The protection of your personal data is of particular concern to us. We therefore process your data exclusively in a lawful manner on the basis of the legal provisions (DSGVO, DSG 2018, TKG 2003). In this data protection information, we inform you about the most important aspects of data processing - type, scope and purposes of the collection and use of personal data - in the context of the use of our website as well as in the context of other services of our company.
1.1 Person responsible for processing your data
The person responsible (as defined in Art. 4 Z 7 DSGVO) for the processing of your personal data (personal data as defined in Art. 4 Z 1 DSGVO) is:
Data protection officer:
We take the protection of personal data seriously and have appointed an external data protection officer for this purpose. Our data protection officer is MMag. Martin Zeppezauer, Thurnbichlweg 50, A-6353 Going am Wilden Kaiser (www.zepedes.com). You can contact our data protection officer at the e-mail address firstname.lastname@example.org.
1.2 Purposes, categories of data and legal basis for the processing of personal data
Purposes of processing
The purposes of processing your personal data generally result from our business activities as a tourism organisation: making our online offers available, processing customer enquiries / orders / bookings, accounting, communication with business partners and customers. For detailed information on the purposes of processing and, if applicable, further processing for other compatible purposes, as well as on the categories of data processed, please refer to the detailed descriptions of the individual data processing processes.
General data categories
- Personal data (e.g. name, date of birth and age, address)
- Contact data (e.g. e-mail address, telephone number, fax number)
- Communication data (time and content of communication)
- Order or booking data (e.g. ordered goods or ordered services and invoice data such as period of service, method of payment, invoice date, tax identification number ...)
- Payment data (e.g. account number, credit card data)
- Contract data (contents of contracts of any kind)
- Web usage data (e.g. server data, log files and cookies)
Special categories of data ("sensitive data") according to Art. 9 DSGVO
- Health data (only insofar as these are made available to us by your express consent for the processing of your order (e.g. procurement of a hotel specialising in guests with food intolerances or allergies).
Legal basis for processing
In principle, there is no obligation to provide the data for the data processing described in this data protection declaration. Failure to provide this data will only result in us not being able to offer these services. The legal basis for the processing of your personal data that is necessary for the performance of a contract with you or an order placed with us by you is Art. 6 (1) lit. b DSGVO. If the processing of personal data is necessary for the fulfilment of a legal obligation on our part (accounting obligation, bookkeeping obligation or other legal documentation obligations), Art. 6 (1) lit. c DSGVO serves as the legal basis. If we process your data to perform a task assigned to us in the public interest ("sovereign action"), the legal basis is Art. 6 (1) lit. e DSGVO. If the processing is necessary to protect a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh our interest, Art. 6 (1) lit. f DSGVO ("legitimate interest") serves as the legal basis for the processing. In this case, we will also inform you about our legitimate interests. Insofar as we do not have any other legal basis for the processing of personal data as explained above, we will ask you for your consent to the processing of data, thereby relying in these cases on Art. 6 (1) lit. a DSGVO or, in the case of the processing of sensitive data, on Art. 9 (2) lit. a DSGVO as the legal basis. You can revoke this consent at any time free of charge without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.
1.3 Data transfer to processors and third parties
We process your personal data with the assistance of processors who support us in the provision of our services. These processors are bound by a corresponding agreement iSd. Art. 28 DSGVO with us to strictly protect your personal data and may not process your personal data for any other purpose than the provision of our services. You can find out which processors are involved in the detailed descriptions of the individual data processing procedures.
A transfer of your personal data to companies other than our order processors is made to service providers typical for the economy, such as banks, tax consultants or auditors. Personal data is only transferred to state institutions and authorities within the scope of mandatory national legal provisions.
Depending on your order (e.g. for bookings and enquiries), your personal data may also be transferred to hotel partners or other tourism service providers (members of our organisation) only to the extent necessary to fulfil your order. The personal data transmitted varies depending on the service.
1.4 Transfers to third countries
In principle, we process your personal data in the EU area. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of our processors or third parties, this is only done if the conditions of Art. 44 et seq. DSGVO for the transfer to third countries: i.e. on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU or in compliance with officially recognised contractual obligations, the so-called "EU standard contractual clauses". If we rely on the EU standard contractual clauses as the legal basis for the transfer of your personal data, we will also examine the permissibility of this data transfer as part of a comprehensive risk assessment. If we come to a negative result, we will not transfer this data to a third country without your express consent pursuant to Art. 49 (1) a DSGVO in conjunction with Art. 6 (1) a DSGVO.
1.5. Datenlöschung und Speicherdauer
[Translate to Englisch:]
Ihre personenbezogenen Daten werden von uns gelöscht, sobald der Zweck, für den wir Ihre Daten erhoben haben, entfällt. Eine Speicherung kann darüber hinaus erfolgen, wenn wir die Daten für einen mit dem ursprünglichen Zweck kompatiblen Zweck weiterverarbeiten. Sie kann ebenso erfolgen, wenn dies durch Gesetze, Verordnungen oder sonstigen Vorschriften, denen unser Unternehmen unterliegt, vorgesehen ist.
1.6 Data sources
We collect your personal data only from you and do not use any other data sources.
We do not use any automated decision-making or profiling procedures that have a legal effect on you or affect you in a similar significant way. However, with your consent, we will use your usage data to better understand your interests and thereby display information of interest to you or provide you with tailored offers, or to display relevant information to you on third party websites or social media platforms.
1.8 Safeguarding your data protection rights
In accordance with the GDPR, you are generally entitled to the rights of information, correction, deletion, restriction, data portability, revocation and objection. To do this, please contact us as the responsible party using the contact details provided in this data protection information. A detailed explanation of these rights can be found here in Chapter III.
Right to complain
If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can complain to the competent supervisory authority. In Austria, this is the data protection authority (Wickenburggasse 8, 1080 Vienna, e-mail: email@example.com).
2. Visit our website
In this section we inform you how we process your personal data when you visit our website.
2.1 Presentation of the website
For technical reasons, on the basis of the legal basis of § 96 (3) S 3 TKG 2003 (necessary for the operation of our website), the following data, among others, which your Internet browser transmits to us or to our web space provider, are recorded (so-called "server log files"):
- Browser type and version
- Operating system used and device type (e.g. desktop / mobile)
- Website from which you visit us (referrer URL)
- Website you visit
- Date and time of your access
- Your internet protocol address (IP address)
This data, which is anonymous for us, is stored separately from any personal data you may have provided and thus does not allow us to draw any conclusions about a specific person. They are analysed for statistical purposes in order to optimise our website and our offers.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" or by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Technical service providers
We create and edit the content of our website with the help of the following service providers, whom we have committed to using our website by means of a corresponding agreement in accordance with Art. 28 DSGVO. Art. 28 DSGVO to process your data exclusively within the scope of our order:
- TTG Tourismus Technologie GmbH (Freistädter Str. 119, A-4040 Linz)
Cookie Banner - Cookies on our website
Changing the cookie settings in your web browser
You can define how the web browser you use handles cookies, i.e. which cookies are allowed or rejected, yourself in the settings of your web browser. You can also delete cookies already stored on your computer/end device yourself at any time. Where exactly these settings are located depends on the respective web browser. Detailed information on this can be accessed via the help function of the respective web browser.
2.3 Communication with us
Contact form and e-mail
On our website, we offer you the opportunity to contact us by e-mail and/or via a contact form. In this case, the information you provide will be processed for the purpose of handling your contact on the legal basis of contract performance pursuant to Art. 6 (1) lit. b DSGVO. There is no legal or contractual obligation to provide this personal data. The only consequence of not providing it is that you do not submit your request and we cannot process it. Data will only be passed on to third parties if this is stated on the website or in this data protection declaration or if it is necessary for the fulfilment of the contract or if it is required by law. We only store your data for as long as is necessary to process your enquiry or for any queries.
The contact data and application documents submitted to us in the course of a job application via the job portal of our website are processed by us exclusively internally for the purpose of selecting suitable candidates for an employment relationship. There is no legal or contractual obligation to provide the personal data. The only consequence of not providing the data is that you do not submit your request and we are unable to process it. In accordance with the legal provisions, we will store the personal data transmitted for a maximum of 6 months, or for a maximum of 2 years if the applicant has expressly agreed to keep the documents on file.
2.4. Online shop(s) / booking portal(s)
For the purpose of providing contractual services as well as their payment and execution in the context of online purchases, bookings and brochure orders, we process your personal master data, contract and payment data as well as communication data (IP address and server log files) on the legal basis of Art. 6 (1) lit. b DSGVO (contract performance) as well as Art. 6 (1) lit. c DSGVO (legal obligation for invoicing and archiving).
We store this data as long as it is required for the purpose, as long as legal regulations provide for it (retention period of invoices according to § 132 BAO for 7 years; voucher orders until the expiry of the redemption period for 30 years) or we require this data on the basis of the legal basis of Art. 6 (1) lit. f DSGVO (legitimate interest) to defend against possible liability claims. If you cancel the order process, we store the data for 14 days to clarify possible problems during the order process.
There is no legal or contractual obligation to provide the personal data. Failure to provide the data merely means that we are unable to process your bookings / orders.
Feratel DESKLINE online bookings, booking enquiries and brochure orders
For the processing of online bookings, brochure orders and enquiries, we process your personal data in order to provide you with the booked services with the help of our service provider feratel Media Technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck). For this purpose, we store and process inventory data, communication data, contract data, payment data of our customers, interested parties and other business partners. The processing is carried out for the purpose of providing contractual services or for the fulfilment of pre-contractual services on the basis of the legal grounds of Art. 6 para. 1 lit. b DSGVO (booking transactions, answering quotation requests and sending brochures) and Art. 6 para. 1 lit. c DSGVO (legally required retention periods of bookings or invoices). For this purpose, the data fields marked as required are necessary for the justification and fulfilment of the contract. We disclose your personal data to third parties (hotel partners or other tourism service providers) within the scope of this data processing on the legal basis of Art. 6 (1) lit. b DSGVO (if it is necessary for the processing of a booking transaction), or on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO for the use of corresponding booking software. We have concluded a corresponding agreement with the company feratel in accordance with Art. 28 DSGVO as an order processor, which ensures that your data is processed exclusively within the scope of our order. You can find further information on data protection from feratel at: https://www.feratel.com/datenschutz.html
External payment service providers
For the payment of order transactions / bookings, we use external payment service providers on the legal basis of Art. 6 (1) lit. b DSGVO (contract performance), via whose platforms you can make your payments. The payment data you enter as part of the order (e.g. account numbers, credit card numbers incl. check digits, passwords / TANs etc.) are processed exclusively by our payment service providers and are not visible to us. We only receive a confirmation of the payment made or information that the payment could not be made via our payment service providers. Further information on data protection and the T&Cs of our payment service providers can be found at:
2.5 E-mail newsletter
E-mail Newsletter (TTG)
On our website you have the possibility to register for our newsletter. The legal basis for sending the newsletter is your consent iSd. Art. 6 (1) lit. a DSGVO. The registration for our newsletter takes place in the so-called double opt-in procedure. In this way, we ensure that no one can register with third-party e-mail addresses (e.g. with your e-mail address). Your consent can be revoked free of charge at any time by clicking on the "unsubscribe link" at the end of each mailing. The legality of the data processing operations already carried out up to that point remains unaffected by the revocation. After unsubscribing from your e-mail address, we will continue to store it for 3 years on the basis of our legitimate interest (Art. 6 (1) lit. f DSGVO), in order to be able to prove your originally given consent, if necessary. We use the service provider TTG Tourismus Technologie GmbH (Freistädter Str. 119, A-4040 Linz) to send out our newsletter. With the help of TTG, we can analyse our newsletter campaigns. When an email sent with the TTG newsletter tool is opened, a connection is established with the servers of TTG (server location Linz, Austria). This enables us to determine whether a newsletter message has been opened and which links, if any, have been clicked on. The purpose of these analyses is to better adapt future newsletters to the interests of the recipients. In addition, technical information such as the time of the retrieval, the IP address, browser type and operating system of the recipient are registered. We have concluded a processor agreement with TTG in accordance with Art. Art. 28 DSGVO to ensure that your data is only processed to the extent desired by us and permitted by you. General data protection information from TTG at: https://www.ttg.at/datenschutz/
2.6 Digital information services
Digital holiday companion PIA
In order to use our digital holiday companion PIA (Personal Interest Assistant), provided by our service provider feratel Media Technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck), it is possible to register on the respective Progressive Web App (abbreviated to PWA) of the Digital Holiday Companion on our website via an end device (e.g. smartphone, PC) and to create a profile. With registration or identification, the user can use the services of the Digital Holiday Companion. In order to use the information offers and to receive service offers from the operator, it is necessary to register by providing your e-mail address. In this context, we collect your name and e-mail address, the duration of the planned stay and the booked accommodation, insofar as this is necessary for the use of the offers of the digital concierge. In addition, cookies and web analysis tools collect and store data that provide information about your interest in products. We use this information for the purpose of advertising offered products through marketing actions of various kinds, such as sending a newsletter by e-mail and short messages when the Digital Holiday Companion is activated. The legal basis for this data processing is your consent pursuant to Art 6 (1) lit a DSGVO. You can revoke this consent at any time free of charge. The legality of the data processing operations already carried out up to that point remains unaffected by the revocation. There is no obligation to provide this data. If you do not wish to provide this data, the only consequence will be that we will not be able to offer you this service. Third parties will only be provided with your data if this is necessary for the processing of reservations. If the above data is changed and/or supplemented by you in the course of registration or identification, this supplemented/changed data will also be stored and processed. We only store your data for as long as is necessary to fulfil the purpose or due to legal obligations on our part. We have concluded a corresponding agreement with the company feratel in accordance with Art. 28 DSGVO as an order processor, which ensures that your data is processed exclusively within the scope of our order. You can find further information on data protection from feratel at: https://www.feratel.com/datenschutz.html
2.7 Web analysis - Statistical analysis of our website
Google Tag Manager
We use the service of the provider Google Ireland Limited ("Google") (Gordon House, Barrow Street, Dublin 4, Ireland) to manage website tags via a common tool. The Google Tag Manager tool itself (which implements the tags) is a domain that does not set cookies or collect any other personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager. Further information on Google's data protection at: https://www.google.com/policies/privacy/.
2.8 Integration of further services and contents of third parties
We integrate third-party content within our website, such as videos from YouTube, maps from Google Maps, RSS feeds or graphics from other websites. This always requires that the providers of this content (hereinafter referred to as "third-party providers") are aware of the IP address of the user. Without the IP address, they would not be able to send the content to the browser of the respective user. The IP address is thus necessary for the presentation of this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. However, we have no influence if the third-party providers store the IP address, e.g. for statistical purposes. The legal basis for the use of these services, insofar as they are necessary for the function of our website, is our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO, otherwise your consent pursuant to Art. 6 (1) lit. a DSGVO. Information on the purpose and scope of the further processing and use of the data by the providers of the embedded services/content as well as further information iSd. Art. 13 and 14 DSGVO can be found under the information links below. The following services/content are embedded in our website:
For the cartographic presentation we use the map service "Basemap", a cartographic product based on the administrative geodata of the nine federal provinces, the Graph Integration Platform (GIP.at), as well as the provincial partners, first and foremost the cities and municipalities. These maps are integrated into our site via our service provider TTG Tourismus Technologie GmbH (Freistädter Str. 119, A-4040 Linz). The legal basis for processing your data is Art. 6 (1) lit. f DSGVO (legitimate interest). Our legitimate interest consists in an appealing presentation of our online offer or the geographical presentation of the offers of our region. We have concluded a processor agreement with TTG in accordance with Art. 28 DSGVO. Art. 28 DSGVO to ensure that your data is only processed to the extent desired by us and permitted by you. General data protection information from TTG at: https://www.ttg.at/datenschutz/.
We integrate videos from the "YouTube" platform of the provider Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland) in the extended data protection mode. The implementation is based on Art. 6 para. 1 p. 1 lit. f DSGVO, whereby our interest lies in the smooth integration of the videos and the thus appealing design of our website. When you call up a page in which we have embedded a YouTube video, a connection is established to the Google servers and the content is displayed on the website by informing your browser. According to Google's information, in extended data protection mode, your data (in particular which of our Internet pages you have visited) as well as device-specific information including the IP address are only transmitted to the YouTube server when you watch the video. In some cases, information is transmitted to the parent company Google Inc. based in the USA, to other Google companies and to external partners of Google, each of which may be located outside the European Union. By clicking on the video, you consent to this transmission. If you are logged in to Google at the same time, this information will be assigned to your Google member account. You can prevent this by logging out of your member account before visiting our website. Further information on YouTube's data protection at: https://www.google.com/policies/privacy/.
Web fonts - "Font Awesome
Our website uses the web fonts service of Fonticons, Inc. for the uniform display of fonts and icons. (710 Blackhorn Drive, Carl Junction, 64834 MO, USA). When you call up one of our pages, your browser loads the required web fonts and icons from the servers of Fonticons, Inc. into your browser cache for the correct display of fonts and icons. In the process, your IP address is transmitted to the servers of Fonticons, Inc. The legal basis for the use of Font Awesome is our legitimate interest as defined by Art. Art. 6 (1) lit. f DSGVO. Our legitimate interest lies in a uniform and visually appealing presentation of our website. Further information on the data protection of Font Awesome at: https://fontawesome.com/privacy.
Our website uses the web fonts service of the provider Google Ireland Ltd. for the uniform display of fonts and icons. (Gordon House, Barrow Street, Dublin 4, Ireland). When you call up one of our pages, your browser loads the required web fonts from the servers of Google Ireland Ltd. into your browser cache in order to display fonts and icons correctly. In the process, your IP address is transmitted to the servers of Google Ireland Ltd. The legal basis for the use of Google Fonts is our legitimate interest iSd. Art. 6 (1) lit. f DSGVO. Our legitimate interest lies in a uniform and visually appealing presentation of our website. Further information on the data protection of Google Fonts at: https://www.google.com/intl/de/policies/privacy/
3. Other data processing in business contact
In this section we inform you about other data processing procedures outside our website.
3.1 Job applications
The contact data and application documents submitted to us in the course of a job application are processed by us exclusively internally for the purpose of selecting suitable candidates for an employment relationship. There is no legal or contractual obligation to provide the personal data. The only consequence of not providing the data is that you do not submit your request and we are unable to process it. In accordance with the legal provisions, we will store the personal data transmitted for a maximum of 6 months, or for a maximum of 2 years if the applicant has expressly agreed to keep the documents on file.
3.2 Online presences in social media
In addition to our website, we maintain online presences within social networks and platforms: Facebook, Instagram and YouTube in order to communicate with customers and business partners active there and to be able to inform them about our services on these networks. When calling up the respective networks and platforms, the GTCs and data protection guidelines of the respective operators of these networks apply.
Your personal data provided for participation in our competitions (e-mail address, name, address) will only be used by us to determine a winner, to inform him/her of the prize and to send prizes. Your data will not be passed on to third parties. The legal basis for the processing of your personal data is the fulfilment of a contract pursuant to Art 6 para 1 lit b DSGVO. There is no legal or contractual obligation to provide the personal data. Failure to provide the data will only result in you not being able to participate in the competition. Your data will be stored for the duration of the competition and - in order to process any claims for winnings and damages - for a maximum of 3 years thereafter and then deleted. By entering, you also agree that your name may be published on our website as well as on our public social media channels in the event that you win.
3.4 Customer and business partner databases
CRM system (TTG)
We use the CRM system of the provider TTG (TTG Tourismus Technologie GmbH, Freistädter Str. 119, A-4040 Linz) as a tool for maintaining contacts in the B2B area (e.g. with tour operators, travel agencies, incentive agencies, member companies) as well as in the customer area (B2C) (guest enquiries, brochure orders, direct marketing to existing customers) on the legal basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f. DSGVO. The stored contacts are only passed on at the express request of the business partner/customer on the basis of the legal basis of consent pursuant to Art. 6 (1) lit. a DSGVO. You can revoke this consent at any time free of charge by sending us an e-mail. We have concluded a corresponding agreement with the company TTG in accordance with Art. 28 DSGVO as an order processor, which ensures that your data is processed exclusively within the scope of our order. You can find further information on TGG's data protection at: https://www.ttg.at/datenschutz/.
3.5 Registration for events and activities
It is possible to register for events organised by different providers in our region at our information offices. For this purpose, we process your personal data (name, email address and telephone number). This data is processed by us on the legal basis of Art. 6 (1) lit. b DSGVO (contract fulfilment/pre-contractual measures) and also passed on to the respective organiser. This data will be deleted or destroyed by us after the event.