The protection of your personal data is a special concern for us. We therefore process your data exclusively in a legal manner based on the statutory provisions (GDPR (General Data Protection Regulation), DSG (German Data Protection Act) 2018, TKG (Telecommunications Act) 2021). In this privacy information we inform you about the most important aspects of data processing - the type, scope and purposes of collection as well as the use of personal data - in the context of the use of our website and in the context of other services provided by our company.
The controller (as defined in Art. 4 Z 7 GDPR) responsible for processing your personal data (personal data as defined in Art. 4 Z 1 GDPR) is:
Tourismusverband WILDER KAISER
Tel. +43 50509
Data Protection Officer:
We take the protection of personal data very seriously and we have appointed an external data protection officer for this purpose. Our data protection officer is Martin Zeppezauer, Thurnbichlweg 50, A-6353 Going am Wilden Kaiser (www.zepedes.com). You can contact our Data Protection Officer using the following email address: email@example.com.
Purposes of processing
The purposes of processing your personal data normally arise from our business activities as a tourist organisation: provision of our online offers, processing customer inquiries / orders / bookings, accounting, communication with business partners and customers. For detailed information about the purposes of processing and, if applicable, further processing for other compatible purposes, and about categories of processed data, please refer to the detailed descriptions of the individual data processing processes.
Legal bases for processing
We process your personal data with the aid of processors who help us to provide our services. These processors are bound by a corresponding agreement with us as defined by Art. 28 GDPR to strictly protect your personal data and they may not process your personal data for any purpose other than for the provision of our services. You can find out which processors are involved in the detailed descriptions of individual data processing procedures.
A transfer of your personal data to companies other than our order processors is made to service providers typical third parties such as banks, tax advisors or auditors. Personal data will only be transferred to state institutions and authorities within the framework of mandatory national legal regulations.
Depending on your order (e.g. for bookings and inquiries), your personal data will be transferred only to the extent required and, if applicable, also to hotel partners or other tourist service providers (members of our organization), who are needed for the fulfilment of your order. Personal data transferred varies depending on the service.
In principle, we process your personal data in the EU area. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this takes place in the context of the use of services of our processors or third parties, this will only happen if the requirements of Article 44 et seq. GDPR for transfers to third countries are complied with, i.e. based on special guarantees such as the officially recognised determination of a level of data protection commensurate with the EU or in compliance with officially recognised contractual obligations, the so-called "EU standard contractual clauses". If we rely on the EU standard contractual clauses as a legal basis for the transfer of your personal data, we will also examine the permissibility of this data transfer as part of a comprehensive risk assessment. If we arrive at a negative result, we will not transfer this data to a third country without your express consent in accordance with Art. 49 (1) a GDPR in conjunction with Art. 6 (1) a GDPR.
Data transfer to the USA
Through the services integrated in this website, Google Tag Manager, Google Analytics, Google Ads Conversion Tracking, Google Remarketing, Google Adsense, Facebook-Pixel, Adform, Pinterest Tag (Pinterest Conversion Tracking), Google Maps, Google ReCAPTCHA, YouTube, Snapengage Live-Chat Tool and Cloudfront, your data will (at least in some cases) also be transferred to the USA. Authorities or secret services in the USA can access your data without giving you legal recourse. The ECJ has therefore determined that there is no sufficient level of data protection in the sense of Art. 44 to 50 GDPR for data transfers from the EU to the USA. For this reason, the legal basis for the use of this service is your express consent pursuant to Art. 49 (1) lit. a GDPR.
Your personal data will be erased by us as soon as the purpose for which we collected your data no longer applies. Data may also be stored if we process the data for a purpose compatible with the original purpose. It may also take place if this is provided for by laws, ordinances or by other regulations that our company is subject to.
We collect your personal data only from you; we do not use any other data sources.
We do not use any automated decision-making or profiling procedures that have a legal effect against you that would affect you significantly in a similar way. However, with your consent, we will use your usage data to get a better picture of your interests to enable us to present information of interest to you or to give you tailor-made offers or to be able to display relevant information to you on third-party websites or social media platforms.
In principle, you have the right in accordance with the GDPR to information, correction, erasure, restriction, data portability, revocation and objection. For this purpose, please contact us as the controller using the contact details provided in this privacy information. You will find a detailed explanation of these rights here in Section III.
Right of appeal
If you believe that the processing of your data breaches data protection law or that your data protection rights have otherwise been breached in a way, you may lodge a complaint with the relevant regulatory authority. In Austria, this is the data protection authority (Wickenburggasse 8, 1080 Vienna, e-mail firstname.lastname@example.org).
In this section we tell you how we process your personal data when you visit our website.
For technical reasons, the following data, amongst other items that your internet browser transmits to us or to our web space provider, is recorded (server log files) based on § 165 (3) S 3 TKG (Telecommunications Act) 2021 (necessary for the operation of our website):
This data, which is anonymous for us, will be stored separately from any personal data you may have provided and therefore does not allow us to draw any conclusions about a specific person. The data is used for statistical purposes in order to improve our website and our offers.
SSL or TLS encryption
This page uses SSL or TLS encryption for security reasons and to protect the transfer of confidential content, for example orders or enquiries that you send to us website operator. You can recognise an encrypted connection because the browser's address line changes from "http://" to "https://" or by the lock symbol in your browser line. When the SSL or TLS encryption is activated the data you transfer to us cannot be viewed by third parties.
Technical service providers
We create and edit the content of our website with the aid of the following service providers; we have a corresponding agreement with them as defined by Art. 28 GDPR to process your data exclusively within the scope of our assignment:
MICADO DIGITAL SOLUTIONS GMBH (Hammerschmiedstraße 5, A-6370 Kitzbühel)
Cookie banners - cookies on our website
Changing the cookie settings in your web browser
You can decide how the web browser you use will handle cookies, i.e. which cookies are to be accepted or rejected, in your web browser settings. You can also erase cookies already stored on your computer/end device yourself at any time. Where exactly these settings are located will depend on the web browser. Detailed information can be accessed in the help function of the respective web browser.
You also have the option of objecting to cookies and similar tracking technologies generally, using the services mentioned below by setting your individual preferences - which technologies for usage and interest-based advertising you want to allow:
• European Interactive Digital Advertising Alliance (EDAA): https://www.youronlinechoices.com/de/praferenzmanagement/
• Network Advertising Initiative (NAI): https://optout.networkadvertising.org/?c=1#!%2F
Contact form and e-mail
For the purpose of rendering contractual services as well as payment and implementation of them in the context of online purchases, bookings and orders for brochures, we process your personal master data, contract data and payment data as well as communication data (IP address and server log files) on the basis of Art. 6 (1) b GDPR (contract fulfilment) as well as Art. 6 (1) c GDPR (legal obligation for billing and archiving).
We store this data as long as it is required for the purpose of it, legal regulations provide for it (retention period of invoices in accordance with 132 BAO (Federal Taxation Regulations) for 7 years; voucher orders up to the expiry of the redemption period for 30 years) or as long as we require this data on the basis of Art. 6 (1) f GDPR (legitimate interest) for defence against possible liability claims. If you cancel the order process, we will store the data for 14 days to clarify any problems during the order process.
There is no legal or contractual requirement to provide the personal data. If you do not provide it, this will only result in us not being in a position to process your bookings / orders.
Feratel DESKLINE online bookings, booking requests and orders for brochures
INCERT voucher system and merchandising articles
External payment service providers
We use external payment service providers on the legal basis of Art. 6 (1) b GDPR (contract performance) for the payment of order transactions / bookings ; you can make your payments via their platforms. The payment data you entered when placing the order (e.g. account numbers, credit card numbers including check digits, passwords / TANs etc.) are processed only by our payment service providers and cannot be seen by us. We only receive a confirmation of the payment via our payment service providers or information to the effect that the payment could not be carried out. You will find further information about privacy as well as general terms and conditions of our payment service providers at:
Datatrans AG, Kreuzbühlstrasse 26, CH-8008 Zürich.
Tel. +41 44 256 81 91
Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA
card complete Service Bank AG Lassallestraße 3, A-1020 Wien
Six Payment Services, Zweigniederlassung Österreich, Marxergasse 1B, A-1030 Wien
Tel. +43 1 717 01 – 0
Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden
Tel. 0046 8-120 120 00
Sale of fan articles
To enable our users to purchase fan articles online quickly, we are linked to the Haunold Ges.b.R (Dorf 47, A-6352 Ellmau) platform. This link is integrated into the page by means of an HTML link. By clicking on the link, a new browser window opens and the Haunold page opens. Further processing of your personal data in the context of your online purchases will be the responsibility of Haunold Ges.b.R. You will find further information about data protection at Haunold Ges.b.R at: https://www.haunold.at/bezirk-3/imprint#.
Sale of cable car tickets
For the sale of cable car tickets (season tickets, multi-day tickets and day tickets) and for sales of cable car ticket vouchers as well as merchandising articles, our website is linked to the SkiWelt Wilder Kaiser - Brixental Marketing GmbH (Dorf 84, AT-6306 Söll) online ticket shop. This link is integrated into our site by means of an HTML link. When you click on the link, a new browser window will open and the SkiWelt Wilder Kaiser - Brixental Marketing GmbH online ticket shop page will open. The further processing of your personal data in the context of the online purchase will be the responsibility of SkiWelt Wilder Kaiser - Brixental Marketing GmbH which is responsible for data protection. You will find further information on data protection at SkiWelt Wilder Kaiser - Brixental Marketing GmbH at: https://shop.skiwelt.at/en/data-protection.
E-mail newsletter (NumBirds)
You have the option to register for our newsletter on our website. The legal basis for sending the newsletter is your consent within the meaning of Art 6 (1) a GDPR. The registration for our newsletter takes place in the double opt-in procedure. In this way we ensure that nobody can log in with any other e-mail addresses (e.g. with their e-mail address). You may revoke your consent at any time free of charge by clicking on the "unsubscribe link" at the end of each mail. The legality of data processing operations already carried out up to that time will remain unaffected by the revocation. After cancellation of your e-mail address, we will keep it for a further 3 years based on our legitimate interest (Art. 6 (1) f GDPR) in order to prove your originally consent, if necessary. In order to send our newsletter we use the service provider NumBirds CRM GmbH (Brixnerstraße 3/3, A-6020 Innsbruck). We can analyse our newsletter campaigns with the help of NumBirds. When you open an email sent with the NumBirds newsletter tool, a connection will be established with the NumBirds servers. This allows us to determine whether a newsletter message has been opened and which links, if any, have been clicked. The purpose of these analyses is to achieve better adaptation of future newsletters for the benefit of recipients. Technical information such as the time of the retrieval, IP address, browser type and the recipient's operating system are also registered. We have concluded a processor agreement with NumBirds as defined by Art. 28 GDPR to ensure that your data is processed only to the extent required by us and permitted by you. The general NumBirds privacy information is available at: https://www.sports-tourism.at/de-DE/datenschutz-cookies.
Registration "My Kaiser"
Registration “BürgerCard, StaffCard, FreizeitwohnsitzCard (HolidayHomeCard)"
Registration is not required for the use of this website. However, after registering on this website, the user will also have access to the benefits of the BürgerCard, StaffCard, FreizeitwohnsitzCard (HolidayHomeCard), if eligible. The personal data (name, e-mail address, telephone number, proof of residence or employment, advantage card usage data) will only be processed and transferred by the operator in a legal manner - in particular for fulfilment of contractual obligations (Art. 6 (1) b GDPR), on the basis of the operator's overriding legitimate interests (Art. 6 (1) f GDPR) or based on the user's consent (Art. 6 (1) a GDPR). If the legality for specific data processing is based on the user's consent, this consent may be revoked at any time (including partial revocation) by sending an e-mail to email@example.com. Revocation of consent does not affect the legality of processing carried out on the basis of consent up to the time of revocation. The personal data provided will be stored for the duration of the registration or beyond it in accordance with statutory retention periods. The purpose of further storage after the end of the period of use for the BürgerCard, StaffCard, FreizeitwohnsitzCard (ResidentCard, StaffCard, HolidayHomeCard) is to be able to identify the person responsible in the event of any legal violations. This is therefore in the overwhelming interest of the operator in accordance with Art. 6 (1) f GDPR. The email addresses of editors and administrators in the backend are only available to the Tourismusverband Wilder Kaiser. In order to enable automatic activation of the BürgerCard, StaffCard, FreizeitwohnsitzCard (ResidentCard, StaffCard, HolidayHomeCard), an interface to the electronic registration system of Feratel has been set up. Registration and use of the BürgerCard, StaffCard, FreizeitwohnsitzCard (ResidentCard, StaffCard, HolidayHomeCard) is only possible if you agree to the data comparison.
Google Tag Manager
Google Ads Conversion Tracking
On the legal basis of your consent in accordance with Art. 6 (1) a GDPR we use the "Google Adsense" service provided by Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland) to display ads of other companies within our website. We do this to generate advertising revenue. For this purpose, your IP address is truncated by the last two digits and transferred to Google. Google uses information which Google itself has collected about you via cookies to show you ads on our website which are of interest to you. We have concluded a corresponding agreement with the provider in accordance with Art. 28 of the GDPR as a processor which ensures that your data will only be processed within the scope of our assignment. For more information on Google's use of data and your settings as well as opt-out options, please go to: https://policies.google.com/technologies/ads. You can adjust your settings for the display of advertisements by Google using the following link: https://adssettings.google.com/authenticated.
Pinterest Tag (Pinterest Conversion Tracking)
We integrate third-party content within our website, e.g. videos from YouTube, maps from Google Maps, RSS feeds or graphics from other websites. This always requires providers of this content (hereinafter referred to as "third-party providers") to be aware of the user's IP address. This is because without the IP address, they could not send the content to the relevant user's browser. The IP address is therefore necessary in order to display this content. We endeavour to use only such content whose respective providers use the IP address only for the provision of the content. However, we have no influence on this if third-party providers store the IP address, e.g. for statistical purposes. The legal basis for the use of these services is, insofar as they are necessary for the function of our website, our legitimate interest in accordance with Art. 6 (1) f GDPR; otherwise it will be your consent in accordance with to Art. 6 (1) a GDPR. Information about the purpose and scope of further processing and use of the data by providers of the embedded services/content as well as further information within the meaning of Art. 13 and 14 GDPR can be found under the information links below. The following services/content are embedded in our website:
Our website uses the Google Maps service provided by Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland). This function enables us to show you relevant map material within our website. The following personal data is processed in this context: date and time of the visit to our website, URL of the accessed website, your IP address and, if applicable, start and end points entered during the process of route planning. By using Google Maps on this website, you consent to collection, processing and use of data collected automatically by Google. The legal basis for the processing of your data will be Art. 6 (1) f GDPR (legitimate interest). Our legitimate interest is the need for an appealing presentation of our online offer or a geographical presentation of the offers in our region. You will find further information about the data protection provisions of Google at: https://policies.google.com/privacy?hl=en.
To protect your orders via internet form this website uses the service reCAPTCHA of provided by Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland). The enquiry processed on the legal basis of our legitimate interest as defined by Art. 6 (1) f GDPR serves to ascertain whether the input is made by a person or abusively by automated, machine processing. With the activation of IP anonymisation on this website, your IP address will be truncated in advance by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area (EEA) and the full IP address will be transmitted to a Google server in the USA and truncated there only in exceptional cases. The IP address transmitted by your browser in the context of reCAPTCHA will not be merged with other Google data. You will find further information about the data protection provisions of Google at: https://policies.google.com/privacy?hl=en.
Snapengage Live-Chat Tool
For a modern design and presentation of the offered content on different devices and for the sake of faster loading times, we use the Content Delivery Network (CDN) Cloudfront provided by Amazon Web Services Inc. (410 Terry Avenue North, Seattle, WA 98109-5210, USA) on our website. The Cloudfront CDN makes duplicates of a website's data available on various Amazon Web Services servers distributed across the world. With this retrieval, information about your use of our website (for example your IP address) will be transferred to Amazon servers (also in other EU countries) and stored there. We use this service on the basis of our legitimate interest as defined by Art 6 (1) f GDPR. Our legitimate interest lies in an appealing presentation of the contents of our website as well as our interest in being able to make this content available with the shortest possible loading times. To prevent Amazon CloudFront's Java Script code from executing in general, you may install a Java Script blocker. For more information about Amazon Web Services privacy go to: https://aws.amazon.com/de/data-protection/.
In this section we inform you about other data processing procedures outside of our website.
The contact data and application documents submitted to us in the course of a job application will only be processed by us internally for the purpose of selecting suitable candidates for employment. There is no legal or contractual requirement to provide the personal data. If you do not provide it, this will only result in you not submitting your request and us not being in a position to process it. In accordance with the statutory provisions, personal data provided will be stored by us for a maximum of 6 months, or for a maximum of 2 years if the applicant has expressly consent to the documents being retained on file.
We maintain online presences within social networks and platforms in addition to our website: Facebook, Pinterest, Instagram and YouTube to communicate with customers and business partners who are active there and to be able to inform them about our services on these networks. When calling up the respective networks and platforms, the general terms and conditions as well as the data protection guidelines of the respective operators of these networks will apply.
Your personal data provided for participation in our prize competitions (e-mail address, name, address) will be used by us only to determine a winner, to inform him/her about the prize and to send the prizes. Your data will not be forwarded to third parties. The legal basis for processing your personal data is contract fulfilment according to Art 6 (1) b GDPR. There is no legal or contractual requirement to provide the personal data. Failure to provide the data will only mean that you cannot participate in the prize competition. Your data will be stored for the duration of the prize competition and - in order to process any claims for winnings or compensation - for a maximum of 3 years thereafter and then erased. By entering, you also consent to have your name published on our website and on our public social media channels if you win.
feratel guest card system
In our tourist information offices you have the option to register for events of different providers in our region. We will process your personal data (name, e-mail address and telephone number) for this purpose. This data is processed by us on the legal basis of Art. 6 (1) b GDPR (contract performance/pre-contractual measures) and also forwarded to the respective organiser. This data will be erased or destroyed by us after the event.