Data protection information

According to Art. 13 and 14 GDPR

1 General

The protection of your personal data is very important to us. We therefore process your data exclusively in a lawful manner on the basis of the statutory provisions (GDPR, DSG 2018, TKG 2003). In this data protection information, we inform you about the most important aspects of data processing – type, scope and purpose of the collection and use of personal data – in the context of the use of our website and in the context of other services provided by our company.

1.1. Responsible for the processing of your data

The person responsible (within the meaning of Art. 4 Z 7 GDPR) for the processing of your personal data (personal data within the meaning of Art. 4 Z 1 GDPR) is:

Tourist association Salzburger Saalachtal
Lofer 310
A-5090 Lofer
E-mail: info@lofer.com
Tel. +43 (0) 65 88 83 21

Data protection officer:
We take the protection of personal data seriously and have appointed an external data protection officer for this purpose. Our data protection officer is MMag. Martin Zeppezauer, Thurnbichlweg 50, A-6353 Going am Wilden Kaiser ( www.zepedes.com ). You can contact our data protection officer at the email address martin@zepedes.com to contact.

1.2. Purposes, data categories and legal bases for the processing of personal data

Purposes of processing

The purposes of processing your personal data generally result from our business activities as a tourism organization: making our online offers available, processing customer inquiries / orders / bookings, accounting, communication with business partners and customers. Detailed information on the purposes of the processing and, if necessary, For further processing for other compatible purposes and for the processed data categories, please refer to the detailed descriptions of the individual data processing processes

General categories of data

• Personal master data (e.g. name, date of birth and age, address)
• Contact details (e.g. email address, telephone number, fax number)
• Communication data (time and content of communication)
• Order or booking data (e.g. ordered goods or commissioned services and invoice data such as service period, payment method, invoice date, tax identification number …)
• Payment details (e.g. account number, credit card details)
• Contract data (content of contracts of any kind)
• Web usage data (e.g. server data, log files and cookies)

Special categories of data (“sensitive data”) in accordance with Art. 9 GDPR

• Health data (only if you have given us your express consent to process your order (e.g. mediation of a hotel specializing in guests with food intolerances or allergies))

Legal basis for the processing

There is basically no obligation to provide the data for the data processing described in this data protection declaration. Failure to provide this data simply means that we cannot offer these services. The legal basis for the processing of your personal data, which is necessary for the fulfillment of a contract with you or an order from you to us, is Art. 6 (1) lit. b GDPR. Insofar as the processing of personal data is necessary on our part to fulfill a legal obligation (accounting obligation, bookkeeping obligation or other legal documentation obligations), Art. 6 (1) lit. c GDPR as the legal basis. If we process your data to perform the task assigned to us in the public interest (“sovereign action”), the legal basis is Art. 6 (1) lit. e GDPR. If processing is necessary to safeguard a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh our interests, Art. 6 (1) lit. f GDPR (“legitimate interest”) as the legal basis for processing. In this case, we will also inform you about our legitimate interests. Unless we have any other legal basis explained above for the processing of personal data, we will ask for your consent to data processing, whereby in these cases we refer to Art. 6 (1) lit. a GDPR or, in the case of the processing of sensitive data, on Art. 9 (2) lit. a GDPR as the legal basis. You can revoke this consent at any time free of charge without affecting the legality of the processing carried out on the basis of the consent until the revocation.

1.3. Data transfer to processors and third parties

We process your personal data with the support of contract processors who support us in providing our services. These processors are through a corresponding agreement iSd. Art. 28 GDPR with us committed to the strict protection of your personal data and may not process your personal data for any other purpose than to provide our services. You can find out which processors are involved in the detailed descriptions of the individual data processing processes.

Your personal data will be passed on to companies other than our contract processors to typical economic service providers such as e. B. banks, tax consultants or auditors. Transfer of personal data to state institutions and authorities only takes place within the framework of mandatory national legal provisions.

Depending on your order (e.g. for bookings and inquiries), your personal data will only be processed to the extent necessary. also on Hotel partners or other tourist service providers (Members of our organization), which are necessary to fulfill your order. The transmitted personal data vary depending on the service.

1.4. Transfers to third countries

In principle, we process your personal data in the EU. If we have data in a third country (d. H. outside of the European Union (EU) or the European Economic Area (EEA) or if this happens in the context of the use of the services of our contract processors or third parties, this will only be done if the requirements of Art. 44 ff. GDPR for the transfer to third countries exist: i.e. on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU or in compliance with officially recognized contractual obligations, the so-called “EU standard contractual clauses”. If we rely on the EU standard contractual clauses as the legal basis for the transmission of your personal data, we will also check the admissibility of this data transmission as part of a comprehensive risk assessment. If we come to a negative result, we will not process this data without your express consent in accordance with. Art. 49 (1) lit. a GDPR to a third country.

Information on data transfers to the USA
The Google Tag Manager, Google Analytics, Facebook Pixel, Wordlift and YouTube services also transfer your data (at least occasionally) to the USA as a third country. Authorities or secret services in the USA can access your data without you having any legal recourse. The CJEU has therefore found that there is no sufficient level of data protection within the meaning of the GDPR. of Art. 44 et seq. GDPR for data transfers from the EU to the USA. For this reason, the legal basis for the use of this service is your express consent in accordance with GDPR. Art. 49 (1) lit. a GDPR.

1.5. Data deletion and storage duration

Your personal data will be deleted by us as soon as the purpose for which we collected your data no longer applies. Storage can also take place if we further process the data for a purpose that is compatible with the original purpose. It can also take place if this is provided for by laws, ordinances or other provisions to which our company is subject.

1.6. Data sources

We only collect your personal data from you and do not use any other data sources.

1.7. Profiling

We do not use any automated decision-making or profiling processes that have a legal effect on you or that significantly affect you in a similar manner. With your consent, however, we will use your usage data to get to know your interests better and to be able to show you information that is interesting for you or to be able to make you tailor-made offers or to be able to show you corresponding information on third-party websites or social media platforms.

1.8. Safeguarding your data protection rights

You have in principle acc. DSGVO the right to information, correction, deletion and restriction of the processing of personal data. If the legal basis for the processing of your personal data is your consent or a contract concluded with you, you also have the right to data portability. You have the right to withdraw any consent you may have given to the processing of your personal data. This does not affect the lawfulness of the processing of your personal data up to the time of revocation. You have the right to object to the processing of your personal data for the purpose of direct marketing. In the event of an objection, your personal data will no longer be processed for the purpose of direct advertising. You can find a detailed explanation of these rights here in Chapter III.

Right to Complain

If you believe that the processing of your data violates data protection law or your data protection claims have been violated in any other way, you can complain to the responsible supervisory authority. In Austria this is the data protection authority (Wickenburggasse 8, 1080 Vienna, email: dsb@dsb.gv.at ).

2. Visit our website

In this section we inform you how we process your personal data when you visit our website.

2.1. Presentation of the website

Server data

For technical reasons, based on the legal basis of Section 96 (3) S 3 TKG 2003 (required for the operation of our website), the following data, among others, which your internet browser transmits to us or to our web space provider, is recorded (so-called “server log files”) ):

• Browser type and version
• Operating system used and device type (e.g. desktop / mobile)
• Website from which you are visiting us (referrer URL)
• Website you are visiting
• Date and time of your access
• Your internet protocol address (IP address)

This data, which is anonymous to us, is stored separately from any personal data you may have provided and therefore does not allow us to draw any conclusions about a specific person. They are evaluated for statistical purposes in order to be able to optimize our website and our offers.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as. B. Orders or inquiries that you send to us as the website operator, an SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” or by the lock symbol in your browser line. If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

Technical service providers

We create and edit the content of our website with the help of the following service providers, which we have through a corresponding agreement within the meaning of Art. 28 GDPR to process your data exclusively to the extent of our order:

Technical concept:
– CONECTO BUSINESS COMMUNICATION GMBH (Mühlenweg 1, A-5751 Maishofen). Further information on data protection can be found at: https://www.conecto.at/datenschutz

Webhosting:
– Mittwald CM Service GmbH & Co KG (Königsberger Str. 4 – 6, D-32339 Espelkamp). Further information on data protection can be found at: https://www.mittwald.de/datenschutz

2.2. Cookies

Cookie Banner – Cookies on our website

Our website uses cookies, which help us to make our website more user-friendly and efficient for you, to carry out statistical analyzes of the use of our website or to show you content that is of interest to you on other websites. Cookies are small text files that are used to store information when visiting websites and are stored on the website visitor’s computer. The legal basis for cookies that are absolutely necessary for the proper operation of our website (e.g. shopping cart cookie) is § 165 (3) S 3 TKG 2021. Cookies that are not necessary for the function of our website (e.g. analysis or marketing cookies) are deactivated and are only activated with your consent in accordance with. Art 6 (1) lit. a GDPR activated in our cookie banner (“Accept”). By clicking on “Settings” you can activate or deactivate individual cookies or cookie groups. If you restrict the use of cookies on our website, you may no longer be able to use all functions of our website to their full extent. Detailed information about the cookies used on our website can be found in our cookie banner. Edit cookie settings.

Information on data transfers to the USA
The Google Tag Manager, Google Analytics, Facebook Pixel, Wordlift and YouTube services also transfer your data (at least occasionally) to the USA as a third country. Authorities or secret services in the USA can access your data without you having any legal recourse. The CJEU has therefore found that there is no sufficient level of data protection within the meaning of the GDPR. of Art. 44 et seq. GDPR for data transfers from the EU to the USA. For this reason, the legal basis for the use of this service is your express consent in accordance with GDPR. Art. 49 (1) lit. a GDPR.

Change the cookie settings in your web browser

How the web browser you are using handles cookies, i.e. which cookies are allowed or rejected, can be determined in the settings of your web browser. You can delete cookies already stored on your computer / device yourself at any time. Where exactly these settings are located depends on the respective web browser. Detailed information on this can be called up using the help function of the respective web browser.

In addition, you have the option of generally objecting to cookies and similar tracking technologies via the services listed below by setting your individual preferences – which technologies you want to allow for usage and interest-based advertising:
– European Interactive Digital Advertising Alliance (EDAA)
– Network Advertising Initiative (NAI)

2.3. Communication with us

Contact form and email

On our website, we offer you the option of contacting us by email and / or using a contact form. In this case, the information you provide will be used for the purpose of processing your contact on the basis of the legal basis of the fulfillment of the contract in accordance with. Art. 6 (1) lit. b GDPR processed. There is no legal or contractual obligation to provide this personal data. Failure to provide it simply means that you do not submit your request and we cannot process it. The data will only be passed on to third parties if this is stated on the website or in this data protection declaration or if this is necessary to fulfill the contract or if this is required by law. We only save your data for as long as is expedient for processing your inquiries or for any queries you may have.

2.4. Online shop (s) / booking portal (s)

For the purpose of providing contractual services as well as their payment and execution in the context of online purchases, bookings and brochure orders, we process your personal master data, contract and payment data as well as communication data (IP address and server log files) on the basis of the legal bases of Art. 6 (1) lit. b GDPR (fulfillment of contract) and Art. 6 (1) lit. c GDPR (legal obligation for invoicing and archiving).

We store this data as long as the purpose requires it, statutory provisions provide for this (retention period of invoices according to § 132 BAO for 7 years; voucher orders until the expiry of the redemption period for 30 years) or we store this data on the basis of the legal basis of Art. 6 ( 1) lit. f GDPR (legitimate interest) to defend against possible liability claims. If you cancel the order process, we will save the data to clarify possible problems during the order process for 14 days.

There is no legal or contractual obligation to provide personal data. Failure to provide them simply means that we cannot process your bookings / orders.

Feratel DESKLINE online bookings, booking inquiries and brochure orders

For the processing of online bookings, prospectus orders and inquiries, we process your personal data in order to be able to provide you with the services you have booked with the help of our service provider feratel Media Technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck). To do this, we save and process inventory data, communication data, contract data, payment data of our customers, interested parties and other business partners. The processing takes place for the purpose of providing contractual services or to fulfill pre-contractual services on the basis of the legal basis of Art. 6 Para. 1 lit. b GDPR (booking processes, answering requests for offers and sending brochures) as well as Art. 6 para. 1 lit. c GDPR (legally required retention periods for bookings or invoices). For this purpose, the data fields marked as necessary are required for the establishment and fulfillment of the contract. We disclose your personal data to third parties (hotel partners or other tourist service providers) on the basis of the legal basis of Art. 6 (1) lit. b GDPR (if it is necessary to process a booking), or on the basis of our legitimate interest in accordance with. Art. 6 (1) lit. f GDPR for the use of corresponding booking software. We have a corresponding agreement with feratel in accordance with Art. 28 GDPR as a processor, which ensures that your data is processed exclusively in the context of our order. Further information on data protection from feratel can be found at: https://www.feratel.com/datenschutz.html .

Feratel Webshop

We use the system of feratel Media Technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck) as our processor to process the order / booking of holiday vouchers, merchandising articles and tourist services. The following information is required to process orders / bookings: salutation, first and last name, address, e-mail address. We have a corresponding agreement with feratel in accordance with Art. 28 GDPR as a processor, which ensures that your data is processed exclusively in the context of our order. Further information on data protection from feratel can be found at: https://www.feratel.com/datenschutz.html .

External payment service providers

To pay for the order processes / bookings, we use the legal basis of Art. 6 (1) lit. b GDPR (fulfillment of the contract) we use external payment service providers whose platforms you can use to make your payments. The payment data entered by you in the context of the order (e.g. account numbers, credit card numbers including check digits, passwords / TANs, etc.) are processed exclusively by our payment service providers and cannot be viewed by us. We only receive a confirmation of the payment or information that the payment could not be carried out via our payment service provider. Further information on data protection and terms and conditions of our payment service providers can be found at:

• Datatrans AG, Kreuzbühlstrasse 26, CH-8008 Zurich.
  Tel. +41 44 256 81 91
  E-mail: info@datatrans.ch
  https://www.datatrans.ch/de/datenschutzbestimmungen/
• card complete Service Bank AG Lassallestraße 3, A-1020 Vienna
  E-mail: office@cardcomplete.com
  https://www.cardcomplete.com/datenschutz/
• Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden Tel. 0046 8-120 120 00
  E-mail: inkorg@klarna.se
  https://www.klarna.com/at/datenschutz/
• PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg
  E-mail: customercare@paypal.com
  https://www.paypal.com/myaccount/privacy/privacyhub?locale.x=de_AT

2.5. Email newsletter

Email newsletter MailChimp

The legal basis for sending the newsletter is your consent within the meaning of. Art. 6 (1) lit. a GDPR. The registration for our newsletter takes place in the so-called double opt-in procedure. In this way we ensure that nobody can register with someone else’s e-mail address (e.g. with your e-mail address). Your consent can be revoked at any time free of charge by clicking on the “Unsubscribe link” at the end of each broadcast. The legality of the data processing operations that have already taken place remains unaffected by the revocation. After deleting your e-mail address, we will save it for another 3 years on the basis of our legitimate interest (Art. 6 (1) lit. f GDPR), to your originally given consent if necessary. to be able to prove. We use “MailChimp”, a service of Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA, to send out our newsletter. With the help of MailChimp we can analyze our newsletter campaigns. When opening an email sent with MailChimp, a connection to the MailChimp servers is established. In this way we can determine whether a newsletter message has been opened and which links have been clicked. In addition, technical information such as the time of access, the IP address, browser type and operating system of the recipient are registered. This information is used exclusively for statistical analysis of our newsletter. The purpose of these analyzes is to better adapt future newsletters to the interests of the recipients. The legal basis for data transfers to the USA are the EU standard contractual clauses agreed with MailChimp in connection with our review of the admissibility of these data transfers in terms of a comprehensive risk assessment. We have a processor agreement within the meaning of Art. 28 GDPR concluded with MailChimp ( https://mailchimp.com/legal/data-processing-addendum/ ). Further information on the legality of the data transfers from MailChimp to the USA and the special security measures taken for this purpose can be found at: https://mailchimp.com/help/Mailchimp-european-data-transfers/ . General data protection information from MailChimp can be found at: https://mailchimp.com/legal/privacy/ .

2.6. Digital information services

Notify APP

With the support of our service provider MessengerPeople GmbH (Herzog-Heinrich-Str. 9, D-80336 Munich), we provide a newsfeed on current events and current information on our holiday region. For this purpose it is necessary to download the Notify APP and register for this service on your mobile phone with your mobile phone number. We only use this service or your phone number to send you messages on the above-mentioned topics. The number is not passed on and is not visible to other subscribers to the service. The legal basis for the processing of your personal data (your mobile phone number, first name and surname, information on the device used (mobile phone), profile picture and the messages exchanged via the service) is your consent to the use of this service in accordance with. Art. 6 (1) lit. a GDPR. You can deactivate our notify service at any time by making the appropriate settings in your app and unfollowing us. Further information on data protection of the Notify App or MessengerPeople GmbH can be found at: https://www.messengerpeople.com/de/datenschutzerklaerung/ .

2.7. Web analysis – statistical analysis of our website

Google Tag Manager

We use the service of the provider Google Ireland Limited (“Google”) (Gordon House, Barrow Street, Dublin 4, Ireland) to manage website tags using a common tool. The Google Tag Manager tool itself (which implements the tags) is a domain that does not set cookies and does not collect any other personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in effect for all tracking tags that are implemented with the Google Tag Manager. Further information on data protection from Google can be found at: https://www.google.com/policies/privacy/ .

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”) (Gordon House, Barrow Street, Dublin 4, Ireland). The legal basis for the use of this service is your consent in accordance with. Art. 6 (1) lit a GDPR. Google Analytics uses cookies that are stored on the visitor’s computer and that enable an analysis of the use of our website by the visitor to the page. The information generated by the cookie about your use of our website is usually stored on European servers and is only transferred to a Google server in the USA and stored there in exceptional cases. We use Google Analytics with activated IP anonymization. This means that your IP address is usually shortened by Google within the European Union and the full IP address is only transmitted to a Google server in the USA and only shortened there in exceptional cases. The IP address transmitted by the relevant browser as part of Google Analytics will not be merged with other Google data. On our behalf, Google will use the information collected to evaluate the use of the website and to compile reports on website activity. The collection by Google Analytics can be prevented by the page visitor adjusting the cookie settings for this website. The collection and storage of the IP address and the data generated by cookies can also be objected to at any time with effect for the future. The corresponding browser plug-in can be downloaded and installed from the following link: https://tools.google.com/dlpage/gaoptout . Further information on the use of data by Google, setting and objection options, can be found in Google’s privacy policy(https://policies.google.com/privacy) and in the settings for the display of advertisements by Google(https://adssettings.google.com/authenticated).

Google Ads Conversion Tracking

Our website uses the provider’s “Google Ads Conversion Tracking” service. Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland). When we place advertisements on Google, we use so-called conversion tracking. If you click on an advertisement placed by Google, a cookie is set for conversion tracking (storage period 30 days). This is how we recognize that you clicked on one of our advertisements and were redirected to our site. However, we do not receive any personal information, but only learn the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag. We use Google Ads Conversion Tracking based on the legal basis of your consent (settings via our cookie banner) in accordance with. Art. 6 (1) lit. a GDPR. Further information on the use of data by Google, setting and objection options can be found in Google’s data protection declaration ( https://policies.google.com/privacy ) as well as in the settings for the display of advertisements by Google ( https://adssettings.google.com/authenticated ).

2.8. Web marketing

Adform

Our website uses on the basis of the legal basis of your consent in accordance with. Art. 6 (1) lit. a GDPR the online marketing tool “Adform” from Adform Germany GmbH (Großer Burstah 50-52, D-20457 Hamburg). Adform uses cookies to show relevant advertisements for the users of our website. Adform also helps us to improve our campaign performance and also to evaluate our campaign performance. By integrating the Adform cookie, Adform receives information about which pages of our website you have viewed and which of our advertisements you have clicked on (conversion tracking). You can revoke your consent to the collection and transmission of data to Adform by changing the settings in our cookie banner or making the appropriate settings in your browser. Further information on data protection from Adform is available at https://site.adform.com/privacy-center/overview/ .

Google remarketing

Our website uses on the basis of the legal basis of your consent in accordance with. Art. 6 (1) lit. a GDPR the functions of “Google Analytics Remarketing” in connection with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland). This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC) . If you have given your consent, Google will link your web and app browser history to your Google account for this purpose. In this way, the same personalized advertising messages can be displayed on every device on which you log in with your Google account. To support this function, Google Analytics collects Google-authenticated user IDs, which are temporarily linked to our Google Analytics data in order to define and create target groups for cross-device advertising. You can permanently object to cross-device remarketing / targeting by deactivating personalized advertising in your Google account; follow this link: https://www.google.com/settings/ads/onweb/ . The collected data is summarized in your Google account exclusively on the basis of your consent, which you can give to Google or revoke (Art. 6 Para. 1 lit. a GDPR). Further information on data protection from Google can be found at: https://www.google.com/policies/privacy/ .

Facebook pixel

In order to place advertisements aimed at target groups on Facebook and to be able to track the actions of users after they have seen or clicked a Facebook advertisement, use is made on the legal basis of your consent in accordance with. Art 6 (1) lit. a GDPR within our website the Facebook pixel of Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland). This enables us to show you information that is of interest to you on Facebook and to evaluate or optimize our Facebook advertisements with the anonymous data collected in this way (we do not see any personal data from individual users, only the overall effect). According to their data protection information, Facebook links this data with the Facebook account of the Facebook user and can thus show them content that corresponds to their interests. Specific information on how the Facebook Pixel works can be found in the Facebook help section at: https://de-de.facebook.com/business/help/651294705016616 . You can make settings for usage-based advertising on Facebook yourself in your Facebook account: https://www.facebook.com/settings?tab=ads . Further information can be found in Facebook’s data protection declaration at: https://www.facebook.com/privacy/explanation .

2.9. Integration of further services and content from third parties

We integrate third-party content and functions within our website. This always presupposes that the providers of this content or function are aware of the IP address of the user. Because without the IP address, you would not be able to send the content to the browser of the respective user. The IP address is therefore required to display this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. However, we have no control over whether the third party provider uses the IP address e.g. B. save for statistical purposes. The legal basis for the use of these services, insofar as they are necessary for the function of our website, is our legitimate interest in accordance with. Art. 6 (1) lit. f GDPR, otherwise your consent in accordance with. Art. 6 (1) lit a GDPR. Information on the purpose and scope of further processing and use of the data by the provider of the embedded services / content as well as further information within the meaning of Art. 13 and 14 GDPR are available from the information links below. The following services / content are embedded in our website:

Outdoor active

We use the “Outdoor Active” service of Outdooractive GmbH & Co. KG (Missener Straße 18, D-87509 Immenstadt) to map tours (e.g. hiking tours, ski tours, bike and bike tours, etc.). For this purpose, the map material is loaded from the Outdoor Active server. The following data is transmitted to Outdoor Active: the visited page of our website, the IP address of your device, content of the request, location data, operating system as well as the language and version of the browser software. Outdoor Active uses cookies that are stored on your browser to evaluate your request. The legal basis for processing your data is Art. 6 (1) lit. f GDPR (legitimate interest). Our legitimate interest consists in an appealing presentation of our online offer or the geographical presentation of the offers in our region. In the case of location data from mobile devices, the legal basis is your consent in accordance with Art. 6 (1) lit. a GDPR by enabling the transfer of location data on your mobile device. Further information on data protection from Outdoor Active can be found at: https://corporate.outdooractive.com/de/datenschutzrechte/ respectively. https://www.outdooractive.com/de/datenschutz.html .

Youtube

We bind videos from the platform “YouTube” of the provider Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland) in enhanced privacy mode. The implementation is based on Art. 6 (1) lit. f GDPR, whereby our interest lies in the smooth integration of the videos and the appealing design of our website. However, we only use YouTube if you have consented to this. The legal basis for the processing of your data is therefore your consent in accordance with. Art. 6 (1) lit. a GDPR, which you can revoke at any time for the future. When you call up a page in which we have embedded a YouTube video, a connection to the Google servers is established and the content is displayed on the website by notifying your browser. According to the information provided by Google, your data (in particular which of our Internet pages you have visited) as well as device-specific information including the IP address are only transmitted to the YouTube server in the extended data protection mode when you watch the video. In some cases, information is sent to the parent company Google Inc. based in the USA, to other Google companies and to external Google partners, each of which may be located outside the European Union. By clicking on the video, you consent to this transmission. If you are logged in to Google at the same time, this information will be assigned to your Google member account. You can prevent this by logging out of your member account before visiting our website or by making individual settings in your Google account under the following link: https://adssettings.google.com/authenticated . Further information on data protection from YouTube can be found at: https://www.google.com/policies/privacy/ .

Wordlift
Our website uses the WordLift plugin to analyze the content and to display metadata in the source code of our website for search engines on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 (1) lit. f GDPR. Our legitimate interest lies in making our website easier to find on various search engines. The WordLift plugin is a service of the provider WordLift s.r.l (Via Giulia 117, 00186 Rome, Italy). The application does not collect any personal data, the IP address of your browser is not stored by WordLift. Further information on WordLift’s data protection can be found at: https://wordlift.io/gdpr/. Information on WordLift’s data security can be found at: https://docs.wordlift.io/en/latest/faq.html#is-wordlift-secure.

Java Script Deliver

Our website uses the services of Prospectone Sp. z oo (ul.Krolweska 65A, 30-081, Krakow, Poland). To do this, the JavaScript code “jsdeliver” is uploaded. If you have activated JavaScript in your browser or if you have not installed a JavaScript blocker, your browser will transfer your IP address to a jsdeliver server and this will be saved in the usual server log. Any further processing of this information is the responsibility of Prospectone Sp. z oo The use of jsdeliver.net / cdn.jsdelivr.net / jsdeliver.com is in the interest of the technically correct presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. Further information on data protection from jsdeliver can be found at: https://www.jsdelivr.com/about . A JavaScript blocker can be installed to generally prevent the execution of JavaScript codes. Further information can be found at: https://www.noscript.net or https://www.ghostery.com/ .

3. Other data processing in business and customer contact

In this section we inform you about other data processing processes outside of our website.

3.1. Job applications

The contact details and application documents transmitted to us in the course of a job application are processed by us exclusively internally for the purpose of selecting suitable candidates for an employment relationship. There is no legal or contractual obligation to provide personal data. Failure to provide it simply means that you do not submit your request and we cannot process it. The transmitted personal data will be used by us in accordance with the statutory provisions for max. 6 months, in the case of the applicant’s express consent to keep the documents on record, for max. Saved for 2 years.

3.2. Online presence in social media
In addition to our website, we maintain an online presence within social networks and platforms: Facebook, Instagram and YouTube in order to communicate with customers and business partners active there and to be able to inform them about our services on these networks. Further data protection information can be found when you access our content on these platforms.

3.3. Sweepstakes

Your personal data (email address, name, address) provided for participation in our competitions will only be used by us to determine a winner, to inform him about the prize and to send prizes. Your data will not be shared with third parties. The legal basis for the processing of your personal data is the fulfillment of the contract in accordance with. Art 6 para 1 lit b GDPR. There is no legal or contractual obligation to provide personal data. Failure to provide the data only means that you cannot take part in the competition. Your data will be stored for the duration of the competition and – to process any prizes and claims for damages – for a maximum of 3 years thereafter and then deleted. By participating, you also consent to your name being published on our website and on our public social media channels if you win.

3.4. Guest card system

Feratel guest card system

For the use of our regional guest card, we process your personal data (first name, last name, date of birth, period of stay and country of origin / postcode) with the help of our service provider feratel Media Technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck) for the purpose of providing you to provide the benefits of the free card. It is also necessary to save your usage data for billing purposes and to make this available to our service providers to control internal billing. The legal basis for processing is your consent in accordance with. Art. 6 (1) lit a, which you give us in the context of your guest registration in your accommodation facility. You can revoke this consent at any time free of charge. Usages that have already been made remain unaffected and stored for billing purposes. There is no legal or contractual obligation to provide personal data. Failure to provide it simply means that we cannot provide you with the guest card. We have a corresponding agreement with feratel in accordance with Art. 28 GDPR as a processor, which ensures that your data is processed exclusively in the context of our order. Further information on data protection from feratel can be found at: https://www.feratel.com/datenschutz.html .

3.5 guests / visitors WiFi

We offer a freely accessible visitor WiFi in our offices. In order to provide the services of the hotspot for you, the use of personal data from your end device is necessary. In this context, the MAC addresses (Media Access Control address) of end devices may also be temporarily stored. Furthermore, we may save log data (“log files”) on the type and scope of the use of the services for 7 days. These data cannot be assigned directly to your person, but can be assigned directly to the device you are using and thus also indirectly to your person. We use the services of A1 Telekom Austria AG (Lassallestraße 9, A-1020 Vienna) to provide this offer.

3.6. Registration for events and events

You can register for events from various providers in our region in our information offices. For this purpose we process your personal data (name, email address and telephone number). These data are processed by us on the basis of the legal basis of Art. 6 (1) lit. b GDPR (contract fulfillment / pre-contractual measures) processed and also passed on to the respective organizer. This data will be deleted or destroyed by us after the event.

Current version of the data protection declaration from July 22nd, 2021