device until you delete them. They enable us to remember your browser the next time you visit. If you do not want this, you can set your browser so that it informs you about the placing of cookies, and so that you only allow this on a case-by-case basis. Deactivating cookies may limit the functionality of our website.

Web analysis

Our website uses functions of website analysis services Google Analytics and Matomo. The provider of Google Analytics is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Matomo runs on the servers of Cookis GmbH, 6460 Imst, Franz Xaver Rennstrasse 4 (Bakehouse customers). For this purpose, cookies are used that enable users to use the website. The information thereby generated is transferred to the server of the respective provider, where it is stored.

You can prevent this by setting your browser so that no cookies are stored. Your IP address will be logged, but it will be immediately anonymised by deleting the last eight bits clwz. Therefore, only a rough localisation is possible.

The data processing takes place on the basis of the statutory provisions of Section 96(3) TKG and Art. 6(1)(a) (consent) and/or (f) (legitimate interests) GDPR.

Our concern within the scope of GDPR (legitimate interests) is to improve our services and our website. As the privacy of our users is important to us, the user data is pseudonymised.

Use Google Tag Manager

This website uses Google Tag Manager. Google Tag Manager is a solution that enables marketers to manage site tags through a single interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect personally identifiable information. The tool triggers other tags, which may collect data. Google Tag Manager does not access this data. If disabled at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager.


This website uses Hotjar, a web analysis tool. The provider is Hotjar Ltd. in 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000 in Malta. Hotjar records the interactions of randomly selected, individual visitors to the website in an anonymous form. Thus, a protocol of e.g. mouse movements and clicks is created with the goal of showing possible improvement that can be made to a respective internet page. In addition, information on the operating system, browser, incoming and outgoing links, geographical origin, as well as resolution and type of device are evaluated for statistical purposes. This information is not personalised and Hotjar will not share it with third parties.

If you do not want Hotjar to process your data, you can disable the use of cookies in your web browser settings and delete cookies that are already active. By using the "Do Not Track" header, you can refuse to allow Hotjar to collect your data at any time when you visit a Hotjar website. You can find out more information about how to do this by clicking here. You can read more about Hotjar’s data processing here.

Use of Typekit fonts

We use Typekit fonts on our website. This allows us to integrate certain fonts into our website. These fonts are provided by Adobe through servers in the United States. When you visit our website, the visitor's web browser establishes a direct connection to these servers. Among other things, the IP address of the visitor is transmitted to Adobe and stored there. Adobe is participating in the EU-US Privacy Shield: Framework More information about Adobe: Adobe Systems Incorporated, 45 Park Ave, San Jose, California 95110, USA. For more information on data protection when using Typekit:

SSL encryption

For reasons of security and to protect the transfer of confidential content, such as the queries you send to us as the site operator, this site uses SSL encryption. You will recognise an encrypted connection if the address bar of the browser changes from “http://” to “https://” and by the lock symbol in your browser bar. If SSL encryption is activated, the data you send to us cannot be read by third parties.

Twitter - data privacy statement for use

Functions of the Twitter service are included on our site. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. When using Twitter and the “Retweet” function, the websites visited by you will be linked to your Twitter account and disclosed to other users. Data will thereby also be transferred to Twitter. We would like to point out that as the provider of the site, we receive no knowledge about the content of the data transferred or its use from Twitter. Further information can be found in the Twitter data privacy statement at

You can change your data privacy settings on Twitter in the account settings at

Facebook plugins (Like button) - data privacy statement for use

Plugins of social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, are integrated on our site. You will recognise the Facebook plugins by the Facebook logo or the “Like button” on our site. You will find an overview of the Facebook plugins here: When you visit our site, a direct connection will be established between your browser and the Facebook server via the plugin. Facebook will thereby receive notification that you have visited our site with your IP address. If you click on the Facebook “Like button” while you are logged into your Facebook account, you can link the content of our site to your Facebook profile. Facebook will therefore be able to match the visit to our site with your user account. We would like to point out that as the provider of the site, we do not receive any knowledge about the content of the data transferred or its use by Facebook. Further information can be found in the Facebook data privacy statement at

If you do not want Facebook to be able to match the visit to our site with your Facebook user account, please log out of your Facebook user account.

Instagram - data privacy statement for use

Functions of the Instagram service are included on our site. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our site to your Instagram profile by clicking the Instagram button. Instagram will therefore be able to match the visit to our site with your user account. We would like to point out that as the provider of the site, we do not receive any knowledge of the content of the data transferred or its use by Instagram.

Further information can be found in the Instagram data privacy statement at

Google Maps - data privacy statement for use

This website uses the Google Maps product by Google Analytics is the Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA. By using this website, you consent to the collection, processing and use of the automated data collected by Google Inc, its agents and third parties. You can find the Terms of Use for Google Maps under "Google Maps Terms of Service":

ISSUU - data privacy statement for use

Functions of the ISSUU service are included on our site. These functions are offered by Issuu, Inc., 131 Lytton Ave, Palo Alto, CA 94301, USA. With the Issuu service, you can connect, work with, approve and mix documents with other users of the Issuu service community on the internet. We would like to point out that as the provider of the site, we do not receive any knowledge about the content of the data transferred or its use by ISSUU. Further information can be found in the ISSUU Inc. data privacy statement at


Use of data is by feratel media technologies AG, Maria-Theresien-Straße 8, 6020 Innsbruck, FN 72841w Landesgericht Innsbruck.

Matomo analytics services Feratel

feratel media technologies AG uses Piwik, which is a Web analysis service. Piwik uses “cookies”, which are text files stored on your computer that enable us to analyze use of the Website/player. For this, the usage information generated by the cookie (including your abbreviated IP address) is transmitted to the feratel media technologies AG server and stored for usage analysis purposes to help us optimize the Web page/player. Your IP address is immediately anonymized during this process so that you remain anonymous to us as a user. We do not disclose the information generated by the cookie about your use of this Website/player to third parties. Although you can refuse use of cookies by selecting the appropriate settings on your browser, it could be that you may not be able to use the full functionality of this website/player in this case. If you do not agree with the storage and analysis of this data from your visit, then you can object to the storage and use of the following at any time with the click of a mouse. In this case, a so-called opt-out cookie is stored in your browser, with the result that Piwik does not collect any session data. If you wish to opt-out, click the following link to put the Piwik opt-out cookie in your browser.

Analytics services ÖWA tracking pixels Feratel

Our Website/player uses the “Scalable Central Measurement Method” (SZM) of Austrian Web Analytics (ÖWA) to determine statistical characteristics for using our offers. Anonymous measured values are read. The SZM range measurement alternatively uses either a cookie with the identifier “” or a signature that is created from the various automatically transmitted information from your computer for the purpose of recognizing computer systems. IP addresses are not stored in the process and are processed only in anonymous form. The range measurement was developed in compliance with data protection. The goal of the range measurement is to statistically determine the intensity of use and the number of users of a Website/player. At no time are individual users identified. No advertising about the system is delivered either. The usage statistics collected by Austrian Web Analytics (ÖWA) are published monthly and can be viewed at

Note: If you delete your cookies, this will result in the opt-out cookie being deleted as well and you may have to re-activate it.

Your rights

You have the fundamental right to information, correction, deletion, restriction, data transferability, cancellation and objection. If you believe that the processing of your data violates data protection law or that your legal data protection rights have been violated in any other way, you may make a complaint to the supervisory authority. In Austria, this is the Datenschutzbehörde [data protection authority].