Data protection information

The controller (within the meaning of Art. 4(7) GDPR) for the processing of your personal data (personal data within the meaning of Art. 4(1) GDPR) is

WILDER KAISER Tourist Office
Village 35
A-6352 Ellmau
Tel. +43 50509
E-mail: datenschutz@wilderkaiser.info

Data protection officer:
We take the protection of personal data seriously and have appointed an external data protection officer for this purpose. Our data protection officer is MMag. Martin Zeppezauer, Thurnbichlweg 54, A-6353 Going am Wilden Kaiser(www.zepedes.com). You can contact our data protection officer at the following email address: martin@zepedes.com

Purposes of the processing
The purposes of processing your personal data generally result from our business activities as a tourism organisation: providing our online offers, processing enquiries / orders / bookings, accounting, communication with business partners and customers. Detailed information on the purposes of processing and, if applicable, further processing for other compatible purposes as well as the categories of data processed can be found in the detailed descriptions of the individual data processing processes.

Legal basis for the processing
In principle, there is no obligation to provide the data for the data processing described in this privacy policy. The only consequence of not providing this data is that we will not be able to offer these services. The legal basis for the processing of your personal data required to fulfil a contract with you or an order you have placed with us is Art. 6 (1) lit. b GDPR. Insofar as the processing of personal data is necessary to fulfil a legal obligation on our part (accounting obligation, bookkeeping obligation or other legal documentation obligations), Art. 6 (1) lit. c GDPR serves as the legal basis. If we process your data to fulfil tasks assigned to us in the public interest ("sovereign action"), the legal basis is Art. 6 (1) lit. e GDPR. If the processing is necessary to safeguard a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh our interests, Art. 6 (1) lit. f GDPR ("legitimate interest") serves as the legal basis for the processing. In this case, we will also inform you of our legitimate interests. If we have no other legal basis for the processing of personal data as explained above, we will ask you for your consent to data processing, in which case we will rely on Art. 6 (1) lit. a GDPR or, in the case of processing sensitive data, Art. 9 (2) lit. a GDPR as the legal basis. You can withdraw this consent at any time free of charge without affecting the lawfulness of processing based on consent before its withdrawal.

We process your personal data with the support of processors who assist us in providing our services. These processors are bound by a corresponding agreement with us within the meaning of Art. 28 GDPR to strictly protect your personal data and may not process your personal data for any purpose other than to provide our services. Please refer to the detailed descriptions of the individual data processing processes to find out which processors are involved. Your personal data will be passed on to companies other than our processors to typical commercial service providers such as banks, tax consultants or auditors. Personal data will only be transferred to state institutions and authorities within the framework of mandatory national legislation. Depending on your order (e.g. for bookings and enquiries), your personal data will only be transferred to hotel partners or other tourism service providers (members of our organisation) to the extent necessary to fulfil your order. The personal data transmitted varies depending on the service.

In principle, we process your personal data within the EU. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of our processors or third parties, this will only take place if the requirements of Art. 44 et seq. GDPR for the transfer to third countries are met: i.e. on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU or in compliance with officially recognised contractual obligations, the so-called "EU standard contractual clauses". If we refer to the EU standard contractual clauses as the legal basis for the transfer of your personal data, we will also check the permissibility of this data transfer as part of a comprehensive risk assessment. If we come to a negative conclusion, we will not transfer this data to a third country without your express consent in accordance with Art. 49 (1) lit. a GDPR.

Your personal data will be deleted by us as soon as the purpose for which we collected your data no longer applies. Data may also be stored if we continue to process the data for a purpose compatible with the original purpose. It may also be stored if this is provided for by laws, regulations or other provisions to which our company is subject.we will delete your personal data as soon as the purpose for which we collected your data no longer applies. Data may also be stored if we continue to process the data for a purpose compatible with the original purpose. It may also be stored if this is provided for by laws, regulations or other provisions to which our company is subject.

We collect your personal data exclusively from you and do not use any other data sources.

We do not use any procedures for automated decision-making or profiling that have a legal effect on you or significantly affect you in a similar way. With your consent, however, we will use your usage data to get to know your interests better and thus be able to display information of interest to you or make you customised offers or display corresponding information on third-party websites or social media platforms. we do not use any automated decision-making or profiling processes that have a legal effect on you or significantly affect you in a similar way. However, with your consent, we will use your usage data to get to know your interests better and to be able to show you information that is of interest to you or to make you customised offers or to be able to show you corresponding information on third-party websites or social media platforms.

In accordance with the GDPR, you have the right to information, correction, deletion and restriction of the processing of your personal data. If the legal basis for the processing of your personal data is your consent or a contract concluded with you, you also have the right to data portability. You have the right to withdraw any consent you may have given to the processing of your personal data. This does not affect the lawfulness of the processing of your personal data up to the time of revocation. You have the right to object to the processing of your personal data for the purpose of direct marketing. If you object, your personal data will no longer be processed for the purpose of direct marketing. You can find a detailed explanation of these rights in Chapter III of the GDPR.right to complainIf you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in any way, you can complain to the competent supervisory authority. In Austria, this is the data protection authority (Wickenburggasse 8, 1080 Vienna, e-mail: dsb@dsb.gv.at). In principle, you have the right to information, correction, deletion and restriction of the processing of personal data in accordance with the GDPR. If the legal basis for the processing of your personal data is your consent or a contract concluded with you, you also have the right to data portability. You have the right to withdraw any consent you may have given to the processing of your personal data. This does not affect the lawfulness of the processing of your personal data up to the time of revocation. You have the right to object to the processing of your personal data for the purpose of direct marketing. If you object, your personal data will no longer be processed for the purpose of direct marketing. A detailed explanation of these rights can be found here in Chapter III.

Right to lodge a complaint
If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can lodge a complaint with the competent supervisory authority. In Austria, this is the data protection authority (Barichgasse 40-42, A-1030 Vienna, e-mail: dsb@dsb.gv.at).

Server data
For technical reasons, the following data, which your Internet browser transmits to us or to our web space provider, is collected on the legal basis of § 165 (3) S 3 TKG 2021 (required for the operation of our website) (so-called "server log files"):

This data, which is anonymous to us, is stored separately from any personal data you may have provided and therefore does not allow us to draw any conclusions about a specific person. You will be evaluated for statistical purposes in order to optimise our website and our offers. SSL or TLS encryption This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" or by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties. Technical service providers We create and edit the content of our website with the help of the following service providers, whom we have obliged to process your data exclusively within the scope of our order by means of a corresponding agreement within the meaning of Art. 28 GDPR: Technical concept: MICADO DIGITAL SOLUTIONS GMBH (Hammerschmiedstraße 5, A-6370 Kitzbühel). More information on data protection at: https://www.micado.cc/de/informationen-ueber-cookies-und-datenschutz.html Webhosting: World4You Internet Services GmbH (Hafenstraße 35, A-4020 Linz). Further information on data protection can be found at: https://www.world4you.com/de/unternehmen/datenschutzerklaerung.htmlDiese Data that is anonymous to us is stored separately from any personal data you may have provided and therefore does not allow us to draw any conclusions about a specific person. You will be evaluated for statistical purposes in order to optimise our website and our offers.

SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" or by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Technical service providers
We create and edit the content of our website with the help of the following service providers, which we have obliged to do so by a corresponding agreement within the meaning of Art. 28 GDPR. Art. 28 GDPR to process your data exclusively within the scope of our order:

Technical conception:
MICADO DIGITAL SOLUTIONS GMBH (Hammerschmiedstraße 5, A-6370 Kitzbühel). More information on data protection at: https://www.micado.cc/de/informationen-ueber-cookies-und-datenschutz.html

Webhosting:
World4You Internet Services GmbH (Hafenstraße 35, A-4020 Linz). Further information on data protection can be found at: https://www.world4you.com/en/company/data-privacy-statement

Cookie Banner - Cookies on our website
Our website uses cookies to help us make our website more user-friendly and efficient for you, to carry out statistical analyses of the use of our website and to display content that may be of interest to you on other websites. Cookies are small data records that are used to store information during or about visits to websites and are stored on the website visitor's computer. The legal basis for cookies that are absolutely necessary for the proper operation of our website (e.g. shopping basket cookie) is § 165 (3) S 3 TKG 2021. Cookies that are not necessary for the function of our website (e.g. analysis or marketing cookies) are deactivated and are only activated by your consent in accordance with Art. 6 (1) lit. a GDPR in our cookie banner ("Accept"). By clicking on "Settings", you can activate or deactivate individual cookies or cookie groups. If you restrict the use of cookies on our website, you may no longer be able to use all the functions of our website to their full extent. You can find detailed information about the cookies used on our website in our cookie banner.

The legal basis for the use of this cookie banner (consent management platform) to control and document your consent or settings regarding cookies and other tools requiring consent for accessing our website is our legal obligation in accordance with Art. 6 (1) lit. c GDPR. When accessing our website, a connection is established with the server of the provider of our cookie banner and subsequently a cookie is stored in your browser to store your cookie preferences. The processed data will be stored until the specified storage period expires or you delete these cookies.

We use the following cookie banner / the following provider:

• Consent Management System by MICADO DIGITAL SOLUTIONS GMBH (Hammerschmiedstraße 5, A-6370 Kitzbühel). More information on data protection at: https://www.micado.cc/de/informationen-ueber-cookies-und-datenschutz.html

Changing the cookie settings in your web browser
You can specify how the web browser you use handles cookies, i.e. which cookies are allowed or rejected, in your web browser settings. You can also delete cookies already stored on your computer/device yourself at any time. Where exactly these settings are located depends on the respective web browser. Detailed information on this can be accessed via the help function of the respective web browser.
It is also possible to generally object to cookies and similar tracking technologies via the services listed below by setting your individual preferences - which technologies you want to allow for usage and interest-based advertising:

European Interactive Digital Advertising Alliance (EDAA): https://www.youronlinechoices.com/de/praferenzmanagement/
Network Advertising Initiative (NAI): https://optout.networkadvertising.org/?c=1#!%2F

Contact form and e-mail
On our website, we offer you the option of contacting us by email and/or via a contact form. In this case, the information you provide will be processed for the purpose of processing your contact on the legal basis of contract fulfilment pursuant to Art. 6 (1) lit. b GDPR. We have a legitimate interest pursuant to Art. 6 (1) lit. f GDPR in the use of a contact form. The legitimate interest lies in offering our website visitors a way to contact us that does not require them to open their own email client. In the case of contact/order forms where we ask for the salutation in addition to first and last names, we do this on the basis of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR. Our interest lies in addressing our customers and business partners in a personalized, polite form. There is no legal or contractual obligation to provide this personal data. The only consequence of not providing this data is that you do not submit your request and we are unable to process it. Your data will only be passed on to third parties if this is stated on the website or in this privacy policy or is necessary for the fulfilment of the contract or is required by law. We only store your data for as long as is necessary to process your enquiry or for any queries you may have.

We process your personal master data, contract and payment data as well as communication data (IP address and server log files) for the purpose of providing contractual services and their payment and execution in the context of online purchases, bookings and brochure orders on the basis of the legal bases of Art. 6 (1) lit. b GDPR (fulfilment of contract) and Art. 6 (1) lit. c GDPR (legal obligation for invoicing and archiving).We store this data as long as the purpose requires it, legal regulations provide for this (retention period of invoices according to § 132 BAO for 7 years; voucher orders until the expiry of the redemption period for 30 years) or we need this data on the legal basis of Art. 6 (1) lit. f GDPR (legitimate interest) to defend against possible liability claims. If you cancel the order process, we store the data for 14 days to clarify possible problems during the order process and there is no legal or contractual obligation to provide the personal data. The only consequence of not providing this data is that we will not be able to process your bookings/orders.Feratel DESKLINE online bookings, booking enquiries and brochure ordersFor the processing of online bookings, brochure orders and enquiries, we process your personal data in order to provide you with the booked services with the help of our service provider feratel Media Technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck). For this purpose, we store and process inventory data, communication data, contract data, payment data of our customers, interested parties and other business partners. The processing is carried out for the purpose of providing contractual services or for the fulfilment of pre-contractual services on the legal basis of Art. 6 para. 1 lit. b GDPR (booking processes, answering requests for quotations and sending brochures) and Art. 6 para. 1 lit. c GDPR (legally required retention periods for bookings or invoices). For this purpose, the data fields marked as required are necessary for the establishment and fulfilment of the contract. We disclose your personal data to third parties (hotel partners or other tourism service providers) within the scope of this data processing on the legal basis of Art. 6 (1) lit. b GDPR (if it is necessary to process a booking), or on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR for the use of corresponding booking software. We have concluded a corresponding agreement with the company feratel in accordance with Art. 28 GDPR as a processor, which ensures that your data is processed exclusively within the scope of our order. Further information on feratel's data protection can be found at: https://www.feratel.com/datenschutz.html.INCERT Voucher system and merchandising articlesWe use the system of the company INCERT eTourismus GmbH & Co KG (Leonfeldner Straße 328, A-4040 Linz) as our processor to process orders for holiday vouchers and merchandising articles. It enables the automated sale of vouchers via "print@home" as well as the individual personalisation of vouchers with dedications, designs and barcodes. The following information is required to process orders: Title, first and last name, address, e-mail address. We have concluded a corresponding agreement with INCERT as a processor in accordance with Art. 28 GDPR, which ensures that your data is processed exclusively within the scope of our order. Further information on INCERT's data protection can be found at: https://www.incert.at/datenschutz/.feratel WebshopWe use the system of feratel Media Technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck) as our processor to process the ordering/booking of event tickets. The following information is required to process orders/bookings: Title, first and last name, address, e-mail address. We have concluded a corresponding agreement with feratel as a processor in accordance with Art. 28 GDPR, which ensures that your data is processed exclusively within the scope of our order. You can find further information on data protection at feratelFor the purpose of providing contractual services as well as their payment and execution in the context of online purchases, bookings and brochure orders, we process your personal master data, contract and payment data as well as communication data (IP address and server log files) on the basis of the legal bases of Art. 6 (1) lit. b GDPR (fulfilment of contract) and Art. 6 (1) lit. c GDPR (legal obligation for invoicing and archiving).

We store this data as long as the purpose requires it, legal regulations provide for this (retention period of invoices according to § 132 BAO for 7 years; voucher orders until the expiry of the redemption period for 30 years) or we need this data on the legal basis of Art. 6 (1) lit. f GDPR (legitimate interest) to defend against possible liability claims. If you cancel the order process, we store the data for 14 days to clarify possible problems during the order process.

There is no legal or contractual obligation to provide personal data. The only consequence of not providing this data is that we will not be able to process your bookings/orders.

Feratel DESKLINE online bookings, booking enquiries and brochure orders
For the processing of online bookings, brochure orders and enquiries, we process your personal data in order to be able to provide you with the booked services with the help of our service provider feratel Media Technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck). For this purpose, we store and process inventory data, communication data, contract data, payment data of our customers, interested parties and other business partners. The processing is carried out for the purpose of providing contractual services or for the fulfilment of pre-contractual services on the legal basis of Art. 6 para. 1 lit. b GDPR (booking processes, answering requests for quotations and sending brochures) and Art. 6 para. 1 lit. c GDPR (legally required retention periods for bookings or invoices). For this purpose, the data fields marked as required are necessary for the establishment and fulfilment of the contract. We disclose your personal data to third parties (hotel partners or other tourism service providers) within the scope of this data processing on the legal basis of Art. 6 (1) lit. b GDPR (if it is necessary to process a booking), or on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR for the use of corresponding booking software. We have concluded a corresponding agreement with the company feratel in accordance with Art. 28 GDPR as a processor, which ensures that your data is processed exclusively within the scope of our order. You can find more information about feratel's data protection at: https://www.feratel.com/datenschutz.html.

INCERT voucher system and merchandising articles
We use the system of the company INCERT eTourismus GmbH & Co KG (Leonfeldner Strasse 328, A-4040 Linz) as our processor to process orders for holiday vouchers and merchandising articles. It enables the automated sale of vouchers via "print@home" as well as the individual personalisation of vouchers with dedications, designs and barcodes. The following information is required to process orders: Title, first and last name, address, e-mail address. We have concluded a corresponding agreement with INCERT as a processor in accordance with Art. 28 GDPR, which ensures that your data is processed exclusively within the scope of our order. Further information on INCERT's data protection can be found at: https://www.incert.at/datenschutz/.

feratel webshop
To process the order/booking of holiday vouchers, merchandising articles and tourist services, we use the system of feratel Media Technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck) as our processor. The following information is required for the processing of orders/bookings: title, first and last name, address, e-mail address. The processing is carried out for the purpose of providing contractual services or for the fulfilment of pre-contractual services on the legal bases of Art. 6 (1) (b) GDPR (booking of tickets, ordering of vouchers and merchandising items) and Art. 6 (1) (c) GDPR (legally required retention periods for bookings or invoices). For this purpose, the data fields marked as necessary are required for the establishment and fulfilment of the contract. In the context of this data processing, we disclose your personal data to third parties (tourist service providers) on the basis of the legal basis of Art. 6 (1) lit. b GDPR (if it is necessary for the processing of a booking process), or on the basis of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR for the use of appropriate booking software. We store your data for 7 years in accordance with the corresponding accounting obligations and tax regulations. We have concluded a corresponding agreement with feratel Media Technologies AG in accordance with Art. 28 GDPR as a processor, which ensures that your data is processed exclusively within the scope of our order. Further information on feratel's data protection can be found at: https://www.feratel.com/datenschutz.html.

External payment service providers
We use external payment service providers on the legal basis of Art. 6 (1) lit. b GDPR (fulfilment of contract) for the payment of order transactions / bookings, via whose platforms you can make your payments. The payment data you enter when placing an order (e.g. account numbers, credit card numbers incl. check digits, passwords / TANs etc.) are processed exclusively by our payment service providers and cannot be viewed by us. We only receive confirmation from our payment service providers that the payment has been made or information that the payment could not be made.

Datatrans AG, Kreuzbühlstrasse 26, CH-8008 Zurich.
Phone: +41 44 256 81 91
E-mail: info@datatrans.ch
https://www.datatrans.ch/en/

Stripe, Inc, 510 Townsend Street, San Francisco, CA 94103, USA
E-mail: support@stripe.com
https://stripe.com/gb/privacy

card complete Service Bank AG Lassallestraße 3, A-1020 Vienna
E-mail: office@cardcomplete.com
https://www.cardcomplete.com/en/private-customers/data-protection/?set_language=en

Six Payment Services, Zweigniederlassung Österreich, Marxergasse 1B, A-1030 Wien
Tel. +43 1 717 01 – 0
E-Mail: info.austria@six-payment-services.com
https://www.six-payment-services.com/de/services/legal/privacy-statement.html


Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden
Tel. 0046 8-120 120 00
E-mail: inkorg@klarna.se
https://www.klarna.com/uk/security/

Sale of fan merchandise
To enable our users to buy fan merchandise quickly online, we link to the platform of the company Haunold Ges.b.R (Dorf 47, A-6352 Ellmau). This link is integrated into the page using an HTML link. When you click on the link, a new browser window opens and the Haunold website opens. The further processing of your personal data in the context of your online purchases is the responsibility of the data protection officer Haunold Ges.b.R. Further information on data protection at Haunold Ges.b.R can be found at: https://www.haunold.at/bezirk-3/imprint#.

Sale of mountain railway tickets
For the sale of mountain railway tickets (season tickets, multi-day tickets and day tickets) as well as for the sale of mountain railway ticket vouchers and merchandising articles, we link on our website to the online ticket shop of SkiWelt Wilder Kaiser - Brixental Marketing GmbH (Dorf 84, AT-6306 Söll). This link is integrated into our website using an HTML link. When you click on the link, a new browser window opens and the page of the SkiWelt Wilder Kaiser - Brixental Marketing GmbH online ticket shop opens. The further processing of your personal data as part of the online purchase is the responsibility of the data protection officer SkiWelt Wilder Kaiser - Brixental Marketing GmbH. Further information on data protection at SkiWelt Wilder Kaiser - Brixental Marketing GmbH can be found at: https://shop.skiwelt.at/en/data-protection.

E-mail newsletter (NumBirds)
You can register for our newsletter on our website. The legal basis for sending the newsletter is your consent within the meaning of Art. Art. 6 (1) lit. a GDPR. Registration for our newsletter takes place using the double opt-in procedure. This ensures that no-one can register with other people's email addresses (e.g. your email address). Your consent can be revoked at any time free of charge by clicking on the "Unsubscribe link" at the end of each mailing. The legality of the data processing operations that have already taken place up to that point remains unaffected by the cancellation. After cancellation of your e-mail address, we will continue to store it for 3 years on the basis of our legitimate interest (Art. 6 (1) lit. f GDPR) in order to be able to prove your originally given consent if necessary. We use the service provider "NumBirds", a tool from NumBirds CRM GmbH (Brixnerstraße 3/3, A-6020 Innsbruck), to send out our newsletter. With the help of NumBirds, we can analyse our newsletter campaigns. When an email sent with the NumBirds newsletter tool is opened, a connection is established with the NumBirds servers. This allows us to determine whether a newsletter message has been opened and which links, if any, have been clicked on. The purpose of these analyses is to better adapt future newsletters to the interests of the recipients. In addition, technical information such as the time of access, IP address, browser type and operating system of the recipient are registered. In addition, we use information from some of our other systems such as our feratel booking system, feratel guest card system or Incert Merchandisingshop, which are linked to your e-mail address, in order to be able to adapt your personalised newsletter even more individually to your interests. Art. 28 GDPR to ensure that your data is only processed to the extent desired by us and authorised by you. General data protection information from NumBirds at: https://www.sports-tourism.at/de-DE/datenschutz-cookies

Registration "My Kaiser"
Registration is not required to use this website. However, after registering on this website, the user also receives access to further offers, additional services or services relating to holidays in the Wilder Kaiser tourism region in the individual customer area "Mein Kaiser". If you register for "My Kaiser" via Google or Facebook, we do not collect or process any personal data that you have entered in Google or Facebook. Authentication via Google or Facebook is subject to the terms of use of the respective provider. By registering, the user consents in accordance with Art. 6 para. 1 lit. a GDPR that the personal data entered (title, first name, surname, email address, password, address, telephone number, individually created watch list, booked services) are stored by the operator and used for the provision of additional content. The personal data provided will be stored for the duration of registration or beyond in accordance with statutory retention periods, as well as for a maximum of 3 years thereafter and then deleted. The purpose of further storage after the end of registration is to be able to identify the controller in the event of any legal violations. It is therefore in the overriding interest of the operator in accordance with Article 6(1)(f) GDPR. The user receives more detailed information on the additional content during the registration process.

Registration "Citizen, staff and leisure residence card"
Registration is not required to use this website. However, after registering on this website, the user will also receive access to the benefits of the Citizen, Staff, Leisure Residence Card, provided they are entitled to it. The personal data (name, e-mail address, telephone number, proof of residence or employment, usage data of the advantage card) will only be processed and transmitted by the operator in a lawful manner - in particular to fulfil contractual obligations (Art. 6 (1) lit b GDPR), due to overriding legitimate interests of the operator (Art. 6 (1) lit f GDPR) or on the basis of the user's consent (Art. 6 (1) lit a GDPR). If the lawfulness of specific data processing is based on the user's consent, this can be revoked at any time (even partially) by sending an email to datenschutz@wilderkaiser.info. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The personal data provided will be stored for the duration of the registration or beyond in accordance with statutory retention periods. Further storage after the end of the period of use of the Citizen, Staff and Leisure Residence Card is for the purpose of being able to identify the controller in the event of any legal offences. This is therefore in the overriding interest of the operator in accordance with Article 6(1)(f) GDPR. The email address of editors and admins in the backend are only available to the Wilder Kaiser Tourist Board. An interface to the electronic registration system of the company Feratel has been set up to enable automatic activation of the Citizen, Staff and Leisure Residence Card. Registration and use of the Citizen, Staff, Leisure Residence Card is only possible if you agree to the data synchronisation.

Optional communication channels for StaffCard Wilder Kaiser
With our StaffCard, users (employees of tourism businesses in our region) have the option of registering for several/different digital information channels in addition to the benefits that generally result from using the card, in order to be informed about current offers/benefits on an ongoing basis. This is voluntary and the consent given in accordance with Art. 6 (1) lit. a GDPR (legal basis for processing the data) can also be revoked at any time free of charge with effect for the future. Specifically, users can register for an email newsletter, a WhatsApp newsletter or participation in a WhatsApp group.

We use the "NumBirds" tool, a service provided by Numbirds CRM GmbH (Brixnerstraße 3/3, A-6020 Innsbruck), to send out our email newsletter. With the help of NumBirds, we can analyse our newsletter campaigns. When an email sent with the NumBirds newsletter tool is opened, a connection is established with the NumBirds servers. This allows us to determine whether a newsletter message has been opened and which links, if any, have been clicked on. The purpose of these analyses is to better adapt future newsletters to the interests of the recipients. In addition, technical information such as the time of access, the IP address, browser type and operating system of the recipient are recorded. We have concluded a processor agreement with NumBirds within the meaning of Art. Art. 28 GDPR to ensure that your data is only processed to the extent desired by us and authorised by you. General data protection information from NumBirds at: https://numbirds.com/datenschutzerklaerung/.

We use the "ChatWerk" tool from our service provider Inbox Solutions GmbH (Pretzfelder Straße 7 - 11, D-90425 Nuremberg) to design and send our Whatsapp newsletter and to manage the participants in our Whatsapp group and the instant messaging service "WhatsApp" from WhatsApp Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) to send our messages. We have concluded a processor agreement with Inbox Solutions GmbH within the meaning of Art. Art. 28 GDPR to ensure that your data is only processed to the extent desired by us and authorised by you. General data protection information of Inbox Solutions GmbH can be found at: https://chatwerk.de/en/data-protection/?_gl=1*js5abn*_up*MQ..*_ga*NTczOTI0MzMwLjE3NjEzMDQ3OTk.*_ga_7WGK9RFB0J*czE3NjEzMDQ3OTkkbzEkZzAkdDE3NjEzMDQ3OTkkajYwJGwwJGgxNTkxOTQ4Njk3. To use WhatsApp, you need to download the corresponding app or have an existing messaging account. We have no influence on data processing by WhatsApp Ireland Limited, which is responsible for the processing of your personal data (e.g. name, telephone number, email address, messenger ID, profile picture, messages) under data protection law. You can find detailed information on the processing of personal data by WhatsApp at: https://www.whatsapp.com/privacy?lang=en and https://www.whatsapp.com/privacy

Registration image database
We offer the option of registering to use our image database at the web address https://images.wilderkaiser.info/. Once you have registered on this website, you will receive access to our image database. The personal data required for registration (name, e-mail address, address, information on the purpose of use and password) will be processed by us on the legal basis of Art. 6 (1) lit b GDPR (fulfilment of contract) in order to be able to provide you with the images. There is no legal obligation to provide this data. The only consequence of not providing this data is that we will not be able to offer you this service. The personal data provided will be stored for the duration of the use of our image database. The purpose of further storage after the end of the image database's useful life is to be able to identify the controller in the event of any legal violations. This is therefore in the overriding interest of the operator in accordance with Art 6 (1) lit f GDPR. The terms of use of the image database can be found at: https://images.wilderkaiser.info/de/bildrechte-und-agb.html.

Partner manager registration
Exclusively for member companies of our tourism association, we offer the opportunity to register for the use of our "Landlord Manager" at the web address https://partner.wilderkaiser.info/. The use of the landlord manager offers our members exclusive, up-to-date information for tourism service providers in our Wilder Kaiser region as well as the opportunity to use various other tools (e.g. image database, registration system, various web widgets etc.). The access data (user name and password) will be provided by us on request. The legal basis for the processing of personal data (company name, information about the operator and access data) is the fulfilment of the contract in accordance with Art. 6 (1) lit b GDPR. There is no legal obligation to provide this data. The only consequence of not providing this data is that we will not be able to offer you this service. The personal data provided will be stored for the duration of the use of our Landlord Manager. The purpose of further storage after the end of the period of use of the Landlord Manager is to be able to identify the person responsible in the event of any legal violations. This is therefore in the overriding interest of the operator in accordance with Art 6 (1) lit f GDPR.

Optional communication channels for "marketing and company management"
Our partners also have the option of registering for our marketing and business management newsletter and WhatsApp newsletter. This is voluntary and the consent given in accordance with Art. 6 (1) lit. a GDPR (legal basis for processing the data) can also be revoked at any time free of charge with effect for the future.
We use the "NumBirds" tool, a service provided by Numbirds CRM GmbH (Brixnerstraße 3/3, A-6020 Innsbruck), to send out our email newsletter. With the help of NumBirds, we can analyse our newsletter campaigns. When an email sent with the NumBirds newsletter tool is opened, a connection is established with the NumBirds servers. This allows us to determine whether a newsletter message has been opened and which links, if any, have been clicked on. The purpose of these analyses is to better adapt future newsletters to the interests of the recipients. In addition, technical information such as the time of access, the IP address, browser type and operating system of the recipient are recorded. We have concluded a processor agreement with NumBirds within the meaning of Art. Art. 28 GDPR to ensure that your data is only processed to the extent desired by us and authorised by you. General data protection information from NumBirds at: https://numbirds.com/datenschutzerklaerung/.

We use the "ChatWerk" tool from our service provider Inbox Solutions GmbH (Pretzfelder Straße 7 - 11, D-90425 Nuremberg) to design and send our Whatsapp newsletter and to manage the participants in our Whatsapp group and the instant messaging service "WhatsApp" from WhatsApp Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) to send our messages. We have concluded a processor agreement with Inbox Solutions GmbH within the meaning of Art. Art. 28 GDPR to ensure that your data is only processed to the extent desired by us and authorised by you. General data protection information of Inbox Solutions GmbH can be found at: https://chatwerk.de/datenschutzerklaerung/. To use WhatsApp, you need to download the corresponding app or have an existing messaging account. We have no influence on the data processing by WhatsApp Ireland Limited, which is responsible for the processing of your personal data (e.g. name, telephone number, email address, messenger ID, profile picture, messages) under data protection law. You can find detailed information on the processing of personal data by WhatsApp at: https://www.whatsapp.com/privacy or https://www.whatsapp.com/legal/privacy-policy-eea?lang=de_DE#:~:text=Wenn%20du%20in%20der%20Region,bei%20uns%20an%20erster%20Stelle.

Google Tag Manager
We use the service of the provider Google Ireland Limited ("Google") (Gordon House, Barrow Street, Dublin 4, Ireland) to manage website tags via a common tool. The Google Tag Manager tool itself (which implements the tags) is a domain that does not set cookies or collect any other personal data. The tool triggers other tags that may collect data from you. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager. Further information on Google's data protection can be found at: https://www.google.com/policies/privacy/. Learn more about how Google uses personal data: https://business.safety.google/privacy/.

Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited ("Google") (Gordon House, Barrow Street, Dublin 4, Ireland). The legal basis for the use of this service is your consent in accordance with Art. 6 (1) lit a GDPR. Google Analytics uses cookies that are stored on the website visitor's computer and that enable the use of our website by the website visitor to be analysed. The information generated by the cookie about your use of our website is generally stored on European servers and only transmitted to a Google server in the USA and stored there in exceptional cases. We use Google Analytics with activated IP anonymisation. This means that your IP address is generally truncated by Google within the European Union and only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least occasional) data transfers to the USA is therefore an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR. Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. The IP address transmitted by the corresponding browser as part of Google Analytics is not merged with other Google data. On our behalf, Google will use the information collected to analyse the use of the website in order to compile reports on website activity. The collection by Google Analytics can be prevented by the site visitor adjusting the cookie settings for this website. The collection and storage of the IP address and the data generated by cookies can also be cancelled at any time with effect for the future. The corresponding browser plugin can be downloaded and installed at the following link: https://tools.google.com/dlpage/gaoptout. User data is stored for 14 months. Further information on the use of data by Google, setting and objection options can be found in Google's privacy policy(https://policies.google.com/privacy) and in the settings for the display of adverts by Google(https://adssettings.google.com/authenticated). Learn more about how Google uses personal data: https://business.safety.google/privacy/.

Google Ads conversion tracking
Our website uses the "Google Ads Conversion Tracking" service of the provider . Google Ireland Ltd (Gordon House, Barrow Street, Dublin 4, Ireland). When we place adverts on Google, we use what is known as conversion tracking. If you click on an advert placed by Google, a cookie is set for conversion tracking (storage period 30 days). This enables us to recognise that you have clicked on one of our ads and have been redirected to our site. However, we do not receive any personal information, but only the total number of users who clicked on one of our adverts and were redirected to a page with a conversion tracking tag. We use Google Ads Conversion Tracking on the legal basis of your consent (settings via our cookie banner) in accordance with Art. 6 (1) lit. a GDPR. Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least occasional) data transfers to the USA is therefore an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR. Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy(https://policies.google.com/privacy) and in the settings for the display of advertisements by Google(https://adssettings.google.com/authenticated). Learn more about how Google uses personal data: https://business.safety.google/privacy/.

Google Remarketing
Our website uses the functions of "Google Analytics Remarketing" in conjunction with the cross-device functions of Google AdWords and Google DoubleClick on the legal basis of your consent in accordance with Art. 6 (1) lit. a GDPR. The provider is Google Ireland Ltd (Gordon House, Barrow Street, Dublin 4, Ireland). This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC). If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. In this way, the same personalised advertising messages can be displayed on every device on which you sign in with your Google account. To support this function, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data in order to define and create target groups for cross-device advertising. Cookies are deleted after 1 year. Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least occasional) data transfers to the USA is therefore an adequacy decision by the European Commission within the meaning of Art. 45 (3) GDPR. Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. You can permanently object to cross-device remarketing/targeting by deactivating personalised advertising in your Google account; follow this link: https://www.google.com/settings/ads/onweb/. The data collected in your Google account is summarised exclusively on the basis of your consent, which you can give or revoke at Google (Art. 6 para. 1 lit. a GDPR). Further information on data protection from Google can be found at: https://www.google.com/policies/privacy/.
Learn more about how Google uses personal data: https://business.safety.google/privacy/.

The Trade Desk
Our website uses the functions of The Trade Desk Inc. (42 N Chestnut St., Ventura, CA 93001, USA) on the legal basis of your consent in accordance with Art. 6 (1) lit. a GDPR, to present you with advertisements that are relevant to you. The Trade Desk uses cookies to present these advertisements to you. For this purpose, The Trade Desk uses so-called re-targeting technologies, which make it possible to address visitors to our website through advertisements on the websites of our partners. For this purpose, information about the surfing behavior of website visitors is collected in anonymous form and cookies are set. The Trade Desk is a certified partner of the EU-US Data Privacy Framework. The legal basis for data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. You can prevent the storage of cookies (max. 1 year) by setting your browser or our cookie banner accordingly. You can also prevent the collection of cookies by The Trade Desk by selecting the opt-outoption on The Trade Desk's website: https://www.adsrvr.org/. For more information on The Trade Desk's privacy policy, please visit: https://www.thetradedesk.com/general/privacy-policy

Meta pixels
In order to place targeted advertisements on Meta platforms (Facebook and Instagram) and to be able to track the actions of users after they have seen or clicked on a Meta ad, we use the Meta pixel of Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) within our website on the legal basis of your consent in accordance with Article 6 (1) (a) GDPR. This allows us to display information that is of interest to you on Meta platforms and to evaluate or optimize our Meta ads with the data collected in this way, which is anonymous to us (we do not see any personal data of individual users, but only the overall effect). Storage period max. 12 months. Meta links this data to the Meta account of Meta users according to their privacy information and can thus show them content that corresponds to their interests. Meta is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least on a case-by-case basis) data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. Art. 45 (3) GDPR, with which the European Commission certifies an adequate level of data protection in the USA. For specific information on how the Meta pixel works, please visit Meta's help section at: https://de-de.facebook.com/business/help/651294705016616. You can set your own preferences regarding usage-based advertising on Meta Platforms in your Meta Account: https://www.facebook.com/settings?tab=ads. For more information, please see Facebook's privacy policy at: https://www.facebook.com/privacy/explanation.

Adform
Our website uses the online marketing tool "Adform" from Adform Germany GmbH (Großer Burstah 50-52, D-20457 Hamburg) on the legal basis of your consent in accordance with Art. 6 (1) lit. a GDPR. Adform uses cookies to place relevant adverts for the users of our website. Adform also helps us to improve our campaign performance and to evaluate our campaign performance. By integrating the Adform cookie, Adform receives information about which pages of our website you have viewed and which of our adverts you have clicked on (conversion tracking). You can revoke your consent to the collection and transmission of data to Adform by changing the settings in our cookie banner or by making the appropriate settings in your browser. You can find more information about Adform's data protection at https://site.adform.com/privacy-center/overview/.

Pinterest Tag (Pinterest Conversion Tracking)
In order to optimise our Pinterest campaigns and measure their conversion (effectiveness), we use the Pinterest Tag (Pinterest Conversion Tracking Pixel) of Pinterest Europe Ltd (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) on the legal basis of Art. 6 (1) lit. a GDPR (consent). This enables us to display adverts of interest to our website visitors who are also Pinterest members on Pinterest. We can also use this service to track the actions of Pinterest members after they have seen or clicked on one of our Pinterest adverts. The following personal data is processed: Information on the type of device and operating system used, its IP address, the time our website was accessed, the type and content of the adverts placed by us and the response to our adverts. This data is anonymous to us and does not allow us to draw any conclusions about the identity of the respective user. According to its own information, Pinterest can link this data to your Pinterest account and also use it for its own advertising purposes. We process this data with Pinterest Europe as "joint controllers" and have concluded an agreement with Pinterest Europe pursuant to Art. 26 GDPR (JCA - Joint Controller Agreement), which obliges all partners, among other things, to provide you with the relevant information about this joint processing within the meaning of Art. 12 to 14 GDPR. Art. 12 to 14 GDPR, to ensure appropriate protection of this data and to enable you to exercise your rights as a data subject within the meaning of Art. 15-21 GDPR. Art. 15-21 GDPR. We have agreed with Pinterest Europe that Pinterest Europe is responsible for the assertion of data subject rights under Articles 15-20 of the GDPR with regard to the personal data processed / stored by Pinterest Europe in accordance with the joint processing. If personal data is processed by Pinterest Europe Ltd. in the context of joint processing on the legal basis of legitimate interest (Art. 6 (1) lit. f GDPR), you also have the right to object in accordance with Article 21 GDPR. Further information on exercising your rights as a data subject and general information on data protection at Pinterest Europe Ltd. can be found at: https://policy.pinterest.com/en/privacy-policy. Information on the individual setting of the data collected by Pinterest can be found at: https://help.pinterest.com/en/article/personalization-and-data

Microsoft Advertising
Our website uses the Universal Event Tracking (UET) functions of Microsoft Advertising (formerly Bing Ads) of Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA) on the legal basis of your consent in accordance with Art. 6 (1) lit. a GDPR. Via UET, Microsoft stores a cookie in the browser of the website visitor to enable the use of the website to be analysed if the user has reached our website via an advertisement from Microsoft Advertising. This enables Microsoft and us to recognise whether a website visitor has previously clicked on an ad and been redirected to our website as a result. No IP addresses are stored in this process. No other personal information about the identity of the website visitor is stored either. Microsoft is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least occasional) data transfers to the USA is therefore an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR. Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. You can prevent the collection of data generated by the cookie and related to your use of the website and the processing of this data by Microsoft by using the opt-out option at the following link: https://account.microsoft.com/privacy/ad-settings/signedout?lang=en-GB Further information on data protection by Microsoft and Bing Ads can be found at: https://www.microsoft.com/en-us/privacy/privacystatement

Microsoft Clarity
This website uses functions of the web analysis service Microsoft Clarity. The provider of this service is Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA). The legal basis for the use of this service is your consent pursuant to Art. 6 (1) lit a GDPR. We use Microsoft Clarity to analyze our website usage (reach measurement, recognition of returning users), to be able to display content of interest to our website visitors on third-party platforms (cross-device tracking / remarketing) and for conversion measurement (measurement of the effectiveness of our marketing activities on third-party platforms). The user analysis takes place on the basis of a pseudonymous user ID and thus on the basis of pseudonymous data. In doing so, we process usage data in pseudonymised form (when did you visit which pages of our website, mouse movements, scrolling movements), meta or communication data (your IP address, data about the device you are using) and location data (approximately where you were at the time of visiting our website). Through appropriate settings, we have ensured that data collection by Microsoft is already pseudonymous through so-called IP masking (shortening your IP address). Microsoft is a certified partner of the EU-US Data Privacy Framework. The legal basis for data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. You can generally prevent the collection of data relating to your use of the website and the processing of this data by Microsoft by using the opt-out option under the following link: https://account.microsoft.com/privacy/ad-settings/signedout?lang=de-DE. Further information on Microsoft's data protection can be found at: https://privacy.microsoft.com/de-de/privacystatement.

Use of Stape.io (Server-Side Tracking)
We use the "Stape.io" service of the service provider Stape Europe OÜ (Sepapaja 6, 15551 Tallinn, Estonia) as a platform for server-side tag management and tracking. Data can be processed in a privacy-friendly manner via Stape.io (e.g. through the Google Tag Manager server container) and forwarded to analysis or marketing services. It is used to manage website tracking and marketing tags in a privacy-compliant, secure and high-performance manner. Data is processed on the server side, which can reduce the direct transmission of user information to third-party tools (e.g. Google Analytics, Meta Pixel). The following data is processed: IP address (anonymized if necessary), browser and device information, referrer URL, time stamp, interactions on the website and technical information about the connection. The processing is carried out on the legal basis of your consent in accordance with Art. 6 (1) lit. a GDPR, provided that you have consented via our consent/cookie banner. We have a Data Processing Agreement with Stape.io within the meaning of Art. 28 GDPR, which ensures that your data is processed exclusively within the scope of our mandate. Tracking data is processed on a server within the EU ("Stape EU Hosting") before it is transmitted to third-party analytics tools. Data is not stored permanently, but only for as long as is necessary for the purposes mentioned above. Stape EU Hosting ensures that the processing and forwarding of tracking data takes place within the EU. This avoids or reduces direct data transfers to third countries, especially to the USA. In the event of a data transfer to third countries (e.g. the USA), EU Standard Contractual Clauses (SCCs) have been agreed in accordance with Art. 46 GDPR to ensure an adequate level of data protection. Further information on data protection at Stape.io can be found at: https://stape.io/privacy-notice and in the GDPR statement: https://stape.io/gdpr

We include third-party content on our website, such as videos from YouTube, maps from Google Maps, RSS feeds or graphics from other websites. This always presupposes that the providers of this content (hereinafter referred to as "third-party providers") recognise the IP address of the user. Without the IP address, they would not be able to send the content to the respective user's browser. The IP address is therefore required to display this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. However, we have no influence over whether the third-party providers store the IP address for statistical purposes, for example. The legal basis for the use of these services, insofar as they are necessary for the function of our website, is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR, otherwise your consent pursuant to Art. 6 (1) lit. a GDPR. Information on the purpose and scope of further processing and use of the data by the providers of the embedded services/content as well as further information within the meaning of Art. Art. 13 and 14 GDPR can be found under the information links below. The following services/content are embedded in our website: OpenStreetMap We use the open source map service "OpenStreetMap" (also known as "OSM") from the Openstreetmap Foundation (St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom) for cartographic representation. The map material is loaded from the OSM server. The following data is transmitted to OSM: the page visited on our website, the IP address of your device and location data. The legal basis for the processing of your data is Art. 6 (1) lit. f GDPR (legitimate interest). Our legitimate interest lies in an appealing presentation of our online offerings and the geographical presentation of the offerings in our region. In the case of location data from mobile devices, the legal basis is your consent in accordance with Art. 6 (1) lit. a GDPR by authorising the transfer of location data on your mobile device. In principle, the European Commission has recognised the United Kingdom as having an equivalent level of protection as the European Union. The legal basis for data transfer to the UK is therefore Art. 45 GDPR. Further information on OSM can be found at: https://wiki.osmfoundation.org/wiki/Privacy_Policy. Google ReCAPTCHA This website uses the reCAPTCHA service provided by Google Ireland Ltd (Gordon House, Barrow Street, Dublin 4, Ireland) to protect your orders via the Internet form. The query carried out in the process serves to distinguish whether the input is made by a human or abusively by automated, machine processing. By activating IP anonymisation on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google ReCAPTCHA will not be merged with other Google data. In principle, we have a legitimate interest within the meaning of Art. Art. 6 (1) lit. f GDPR for the use of Google ReCAPTCHA. Our legitimate interest lies in protecting our website from spam software. However, we only use Google ReCAPTCHA if you have consented to this. The legal basis for the processing of your data is therefore your consent in accordance with Art. 6 (1) lit. a GDPR. Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least occasional) data transfers to the USA is therefore an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR. Further information on Google's data protection guidelines can be found at: https://www.google.com/intl/de/policies/privacy/. YouTube We integrate videos from the "YouTube" platform of the provider Google Ireland Ltd (Gordon House, Barrow Street, Dublin 4, Ireland) in extended data protection mode. The implementation is based on Art. 6 (1) lit. f GDPR, wherebyWe integrate third-party content, such as videos from YouTube, map material from Google Maps, RSS feeds or graphics from other websites, within our website. This always presupposes that the providers of this content (hereinafter referred to as "third-party providers") recognise the IP address of the user. Without the IP address, they would not be able to send the content to the respective user's browser. The IP address is therefore required to display this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. However, we have no influence over whether the third-party providers store the IP address for statistical purposes, for example. The legal basis for the use of these services, insofar as they are necessary for the function of our website, is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR, otherwise your consent pursuant to Art. 6 (1) lit. a GDPR. Information on the purpose and scope of the further processing and use of the data by the providers of the embedded services/content as well as further information within the meaning of Art. Art. 13 and 14 GDPR can be found under the information links below. The following services/content are embedded in our website

OpenStreetMap
We use the open source map service "OpenStreetMap" (also known as "OSM") from the Openstreetmap Foundation (St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom) for cartographic representation. The map material is loaded from the OSM server. The following data is transmitted to OSM: the page visited on our website, the IP address of your device and location data. The legal basis for the processing of your data is Art. 6 (1) lit. f GDPR (legitimate interest). Our legitimate interest lies in an appealing presentation of our online offering and the geographical presentation of our region's offerings. In the case of location data from mobile devices, the legal basis is your consent in accordance with Art. 6 (1) lit. a GDPR by authorising the transfer of location data on your mobile device. In principle, the European Commission has recognised the United Kingdom as having an equivalent level of protection as the European Union. The legal basis for data transfer to the UK is therefore Art. 45 GDPR. Further information on OSM can be found at: https://wiki.osmfoundation.org/wiki/Privacy_Policy.

Captcha.eu (spam protection)
To protect your orders via internet form, we use the service Captcha.eu of the company Captcha GmbH (Muthgasse 2, A-1190 Vienna) on our website. In this way, we protect our website as well as the visitors to our website from abuse, bots and spam. Captcha.eu checks whether entries in our forms (e.g. inquiry form, brochure order, etc.) are made by humans or whether programs (bots) are used for this purpose. For this purpose, it is necessary that the following data is collected and transmitted to Captcha.eu in order to check whether the input is made by a human or a bot: your IP address (is shortened before storage and can no longer be assigned to you afterwards), referrer website (website from which you were linked to our website), device and browser type of your PC/tablet/smartphone, cookie or local storage value (remains on your device) and, in particular, mouse movements and time intervals between keystrokes. We use Captcha.eu on the basis of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR. Our legitimate interest lies in protecting our website and our website visitors from abuse and spam. According to Captcha.eu, the processed data will be stored for a maximum of 6 months. For more information on Captcha.eu data protection, please visit: https://www.captcha.eu/dsgvo-user.

YouTube
We integrate videos from the "YouTube" platform of the provider Google Ireland Ltd (Gordon House, Barrow Street, Dublin 4, Ireland) in extended data protection mode. The implementation is based on Art. 6 (1) lit. f GDPR, whereby our interest lies in the smooth integration of the videos and the appealing design of our website. However, we only use YouTube if you have consented to this. The legal basis for the processing of your data is therefore your consent in accordance with Art. 6 (1) lit. a GDPR, which you can revoke at any time for the future.When you call up a page in which we have embedded a YouTube video, a connection to the Google servers is established and the content is displayed on the website by notifying your browser. According to Google, in extended data protection mode, your data (in particular which of our web pages you have visited) and device-specific information, including your IP address, are only transmitted to the YouTube server when you watch the video. Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least occasional) data transfers to the USA is therefore an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR. Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. If you are logged in to Google at the same time, this information will be assigned to your Google member account. You can prevent this by logging out of your member account before visiting our website or by making individual settings in your Google account under the following link: https://adssettings.google.com/authenticated. Further information on YouTube's data protection can be found at: https://www.google.com/policies/privacy/.
Learn more about how Google uses personal data: https://business.safety.google/privacy/.

Snapengage live chat tool
To provide you with direct contact and help on our website, we use the live chat tool "Snapengage" from SnapEngage LLC (1919 14th St., Suite 505, Boulder, CO 80302, USA). When the Snapengage widget is called up, a connection to the Snapengage servers is established, whereby your IP address is transmitted to the Snapengage server. In order to chat with us via Snapengage, you do not need to provide any personal data. However, session cookies are required to ensure the functionality of Snapengage. The legal basis for the use of Snapengage is your consent within the meaning of Art. Art. 6 (1) lit. a GDPR. SnapEngage LLC (TeamSupport LLC) is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least occasional) data transfers to the USA is therefore an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR. Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. Further information on Snapengage's data protection can be found at: https://snapengage.com/privacy-policy/, https://help.snapengage.com/visitor-privacy-what-information-does-snapengage-gather-about-your-website-visitors/ or https://www.teamsupport.com/privacy.

Cloudfront
We use the Cloudfront content delivery network (CDN) from the provider Amazon Web Services EMEA SARL (AWS) (38 avenue John F. Kennedy, L-1855 Luxembourg) on our website for a modern design and presentation of the content offered on different end devices, to increase security and for faster loading times. The CloudFront CDN makes duplicates of website data available on various Amazon Web Services servers distributed around the world in order to deliver them to website visitors in an optimised manner. Through this retrieval, information about your use of our website (such as your IP address) is transferred to Amazon servers (also in other EU countries) and stored there. Amazon is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least occasional) data transfers to the USA is therefore an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR. Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. We use this service on the basis of our legitimate interest within the meaning of Art. Art. 6 (1) lit. f GDPR. Our legitimate interest lies in an appealing presentation of the content of our website, increasing the security of our website and in our interest in being able to make this content available in the shortest possible loading times. You have the right to object to the processing. Whether the objection is successful must be determined as part of a balancing of interests. AWS is the recipient of your personal data and acts as a processor for us. This corresponds to our legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR not to operate a content delivery network ourselves. The processing of the data specified in this section is not required by law or contract. The (full) functionality of the website is not guaranteed without the processing. Your personal data will be stored by AWS for as long as is necessary for the purposes described. You can install a Java Script blocker to prevent the execution of Java Script code from Amazon CloudFront in general. Further information on objection options and data protection of Amazon Web Services in general at: https://aws.amazon.com/privacy/

eKomi
To give you the opportunity to rate us and our services on our website, we use "eKomi", a tool from the provider eKomi, Ltd (Markgrafenstraße 11, D-10969 Berlin. In the event that you use eKomi to rate us, your details will be transmitted to eKomi. Your IP address will also be transmitted to eKomi. After a review by eKomi, your rating will be published on our website and the eKomi website. Your optional name and e-mail address will not be published. The legal basis for the processing of your personal data is your consent within the meaning of Art. Art. 6 (1) lit. a GDPR. Further information on data protection from eKomi at: https://www.ekomi.co.uk/uk/privacy/

Nature trip Wilder Kaiser web app
On our website, we provide a link to our Naturtrip Wilder Kaiser web app, which offers you the opportunity to plan your journey to attractions and other tourist services in our region using public transport in a simple and user-friendly way. The following personal data is processed: the pages you visit on this website, information about the type of device and operating system you use, the IP address of your device and location data. We provide this service with the help of our service provider naturtrip GmbH (Norwegerstraße 3, D-10439 Berlin). The legal basis for the processing of your personal data is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Our legitimate interest is to promote public transport in our region and to give our customers the opportunity to plan their journey by public transport quickly and easily. We have concluded a corresponding agreement with naturtrip GmbH in accordance with Art. 28 GDPR as a processor, which ensures that your data is processed exclusively within the scope of our order. Further information on data protection at naturtrip GmbH can be found at: https://www.naturtrip.travel/en/privacy-policy

The contact details and application documents sent to us in the course of a job application are processed by us exclusively internally for the purpose of selecting suitable candidates for an employment relationship. There is no legal or contractual obligation to provide personal data. The only consequence of not providing this data is that you will not be able to submit your application and we will not be able to process it. The personal data transmitted will be stored by us in accordance with the statutory provisions for a maximum of 6 months, or for a maximum of 2 years if the applicant has expressly consented to the documents being kept on file.

In addition to our website, we maintain online presences within social networks and platforms. The legal basis for using these services is our legitimate interest in accordance with Art. 6 (1) lit. f GDPR. Our legitimate interest lies in communicating with the customers and business partners there and in being able to inform them about our services on these networks. When accessing the respective networks and platforms, the terms and conditions and the privacy policies of the respective operators of these networks apply. Further information on the processing of your personal data by the respective providers of these services (which personal data is processed for which purposes on the basis of which legal basis, how long this data is stored by the respective provider and, if applicable, how long this data is stored by the respective provider). Information on profiling and third-country transfers) can be found below in the descriptions of the individual services or via the information links listed there.

Facebook Fanpage
We operate a Facebook fan page on the "Facebook" platform of the company Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). The legal basis for the processing of the personal data associated with this is our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. Our legitimate interest is to provide customers and potential new customers with information about us and our offers via this information channel. We would like to point out that you use this Facebook page and its functions at your own risk. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). When you visit our Facebook page, Facebook collects, among other things: Your IP address and other information collected in the form of cookies or other tracking technologies. The data collected about you in this context will be processed by Facebook and may be (at least partially) transferred to the USA. Facebook / Meta is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least on a case-by-case basis) data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR, with which the European Commission certifies an adequate level of data protection in the USA. In a decision, the ECJ found that "Facebook" and the operator of a Facebook fan page are responsible for this personal data as joint controllers within the meaning of Art. 26 GDPR. Facebook provides the contract for joint data processing at the following link: https://www.facebook.com/legal/terms/page_controller_addendum. We, as the site operator of our fan page, have no influence on the specific contents of the agreement. What information Facebook receives and how it is used (how Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users in order to individualize content or advertising, how long Facebook stores this data, whether data from a visit to the Facebook page is passed on to third parties, and much more), describes Facebook in general terms in its data usage policy. There you will also find information about how to contact Facebook and how to set up advertisements. The Privacy Policy is available at the following link: https://www.facebook.com/privacy/policy/. As a fan page operator, we do not receive any additional (not publicly visible) information about individual Facebook users from Facebook's analyses, but only statistically processed information (e.g. total number of page views, page activity, post reach, etc.) that helps us to make our posts more attractive.

Instagram
Instagram is an online service for sharing photos and videos. We have a profile (account) on Instagram. The provider is Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). For more information on the processing of your personal data through the use of Instagram and how to contact us, please visit: https://privacycenter.instagram.com/policy/

Pinterest
Pinterest is a mixture of social network and search engine whose focus is on visual content, i.e. images and videos. We use this service to generate interest in other of our content on the Internet (especially our website) with so-called PINs. The provider of this service is Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland). For more information on the processing of your personal data through the use of Pinterest and how to contact us, please visit: https://policy.pinterest.com/de/terms-of-service.

Tiktok
TikTok is a video portal for short videos that also offers functions of a social network. We use this service to generate interest in our offers with short videos. The provider is TikTok Technology Ltd. (10 Earlsfort Terrace, Dublin, D02 T380, Ireland). For more information on the processing of your personal data through the use of Pinterest and how to contact us, please visit: https://www.tiktok.com/legal/privacy-policy-eea?lang=de.

LinkedIn
In order to stay in contact primarily with business partners, we use the web-based social network service LinkedIn. The provider is LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland). For more information on the processing of your personal data through the use of LinkedIn and how to contact us, please visit: https://de.linkedin.com/legal/privacy-policy.

YouTube
We use a YouTube channel via the video portal "YouTube" to publish our videos. The service is provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). For more information on the processing of your personal data through the use of YouTube and how to contact us, please visit: https://www.google.com/policies/privacy/.

Your personal data (e-mail address, name, address) provided for participation in our competitions will only be used by us to determine a winner, to inform them of the prize and to send out prizes. Your data will not be passed on to third parties. The legal basis for the processing of your personal data is contract fulfilment in accordance with Art. 6 para. 1 lit b GDPR. There is no legal or contractual obligation to provide personal data. The only consequence of not providing the data is that you will not be able to take part in the competition. Your data will be stored for the duration of the competition and - for the processing of any claims for winnings and damages - for a maximum of 3 years afterwards and then deleted. By participating, you also agree that your name may be published on our website and on our public social media channels if you win.your personal data provided for participation in our competitions (e-mail address, name, address) will only be used by us to determine a winner, inform them of the prize and send them prizes. Your data will not be passed on to third parties. The legal basis for the processing of your personal data is contract fulfilment in accordance with Art. 6 para. 1 lit b GDPR. There is no legal or contractual obligation to provide personal data. The only consequence of not providing the data is that you will not be able to take part in the competition. Your data will be stored for the duration of the competition and - for the processing of any prize and compensation claims - for a maximum of 3 years afterwards and then deleted. By participating, you also consent to your name being published on our website and on our public social media channels if you win.

At events, we may take photos and videos of these events or have them taken by photographers commissioned by us in which you are recognisable as a participant in these events. We need these photos/videos to document and promote our events and will therefore also publish them in our media (e.g. print brochures, website and social media) and make them available to other media owners (print and online) to promote our event. There is no legal or contractual obligation on your part to provide this data. The legal basis for the processing of your personal data (images and videos in which you are recognisable) is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Our legitimate interest lies in our right to public relations (presentation of our activities) and the promotion of our events. You have the right to object to the processing. Please send your objection to the email address we have provided in this privacy policy. However, it can be assumed that our above-mentioned interest in using the photos does not unduly interfere with your rights as the person depicted. This is particularly the case as we take these photos/videos in public spaces and point out the production and use of the photos/videos in advance of each event. We also always ensure that no legitimate interests of persons depicted are violated. Should your personal rights and freedoms be violated by an image/video created by us for reasons worthy of special consideration, we will refrain from further processing/publication. Removal from print media that have already been circulated is not possible. In this case, however, we will delete them from our website or our social media channels. We generally delete photos/videos of events if we no longer need these images to document and promote these events.

feratel guest card system
For the use of our regional guest card, we process your personal data (first name, surname, date of birth, period of stay and country of origin/postcode) with the help of our service provider feratel Media Technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck) for the purpose of providing you with the benefits of the free card. It is also necessary to store your usage data for billing purposes and to make this data available to our service providers for internal billing control purposes. The legal basis for processing is your consent in accordance with Art. 6 (1) lit a, which you give us when you register as a guest at your accommodation provider. You can revoke this consent at any time free of charge. Uses already made remain unaffected by this and are stored for billing purposes. There is no legal or contractual obligation to provide personal data. The only consequence of not providing it is that we cannot provide you with the guest card. We have concluded a corresponding agreement with the company feratel in accordance with Art. 28 GDPR as a processor, which ensures that your data is processed exclusively within the scope of our order. You can find more information about feratel's data protection at: https://www.feratel.com/en

In our tourism information, you have the option of registering for events organised by various providers in our region. For this purpose, we process your personal data (name, email address and telephone number). This data is processed by us on the basis of Art. 6 (1) lit. b GDPR (contract fulfilment/pre-contractual measures) and also passed on to the respective organiser. We will delete or destroy your data after the event and you can register for events organised by various providers in our region in our tourism information. For this purpose, we process your personal data (name, e-mail address and telephone number). This data is processed by us on the basis of Art. 6 (1) lit. b GDPR (fulfilment of contract/contractual measures) and also passed on to the respective organiser. We will delete or destroy your data after the event and you have the option of registering for events organised by various providers in our region in our tourism information. For this purpose, we process your personal data (name, e-mail address and telephone number). This data is processed by us on the legal basis of Art. 6 (1) lit. b GDPR (contract fulfilment/pre-contractual measures) and also passed on to the respective organiser. This data will be deleted or destroyed by us after the event.