Privacy Policy
Introduction
This Privacy Policy explains what personal data we collect, how we use it, the purposes for which it is processed and your rights in relation to your personal data. It applies to all personal data processed through our website, our services and our online presence, including our social media profiles.
This Privacy Policy has been prepared in accordance with the General Data Protection Regulation (GDPR). Where applicable, references to the GDPR also include the UK GDPR.
We take your privacy seriously and process your personal data confidentially and in accordance with applicable data protection laws. Definitions of the terms used (e.g. “personal data” or “processing”) can be found in Article 4 GDPR (General Data Protection Regulation).
We would like to point out that data transmission on the Internet (e.g. when communicating by email) can have security gaps. A complete protection of the data against access by third parties is not possible.
If you have any questions regarding this Privacy Policy, please visit our Contact page or email us at info@mexitours24.com.
Last updated: July 14, 2026
Overview of Data Processing
The following overview summarises the categories of personal data we process, the purposes for which we process it and the categories of individuals affected.
Types of data processed
- Identity data (e.g. names, addresses)
- Content data (e.g. entries in online forms)
- Contact data (e.g. email, telephone numbers)
- Meta/communication data (e.g. device information, IP addresses)
- Usage data (e.g. websites visited, interest in content, access times)
Categories of data subjects
- Users (e.g. website visitors, users of online services)
- Prospective customers
- People who contact us
- Business and contractual partners
Purposes of processing
- Provision of contractual services and customer service
- Provision of our online services and user-friendliness
- Contact requests and communication
- Administration and response to inquiries
- Business administration
- Security measures
Legal basis
Below you will find an overview of the legal basis of the GDPR on which we base the processing of personal data. Please note that in addition to the provisions of the GDPR, national data protection provisions of your or our country of residence or domicile may also apply. If, in addition, more specific legal bases are relevant in individual cases, we will inform you of these in the data protection declaration.
Consent (according to Article 6(1)(a) GDPR): The data subject has given his/her consent to the processing of personal data relating to him/her for a specific purpose or purposes.
Contract fulfillment and pre-contractual requests (according to Article 6(1)(b) GDPR): Processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the data subject’s request.
Legal obligation (according to Article 6(1)(c) GDPR): Processing is necessary for compliance with a legal obligation to which the controller is subject.
Legitimate interests (according to Article 6(1)(f) GDPR): Processing is necessary to protect the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.
In addition to the data protection regulations of the General Data Protection Regulation (GDPR), national regulations on data protection apply in Austria. These include, in particular, the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act “DSG”). In particular, the DSG contains specific regulations on the right to information, the right to rectification or deletion of personal data and the right to restriction of processing.
Security measures
In accordance with legal requirements and taking into account the state of the art, implementation costs and the nature of the scope, circumstances and purpose of the processing, as well as different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.
In particular, the measures include safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to this data, as well as its access, entry, disclosure, safeguarding of availability and separation. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, deletion of data, and responses to data compromise. In addition, we take the protection of personal data into account as early as the development and selection of hardware, software and processes through technology design and data protection-friendly default settings.
SSL or TLS encryption: This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the website operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in the browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Transmission of personal data
In the course of our processing of personal data, it may happen that the data is transferred to or disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into the website. In doing so, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements that serve to protect your data with the recipients of your data.
Data processing in third countries
If we process data in a third country, i.e. outside the European Union (EU), or the European Economic Area (EEA), or if the processing takes place in the context of the use of third-party services, or if a disclosure or transfer of data to other persons, bodies or companies takes place, this is done in accordance with the legal requirements.
Subject to explicit consent, transfer required by contract or by law, data will only be processed in third countries with a recognised level of data protection or where appropriate safeguards are in place, including binding internal data protection rules as well as other conditions (GDPR, Article 44 to 49).
For more information on the international dimension of data protection, please visit: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en.
Data Retention and Deletion
The data processed by us will be deleted in accordance with the legal requirements as soon as the consents granted for processing are revoked or other permissions cease to apply (e.g. if the purpose for processing this data is no longer given).
In the event that the data is not deleted because it is required for other and legally permissible purposes, its processing will be limited to these purposes. Such data will be blocked and not processed for other purposes. Such cases may concern data that must be retained for reasons of tax law or is necessary for the assertion, exercise and defense of legal claims or for the protection of rights of natural or legal persons.
Our privacy notices may also contain further information on the retention and deletion of data that is specific to the processing operations in question.
Changes and updates to the privacy policy
We change or update the data protection declaration if changes in the data processing carried out by us make this necessary. Therefore, we ask you to regularly inform yourself about the content of our privacy policy. If such changes require your cooperation (such as renewed consent) or other individual notification, we will inform you accordingly.
In the event that addresses and contact information of companies and organizations are provided in this privacy statement, please note that these addresses may change over time and please check the information before contacting us.
Your Rights
As a data subject, you are entitled to various rights under the GDPR, which arise in particular from the GDPR, Article 15 to 21:
Right of access: You have the right to request confirmation as to whether data concerning you is being processed and the right to obtain information about this personal data, as well as further information and a copy of the personal data.
Right to rectification: You have the right to obtain without undue delay the rectification of inaccurate data concerning you and, having regard to the purposes of the processing, the completion of incomplete personal data.
Right to erasure: You have the right to request that personal data concerning you be deleted without delay, provided that the reasons stated in the legal requirements apply.
Right to restriction of processing: You have the right to request the restriction of the processing of personal data, provided that the conditions specified in the legal requirements are met.
Right to data portability: You have the right to receive personal data concerning you that you have provided to us in a structured, common and machine-readable format and you have the right to transfer this data to another controller, provided that the conditions specified in the legal requirements are met.
Right to object: You have the right to object at any time, on reasons relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e or f) GDPR; this also applies to profiling based on these provisions. If personal data concerning you is processed for the purposes of direct marketing, you as the data subject have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing.
Right to revoke consent: You have the right to revoke your consent at any time.
Right of appeal to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority which is responsible in accordance with the law, in particular a supervisory authority on the territory of its own Member State or of the Member State concerned by any breach, if you consider that the processing of personal data relating to you infringes the requirements of the GDPR.
Cookies
Our website only uses technically necessary cookies that are required for its proper operation. These include, for example, cookies used to remember your selected language (Polylang). We do not use analytics, advertising or marketing cookies.
Provision of our website and services and webhosting
In order to provide our website securely and efficiently, we use the services of one or more webhosting providers from whose servers (or servers managed by them) our website can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.
The data processed in connection with the provision of the hosting service may include all relevant information relating to users of our online service that is generated during their use of the service and in the course of communication. This includes the IP address, which is necessary to deliver the content of online services to browsers, and all data entered within our online service or on websites.
Email dispatch and hosting
The web hosting services we use also include the dispatch, receipt and storage of emails. For these purposes, the addresses of the recipients and senders as well as further information regarding the email dispatch (e.g. the providers involved) and the contents of the respective emails are processed. The aforementioned data may also be processed for SPAM detection purposes.
Please note that emails are generally not sent encrypted on the Internet. As a rule, emails are encrypted in transit, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore not assume any responsibility for the transmission path of the emails between the sender and the reception on our server.
Access data and server log files
When visiting our website, the website operator or the web hosting provider collect data about accesses to the server based on legitimate interest (according to Article 6(1)(f) GDPR) and automatically store them as “server log files” on the website server. This data may include the address and name of the web pages and files accessed, the date and time at the time of access, the amount of data transferred, the browser type and version, the user’s operating system, the source/reference of the previously visited page (referrer URL), the IP address used and the requesting provider.
Server log files can be used for security purposes on the one hand, e.g., to prevent server overload (especially in the case of abusive attacks, so-called DDoS attacks), and on the other hand, to ensure server utilization and stability.
Server log file information is stored for a maximum of 30 days and then deleted or anonymized. If we become aware of specific indications of illegal behavior, we reserve the right to retain this data until the final clarification of the respective incident.
Personal data
It is possible to visit this website without providing any personal information. Should you provide us with your personal data, such as name, email address and telephone number, we will only use them if this is permitted by law or if you consent to the collection of data. Personal data submitted through our contact forms is processed either to respond to your enquiry and take steps prior to entering into a contract (Article 6(1)(b) GDPR) or, where applicable, on the basis of our legitimate interests (Article 6(1)(f) GDPR). We will not pass this data on to third parties without your consent.
Contact form
When you contact us via one of our forms, we process the information you provide in order to respond to your enquiry and, where applicable, to take steps prior to entering into a contract pursuant to Article 6(1)(b) GDPR. This data will not be passed on to third parties without your consent.
Comment function
For the comment function on this website, in addition to your comment, information on the time of the creation of the comment, your email address and the username you have chosen will be stored. Based on our legitimate interests, our comment function stores the IP addresses of users who post comments. Since we do not check comments on our site before they are activated, we need this data in order to be able to take action against the author in the event of legal violations such as insults or propaganda. In addition, we reserve the right, based on our legitimate interests, to process users’ details for the purpose of detecting spam. The comments and the associated data (e.g. IP address) are stored and remain on our website until the commented content has been completely deleted or the comments have to be deleted for legal reasons (e.g. offensive comments).
Newsletter
If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the specified email address and agree to receive the newsletter. Further data will not be collected. We use this data exclusively for sending the newsletter and do not pass it on to third parties.
The processing of your data entered in the registration form of our newsletter is based exclusively on your consent (according to Article 6(1)(a) GDPR). You can revoke your consent to the storage of the data, the email address and their use for sending the newsletter at any time, for example via the “unsubscribe” link that we integrate in every newsletter.
Presences in social networks (social media)
We maintain online presences within social networks and process user data in order to communicate with users active there or to offer information about our services. Please note that user data may be processed outside the European Union, which may result in risks for users, e.g. because it may be more difficult to enforce your rights. In addition, user data within social networks is usually processed for market research or advertising purposes, such as usage profiles that can be created based on the usage behavior and resulting interests of users. Such usage profiles can be used, for example, to place advertisements within and outside the networks that may correspond to the interests of the users. For this purpose, cookies are usually stored on the users’ devices, which contain information about the users’ usage behavior and interests. In addition, especially if the users are members of the respective network and are logged in to it, data can also be stored in the usage profiles regardless of the devices they use.
Please note that the privacy statements and information provided by the operators of the respective networks are authoritative for a detailed presentation of the respective forms of data processing and the options for objection (opt-out). We would also like to point out that in the event of requests for information and assertion of data subject rights, these can be asserted most effectively with the respective network operators, as only they have access to the users’ data, can take appropriate measures and provide information.
The types of data processed generally include meta or communication data (e.g. device information, IP addresses), contact data (e.g. email address, telephone number), content data (e.g. entries in online forms) and usage data (e.g. websites visited, interest in content, access times). The data subjects here are the users, such as website visitors or users of online services. The purposes of the processing are contact inquiries, communication and marketing for our website and thus represents a legitimate interest (according to Article 6(1)(f) GDPR).
Services used and service providers
Instagram from the service provider Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland with the website https://www.instagram.com. For more information, please see Instagram’s privacy policy at: https://instagram.com/about/legal/privacy.
TikTok from the service provider TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, with the website https://www.tiktok.com/. Further information can be found in TikTok’s privacy policy at https://www.tiktok.com/legal/page/eea/privacy-policy/en.
YouTube, provided by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, with the website: https://www.youtube.com. Further information can be found in YouTube’s privacy policy: https://policies.google.com/privacy?hl=en.
Plugins, embedded functions and content
We use plugins and embedded functions and content on our website that are obtained from the servers of the respective providers (“third-party providers”). These may include, for example, texts, graphics, videos or city maps. Such integration requires that the respective third-party providers of these contents and functions process the IP address of the users, since without the IP address the contents cannot be sent to their browsers, which is why it is necessary for the display of these contents or functions. Third-party providers may also use so-called “tracking pixels” (which are invisible graphics) for statistical or marketing purposes. Tracking pixels may be used to analyze information such as visitor traffic on the pages of this website. Furthermore, cookies can be stored on the user’s device and contain technical information, such as browser, operating system, referring web pages, time of visit, as well as other details of the use of our website. This information may also be combined with information from other sources.
If we ask users to consent to the use of third-party providers, consent (according to Article 6(1)(a) GDPR) is the legal basis for the processing of data. Otherwise, user data is processed on the basis of our legitimate interests (according to Article 6(1)(f) GDPR) in efficient, economical and recipient-friendly services.
Services used and service providers
Polylang
To enable multilingualism on our website, we use the Polylang plugin. Cookies from Polylang are technically necessary cookies and set exclusively to recognise and record the language used or selected by the user and only store your choice of language. There is no transfer of your data to the developer of the plugin. These cookies remain stored for one year and are then deleted.
The provider of Polylang is WP SYNTEX, 28, rue Jean Sebastien Bach, 38090 Villefontaine, France with the website: https://polylang.pro. For more information, please see Polylang’s privacy policy at: https://polylang.pro/privacy-policy.
Google Fonts
This website uses Google Fonts for the user-friendly presentation of our website, which represents a legitimate interest (according to Article 6(1)(f) GDPR). These Google Fonts are hosted on our server, which means that no data is transmitted to Google.
The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA with the website: https://fonts.google.com. For more information on Google Web Fonts, please visit https://developers.google.com/fonts/faq and Google’s privacy policy at: https://policies.google.com/privacy.
YouTube
Videos on our website are only loaded after you actively choose to play them. Once you start a video, a connection to YouTube’s servers is established and personal data, such as your IP address, may be transmitted to YouTube. We use YouTube in enhanced privacy mode where supported by YouTube.
The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA with the website: https://www.youtube.com. For more information, please see Google’s privacy policy at https://policies.google.com/privacy.
Click to Chat
On our website, we use Click to Chat features to display a chat button to users, enabling them to contact us via their preferred messaging app, such as WhatsApp. We use Click to Chat to make it easier for you to contact us via WhatsApp.
The provider is HoliThemes, with the website: https://holithemes.com/. Further information can be found in Click to Chat’s privacy policy at https://holithemes.com/privacy/.
When using this feature, WhatsApp may collect data such as your IP address and chat interactions. Your use of WhatsApp is subject to WhatsApp’s Privacy Policy.
Cloudflare Turnstile
This website uses Cloudflare Turnstile. Cloudflare Turnstile helps us to ensure the security of our website and to ensure that interactions on our website are carried out by humans and not by automated programs (bots). Cloudflare Turnstile analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the visitor enters the website. For the analysis, Cloudflare Turnstile evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Cloudflare.
We use Cloudflare Turnstile to protect our website from abusive automated spying and spam in a user-friendly way. The integration of Cloudflare Turnstile on our website therefore constitutes a legitimate interest (pursuant to Article 6(1)(f) GDPR).
The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, United States with the website: https://www.cloudflare.com/application-services/products/turnstile/. For more information, please see Cloudflare’s privacy policy at https://www.cloudflare.com/privacypolicy/.
