Privacy Policy
Last updated: 06.12.2025
1. General Information
We at Mountains&Lakes are pleased about your interest in our services. The protection of your personal data is very important to us. Below we inform you in detail about the handling of your data.
Controller according to Art. 4(7) GDPR: David Tatschl Email: david.tatschl@mountainsandlakes.at
2. Hosting and Content Delivery (CDN)
Vercel
Our website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. When you visit our website, Vercel collects various log files including your IP addresses to ensure the functionality and security of the website. Legal Basis: Art. 6(1)(f) GDPR (Legitimate interest in a secure and fast website). Data Transfer: Vercel is certified under the EU-US Data Privacy Framework, ensuring a level of data protection compliant with EU standards.
Sanity.io (CMS & Image CDN)
We use the headless CMS Sanity (Sanity AS, Thorvald Meyers gate 11, 0555 Oslo, Norway) to manage and serve content and images. When you load images or content on our website, requests are made to the Sanity CDN (Content Delivery Network). This technically requires the processing of your IP address to deliver the data to your browser. Legal Basis: Art. 6(1)(f) GDPR (Legitimate interest in efficient content delivery). Data Transfer: Sanity AS is located in Norway (EEA member), and data processing is subject to GDPR. Where Sanity uses US sub-processors, they rely on Standard Contractual Clauses (SCCs) or the Data Privacy Framework.
3. Artificial Intelligence Features
Vercel AI SDK & Google Gemini
Our website includes AI-powered features (e.g., chatbots, content generation) powered by the Vercel AI SDK utilizing the Google Gemini 2.5 Flash Lite model. When you interact with these features, the text input (prompts) you provide is sent through the Vercel AI Gateway to Google’s servers for processing.
- Purpose: To generate intelligent responses to your queries.
- Data Processed: Your input text, technical metadata, and context required to generate the answer.
- Note: We configure these services to be stateless where possible. However, you should avoid entering sensitive personal data (e.g., health data, payment details) into AI chat fields. Legal Basis: Art. 6(1)(b) GDPR (Performance of a contract/service requested by you) or Art. 6(1)(f) GDPR (Legitimate interest in providing modern functionality).
4. Data Collection and Analytics
Google Analytics 4
We use Google Analytics (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Google Analytics uses cookies to analyze your use of the website.
- IP Anonymization: Your IP address is shortened within the EU/EEA before being transmitted to the US.
- Legal Basis: Art. 6(1)(a) GDPR (Consent).
- Data Transfer: Google is certified under the EU-US Data Privacy Framework.
PostHog
We use PostHog for product analytics. The service is provided by PostHog Inc. We use the PostHog Cloud EU, meaning your data is stored and processed on servers located within the European Union (Frankfurt, Germany). PostHog helps us understand user behavior (e.g., clicks, page views) to improve our product. Legal Basis: Art. 6(1)(a) GDPR (Consent) or Art. 6(1)(f) GDPR (Legitimate interest), depending on configuration and cookie usage.
Vercel Speed Insights & Analytics
We use Vercel Analytics and Speed Insights to measure technical performance (e.g., loading times) and visitor metrics (e.g., visitor numbers).
- Speed Insights: Collects technical metrics (Time to First Byte, etc.) without identifying individual users.
- Analytics: Uses privacy-friendly hashing to count visitors without storing personal data or tracking users across different sites. Legal Basis: Art. 6(1)(f) GDPR (Legitimate interest in optimizing website performance).
5. Mapping Services
OpenFreeMap (MapLibre GL)
To display interactive maps, we use OpenFreeMap in conjunction with the MapLibre GL library. This is a privacy-focused alternative to big-tech mapping services. When you load the map, your browser loads map tiles from OpenFreeMap servers. Technically, your IP address is transmitted to these servers to deliver the images. Legal Basis: Art. 6(1)(f) GDPR (Legitimate interest in displaying geographical information).
Google Maps
Complementarily, we may use Google Maps (Google Ireland Limited). When using Google Maps, data about the use of the map functions by visitors is collected, processed, and used by Google. Legal Basis: Art. 6(1)(a) GDPR (Consent).
6. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw consent (Art. 7(3) GDPR)
To exercise these rights, please contact: david.tatschl@mountainsandlakes.at