Privacy Policy
Elevia e.U.
Last updated: February 20, 2026
General Information
The protection of your personal data is very important to us.
We process your personal data exclusively in accordance with the applicable legal provisions, in particular the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG), and the Austrian Telecommunications Act 2021 (TKG 2021).
This Privacy Policy explains how we collect, process, store and protect personal data when you visit our website, contact us, submit an inquiry, use our online forms, communicate with us, or use services connected to our website.
Controller
The controller responsible for data processing is:
Elevia e.U.
Owner: Peiman Riazati Kesheh
Keplerstraße 4/3/12
4040 Linz
Austria
Email: office@elevia.at
Phone / WhatsApp: +43 650 520 1009
Categories of Personal Data We Process
Depending on how you use our website or contact us, we may process the following categories of personal data:
Name
Email address
Phone number
City and country
Company name or organization name, if provided
Shopping center, event location or venue name
Event details
Availability dates
Type of inquiry, booking or cooperation
Message content
Communication history
Technical data such as IP address, browser type, browser version, operating system, referrer URL, date and time of access
Cookie and consent data
Website usage data, if analytics services are used with your consent
Payment-related data, if payment services are used
Other information voluntarily provided by you
We only collect personal data that is necessary for the respective purpose or that you voluntarily provide to us.
Website Hosting
Our website is hosted by a hosting provider.
The hosting provider may process technical data such as IP addresses, access data and server log files on our behalf in order to provide, secure and maintain the website.
Where required, we have concluded a data processing agreement with the hosting provider in accordance with Art. 28 GDPR.
The hosting provider may use technical infrastructure within the European Union or the European Economic Area. If data is processed outside the EU or EEA, this will only take place in accordance with the applicable GDPR requirements.
Server Log Files
When you access our website, the hosting provider automatically collects and stores information in so-called server log files.
These may include:
IP address
Browser type and browser version
Operating system
Referrer URL
Date and time of the server request
Requested pages or files
Amount of data transferred
Access status or error messages
These data are processed for the purpose of ensuring the technical functionality, stability and security of the website, as well as for detecting and preventing misuse, attacks or technical errors.
Legal basis:
Art. 6(1)(f) GDPR – legitimate interest in the secure and stable operation of the website.
Server log files are stored only for a limited period and are deleted or anonymized unless further storage is required for security, technical or legal reasons.
Contact Form, Inquiry Forms and Email Communication
If you contact us via email, contact form, inquiry form, rent form, location/cooperation form or any other communication channel, we process the data you provide in order to handle your inquiry and communicate with you.
This may include:
Name
Email address
Phone number
City and country
Event or location details
Shopping center or venue name
Requested availability dates
Type of inquiry, booking or cooperation
Message content
Other information voluntarily provided by you
The purpose of processing is to respond to your inquiry, prepare offers, communicate about possible cooperation, process bookings, carry out pre-contractual or contractual measures, and maintain business correspondence.
Legal basis:
Art. 6(1)(b) GDPR – pre-contractual measures or contract performance
Art. 6(1)(f) GDPR – legitimate interest in communication and business correspondence
Inquiry and communication data are generally stored for up to 12 months after the last communication, unless a longer retention period is required due to contractual, legal, tax, accounting or legitimate business reasons.
Communication via WhatsApp
If you contact us via WhatsApp, we process the personal data transmitted by you through this communication channel, such as your phone number, name, profile information if visible, message content and communication history.
WhatsApp is operated by WhatsApp Ireland Limited and/or companies of the Meta group.
Please note that when using WhatsApp, personal data may also be processed by WhatsApp or Meta in accordance with their own privacy policies. This may include metadata and technical information.
The use of WhatsApp is voluntary. If you do not wish to communicate via WhatsApp, you may contact us by email instead.
Legal basis:
Art. 6(1)(b) GDPR – pre-contractual measures or contract performance
Art. 6(1)(f) GDPR – legitimate interest in efficient communication
Art. 6(1)(a) GDPR – consent, where applicable
Cookies and Similar Technologies
Our website uses cookies and similar technologies.
Cookies are small text files that are stored on your device. Some cookies are technically necessary for the proper functioning of the website. Other cookies may be used for analytics, statistics, marketing, external media, embedded content or other optional services, but only if you have given your consent.
Technically necessary cookies are used to provide essential website functions, ensure security, remember technical settings, store cookie preferences, and enable proper website operation.
Optional cookies and similar technologies, including analytics or marketing cookies, are only used after your consent via the cookie banner.
You can manage or withdraw your consent at any time via the cookie settings link in the footer of the website, if such services are active.
Legal basis:
Art. 6(1)(f) GDPR – legitimate interest for technically necessary cookies
Art. 6(1)(a) GDPR – consent for optional cookies and similar technologies
TKG 2021 – where applicable for storing or accessing information on your device
Google Analytics
We use Google Analytics, a web analytics service provided by:
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland
Google Analytics helps us understand how visitors use our website, which pages are visited, how long visitors stay on the website, how visitors interact with our content, and how we can improve our online presence.
Google Analytics uses cookies and similar technologies. Information about the use of our website may be processed, including:
Visited pages
Time spent on the website
Click and interaction data
Approximate location
Device information
Browser information
Operating system
Referrer URL
Date and time of access
Google Analytics is only activated after your explicit consent via the cookie banner.
Where available, IP anonymization is activated. Data may also be processed by Google companies outside the European Union or the European Economic Area. In such cases, Google uses appropriate safeguards under the GDPR, such as adequacy decisions or standard contractual clauses, where applicable.
Legal basis:
Art. 6(1)(a) GDPR – consent
You may withdraw your consent at any time via the cookie settings.
Further information about Google’s data processing can be found in Google’s Privacy Policy.
Google Tag Manager
Our website may use Google Tag Manager, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows website tags and scripts to be managed efficiently. Google Tag Manager itself does not create user profiles or perform independent analytics. However, it may trigger other services, such as Google Analytics, depending on your consent settings.
Google Tag Manager may process technical data such as your IP address for technical delivery and security purposes.
Legal basis:
Art. 6(1)(f) GDPR – legitimate interest in efficient technical management of website tags
Art. 6(1)(a) GDPR – consent, where consent is required for services triggered through Google Tag Manager
Embedded Content and External Media
Our website may include embedded content or links to external platforms, such as videos, maps, social media posts, image galleries or other third-party content.
Such external content may be provided by third-party providers, for example Google, Meta, YouTube, Instagram, Facebook, TikTok or similar services.
If embedded content is activated, the respective third-party provider may process personal data, including IP address, device information, browser information, usage data or interaction data.
Where legally required, external media and optional third-party content will only be activated after your consent via the cookie banner or a similar consent mechanism.
Legal basis:
Art. 6(1)(a) GDPR – consent
Art. 6(1)(f) GDPR – legitimate interest, where applicable and legally permitted
Social Media Presence
Elevia may maintain profiles on social media platforms such as Instagram, Facebook, TikTok or similar services.
If you visit or interact with our social media profiles, personal data may be processed by the respective platform provider. The platform provider is generally responsible for its own data processing activities.
We may process data that you voluntarily provide to us through social media, such as messages, comments, reactions, profile names or other communication content, in order to respond to inquiries, communicate with you or present our services.
Legal basis:
Art. 6(1)(b) GDPR – pre-contractual measures or contract performance
Art. 6(1)(f) GDPR – legitimate interest in communication, marketing and public relations
Art. 6(1)(a) GDPR – consent, where applicable
Please refer to the privacy policies of the respective platforms for further information.
Payment Services
Our website currently may not process direct online payments.
If payment services are introduced or used in the future, personal data required for payment processing may be transmitted to the respective payment provider. This may include name, payment amount, transaction data, invoice data and payment method information.
Payment providers process data either on our behalf, as independent controllers, or as joint controllers, depending on the specific service.
Legal basis:
Art. 6(1)(b) GDPR – contract performance
Art. 6(1)(c) GDPR – legal obligations
Art. 6(1)(f) GDPR – legitimate interest in secure payment processing
We do not store full payment card details unless this is technically necessary and legally permitted. Payment data is generally processed directly by the payment provider.
Newsletter and Marketing Communication
If we offer a newsletter or direct marketing communication in the future, we will only send such communication if you have given your consent or if another legal basis applies.
You may withdraw your consent or unsubscribe from marketing communication at any time.
Legal basis:
Art. 6(1)(a) GDPR – consent
Art. 6(1)(f) GDPR – legitimate interest in direct marketing, where legally permitted
Data Recipients and Service Providers
We do not sell your personal data.
However, personal data may be transferred to service providers or third parties where this is necessary for the operation of our website, communication, business administration, legal compliance, marketing, analytics or contract performance.
Recipients may include:
Hosting providers
IT service providers
Website and maintenance providers
Email and communication service providers
WhatsApp or other communication providers
Payment providers, if used
Accounting and tax advisors
Legal advisors
Insurance providers
Marketing and analytics service providers
Cookie consent management providers
Social media platforms, where applicable
Authorities, courts or public bodies where legally required
Other service providers necessary for operating our business
Where service providers process personal data on our behalf, we conclude data processing agreements in accordance with Art. 28 GDPR where required.
International Data Transfers
Some service providers, especially communication, analytics, marketing, social media or technology providers, may process personal data outside the European Union or the European Economic Area.
Where personal data is transferred to third countries, such transfers will only take place in accordance with the GDPR, for example on the basis of an adequacy decision, standard contractual clauses, consent, or another legally permitted safeguard.
This may apply in particular to services provided by international technology companies, including Google, Meta, WhatsApp, Instagram, Facebook, TikTok, YouTube or similar providers, where used.
Data Retention
We store personal data only for as long as necessary for the respective processing purpose.
The following general retention periods may apply:
Inquiry and contact data: generally up to 12 months after the last communication
Contract, booking, invoice and accounting data: according to statutory retention obligations under Austrian commercial, tax and accounting law
Server log files: for a limited period, unless further storage is required for security or legal reasons
Cookie consent records: as long as necessary to prove consent and compliance
Analytics data: according to the settings of the respective analytics tool and applicable legal requirements
Payment-related data: according to contractual and statutory retention obligations, if payment services are used
Legal claims and dispute-related data: as long as necessary to assert, exercise or defend legal claims
After the applicable retention period expires, personal data will be deleted or anonymized, unless further storage is legally required or permitted.
Data Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, destruction or manipulation.
Our website uses SSL/TLS encryption to ensure secure transmission of data.
Please note that data transmission on the internet may still involve security risks. Complete protection against unauthorized access by third parties cannot be guaranteed.
Children’s Data
Our website and online forms are intended for use by adults, companies, event organizers, shopping centers, municipalities and other business or cooperation partners.
We do not knowingly collect personal data directly from children through our website.
If children use our attractions, responsibility for supervision and communication lies with parents, legal guardians or accompanying adults.
Your Rights Under the GDPR
You have the following rights under the GDPR:
Right of access – Art. 15 GDPR
Right to rectification – Art. 16 GDPR
Right to erasure – Art. 17 GDPR
Right to restriction of processing – Art. 18 GDPR
Right to data portability – Art. 20 GDPR
Right to object – Art. 21 GDPR
Right to withdraw consent – Art. 7(3) GDPR
If processing is based on your consent, you may withdraw your consent at any time with effect for the future.
To exercise your rights, please contact us at:
office@elevia.at
We may need to verify your identity before processing your request.
Right to Lodge a Complaint
If you believe that your personal data is being processed unlawfully, you have the right to lodge a complaint with the competent data protection authority.
In Austria, the competent authority is:
Austrian Data Protection Authority
Barichgasse 40–42
1030 Vienna
Austria
Website: www.dsb.gv.at
Changes to This Privacy Policy
We reserve the right to update this Privacy Policy if required due to legal, technical or business developments.
The current version is always available on this website.