Privacy Policy

1. Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is all data that can be used to identify you personally. Detailed information can be found in the following sections of this privacy policy.

Data Collection on This Website

Who Is Responsible?

Data processing on this website is carried out by the website operator. The contact details can be found below under “Information on the Responsible Party.”

How Do We Collect Your Data?

Your data is collected, on the one hand, when you provide it to us – for example, via a contact form or by email. Other data is automatically collected when you visit the website (e.g., IP address, browser type, time of access). This collection is technically necessary to ensure the secure operation of the website.

What Do We Use Your Data For?

Part of the data is used to ensure the error-free provision of the website; others may be used for statistical analysis of user behavior (e.g., Google Analytics, if you have consented).

Your Rights

You have the right at any time to request information, rectification, deletion, and restriction of processing of your personal data, the right to data portability, to withdraw any consent given, and to object to certain processing. You also have the right to lodge a complaint with the Data Protection Authority (www.dsb.gv.at).

---

2. Responsible Party

The Cottage MedCos GmbH
Mag. Oliver Bergmann
Colloredogasse 1
1180 Vienna, Austria
Phone: +43 1 470 41 97
Email: office@the-cottage.at

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

---

3. General Information on Data Processing

Legal Bases

We process your personal data based on the following legal bases according to Art. 6 GDPR and § 1 DSG:

• Consent (Art. 6 para. 1 lit. a GDPR) – e.g., for analytics or marketing cookies;
• Contract / pre-contractual measures (lit. b) – e.g., for appointment scheduling;
• Legal obligation (lit. c) – e.g., retention obligations under tax or medical law;
• Legitimate interest (lit. f) – e.g., for the secure, error-free operation of the website.

Storage Duration

Data will be deleted as soon as the respective purpose ceases to apply or you withdraw your consent, provided there are no statutory retention obligations (e.g., BAO, UGB, Medical Act) to the contrary.

Data Sharing

We only share data with third parties when necessary for contract fulfillment, when you have consented, or when a legal obligation exists. Service providers (e.g., IT, hosting, or marketing providers) are carefully selected and contractually obligated to process data in compliance with the GDPR.

---

4. Hosting

Hetzner Online GmbH

Our website is hosted on servers operated by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (Germany). A data processing agreement pursuant to Art. 28 GDPR has been concluded with Hetzner. Further information: https://www.hetzner.com/de/rechtliches/datenschutz/.

---

5. Data Collection on This Website

Cookies

Our website uses cookies. These are small text files stored on your device. Necessary cookies serve the technical operation of the website. Optional cookies (statistics, marketing) are set only with your consent according to § 165 TKG 2021. You can withdraw your selection at any time via the cookie banner.

Server Log Files

When visiting this website, the provider automatically collects technical information (e.g., IP address, browser, time, visited page). This data is used solely to ensure the trouble-free operation of the site and is not combined with other data sources.

Contact

If you contact us via email, phone, or form, your details will be stored for the purpose of processing your inquiry. Data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR (pre-contractual measure) or lit. f GDPR (legitimate interest in customer communication).

---

6. Analytics Tools and Advertising

Google Tag Manager

We use Google Tag Manager (Google Ireland Limited, Dublin, Ireland) to centrally manage statistical and marketing tags. The Tag Manager itself does not create user profiles but manages the integrated tools. However, your IP address may be transmitted to Google.

Google Analytics

This website uses Google Analytics for statistical analysis. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Usage occurs only with your consent under Art. 6 para. 1 lit. a GDPR. Cookies are set, and pseudonymized user profiles are created. Data transfer to the USA takes place based on the EU Standard Contractual Clauses. More info: Google Privacy Policy.

Google Ads / Remarketing / Conversion Tracking

Google Ads may be used to measure the success of our online advertising. Provider: Google Ireland Limited. This is done only with your consent (Art. 6 para. 1 lit. a GDPR / § 165 TKG 2021). Data processing may include transfers to the USA.

---

7. Plugins and Tools

YouTube (Enhanced Privacy Mode)

Our website embeds videos via YouTube (Google Ireland Limited). A connection to YouTube is established only when a video is started. If you are logged in, YouTube can associate your usage behavior with your profile. More information: Google Privacy Policy.

Google Maps

We use Google Maps to display locations. Provider: Google Ireland Limited. Usage is based on our legitimate interest in a user-friendly presentation of our practice locations (Art. 6 para. 1 lit. f GDPR). When activated, your IP address may be transferred to the USA.

Google reCAPTCHA

To protect against spam and misuse, we use reCAPTCHA (Google Ireland Limited). The tool analyzes whether input is made by a human. IP addresses and other data may be transmitted to Google. Use is based on our legitimate interest in website security (Art. 6 para. 1 lit. f GDPR).

---

8. Your Rights

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction of Processing (Art. 18 GDPR)
• Data Portability (Art. 20 GDPR)
• Objection (Art. 21 GDPR)
• Withdrawal of Consent (Art. 7 para. 3 GDPR)
• Right to lodge a complaint with the Data Protection Authority (www.dsb.gv.at)

---

9. SSL/TLS Encryption

For security reasons, our website uses SSL or TLS encryption. You can recognize an encrypted connection by “https://” and the lock symbol in your browser’s address bar. This ensures transmitted data is protected against unauthorized access.

---

10. Online Shop (WooCommerce)

Order Processing via WooCommerce

Our website uses the WordPress plugin WooCommerce as the shop system. Provider: Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. WooCommerce provides the technical foundation for selling our products. When placing an order, personal data necessary for order processing (name, billing and shipping address, email address, phone number, payment information) is processed.

Data processing is based on Art. 6 para. 1 lit. b GDPR (contract fulfillment). Without this data, orders via our website are not possible. More information in WooCommerce / Automattic’s privacy policy:
https://automattic.com/privacy/.

Customer Account

If you create a customer account, your data (name, address, email, order history) will be stored to facilitate future purchases. The legal basis is your consent (Art. 6 para. 1 lit. a GDPR). You may request deletion of your account at any time by contacting us at office@the-cottage.at.

Payment Processing

For payment processing, WooCommerce transmits necessary payment data to the respective provider (e.g., credit card company, bank, PayPal, etc.) depending on the selected payment method. Data processing occurs based on Art. 6 para. 1 lit. b GDPR (contract fulfillment) and, if applicable, Art. 6 para. 1 lit. f GDPR (legitimate interest in secure payment transactions).

PayPal

Provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg.
Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Stripe

Provider: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin 2, Ireland.
Privacy Policy: https://stripe.com/de/privacy.

Shipping Service Providers

To deliver our products, we forward your delivery address to the respective shipping provider (e.g., Austrian Post AG, DHL, etc.). This transfer is made solely for delivery purposes and based on Art. 6 para. 1 lit. b GDPR.

Storage Duration

Order and invoice data are stored for 7 years in accordance with Austrian tax and commercial retention obligations (§ 132 BAO, § 212 UGB). After this period, data will be deleted unless legal reasons prevent it.

---

Last updated: 07 November 2025