Privacy Information

According to Art. 13 and 14 GDPR

1. General information

The protection of your personal data is a special concern for us. We therefore process your data exclusively in a legal manner based on the statutory provisions (especially GDPR (General Data Protection Regulation), DSG (German Data Protection Act) 2018, TKG (Telecommunications Act) 2021). In this privacy information we inform you about the most important aspects of data processing - the type, scope and purposes of collection as well as the use of personal data - in the context of the use of our website and in the context of other services provided by our company.

1.1. Controller responsible for the processing of your data

The controller (as defined in Art. 4 Z 7 GDPR) responsible for processing your personal data (personal data as defined in Art. 4 Z 1 GDPR) is:

Tourismusverband WILDER KAISER
Dorf 35
A-6352 Ellmau
Tel. +43 50509
Email: datenschutz@wilderkaiser.info

Data Protection Officer:
We take the protection of personal data very seriously and we have appointed an external data protection officer for this purpose. Our data protection officer is Martin Zeppezauer, Thurnbichlweg 50, A-6353 Going am Wilden Kaiser (www.zepedes.com). You can contact our Data Protection Officer using the following email address: martin@zepedes.com.

1.2. Purposes, data categories and the legal basis for the processing personal data

Purposes of processing
The purposes of processing your personal data normally arise from our business activities as a tourist organisation: provision of our online offers, processing customer inquiries / orders / bookings, accounting, communication with business partners and customers. For detailed information about the purposes of processing and, if applicable, further processing for other compatible purposes, and about categories of processed data, please refer to the detailed descriptions of the individual data processing processes.

General data categories

  • Personal master data (e.g. name, date of birth and age, address)
  • Contact details (e.g. e-mail address, telephone number, fax number)
  • Communication data (time and content of a communication)
  • Order data or booking data (e.g. goods or services ordered and invoice data such as a service period, method of payment, invoice date, tax identification number ...)
  • Payment data (e.g. account number, credit card data)
  • Contract data (content of any type of contracts)
  • Web usage data (e.g. server data, log files and cookies)

Special data categories ("sensitive data") in accordance with Art. 9 GDPR

  • Health data (only insofar as this is provided to based on your express consent for the processing of your order (e.g. arrangement of a hotel specialising in guests with food intolerances or allergies))

Legal bases for processing
In principle, there is no obligation to provide data for the data processing described in this privacy policy. Failure to provide this information will only result in inability on our part to provide these services. The legal basis for processing your personal data, which is necessary for the fulfilment of a contract with you or an order from you to us, is Art. 6 (1) b GDPR. Insofar as processing of personal data is necessary for the fulfilment of a legal obligation by us (an accounting or bookkeeping obligation or other legal documentation requirements), Art. 6 (1) C GDPR serves as the legal basis. If we process your data to carry out a task assigned to us in the public interest ("sovereign action"), the legal basis will be Art. 6 (1) e GDPR. If processing is necessary to protect a legitimate interest of our company or of a third party and your interests, fundamental rights and freedoms do not override our interest, Art. 6 (1) f GDPR ("legitimate interest") will serve as the legal basis for processing. In such a case we will also inform you about our legitimate interests. Insofar as we have no other legal basis for processing of personal data as outlined above, we will ask for your consent for the processing of data, whereby in these cases we rely on Art. 6 (1) a GDPR or, in a case where sensitive data is processed, on Art. 9 (2) a GDPR as the legal basis. You may revoke this consent at any time free of charge without affecting the legality of any processing carried out on the basis of your consent up to the time of revocation.

1.3. Data transfer to processors and third parties

We process your personal data with the aid of processors who help us to provide our services. These processors are bound by a corresponding agreement with us as defined by Art. 28 GDPR to strictly protect your personal data and they may not process your personal data for any purpose other than for the provision of our services. You can find out which processors are involved in the detailed descriptions of individual data processing procedures.

A transfer of your personal data to companies other than our order processors is made to service providers typical third parties such as banks, tax advisors or auditors. Personal data will only be transferred to state institutions and authorities within the framework of mandatory national legal regulations.

Depending on your order (e.g. for bookings and inquiries), your personal data will be transferred only to the extent required and, if applicable, also to hotel partners or other tourist service providers (members of our organization), who are needed for the fulfilment of your order. Personal data transferred varies depending on the service.

1.4. Transfers to third countries

In principle, we process your personal data in the EU area. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this takes place in the context of the use of services of our processors or third parties, this will only happen if the requirements of Article 44 et seq. GDPR for transfers to third countries are complied with, i.e. based on special guarantees such as the officially recognised determination of a level of data protection commensurate with the EU or in compliance with officially recognised contractual obligations, the so-called "EU standard contractual clauses". If we rely on the EU standard contractual clauses as a legal basis for the transfer of your personal data, we will also examine the permissibility of this data transfer as part of a comprehensive risk assessment. If we arrive at a negative result, we will not transfer this data to a third country without your express consent in accordance with Art. 49 (1) lit. a GDPR to a third country.

1.5. Data erasure and storage period

Your personal data will be erased by us as soon as the purpose for which we collected your data no longer applies. Data may also be stored if we process the data for a purpose compatible with the original purpose. It may also take place if this is provided for by laws, ordinances or by other regulations that our company is subject to.

1.6. Data sources

We collect your personal data only from you; we do not use any other data sources.

1.7. Profiling

We do not use any automated decision-making or profiling procedures that have a legal effect against you that would affect you significantly in a similar way. However, with your consent, we will use your usage data to get a better picture of your interests to enable us to present information of interest to you or to give you tailor-made offers or to be able to display relevant information to you on third-party websites or social media platforms.

1.8. Safeguarding your data protection rights

In principle, you have the right to information, correction, deletion and restriction of the processing of personal data in accordance with the GDPR. If the legal basis for the processing of your personal data is your consent or a contract concluded with you, you also have the right to data portability. You have the right to revoke any consent you may have given to the processing of your personal data. The lawfulness of the processing of your personal data up to the time of revocation is not affected by this. You have the right to object to the processing of your personal data for the purpose of direct marketing. In the event of an objection, your personal data will no longer be processed for the purpose of direct marketing. A detailed explanation of these rights can be found here in Chapter III.

Right of appeal
If you believe that the processing of your data breaches data protection law or that your data protection rights have otherwise been breached in a way, you may lodge a complaint with the relevant regulatory authority. In Austria, this is the data protection authority (Wickenburggasse 8, 1080 Vienna, e-mail dsb@dsb.gv.at).

2. Visiting our website

In this section we tell you how we process your personal data when you visit our website.

2.1. Presentation of the website

Server data
For technical reasons, the following data, amongst other items that your internet browser transmits to us or to our web space provider, is recorded (server log files) based on § 165 (3) S 3 TKG (Telecommunications Act) 2021 (necessary for the operation of our website):

  • Browser type and version
  • Operating system and type of device used (e.g. desktop / mobile)
  • Website from which you visit us (referrer URL)
  • Website that you visit
  • Date and time of your access
  • Your internet protocol address (IP address)

This data, which is anonymous for us, will be stored separately from any personal data you may have provided and therefore does not allow us to draw any conclusions about a specific person. The data is used for statistical purposes in order to improve our website and our offers.

SSL or TLS encryption
This page uses SSL or TLS encryption for security reasons and to protect the transfer of confidential content, for example orders or enquiries that you send to us website operator. You can recognise an encrypted connection because the browser's address line changes from "http://" to "https://" or by the lock symbol in your browser line. When the SSL or TLS encryption is activated the data you transfer to us cannot be viewed by third parties.

Technical Conception:
MICADO DIGITAL SOLUTIONS GMBH (Hammerschmiedstraße 5, A-6370 Kitzbühel). More information on data protection at: https://www.micado.cc/de/informationen-ueber-cookies-und-datenschutz.html

Webhosting:
World4You Internet Services GmbH (Hafenstraße 35, A-4020 Linz). More information on data protection at: https://www.world4you.com/de/unternehmen/datenschutzerklaerung.html

2.2. Cookies

Cookie banners - cookies on our website
Our website uses cookies to help us to make our website more user-friendly and more efficient for you, to carry out statistical analyses of the use of our website or to display content of interest to you on other websites. Cookies are small text files which are used to store information during visits or about the visits to websites and are stored on the visitor's computer. The legal basis for cookies which are absolutely essential for proper operation of our website (e.g. shopping cart cookie) is § 165 (3) S 3 TKG (Telecommunications Act) 2021. Cookies that are not necessary for the function of our website (e.g. analysis or marketing cookies) are disabled and will be enabled only with your consent in accordance with Art 6 (1) a GDPR in our cookie banner ("Accept"). You can activate or deactivate individual cookies or cookie groups by clicking on "Settings". If you restrict the use of cookies on our website, you may not be able to use the all the functions on our website. You will find detailed information about the cookies used on our website in our cookie banner.

Changing the cookie settings in your web browser
You can decide how the web browser you use will handle cookies, i.e. which cookies are to be accepted or rejected, in your web browser settings. You can also erase cookies already stored on your computer/end device yourself at any time. Where exactly these settings are located will depend on the web browser. Detailed information can be accessed in the help function of the respective web browser.

You also have the option of objecting to cookies and similar tracking technologies generally, using the services mentioned below by setting your individual preferences - which technologies for usage and interest-based advertising you want to allow:

• European Interactive Digital Advertising Alliance (EDAA): https://www.youronlinechoices.com/de/praferenzmanagement/
• Network Advertising Initiative (NAI): https://optout.networkadvertising.org/?c=1#!%2F

2.3. Communicating with us

Contact form and e-mail
On our website we offer you the option to contact us by e-mail and/or via a contact form. In this case, the information you provide will be used to process your contact on the legal basis of contract performance in accordance with Art. 6 (1) b GDPR. There is a legitimate interest on our part pursuant to Article 6 (1) lit. f GDPR for the use of a contact form. The legitimate interest lies in offering our website visitors an opportunity to contact us that does not require them to call up their own e-mail client. There is no legal or contractual obligation to provide this personal data. If you do not provide it, this will only result in you not submitting your request and us not being in a position to process it. Data will be passed on to third parties only if this is stated on the website or in this privacy policy or if it is necessary for the fulfilment of the contract or if it is required by law. We only store your data as long as this is appropriate for the processing of your enquiries or for any queries.

2.4. Online shop(s) / booking portal(s)

For the purpose of rendering contractual services as well as payment and implementation of them in the context of online purchases, bookings and orders for brochures, we process your personal master data, contract data and payment data as well as communication data (IP address and server log files) on the basis of Art. 6 (1) b GDPR (contract fulfilment) as well as Art. 6 (1) c GDPR (legal obligation for billing and archiving).

We store this data as long as it is required for the purpose of it, legal regulations provide for it (retention period of invoices in accordance with 132 BAO (Federal Taxation Regulations) for 7 years; voucher orders up to the expiry of the redemption period for 30 years) or as long as we require this data on the basis of Art. 6 (1) f GDPR (legitimate interest) for defence against possible liability claims. If you cancel the order process, we will store the data for 14 days to clarify any problems during the order process.

There is no legal or contractual requirement to provide the personal data. If you do not provide it, this will only result in us not being in a position to process your bookings / orders.

Feratel DESKLINE online bookings, booking requests and orders for brochures
For the processing of online bookings, orders for brochures and enquiries, we will process your personal data in order to provide you with booked services with the help of our service provider feratel Media Technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck). For this purpose we store and process inventory data, communication data, contract data and payment data from our customers, prospective customers and other business partners. The processing is carried out in order to provide contractual services or for fulfilment of pre-contractual services on the basis of Art. 6 (1) b GDPR (booking processes, answering quotation requests and sending brochures) as well as Art. 6 (1) c GDPR (legally required retention periods for bookings or invoices). For this purpose, the data fields marked as mandatory are required for the reasons and fulfilment of the contract. We disclose your personal data within the framework of this data processing to third parties (hotel partners or other tourist service providers) on the legal basis of Art. 6 (1) b GDPR (if it is required for the processing of a booking transaction) or based on our legitimate interest in accordance with Art. 6 (1) GDPR. We have concluded a corresponding agreement with feratel in accordance with Art. 28 GDPR as an order processor which ensures that your data will be processed only within the scope of our order. For more information about feratel's privacy policy, please go to. https://www.feratel.com/en/privacy-policy.html

INCERT voucher system and merchandising articles
We use the system provided by INCERT eTourismus GmbH & Co KG (Leonfeldner Strasse 328, A-4040 Linz) as our order processor to process orders relating to holiday vouchers and merchandising articles. It facilitates the automated sale of vouchers via "print@home" as well as the individual personalisation of vouchers with dedications, designs and barcodes. For the processing of orders, the following information is required: title, first and last name, address, e-mail address. We have concluded a corresponding agreement with INCERT in accordance with Art. 28 GDPR as an order processor which ensures that your data will be processed only within the scope of our order. For more information about INCERT's privacy policy, please go to: https://www.incert.at/en/data-protection/.

feratel Webshop
We use the system provided by feratel Media Technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck) as our order processor to process event ticket orders/bookings. For the processing of orders/bookings the following information is required: salutation, first and last name, address, e-mail address. We have concluded a corresponding agreement with feratel in accordance with Art. 28 GDPR as an order processor which ensures that your data will be processed only within the scope of our order. For more information about feratel's privacy policy, please go to. https://www.feratel.com/en/privacy-policy.html.

External payment service providers
We use external payment service providers on the legal basis of Art. 6 (1) b GDPR (contract performance) for the payment of order transactions / bookings ; you can make your payments via their platforms. The payment data you entered when placing the order (e.g. account numbers, credit card numbers including check digits, passwords / TANs etc.) are processed only by our payment service providers and cannot be seen by us. We only receive a confirmation of the payment via our payment service providers or information to the effect that the payment could not be carried out. You will find further information about privacy as well as general terms and conditions of our payment service providers at:

Datatrans AG, Kreuzbühlstrasse 26, CH-8008 Zürich.
Tel. +41 44 256 81 91
E-mail: info@datatrans.ch
https://www.datatrans.ch/en/privacy-policy/

Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA
E-mail: support@stripe.com
https://stripe.com/at/privacy

card complete Service Bank AG Lassallestraße 3, A-1020 Wien
E-mail: office@cardcomplete.com
https://www.cardcomplete.com/en/private-customers/data-protection/?set_language=en

Six Payment Services, Zweigniederlassung Österreich, Marxergasse 1B, A-1030 Wien
Tel. +43 1 717 01 – 0
E-mail: info.austria@six-payment-services.com
https://www.six-payment-services.com/en/services/legal/privacy-statement.html

Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden
Tel. 0046 8-120 120 00
E-mail: inkorg@klarna.se
https://www.klarna.com/uk/privacy/

2.5. Links to other online shops

Sale of fan articles
To enable our users to purchase fan articles online quickly, we are linked to the Haunold Ges.b.R (Dorf 47, A-6352 Ellmau) platform. This link is integrated into the page by means of an HTML link. By clicking on the link, a new browser window opens and the Haunold page opens. Further processing of your personal data in the context of your online purchases will be the responsibility of Haunold Ges.b.R. You will find further information about data protection at Haunold Ges.b.R at: https://www.haunold.at/bezirk-3/imprint#.

Sale of cable car tickets
For the sale of cable car tickets (season tickets, multi-day tickets and day tickets) and for sales of cable car ticket vouchers as well as merchandising articles, our website is linked to the SkiWelt Wilder Kaiser - Brixental Marketing GmbH (Dorf 84, AT-6306 Söll) online ticket shop. This link is integrated into our site by means of an HTML link. When you click on the link, a new browser window will open and the SkiWelt Wilder Kaiser - Brixental Marketing GmbH online ticket shop page will open. The further processing of your personal data in the context of the online purchase will be the responsibility of SkiWelt Wilder Kaiser - Brixental Marketing GmbH which is responsible for data protection. You will find further information on data protection at SkiWelt Wilder Kaiser - Brixental Marketing GmbH at: https://shop.skiwelt.at/en/data-protection.

2.6. E-mail newsletter

E-mail newsletter (NumBirds)
On our website there is the possibility to register for our newsletter. The legal basis for sending the newsletter is your consent iSd. Art. 6 (1) lit. a GDPR. The registration for our newsletter takes place in the so-called double opt-in procedure. This ensures that no one can log in with foreign e-mail addresses (e.g. with your email address). Your consent can be revoked at any time free of charge by clicking on the "unsubscribe link" at the end of each mailing. The legality of the data processing operations already carried out up to that point remains unaffected by the revocation. After unsubscribing your email address, we will store it for a period of 3 years on the basis of our legitimate interest (Art. 6 (1) lit. f GDPR) in order to obtain your original consent to be able to prove if necessary. To send out our newsletter, we use the service provider "NumBirds", a tool of NumBirds CRM GmbH (Brixnerstraße 3/3, A-6020 Innsbruck). With the help of NumBirds we can analyze our newsletter campaigns. When you open an email sent with the NumBirds newsletter tool, a connection is established with the NumBirds server. This allows us to determine whether a newsletter message has been opened and which links have been clicked on. The purpose of these analyses is to better adapt future newsletters to the interests of the recipients. In addition, technical information such as the time of retrieval, the IP address, browser type and operating system of the recipient are registered. In addition, we use information from some of our other systems such as our feratel booking system, feratel guest card system or Incert Merchandisingshop, which is connected to your email address, in order to be able to tailor your personalized newsletter even more individually to your interests. In addition, we use information from some of our other systems such as our feratel booking system, feratel guest card system or Incert Merchandisingshop, which is connected to your email address, in order to be able to tailor your personalized newsletter even more individually to your interests. We have concluded a data processing agreement with NumBirds CRM GmbH according to Art. 28 GDPR to ensure that your data is only processed to the extent desired by us and permitted by you. General data protection information of NumBirds at: https://numbirds.com/datenschutzerklaerung/

2.7. Digital Information Services / Registration

Registration "My Kaiser"
Registration is not required for the use of this website. However, after registering on this website, the user is provided with additional access to further offers, additional services or services relating to holidays in the Wilder Kaiser tourist region in the individual customer area "My Kaiser". If you register for "My Kaiser" via Google or Facebook we will not collect or process any type of personal data that you have entered in Google or Facebook. Authentication via Google or Facebook will be subject to the respective provider's terms of use. By registering, the user grants consent in accordance with Art 6 (1) a GDPR that his personal data (title, first name, surname, e-mail address, password, address, telephone number, individually created watch list, booked services) may be stored by the operator and used for the provision of additional content. The personal data provided will be stored for the duration of the registration or beyond it in accordance with statutory retention periods and for a maximum of 3 years thereafter and then erased. The purpose of storage after registration is to identify the individual responsible if regulations breached. This is therefore in the overwhelming interest of the operator in accordance with Art. 6 (1) f GDPR. The user will receive more detailed information about the additional content during the registration process.

Registration “BürgerCard, StaffCard, FreizeitwohnsitzCard (HolidayHomeCard)"
Registration is not required for the use of this website. However, after registering on this website, the user will also have access to the benefits of the BürgerCard, StaffCard, FreizeitwohnsitzCard (HolidayHomeCard), if eligible. The personal data (name, e-mail address, telephone number, proof of residence or employment, advantage card usage data) will only be processed and transferred by the operator in a legal manner - in particular for fulfilment of contractual obligations (Art. 6 (1) b GDPR), on the basis of the operator's overriding legitimate interests (Art. 6 (1) f GDPR) or based on the user's consent (Art. 6 (1) a GDPR). If the legality for specific data processing is based on the user's consent, this consent may be revoked at any time (including partial revocation) by sending an e-mail to datenschutz@wilderkaiser.info. Revocation of consent does not affect the legality of processing carried out on the basis of consent up to the time of revocation. The personal data provided will be stored for the duration of the registration or beyond it in accordance with statutory retention periods. The purpose of further storage after the end of the period of use for the BürgerCard, StaffCard, FreizeitwohnsitzCard (ResidentCard, StaffCard, HolidayHomeCard) is to be able to identify the person responsible in the event of any legal violations. This is therefore in the overwhelming interest of the operator in accordance with Art. 6 (1) f GDPR. The email addresses of editors and administrators in the backend are only available to the Tourismusverband Wilder Kaiser. In order to enable automatic activation of the BürgerCard, StaffCard, FreizeitwohnsitzCard (ResidentCard, StaffCard, HolidayHomeCard), an interface to the electronic registration system of Feratel has been set up. Registration and use of the BürgerCard, StaffCard, FreizeitwohnsitzCard (ResidentCard, StaffCard, HolidayHomeCard) is only possible if you agree to the data comparison.

Optional communication channels for StaffCard Wilder Kaiser
With our StaffCard, users (employees of tourism businesses in our region) have the opportunity to register for several/different digital information channels in addition to the advantages that generally result from the use of the card, in order to be continuously informed about current offers/advantages. This is voluntary and the consents given for this purpose in accordance with Art. 6 (1) lit. a GDPR (legal basis for the processing of the data) can also be revoked at any time free of charge with effect for the future. Specifically, users can sign up for an e-mail newsletter, a WhatsApp newsletter or participate in a WhatsApp group.

To send out our e-mail newsletter, we use the tool "NumBirds", a service of Numbirds CRM GmbH (Brixnerstraße 3/3, A-6020 Innsbruck). With the help of NumBirds, we can analyze our newsletter campaigns. When you open an email sent with the NumBirds newsletter tool, a connection is established with NumBirds' servers. In this way, we can determine whether a newsletter message has been opened and which links, if any, have been opened. have been clicked. The purpose of these analyses is to better tailor future newsletters to the interests of recipients. In addition, technical information such as the time of access, IP address, browser type and operating system of the recipient is registered. We have a processor agreement with NumBirds according Art. 28 GDPR in order to ensure that your data is only processed to the extent desired by us and permitted by you. General data protection information of NumBirds at: https://numbirds.com/datenschutzerklaerung/.

For the design and dispatch of our WhatsApp newsletter and the administration of the participants of our WhatsApp group, we use the tool "ChatWerk" of our service provider Inbox Solutions GmbH (Pretzfelder Straße 7 – 11, D-90425 Nürnberg) or the instant messaging service "WhatsApp" of WhatsApp Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) to transmit our messages. We have entered into a processor agreement with Inbox Solutions GmbH according Art. 28 GDPR in order to ensure that your data is only processed to the extent desired by us and permitted by you. General data protection information of Inbox Solutions GmbH can be found at: https://chatwerk.de/datenschutzerklaerung/. To use WhatsApp, you need to download the corresponding app or an existing messaging account. We have no influence on the data processing by WhatsApp Ireland Limited, which is responsible for the processing of your personal data (e.g. name, telephone number, e-mail address, messenger ID, profile picture, messages) under data protection law. Detailed information on the processing of personal data by WhatsApp can be found at: https://www.whatsapp.com/privacy or https://www.whatsapp.com/legal/privacy-policy-eea?lang=de_DE#:~:text=Wenn%20du%20in%20der%20Region,bei%20uns%20an%20erster%20Stelle

Image Database Registration
We offer the possibility to register for the use of our image database at the web address https://images.wilderkaiser.info/. After registering on this website, you will receive access to our image database. The personal data necessary for registration (name, e-mail address, address, information on the purpose of use and password) are processed by us on the basis of the legal basis of Art. 6 (1) lit. b GDPR (contract performance) in order to be able to provide you with the images. There is no legal obligation to provide this data. Failure to provide this data will only result in us not being able to provide you with this service. The personal data provided will be stored for the duration of the use of our image database. The purpose of further storage after the end of the period of use of the image database is to be able to identify the person responsible in the event of any legal violations. This is therefore in the overriding interest of the operator in accordance with Article 6 (1) (f) GDPR. The terms of use of the image database can be found at: https://images.wilderkaiser.info/de/bildrechte-und-agb.html

Registration Partnermanager
Exclusively for member companies of our tourism association, we offer the possibility to register for the use of our " Vermietermanager " at the web address https://vermieter.wilderkaiser.info/. The use of the landlord manager offers our members exclusive, up-to-date information for tourist service providers of our wilder Kaiser region as well as the possibility to use various other tools (e.B. image database, reporting, various web widgets, etc.). The access data (user name and password) will be provided by us on request. The legal basis for the processing of personal data (company name, information on the operator and access data) is the fulfilment of the contract in accordance with Art. 6 (1) lit. b GDPR. There is no legal obligation to provide this data. Failure to provide this data will only result in us not being able to provide you with this service. The personal data provided will be stored for the duration of the use of our landlord manager. The further storage after the end of the period of use of the landlord manager has the purpose of being able to identify the person responsible in the event of any legal violations. This is therefore in the overriding interest of the operator in accordance with Article 6 (1) lit. f GDPR.

2.8. Web analysis - statistical analysis of our website

Google Tag Manager
We use the service of the provider Google Ireland Limited ("Google") (Gordon House, Barrow Street, Dublin 4, Ireland) for management of website tags via a common tool. The Google Tag Manager tool itself (which implements the tags) is a domain which does not set cookies or collect any other personal data. The tool triggers other tags that may in turn collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it will remain in place for all tracking tags implemented by means of Google Tag Manager. For more information about Google's privacy policy, go to: https://www.google.com/policies/privacy/.

Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited ("Google") (Gordon House, Barrow Street, Dublin 4, Ireland). The legal basis for the use of this service is your consent in accordance with Art. 6 (1) lit a GDPR. Google Analytics uses cookies that are stored on the website visitor's computer and that enable an analysis of the use of our website by the site visitor. The information generated by the cookie about your use of our website is usually stored on European servers and only in exceptional cases transmitted to a Google server in the USA and stored there. We use Google Analytics with activated IP anonymization. This means that your IP address is usually shortened by Google within the European Union and only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least a case-by-case) data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. The IP address transmitted by the corresponding browser as part of Google Analytics will not be merged with other Google data. On our behalf, Google will use the resulting information to evaluate the use of the website in order to compile reports on website activity. The collection by Google Analytics can be prevented by the site visitor adjusting the cookie settings for this website. The collection and storage of the IP address and the data generated by cookies can also be objected to at any time with effect for the future. The corresponding browser plugin can be downloaded and installed under the following link: https://tools.google.com/dlpage/gaoptout. User data is stored for 14 months. Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy (https://policies.google.com/privacy) as well as in the settings for the presentation of advertisements by Google (https://adssettings.google.com/authenticated).

Google Ads Conversion Tracking
Our website uses the service "GoogleAds Conversion Tracking" of the provider Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland). When we place advertising ads on Google, we use so-called conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking (storage period 30 days). This is how we recognize that you clicked on one of our ads and were redirected to our website. However, we do not receive any personal information, but only learn the total number of users who clicked on one of our ads and were redirected to our page with a conversion tracking tag. We use Google Ads Conversion Tracking on the legal basis of your consent (settings via our cookie banner) in accordance with Art. 6 (1) lit. a GDPR. Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least case-by-case) data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy ( https://policies.google.com/privacy?hl=en) as well as in the settings for the display of advertising by Google (https://adssettings.google.com/authenticated).

2.9. Web marketing

Google Remarketing
On the legal basis of your consent pursuant to Art. 6 (1) lit. a GDPR, our website uses the functions of "Google Analytics Remarketing" in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland). This feature makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC). If you have given your consent, Google will link your web and app browsing history to your Google Account for this purpose. In this way, the same personalized advertising messages can be displayed on every device on which you sign in with your Google Account. To support this feature, Google Analytics collects Google-authenticated user IDs, which are temporarily linked to our Google Analytics data to define and create audiences for cross-device advertising. Cookies are deleted after 1 year. Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least case-by-case) data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. You can permanently object to cross-device remarketing/targeting by deactivating personalized advertising in your Google Account; follow this link here: https://www.google.com/settings/ads/onweb/. The summary of the collected data in your Google Account takes place exclusively on the basis of your consent, which you can give or revoke with Google (Art. 6 (1) lit. a GDPR). Further information on Google's data protection can be found at: https://www.google.com/policies/privacy/.

Google Adsense
On the legal basis of your consent pursuant to Art. 6 (1) lit. a GDPR, we use the service "Google Adsense" of the provider Google Ireland Ltd. (GordonHouse, Barrow Street, Dublin 4, Ireland), to show you advertisements from other companies within our website. We do this to generate advertising revenue. For this purpose, your IP address will be shortened by the last two digits transmitted to Google.Google uses information that Google itself has collected about you via cookies to show you ads of interest to you on our website. We have concluded a corresponding agreement with the provider of the service in accordance with Art. 28 GDPR as a data processor, which ensures that your data is processed exclusively within the scope of our order. Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least case-by-case) data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. Further information on Google's use of data as well as on your setting and objection options can be found at: https://policies.google.com/technologies/ads. You can make your settings for the display of advertisements by Google under the following link: https://adssettings.google.com/authenticated.

Facebook Pixel
In order to place target group-directed advertisements on Facebook and to be able to track the actions of users after they have seen or clicked on a Facebook advertisement, we use the Facebook pixel of Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This allows us to display and evaluate or optimize our Facebook advertisements on Facebook that is of interest to you on Facebook with the data collected anonymously for us (we do not see any personal data of individual users, but only the overall effect). Storage period max. 12 months. According to their data protection information, Facebook links this data to the Facebook account of Facebook users and can thus display content that corresponds to their interests. Meta is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least case-by-case) data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. For specific information about how the Facebook pixel works, see the Facebook Help Center at: https://de-de.facebook.com/business/help/651294705016616. You can make settings regarding usage-based advertising on Facebook yourself in your Facebook account: https://www.facebook.com/settings?tab=ads. Further information can be found in Facebook's privacy policy at: https://www.facebook.com/privacy/explanation.

Adform
Our website uses the online marketing tool "Adform" of Adform Germany GmbH (Großer Burstah 50-52, D-20457 Hamburg) based on of your consent in accordance with Art. 6 (1) a GDPR. Adform uses cookies to present ads which are relevant to our website users. Adform also helps us to improve our campaign performance or to evaluate it. By integrating the Adform cookie, Adform receives information about which pages of our website you have viewed and which of our ads you have clicked on (conversion tracking). You may revoke your consent to the collection and transmission of data to Adform through the settings in our cookie banner, or make the relevant settings in your browser. For more information about Adform's privacy policy, please go to: https://site.adform.com/privacy-center/overview/.

Pinterest Tag (Pinterest Conversion Tracking)
In order to optimize our Pinterest campaigns and to measure their conversion (effectiveness), we set the Pinterest Tag (Pinterest Conversion Tracking Pixel) of Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) on the legal basis of Art. 6 (1) lit. a GDPR (consent). This allows us to display advertisements of interest to our website visitors, who are also Pinterest members, on Pinterest. It also allows us to track the actions of Pinterest members after they have seen or clicked on one of our Pinterest ads. The following personal data is processed: information about the type of hardware and operating system used, its IP address, the time of access to our website, the type and content of the advertisements we place and the reaction to our advertisements. These data are anonymous to us and do not allow us to draw any conclusions about the identity of the respective user. Pinterest may, according to its own information, connect this data to your Pinterest account and also use it for its own advertising purposes. We process this data with Pinterest Europe as "Joint Controller" and have concluded an agreement with Pinterest Europe in accordance with Article 26 GDPR (JCA – Joint Controller Agreement), which obliges all partners to provide you with the corresponding information about this joint processing within the meaning of Articles 12 to 14 GDPR, to ensure appropriate protection of this data and to enable you to exercise your rights as a data subject within the meaning of the Art. 15-21 GDPR. We have agreed with Pinterest Europe that Pinterest Europe is responsible for asserting data subject rights pursuant to Articles 15-20 GDPR with regard to the personal data processed / stored by Pinterest Europe in the context of joint processing. If personal data is processed by Pinterest Europe in the context of joint processing on the legal basis of legitimate interest (Art. 6 (1) lit. f GDPR), you are entitled to the right to object acc. Art. 21 GDPR. Further information on exercising your rights as a data subject and general information on data protection at Pinterest Europe Ltd. can be found at: https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea. Information on the individual setting of the data collected by Pinterest can be found at: https://help.pinterest.com/de/article/personalization-and-data.

Microsoft Advertising
On the legal basis of your consent pursuant to Art. 6 (1) lit. a GDPR, our website uses the functions of Universal Event Tracking (UET) from Microsoft Advertising (formerly Bing Ads) of Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA). Via UET, Microsoft stores a cookie in the browser of website visitors in order to enable an analysis of the use of the website, provided that the user has reached our website via an advertisement from Microsoft Advertising. This allows Microsoft and us to recognize whether a website visitor has previously clicked on an ad and was redirected to our website as a result. No IP addresses are stored. No other personal information about the identity of website visitors is stored. Microsoft is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least on a case-by-case) basis for data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. You can prevent the collection of data generated by the cookie and related to your use of the website and the processing of this data by Microsoft by using the opt-out option under the following link: https://account.microsoft.com/privacy/ad-settings/signedout?lang=de-DE. Further information on data protection by Microsoft and Bing Ads can be found at: https://privacy.microsoft.com/de-de/privacystatement.

2.10. Integration of further services and third-party content

We integrate third-party content within our website, e.g. videos from YouTube, maps from Google Maps, RSS feeds or graphics from other websites. This always requires providers of this content (hereinafter referred to as "third-party providers") to be aware of the user's IP address. This is because without the IP address, they could not send the content to the relevant user's browser. The IP address is therefore necessary in order to display this content. We endeavour to use only such content whose respective providers use the IP address only for the provision of the content. However, we have no influence on this if third-party providers store the IP address, e.g. for statistical purposes. The legal basis for the use of these services is, insofar as they are necessary for the function of our website, our legitimate interest in accordance with Art. 6 (1) f GDPR; otherwise it will be your consent in accordance with to Art. 6 (1) a GDPR. Information about the purpose and scope of further processing and use of the data by providers of the embedded services/content as well as further information within the meaning of Art. 13 and 14 GDPR can be found under the information links below. The following services/content are embedded in our website:

OpenStreetMap
We use the open source map service "OpenStreetMap" (also called "OSM") of the company Openstreetmap Foundation (St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom). For this purpose, the map material is loaded from the server of OSM. The following data is transmitted to OSM: the visited page of our website, the IP address of your device and location data. The legal basis for the processing of your data is Art. 6 (1) lit. f GDPR (legitimate interest). Our legitimate interest consists in an appealing presentation of our online offer or the geographical presentation of the offers of our region. In the case of location data from mobile devices, the legal basis is your consent under Art. 6 (1) lit. a GDPR by releasing the transfer of location data on your mobile device. The European Commission has certified that the United Kingdom has a level of protection of personal data that is essentially equivalent to that enjoyed in the European Union. The legal basis for the transfer of data to Great Britain is therefore Art. 45 GDPR. For more information about OSM, see: https://wiki.osmfoundation.org/wiki/Privacy_Policy.


Google ReCAPTCHA
To protect your orders via website form, this website uses the reCAPTCHA service of Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland). The query carried out in this way serves to distinguish whether the input is made by a human or abusively by automated, machine processing. By activating IP anonymization on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google ReCAPTCHA will not be merged with other Google data. In principle, there is a legitimate interest on our part within the meaning of the Art. 6 (1) lit. f GDPR for the use of Google ReCAPTCHA. Our legitimate interest lies in protecting our website from spam software. However, we only use Google ReCAPTCHA if you have given your consent. The legal basis for the processing of your data is therefore your consent in accordance with Art. 6 (1) lit. a GDPR. Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least case-by-case) data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. For more information about Google's privacy policy, please visit: https://policies.google.com/privacy.

Youtube
We integrate videos from the platform "YouTube" of the provider Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland) in extended data protection mode. The implementation takes place on the legal basis of Art. 6 (1) lit. f GDPR, whereby our interest lies in the smooth integration of the videos and the thus appealing design of our website. However, we only use YouTube if you have given your consent. The legal basis for the processing of your data is therefore your consent in accordance with Art. 6 (1) lit. a GDPR, which you can revoke at any time for the future. When you visit a page in which we have embedded a YouTube video, a connection to the Google servers is established and the content is displayed on the website by notifying your browser. According to Google's information, in the extended data protection mode, your data (in particular which of our websites you have visited) as well as device-specific information including the IP address will only be transmitted to the YouTube server when you watch the video. Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least case-by-case) data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. If you are logged in to Google at the same time, this information will be assigned to your Google member account. You can prevent this by logging out of your member account before visiting our website or by making individual settings in your Google account under the following link: https://adssettings.google.com/authenticated. More information about YouTube's privacy policy is available at: https://policies.google.com/privacy?hl=en.

Snapengage Live-Chat Tool
In order to provide you with direct contact and help on our website, we use the live chat tool "Snapengage" from SnapEngage LLC (1919 14th St., Suite 505, Boulder, CO 80302, USA). When the Snapengage widget is called, a connection to Snapengage's servers is established, with your IP address transmitted to Snapengage's server. In order to chat with us via Snapengage, no personal data needs to be provided by you. However, so-called session cookies are necessary to ensure the functionality of Snapengage. The legal basis for the use of Snapengage is your consent pursuant Art. 6 (1) lit. a GDPR. SnapEngage LLC (TeamSupport LLC) is a certified partner of the EU-US Data Privacy Framework. The legal basis for data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. Further information on Snapengage's privacy policy can be found at: https://snapengage.com/privacy-policy/ , https://help.snapengage.com/visitor-privacy-what-information-does-snapengage-gather-about-your-website-visitors/ or https://www.teamsupport.com/privacy.

Cloudfront
For a modern design and presentation of the content offered on different end devices, for the increase of security and for faster loading times, we use the Content Delivery Network (CDN) CloudFront of the provider Amazon Web Services EMEA SARL (AWS) (38 avenue John F. Kennedy, L-1855 Luxembourg) on our website. The CloudFront CDN provides duplicates of data from a website on various Amazon Web Services servers distributed worldwide in order to deliver them to website visitors in an optimized manner. This retrieval provides information about your use of our website (e.g., your IP address) to Amazon servers (also in other EU countries) and stored there. Amazon is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least case-by-case) data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. We use this service on the basis of our legitimate interest acc. Art. 6 (1) lit. f GDPR. Our legitimate interest lies in an appealing presentation of the content of our website, in increasing the security of our website and in our interest in being able to make this content available in the shortest possible loading times. You have the right to object to the processing. Whether the objection is successful must be determined in the context of a balancing of interests. AWS is a recipient of your personal data and acts as a processor for us. This corresponds to our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR not to operate a content delivery network ourselves. The processing of the data provided under this section is neither required by law nor by contract. The (full) functionality of the website is not guaranteed without the processing. Your personal data will be stored by AWS for as long as is necessary for the purposes described. To prevent Amazon CloudFront Java Script code from running in general, you can install a JavaScript blocker. Further information on objection options and data protection of Amazon Web Services in general can be found at: https://aws.amazon.com/privacy/?nc1=h_ls.

eKomi
To give you the opportunity to rate us and the services on our website, we use "eKomi", a tool provided by eKomi, Ltd. (Markgrafenstraße 11, D-10969 Berlin). If you use eKomi to rate us, your information will be transferred to eKomi. Your IP address will also be transferred to eKomi. After a review by eKomi, your review will be published on our website and on the eKomi website. Your optional name and e-mail address will not be published. The legal basis for processing your personal data is your consent as defined by Art. 6 (1) a GDPR. For more information on eKomi's privacy policy, please go to: https://www.ekomi.co.uk/uk/privacy/.

3. Other data processing in business and customer contact

In this section we inform you about other data processing procedures outside of our website.

3.1. Job applications

The contact data and application documents submitted to us in the course of a job application will only be processed by us internally for the purpose of selecting suitable candidates for employment. There is no legal or contractual requirement to provide the personal data. If you do not provide it, this will only result in you not submitting your request and us not being in a position to process it. In accordance with the statutory provisions, personal data provided will be stored by us for a maximum of 6 months, or for a maximum of 2 years if the applicant has expressly consent to the documents being retained on file.

3.2. Online presences in social media

In addition to our website, we maintain online presences within social networks and platforms: Facebook, Pinterest, Instagram and YouTube in order to communicate with customers and business partners and to connect to them via these networks to be able to inform about our services. Further data protection information can be found when you access our content on these platforms.

3.3. Sweepstakes

Your personal data provided for participation in our competitions (e-mail address, name, address) will be used by us exclusively to identify a winner, inform him of the prize and send him prizes. Your data will not be passed on to third parties. The legal basis for the processing of your personal data is the fulfilment of the contract in accordance with Article 6 (1) lit. b GDPR. There is no legal or contractual obligation to provide the personal data. Failure to provide the data will only result in you not being able to participate in the competition. Your data will be stored for the duration of the competition and – for the processing of any prizes and claims for damages – for a maximum of 3 years thereafter and then deleted. By participating, you also agree that your name will be published on our website as well as on our public social media channels in the event of winning.

3.4. Photo/Video documentation at events

In the case of events, it may happen that we create photos and videos of these events or have them created by photographers commissioned by us, on which you are recognizable as a participant of these events. We need these photos / videos to document and advertise our events and will therefore also publish them in our media (e.g., print brochures, website and social media) and make them available to other media owners (print and online) for the promotion of our event. There is no legal or contractual obligation on your part to provide this data. The legal basis for the processing of your personal data (images and videos on which you are recognizable) is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Our legitimate interest lies in our right to public relations (presentation of our activities) and the promotion of our events. You have the right to object to the processing. Please address your objection to the e-mail address provided by us in this data protection declaration. However, it can be assumed that our above-mentioned interest in the use of the photos does not unduly interfere with your rights as a person depicted. This is especially true because we create these photos / videos in public space and point out the production and use of the photos / videos in the run-up to each event. We also always make sure that no legitimate interests of persons depicted are violated. If, for reasons particularly worthy of consideration, your personal rights and freedoms are violated by an image / video created by us, we will refrain from further processing / publication. Removal from print media that have already been circulated cannot take place. In this case, however, we will make a deletion on our website or in our social media channels. We generally delete photos / videos of events if we no longer need these images to document and advertise these events.

3.5. Guest card system

feratel guest card system
For the use of our regional guest card we process your personal data (the first name, last name, date of birth, period of the stay and country of origin/postcode) with the help of our service provider feratel Media Technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck) for the purpose of providing you with the free card benefits. Moreover, it is necessary to store your usage data for the purpose of billing and to make this data available to our service providers for management of internal billing. The legal basis of the processing is your consent in accordance with Art. 6 (1) a which you give us in the context of your guest registration in your accommodation business. You may revoke this consent at any time without any charge. Uses that have already been made will remain unaffected and stored for billing purposes. There is no legal or contractual requirement to provide the personal data. Failure to do this will only mean that we will be unable to provide you with the guest card. We have concluded a corresponding agreement with feratel in accordance with Art. 28 GDPR as an order processor which ensures that your data will be processed only within the scope of our order. For more information about feratel's privacy policy, please go to. https://www.feratel.com/en/privacy-policy.html.

3.5. Registration for events and activities

In our tourist information offices you have the option to register for events of different providers in our region. We will process your personal data (name, e-mail address and telephone number) for this purpose. This data is processed by us on the legal basis of Art. 6 (1) b GDPR (contract performance/pre-contractual measures) and also forwarded to the respective organiser. This data will be erased or destroyed by us after the event.

Current version of the privacy policy of 19.12.2023

Search now