Privacy Policy

Information about the processing of personal data on our website

We take the protection of your personal data very seriously. This privacy policy transparently informs you about all aspects of data processing on our website.

1. Data Controller

The data controller for this website is:

Arca Resort eG

Address:
Phone:
Email:
Website:

2. Purposes and Legal Basis

We process personal data only to the extent necessary to provide this website and ensure the functionality and security of our network infrastructure. In addition, we process personal data to the extent required to fulfill legal obligations in the area of cybersecurity for operators of critical infrastructure or digital services.

Legal Basis
Art. 6 para. 1 lit. f GDPR (legitimate interest) and Art. 6 para. 1 lit. c GDPR (legal obligations).

Only technically necessary processing is carried out; in particular, we do not use any analysis, tracking or marketing services or any non-essential cookies.

3. Local Settings on Your Device

To ensure comfortable use of the website, we store some settings directly on your device.

These include in particular:

Language
The language you have selected for the website
View
Light or dark design
Reading Position
Current position within the page
No Transmission
This information remains on your device and is not transmitted to us. No other cookies or comparable technologies are used for analysis or marketing purposes.

4. Email Communication

If you contact us by email, we process the data generated in the process to handle your request.

Collected Data

When communicating by email, the following data may be collected and processed:

CategoryData
SenderYour email address and optionally your name
RecipientOur email address
MetadataSubject, date and time
ContentEmail text and optionally attachments
SubmissionsAll information you voluntarily send us
Note
Since we cannot know the content of your email before processing it, we process all information you transmit to us. Which data this is in individual cases depends on your message.

Purpose of Processing

We process this data to:

Communication
Respond to your inquiries
Processing
Handle your concerns
Documentation
Archive communication for records

No Disclosure to Third Parties

No Disclosure
Personal data is not disclosed to third parties. Disclosure only occurs if we are legally required to do so.

Legal Basis

Legal Basis
Art. 6 para. 1 lit. f GDPR (legitimate interest in communication) and Art. 6 para. 1 lit. a GDPR (consent for voluntary contact).

5. Connection Data

When you access our website, connection data (metadata of the network connection) is technically generated.

Collected Data

The following data may be collected and processed:

CategoryData
IdentificationIP address of your device
TimestampDate and time of access
RequestAddress accessed (URL, path and query parameters)
MethodHTTP method (e.g. GET, POST)
ProtocolProtocol version used (e.g. HTTP/1.1)
ResponseHTTP status code of the response (e.g. 200, 404)
SizeSize of the transferred response in bytes
OriginReferrer information if applicable (address of the previously visited page)
ClientUser-Agent (browser/client version, operating system)
InternalTechnical information about processing (response time, backend services, etc.)

Purpose of Processing

We use this connection data to:

Provision
Provide our website
Monitoring
Monitor network quality
Availability
Ensure technical availability
Security
Guarantee platform security
Scaling
Adapt performance to current demand
Analysis
Conduct case-related evaluations in case of suspicion

Service Restrictions

In the event of service restrictions, we may store and evaluate relevant connection data to identify involved parties and, if necessary, take legal action.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in clarifying security incidents) and Art. 6 para. 1 lit. c GDPR (statutory security and reporting obligations).

TLS Encryption
The connection between your device and our service is transport-encrypted via TLS (HTTPS).

6. Retention Period

The connection data mentioned in Section 5 is regularly stored for a period of up to 90 days.

Why 90 days?
This retention period is necessary to reliably detect and analyze attacks, security incidents and recurring disruptions - especially in the environment of critical infrastructures.

After this period, the data is deleted or anonymized.

Storage beyond this period only occurs on a case-by-case basis in connection with:

Security-relevant Incidents
Security incidents and suspected cases
Legal Claims
Enforcement, exercise or defense of legal claims
Retention Obligations
Fulfillment of statutory retention, evidence or documentation obligations

7. Your Rights

Under the GDPR, you have the following rights, among others:

RightDescription
AccessRight to information about data stored about you
RectificationRight to rectification of incorrect data
ErasureRight to erasure
RestrictionRight to restriction of processing
ObjectionRight to object to processing
Data PortabilityRight to data portability

To exercise these rights, you can contact us at any time using the contact details above.

Note on Objection, Restriction of Processing and Use of the Service

We process personal data to ensure the technical provision and security of our website and network infrastructure based on Art. 6 para. 1 lit. f GDPR. This processing is technically necessary for the secure and trouble-free operation of the service.

You have the right to object to this processing at any time or to request a restriction of processing pursuant to Art. 18 or Art. 21 GDPR. In this case, we may not be able to provide the service to you in whole or in part, as use without this technically necessary processing is not possible.

If you continue to use our service after a valid objection, we will interpret this as a withdrawal of your previously declared objection. A renewed objection is possible at any time, but then requires that you discontinue use of the service.

8. Right to Complain

You also have the right to complain to a data protection supervisory authority about the processing of your personal data.

Last updated: March 2026

Overview

Legal documents and information about Arca Resort eG

Company details

Company details and legal information for Arca Resort eG