Privacy & Cookies Notice

9 October 2025

1. Data controller

The Charterwerk platform is operated by Pevalon Platforms GmbH, City Tower, Etage 6, Brückenkopfgasse 1, 8010 Graz, Österreich. We are the controller for personal data processed when you browse, create an account, submit enquiries, or place bookings. Charterwerk is established in Austria. Contact us at privacy@charterwerk.de or the postal address above.

2. Categories of data

  • Profile data: name, email address, phone number, password hash, preferred language.
  • Booking data: charter history, crew/guest details, licence or passport information supplied to Operators, extras, special requests.
  • Payment data: card token identifiers, bank transfer references, billing address (processed via Stripe Payments Europe Ltd. and never stored in plain text by Charterwerk).
  • Communications: emails, chat transcripts, support notes, satisfaction surveys.
  • Technical data: IP address, device identifiers, log files, cookie identifiers, time zone, browser type.
  • Marketing & analytics data: campaign parameters, cookie consent status, newsletter interactions.

3. Sources of data

We receive data directly from you, from Operators and inventory providers (notably MMK Systems d.o.o.), from payment processors (Stripe and, for certain bank transfers, Adyen), and from analytics or anti-fraud tools. We may combine data sets to keep your profile consistent across devices.

4. Purposes & legal bases (Art. 6 GDPR)

  • Account and booking management – contract performance (Art. 6(1)(b) GDPR).
  • Payment processing & fraud prevention – contract performance; legitimate interests; legal obligations.
  • Intermediary support – legitimate interests in providing customer care and ensuring charter delivery.
  • Partner onboarding – contract performance with Operators and compliance with KYC obligations.
  • Marketing communication – consent for newsletters (Art. 6(1)(a)); legitimate interests for transactional updates (Art. 6(1)(f)).
  • Analytics & product development – legitimate interests in improving the platform.
  • Legal compliance – Art. 6(1)(c) GDPR (e.g. invoice retention, responding to lawful requests).

5. Cookies & tracking

We use cookies, local storage, and similar technologies to authenticate users, remember preferences, analyse traffic, and provide optional marketing features. Essential cookies are required for platform operation. Analytics/marketing cookies are only set with consent under § 165 of the Austrian Telecommunications Act 2021 (TKG 2021).

6. Stripe & payment providers

Card payments and bank transfers are processed via Stripe Payments Europe Ltd. Your payment data is handled according to the Stripe Privacy Policy. We store only the outcome, tokens, and reconciliation metadata. For SEPA or bank transfers we log references needed to reconcile payments.

7. Data retention

We store personal data for as long as necessary to fulfil contractual obligations and statutory retention periods (typically 6–10 years for accounting records). Logs and analytics data are generally kept for up to 24 months unless legal requirements dictate longer retention.

8. Recipients

We share data with Operators and service providers required to deliver the charter (payment, IT hosting, communications, analytics, support tools). Data processing agreements are in place to ensure GDPR compliance.

9. International transfers

Where data is transferred outside the EU/EEA, we rely on adequacy decisions or EU Standard Contractual Clauses, and implement supplementary safeguards where necessary.

10. Your rights

  • Access, rectification, deletion, restriction, data portability, objection, and withdrawal of consent (Art. 15–21 GDPR).
  • You may lodge a complaint with your local supervisory authority. In Austria, this is the Österreichische Datenschutzbehörde (Austrian Data Protection Authority).

11. Data deletion & right to be forgotten

We delete or anonymise personal data when no longer needed, unless statutory retention duties apply. Deletion requests are honoured according to Art. 17 GDPR. If you request deletion of your account, we remove user data unless a longer retention is required by law.

12. Contact

Privacy enquiries: privacy@charterwerk.de

Support: support@charterwerk.de

Regulatory contact: behoerden@charterwerk.de