Privacy Information According to Art. 13 and 14 GDPR

 

1.  General

The protection of your personal data is of particular concern to us. We therefore process your data exclusively in a lawful manner on the basis of the statutory provisions (especially GDPR, DSG 2018, TKG 2021). In this privacy policy, we inform you about the most important aspects of data processing – type, scope and purposes of the collection and use of personal data – in the context of the use of our website and in the context of other services of our company.

Only the German version of our privacy policy is legally binding text. The English translation serves as a legally non-binding information. Deviations of the English text or how it could be understood do not affect the exclusive legal validity of the German text and its meaning.

 

1.1.   Responsibility for the Processing of your Data

The responsible person (“controller” within the meaning of Art. 4 no. 7 GDPR) of the processing of your personal data (“personal data” within the meaning of Art. 4 no. 1 GDPR) is:

Tourismusverband Saalbach Hinterglemm
Glemmtaler Landesstraße 550
A-5753 Saalbach
Tel.: +43 (0)6541 6800-68
E-Mail: datenschutz@saalbach.com

 

Data protection officer:
We take the protection of personal data seriously and have appointed an external data protection officer for this purpose. Our data protection officer is MMag. Martin Zeppezauer, Thurnbichlweg 50, A-6353 Going am Wilden Kaiser (www.zepedes.com). You can contact our data protection officer at the email address martin@zepedes.com.

 

1.2.  Purposes, Categories of Data and Lawfulness of the Processing of Personal Data

Purposes of the processing of personal data

The purposes of processing your personal data generally result from our business activities as a tourism organization: making our online offers available, processing customer inquiries / orders / bookings, accounting, communication with business partners and customers. Detailed information on the purposes of processing and, if necessary, further processing for other compatible purposes as well as the processed data categories can be found in the detailed descriptions of the individual data processing processes.

 

General categories of data

·         Personal master data (e.g. name, date of birth and age, address)

·         Contact details (e.g. email address, telephone number, fax number)

·         Communication data (time and content of communication)

·         Order or booking data (e.g. ordered goods or commissioned services and invoice data such as service period, payment method, invoice date, tax identification number ...)

·         Payment details (e.g. account number, credit card details)

·         Contract data (content of contracts of any kind)

·         Web usage data (e.g. server data, log files and cookies)

 

Processing of special categories of personal data according to Art. 9 GDPR

·         Health data (only if you have given us your explicit consent to process your order (e.g. mediation of a hotel specializing in guests with food intolerances or allergies))

 

Lawfulness of the processing of personal data

There is basically no obligation to provide the data for the data processing described in this data protection declaration. Failure to provide this data simply means that we cannot offer these services. The legal basis for the processing of your personal data, which is necessary for the fulfilment of a contract with you or an order from you to us, is Art. 6 (1) lit. b GDPR. Insofar as the processing of personal data is necessary on our part to fulfil a legal obligation (accounting obligation, bookkeeping obligation or other legal documentation obligations), Art. 6 (1) lit. c GDPR serves as the legal basis. If the processing of the data takes place in your own vital interest, the legal basis for the data processing is Art. 6 (1) lit. d GDPR. If we process your data to carry out the task assigned to us in the public interest (“sovereign action”), the legal basis is Art. 6 (1) lit. e GDPR. If processing is necessary to safeguard a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh our interests, Art. 6 (1) lit. f GDPR (“legitimate interest”) serves as the legal basis for processing. In this case, we will also inform you about our legitimate interests. Unless we have any other legal basis explained above for the processing of personal data, we will ask for your consent to data processing, whereby in these cases we refer to Art. 6 (1) lit. a GDPR or in the case of the processing of special categories of data based on Art. 9 (2) lit. a GDPR as the legal basis. You can revoke this consent at any time free of charge without affecting the legality of the processing carried out on the basis of the consent until the revocation.

 

1.3.   Transfers of Personal Data to Data Processors and Third Parties

We process your personal data with the support of data processors who support us in providing our services. These data processors are through a corresponding agreement within the meaning of Art. 28 GDPR with us obliged to strictly protect your personal data and may not process your personal data for any purpose other than to provide our services. You can find out which data processors are involved in the detailed descriptions of the individual data processing processes.

Your personal data will be passed on to companies other than our data processors to typical economic service providers such as banks, tax consultants or auditors. Transfer of personal data to state institutions and authorities only takes place within the framework of mandatory national legal provisions.

Depending on your order (e.g. for bookings and inquiries), your personal data will only be transmitted to hotel partners or other tourist service providers (members of our organization) to the extent necessary to fulfil your order. The transmitted personal data vary depending on the service.

 

1.4.   Transfers of Personal Data to Third Countries or International Organisations

In principle, we process your personal data in the EU. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if we use the services of our data processors or third parties, this will only take place if the requirements of Art. 44 ff. GDPR are available for the transfer to third countries: i.e. on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU or in compliance with officially recognized contractual obligations, the so-called "EU standard contractual clauses". If we rely on the EU standard contractual clauses as the legal basis for the transmission of your personal data, we will also check the admissibility of this data transmission as part of a comprehensive risk assessment. If we come to a negative result, we will not transfer these data without your explicit consent in accordance with Art. 49 (1) lit. a GDPR to a third country.

 

1.5.   Data Erasure and Period of Data Storage

Your personal data will be deleted by us as soon as the purpose for which we collected your data no longer applies. Storage can also take place if we process the data for a purpose that is compatible with the original purpose. It can also take place if this is provided for by laws, ordinances or other provisions to which our company is subject.

 

1.6. Data Sources

We only collect your personal data from you and do not use any other data sources.

 

1.7. Profiling

We do not use any automated decision-making or profiling processes that have a legal effect on you or that significantly affect you in a similar manner. With your consent, however, we will use your usage data to get to know your interests better and thus to be able to display information of interest to you or to be able to make you tailor-made offers or to be able to display corresponding information to you on third-party websites or social media platforms.

 

1.8. Safeguarding your Data Protection Rights

In principle, you have the right to information, correction, deletion and restriction of the processing of personal data in accordance with the GDPR. If the legal basis for the processing of your personal data is your consent or a contract concluded with you, you also have the right to data portability. You have the right to revoke any consent you may have given to the processing of your personal data. The lawfulness of the processing of your personal data up to the time of revocation is not affected by this. You have the right to object to the processing of your personal data for the purpose of direct marketing. In the event of an objection, your personal data will no longer be processed for the purpose of direct marketing. A detailed explanation of these rights can be found here in Chapter III.

 

Right of complaint

If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can complain to the competent supervisory authority. In Austria, this is the data protection authority (Barichgasse 40-42, A-1030 Wien, email: dsb@dsb.gv.at).

 

2. Visiting our Website

 

In this section we inform you how we process your personal data when you visit our website. We operate this website with the following partners as joint controllers according Art. 26

 

GDPR:

Saalbacher Bergbahnen GmbH
Eberhartweg 308
A-5753 Saalbach
E-Mail: saalbach@lift.at

 

Hinterglemmer Bergbahnen GmbH
Zwölferkogelweg 208
A-5754 Hinterglemm
E-Mail hinterglemm@lift.at

 

BBSH Bergbahnen Saalbach-Hinterglemm GmbH
Eberhartweg 308
A- 5753 Saalbach
E-Mail: bbsh@lift.at

 

Leoganger Bergbahnen GmbH
Hütten 39
A-5771 Leogang
E-Mail: info@leoganger-bergbahnen.at

 

Bergbahnen Fieberbrunn GmbH
Lindau 17
A-6391 Fieberbrunn
E-Mail: office@bbf.at

 

For the exercise of your data protection rights according point 1.8 "Safeguarding your data protection rights" we ask you to contact us as the controller specified in point 1.1. as the "Controller for the processing of your data".

 

2.1. Presentation of the Website

Server data

For technical reasons, based on the legal basis of § 165 (3) S 3 TKG 2021  (required for the operation of our website), the following data, which your internet browser transmits to us or to our web space provider, will be processed (so-called "server log files"):

·         Browser type and version

·         Operating system and device type used (e.g. desktop / mobile)

·         Website from which you are visiting us (referrer URL)

·         Website you visit

·         Date and time of your access

·         Your internet protocol address (IP address)

 

This data, which is anonymous to us, is stored separately from any personal data you may have provided and therefore does not allow us to draw any conclusions about a specific person. They are evaluated for statistical purposes in order to be able to optimize our website and our offers.

 

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as B. Orders or inquiries that you send to us as the website operator, an SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” or by the lock symbol in your browser line. If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

 

Technical service providers

We create and edit the content of our website with the help of the following service provider. With this service provider we have concluded a corresponding agreement according to Art. 28 GDPR to process your data exclusively to the extent of our order:

 

Technical conception:

Webhosting: 

 

2.2. COOKIES

 

Cookie Banner - Cookies on our website

Our website uses cookies, which help us to make our website more user-friendly and efficient for you, to carry out statistical analyses of the use of our website and also to show you content that is of interest to you on other websites. Cookies are small text files that are used to store information when visiting websites and are stored on the website visitor's computer. The legal basis for cookies, which are absolutely necessary for the proper operation of our website (e.g. shopping cart cookie), is § 165 (3) S 3 TKG 2021. Cookies that are not necessary for the function of our website (e.g. analysis or marketing cookies) are deactivated and will only be activated by your consent in accordance with Art 6 (1) lit. a GDPR in our cookie banner ("Accept"). By clicking on "Settings" you can activate or deactivate individual cookies or cookie groups. If you restrict the use of cookies on our website, you may no longer be able to use all functions of our website to their full extent. You can find detailed information about the cookies used on our website in our cookie banner. Please find the cookie adjustment at the bottom of this page.

 

Change the cookie settings in your web browser

How the web browser you are using handles cookies, i.e. which cookies are allowed or rejected, can be determined in the settings of your web browser. You can delete cookies already stored on your computer / device yourself at any time. Where exactly these settings are located depends on the respective web browser. Detailed information on this can be called up using the help function of the respective web browser.

In addition, it is possible to generally object to cookies and similar tracking technologies using the services listed below by setting your individual preferences - which technologies you want to allow for usage and interest-based advertising:

 

2.3. Communication with us

Contact form and email

On our website, we offer you the option of contacting us by email and / or using a contact form. In this case, the information you provide will be processed for the purpose of processing your contact based on the legal basis of contract fulfilment in accordance with Art. 6 (1) lit. b GDPR. There is a legitimate interest on our part pursuant to Article 6 (1) lit.  f GDPR for the use of a contact form. The legitimate interest lies in offering our website visitors an opportunity to contact us that does not require them to call up their own e-mail client. There is no legal or contractual obligation to provide this personal data. Failure to provide it simply means that you do not submit your request and we cannot process it. The data will only be passed on to third parties if this is stated on the website or in this data protection declaration or is necessary for the fulfilment of the contract or if this is required by statutory provisions. We only save your data for as long as is expedient for processing your inquiries or for any queries you may have.

 

2.4. Online Shop (s) / Booking Portal (s)

For the purpose of providing contractual services as well as their payment and execution in the context of online purchases, bookings and prospectus orders, we process your personal master data, contract and payment data and communication data (IP address and server log files) on the basis of the legal bases of Art. 6 (1) lit. b GDPR (fulfilment of the contract) as well as Art. 6 (1) lit. c GDPR (legal obligation for invoicing and archiving).

We store this data as long as the purpose requires it, statutory provisions provide for this (retention period of invoices according to § 132 BAO for 7 years; voucher orders until the expiry of the redemption period for 30 years) or we store this data on the basis of the legal basis of Art. 6 (1) lit. f GDPR (legitimate interest) to defend against possible liability claims. If you cancel the order process, we will save the data to clarify possible problems during the order process for 14 days.

There is no legal or contractual obligation to provide personal data. Failure to provide them simply means that we cannot process your bookings / orders.

 

Capcorn online bookings, booking requests and brochure orders

For the processing of online bookings, brochure orders and inquiries, we process your personal data in order to be able to provide you with the booked services with the help of our service provider CapCorn Company Software GmbH (Flugplatzstraße 52/17, A-5700 Zell am See). For this purpose, we store and process inventory data, communication data, contract data, payment data of our customers, interested parties and other business partners. The processing takes place for the purpose of providing contractual services or for the fulfilment of pre-contractual services on the basis of the legal basis of Art. 6 (1) lit. b GDPR (booking processes, answering requests for quotations and sending brochures) as well as Art. 6 (1) lit. c GDPR (legally required retention periods of bookings or invoices). For this purpose, the data fields marked as required are required for the establishment and fulfilment of the contract. We disclose your personal data in the context of this data processing to third parties (hotel partners or other tourist service providers) on the basis of the legal basis of Art. 6 (1) lit. b GDPR (if it is necessary for the processing of a booking process), or on the basis of our legitimate interest according to Art. 6 (1) lit. f GDPR for the use of appropriate booking software. We have concluded a corresponding agreement with CapCorn Company Software GmbH in accordance with Art. 28 GDPR as a data processor, which ensures that your data is processed exclusively within the scope of our order. Further information on the data protection of CapCorn Company Software GmbH can be found at:  https://www.capcorn.at/CapCorn_Datenschutzrichtlinien_DE.pdf.

 

Woocommerce Webshop

To process the order/booking of merchandising items, we use the woocommerce system of the provider Automattic Inc (60 29th St, San Francisco, CA 94110, USA) as our data processor. For the processing of orders/bookings the following information is required: salutation, first and last name, address, e-mail address. We have concluded a corresponding agreement with Automattic Inc in accordance with Art.28 GDPR as a data processor, which ensures that your data is processed exclusively within the scope of our order. For more information about Automattic Inc's privacy policy, please visit: https://automattic.com/privacy/.

 

Sale of lift tickets

To process the order of season tickets, multi-day and day tickets in our online shop, we use the system of the service provider SKIDATA (SKIDATA Austria GmbH, Hochthronstraße 1–7, A-5083 Grödig/Salzburg) as our data processor. For orders in our online-shop we need salutation, first and last name, address, e-mail address, date of birth and a portrait photo. We have concluded a corresponding agreement with SKIDATA in accordance with Art. 28 GDPR as a data processor, which ensures that your data is processed exclusively within the scope of our order. Further information on Skidata's data protection can be found at: https://www.skidata.com/de-at/datenschutz/

 

External payment service providers

To pay for the order/processes bookings we use external payment service providers on the legal basis of Art. 6 (1) lit. b GDPR (fulfilment of the contract), via whose platforms you can make your payments. The payment data entered by you as part of the order (e.g. account numbers, credit card numbers including check digits, passwords / TANs, etc.) are processed exclusively by our payment service providers and are not visible to us. We only receive a confirmation of the payment made or information from our payment service providers that the payment could not be made. Further information on the data protection and terms and conditions of our payment service providers can be found at:

 

Datatrans AG, Kreuzbühlstrasse 26, CH-8008 Zürich.
Tel. +41 44 256 81 91
E-Mail: info@datatrans.ch
https://www.datatrans.ch/de/datenschutzbestimmungen/

 

hobex AG, Josef-Brandstätter-Straße 2b, A-5020 Salzburg
T +43 662 2255-0
E-Mail: office@hobex.at
https://www.hobex.at/en/privacy-policy

 

2.5. Email Newsletter

E-Mail Newsletter Mailchimp

We use the MailChimp service to register for our various newsletters (Infoletter, Snowletter) and to send out the “Snowletter” newsletter. The Braze service is used to send the newsletter “Infoletter”. Further information can be found in this data protection information under "E-Mail Newsletter Braze". The following lift companies are responsible for the further processing of data after registration for the Snowletter newsletter: Saalbacher Bergbahnen GmbH, Eberhartweg 308, 5753 Saalbach, saalbach@lift.at; Hinterglemmer Bergbahnen GmbH, Zwölferkogelweg 208, 5754 Hinterglemm, hinterglemm@lift.at; BBSH Bergbahnen Saalbach-Hinterglemm GmbH, Eberhartweg 308, 5753 Saalbach, bbsh@lift.at.

The legal basis for sending the newsletter is your consent according to Art. 6 (1) lit. a GDPR. The registration for our newsletter takes place in the so-called double opt-in procedure. This ensures that no one can log in with foreign e-mail addresses (e.g. with your email address). Your consent can be revoked at any time free of charge by clicking on the "unsubscribe link" at the end of each mailing. The legality of the data processing operations already carried out up to that point remains unaffected by the revocation. After unsubscribing from your email address, we will store it for a period of 3 years on the basis of our legitimate interest (Art. 6 (1) lit. f GDPR) in order to obtain your original consent to be able to prove if necessary. To send out our newsletter, we use "MailChimp", a service of Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. With the help of MailChimp we can analyze our newsletter campaigns. When opening an e-mail sent with MailChimp, a connection is established with the MailChimp servers. This allows us to determine whether a newsletter message has been opened and which links have been clicked on, if any. In addition, technical information such as the time of retrieval, the IP address, browser type and operating system of the recipient are registered. This information is used exclusively for the statistical analysis of our newsletter. The purpose of these analyses is to better adapt future newsletters to the interests of the recipients.  Mailchimp is a certified partner of the EU-US Data Privacy Framework. The legal basis for data transfers to the USA is thus an adequacy decision of the European Commission according Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. The legal basis for data transfers to the USA is the EU standard contractual clauses agreed with MailChimp in connection with our examination of the admissibility of these data transfers in the sense of a comprehensive risk assessment. We have concluded a data processing agreement in the meaning of Art. 28 GDPR with MailChimp (https://mailchimp.com/legal/data-processing-addendum/). Further information on the legality of MailChimp's data transfers to the USA and the special security measures taken for this purpose can be found at:  https://mailchimp.com/help/Mailchimp-european-data-transfers/. General data protection information of MailChimp can be found at:  https://www.intuit.com/privacy/statement/.

 

E-Mail-Newsletter Braze
The Braze service is used to send the newsletter “Infoletter”. The following mountain railway companies are responsible for the further processing of data after registration for the Snowletter newsletter: Saalbacher Bergbahnen GmbH, Eberhartweg 308, 5753 Saalbach, saalbach@lift.at; Hinterglemmer Bergbahnen GmbH, Zwölferkogelweg 208, 5754 Hinterglemm, hinterglemm@lift.at; BBSH Bergbahnen Saalbach-Hinterglemm GmbH, Eberhartweg 308, 5753 Saalbach, bbsh@lift.at; Leoganger Bergbahnen GmbH, Hütten 39, 5771 Leogang, info@leoganger-bergbahnen.at; Bergbahnen Fieberbrunn GmbH, Lindau 17, 6391 Fieberbrunn, office@bbf.at. The legal basis for sending the newsletter is your consent within the meaning of Sd. Art. 6 (1) lit. a GDPR. Registration for our newsletter takes place in the so-called double opt-in procedure. This ensures that no one can log in with someone else's email address (e.g. with your email address). Your consent can be revoked at any time free of charge by clicking on the "Unsubscribe link" at the end of each mailing. The lawfulness of the data processing operations that have already taken place up to that point remains unaffected by the revocation. After delisting your e-mail address, we will store it for 3 years on the basis of our legitimate interest (Art. 6 (1) lit. f GDPR) in order to prove your original consent, if necessary. To send out our newsletter, we use "Braze", a service of Braze Inc. (330 W 34th St 18th floor, New York, NY 10001, USA). With the help of Braze, we can analyse our newsletter campaigns. When an email sent with Braze is opened, a connection is established with Braze's servers. This allows us to determine whether a newsletter message has been opened and which links have been clicked, if any. In addition, technical information such as the time of access, the IP address, browser type and operating system of the recipient are registered. This information is used exclusively for the statistical analysis of our newsletter. The purpose of these analyses is to better tailor future newsletters to the interests of the recipients. Braze is a certified partner of the EU-US Data Privacy Framework. The legal basis for data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. Art. 45 (3) GDPR, with which the European Commission certifies an adequate level of data protection in the USA. General privacy information of Braze can be found at: https://www.braze.com/company/legal/privacy/.

 

2.6. Digital Information Services / Registration

 

Registration MY CIRCUS

In principle, registration is not required for the use of our website. However, after registration, users of this website have access to their personal, protected customer area ("My Circus"), in which they can view and manage bookings and ticket purchases and make our information (newsletter, presentation of our website, etc.) even more personal for them according to their interests. The interests stated by users in this customer area as well as the interests assumed by the user's behavior (viewing certain content on "My Circus") are determined by the companies referred to in this privacy policy as "joint controllers" as well as by our partners and joint controllers within the meaning Art. 26 GDPR, the Tourist Office Pillerseetal (Dorfplatz 1, A-6391 Fieberbrunn, Tel. +43 5354 56304, www.pillerseetal.at, info@pillerseetal.at) and Saalfelden Leogang Touristik GmbH (Mittergasse 21a, 5760 Saalfelden T +43 6582 70660, www.saalfelden-leogang.com, info@saalfelden-leogang.at) to display personalized content to users on this and the websites of these partners. The legal basis for the fact that the entered personal data (title, first name, last name, country, language, date of birth, e-mail address, password, interests, newsletter subscriptions and purchase data) as well as interest profiles accepted through the use are stored by us and the partners named here and processed for the provision of the additional content is the consent of the users in the course of registration in accordance with Art. 6 (1) lit. a GDPR. There is no legal or contractual obligation to provide this personal data. Failure to provide this information only means that users of our website will not be able to use this individual customer area. The personal data of registered users will be stored for the duration of the registration and for a maximum of 3 years thereafter, in the case of online purchases for a maximum of 10 years and then deleted. The purpose of further storage after completion of the registration is to be able to identify the person responsible in the event of any legal violations. It is therefore in our legitimate interest in accordance with Art. 6 (1) lit. f GDPR. The consent to our newsletters can be revoked free of charge each time our newsletters are sent by clicking on "unsubscribe", or the settings can be changed at any time in the customer account. In order to prevent unauthorized access by third parties to your personal data, the data transmission of the data processed on "My Circus" to us and our partners is encrypted.

 

2.7. Web Analysis - Statistical Analyses of our Website

Google Tag Manager

We use the service of the provider Google Ireland Limited ("Google") (Gordon House, Barrow Street, Dublin 4, Ireland) to be able to manage website tags via a common tool of Google.  The Google Tag Manager tool itself (which implements the tags) is a domain that does not set cookies and does not collect any other personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it will remain in place for all tracking tags  implemented with Google Tag Manager.  Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least a case-by-case) data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. Further information on Google's data protection   can be found at: https://policies.google.com/privacy?hl=en-GB.

 

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited ("Google") (Gordon House, Barrow Street, Dublin 4, Ireland). The legal basis for the use of this service is your consent in accordance with Art. 6 (1) lit a GDPR. Google Analytics uses cookies that are stored on the website visitor's computer and that enable an analysis of the use of our website by the site visitor. The information generated by the cookie about your use of our website is usually stored on European servers and only in exceptional cases transmitted to a Google server in the USA and stored there. We use Google Analytics with activated IP anonymization. This means that your IP address is usually shortened by Google within the European Union and only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.  Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least a case-by-case) data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. The IP address transmitted by the corresponding browser as part of Google Analytics will not be merged with other Google data. On our behalf, Google will use the resulting information to evaluate the use of the website in order to compile reports on website activity. The collection by Google Analytics can be prevented by the site visitor adjusting the cookie settings for this website. The collection and storage of the IP address and the data generated by cookies can also be objected to at any time with effect for the future. The corresponding browser plugin can be downloaded and installed under the following link:  https://tools.google.com/dlpage/gaoptout. Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy (https://policies.google.com/privacy) as well as in the settings for the presentation of advertisements by Google (https://adssettings.google.com/authenticated). Learn more about how Google uses personal data: https://business.safety.google/privacy/.

 

Google Ads Conversion Tracking

Our website uses the service "GoogleAds Conversion Tracking" of the provider Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland). When we place advertising ads on Google, we use so-called conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking (storage period 30 days). This is how we recognize that you clicked on one of our ads and were redirected to our website. However, we do not receive any personal information, but only learn the total number of users who clicked on one of our ads and were redirected to our page with a conversion tracking tag. We use Google Ads Conversion Tracking on the legal basis of your consent (settings via our cookie banner) in accordance with Art. 6 (1) lit. a GDPR. Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least a case-by-case) data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy (https://policies.google.com/privacy) as well as in the settings for the presentation of advertisements by Google (https://adssettings.google.com/authenticated). Learn more about how Google uses personal data: https://business.safety.google/privacy/.

 

2.8. Webmarketing

Google Remarketing

On the legal basis of your consent pursuant to Art. 6 (1) lit. a GDPR, our website uses the functions of "Google Analytics Remarketing" in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland). This feature makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC). If you have given your consent, Google will link your web and app browsing history to your Google Account for this purpose. In this way, the same personalized advertising messages can be displayed on every device on which you sign in with your Google Account. To support this feature, Google Analytics collects Google-authenticated user IDs, which are temporarily linked to our Google Analytics data to define and create audiences for cross-device advertising. Cookies are deleted after 1 year. Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least case-by-case) data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection.  You can permanently object to cross-device remarketing/targeting by deactivating personalized advertising in your Google Account; follow this link: https://www.google.com/settings/ads/onweb/. The summary of the collected data in your Google Account takes place exclusively on the basis of your consent, which you can give or revoke with Google (Art. 6 (1) lit. a GDPR). Further information on Google's data protection can be found at:  https://www.google.com/policies/privacy/. Learn more about how Google uses personal data: https://business.safety.google/privacy/.

 

Facebook Pixel

In order to place target group-directed advertisements on Facebook and to be able to track the actions of users after they have seen or clicked on a Facebook advertisement, we use the Facebook pixel of Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).  This allows us to display and evaluate or optimize our Facebook advertisements on Facebook that is of interest to you on Facebook with the data collected anonymously for us (we do not see any personal data of individual users, but only the overall effect). Storage period max. 12 months. According to their data protection information, Facebook links this data to the Facebook account of Facebook users and can thus display content that corresponds to their interests. Meta is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least case-by-case) data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. For specific information about how the Facebook pixel works, see the Facebook Help Center at:  https://de-de.facebook.com/business/help/651294705016616. You can make settings regarding usage-based advertising on Facebook yourself in your Facebook account:  https://www.facebook.com/settings?tab=ads. Further information can be found in Facebook's privacy policy at:  https://www.facebook.com/privacy/explanation.

 

Pinterest Tag (Pinterest Conversion Tracking)

In order to optimize our Pinterest campaigns and to measure their conversion (effectiveness), we set the Pinterest Tag (Pinterest Conversion Tracking Pixel) of Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) on the legal basis of Art. 6 (1) lit. a GDPR (consent). This allows us to display advertisements of interest to our website visitors, who are also Pinterest members, on Pinterest. It also allows us to track the actions of Pinterest members after they have seen or clicked on one of our Pinterest ads (Storage period max. 12 months). The following personal data is processed: information about the type of hardware and operating system used, its IP address, the time of access to our website, the type and content of the advertisements we place and the reaction to our advertisements.  These data are anonymous to us and do not allow us to draw any conclusions about the identity of the respective user. Pinterest may, according to its own information, connect this data to your Pinterest account and also use it for its own advertising purposes. We process this data with Pinterest Europe as "Joint Controller" and have concluded an agreement with Pinterest Europe in accordance with Article 26 GDPR (JCA – Joint Controller Agreement), which obliges all partners to provide you with the corresponding information about this joint processing within the meaning of Articles 12 to 14 GDPR, to ensure appropriate protection of this data and to enable you to exercise your rights as a data subject within the meaning of the Art. 15-21 GDPR. We have agreed with Pinterest Europe that Pinterest Europe is responsible for asserting data subject rights pursuant to Articles 15-20 GDPR with regard to the personal data processed / stored by Pinterest Europe in the context of joint processing. If personal data is processed by Pinterest Europe in the context of joint processing on the legal basis of legitimate interest (Art. 6 (1) lit. f GDPR), you are entitled to the right to object acc.  Art. 21 GDPR. A possible transfer of data to certain members of the Pinterest family of companies and to third parties in countries without an adequate level of protection is based on the EU standard contractual clauses. Further information on exercising your rights as a data subject and general information on data protection at Pinterest Europe Ltd. can be found at: https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea. Information on the individual setting of the data collected by Pinterest can be found at: https://help.pinterest.com/de/article/personalization-and-data.


Microsoft Advertising

On the legal basis of your consent pursuant to Art. 6 (1) lit. a GDPR, our website uses the functions of Universal Event Tracking (UET) from Microsoft Advertising (formerly Bing Ads) of Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA). Via UET, Microsoft stores a cookie in the browser of website visitors in order to enable an analysis of the use of the website, provided that the user has reached our website via an advertisement from Microsoft Advertising. This allows Microsoft and us to recognize whether a website visitor has previously clicked on an ad and was redirected to our website as a result. No IP addresses are stored. No other personal information about the identity of website visitors is stored. Microsoft is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least on a case-by-case) basis for data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. You can prevent the collection of data generated by the cookie and related to your use of the website and the processing of this data by Microsoft by using the opt-out option under the following link: https://account.microsoft.com/privacy/ad-settings/signedout?lang=de-DE. Further information on data protection by Microsoft and Bing Ads can be found at: https://privacy.microsoft.com/de-de/privacystatement.

 

TikTok Analytics
In order to be able to track actions of TikTok users on our website after they have seen or clicked on one of our TikTok ads or messages, or to place target group-directed advertisements on TikTok, we use within our website TikTok Pixel of the Chinese social media platform TikTok on the legal basis of your consent in accordance with Art. 6 (1) lit. a GDPR. The company responsible for data processing in the EU or the European area is TikTok Technology Ltd. (10 Earlsfort Terrace, Dublin, D02 T380, Ireland). This allows us to display and evaluate or optimize our advertisements on the TikTok platform. So we will only show you ads that are of interest to you on TikTok with help of the data collected on our website anonymously for us in this way (we do not see any personal data of individual users, but only the overall effect). We have no influence on the further processing of your personal data by TikTok. Since TikTok (at least partially) processes personal data outside the EU in unsafe third countries, we have agreed the EU Standard Contractual Clauses with TikTok. Further information on the processing of personal data by TikTok can be found at: https://www.tiktok.com/legal/privacy-policy-eea?lang=en.  You can contact TikTok's Data Protection Officer at the following link: https://www.tiktok.com/legal/report/DPO.


Outbrain
In order to inform visitors to our website on other platforms of interesting content on our website, we use the widget or service "Outbrain" of the provider Outbrain UK Ltd. (175 High Holborn, London WC1V 7AA, England) on our website. In order to be able to display this interest-based content, Outbrain uses cookies that are stored on the end device or in the browser of the website visitor. Outbrain also collects the device source, the browser type, as well as the IP address of the website visitor (according to its own information in anonymous (shortened) form). Outbrain can also identify website visitors (when visiting a website in which Outbrain is implemented) with the so-called Unique Identifier (UUID) and thus create user profiles that identify the interests of website visitors. We use Outbrain on our website on the legal basis for your consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke this consent at any time free of charge through your settings in our cookie banner. The legality of the data processing operations already carried out up to that point remains unaffected by the revocation. You can view your profile at Outbrain under the link https://my.outbrain.com/recommendations-settings/home and generally prevent tracking for the display of interest-based content by Outbrain by selecting the opt-out under this link. For more information on Outbrain's processing of personal data, please visit: https://www.outbrain.com/privacy/de/. In principle, the European Commission has certified that the United Kingdom has a level of protection that is essentially equivalent to that enjoyed in the European Union. The legal basis for the transfer of data to Great Britain is therefore Art. 45 GDPR. Since Outbrain may (at least partially) process personal data in the USA, we have agreed the EU Standard Contractual Clauses with Outbrain. The legal basis for a possible data transfer to the USA is your consent acc. Art. 49 (1) lit. a GDPR. Further information can be found in this data protection information under the point "Transfers to third countries".


Teads Retargeting Pixel
In order to display interest-based ads to visitors to our website on other platforms, we use the Teads Retargeting Pixel of the provider Teads SA (rue de la Boucherie 5, L-1247 Luxembourg) on our website. In order to be able to display this interest-based content, Teads uses a pixel that is stored on the website visitor's device or browser. Teads also collects the device source, the browser type, as well as the IP address of the website visitor. Teads can also identify website visitors (when visiting a website in which Teads is implemented) with the so-called Unique Identifier (UUID) and thus create user profiles that identify the interests of website visitors. We use Teads on our website on the legal basis for your consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke this consent at any time free of charge through your settings in our cookie banner. The legality of the data processing operations already carried out up to that point remains unaffected by the revocation. You can view your profile at Teads under the link https://www.teads.com/privacy-policy/#deactivate and generally prevent tracking for the display of interest-based content by Teads by selecting the opt-out under this link. Further information on the processing of personal data by Teads can be found at: https://www.teads.com/privacy-policy/. Since Teads may also process (at least partially) personal data in the USA, we have agreed the EU Standard Contractual Clauses with Teads. The legal basis for a possible data transfer to the USA is your consent acc.  Kind.  49 (1) lit. a GDPR. Further information can be found in this data protection information under the item "Transfers to third countries".

 

Criteo Retargeting
In order to draw the attention of visitors of other platforms to our website, we use the retargeting function of the provider Criteo SA (32 Rue Blanche, 75009 Paris, France) on our website, in order to create user profiles based on surfing behavior, that identify the interests of our website visitors. In order to be able to display this interest-based content on third-party platforms, Criteo uses cookies, that are stored on the device or browser of the website visitor. Depending on the online environment in which users operate, Criteo associates this data with a unique identifier, such as an identification cookie or other similar technology (e.g., mobile advertising IDs and non-cookie-based technologies) in order to show them relevant content/advertising. Criteo also collects, according to its own statements, inter alia the device type, the operating system, the browser type, as well as the IP address of the website visitor.   According to its own statements, Criteo stores personal data for a maximum of 13 months from the date of collection. The same duration applies to cookies placed by Criteo in your web browsers. Further information on the processing of your personal data by Criteo can be found at: https://www.criteo.com/privacy/how-we-use-your-data/. We use Criteo on our website on legal basis of your consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke this consent at any time free of charge through your settings in our cookie banner. The legality of the data processing operations already carried out until then remains unaffected by the revocation. Under the link https://www.criteo.com/privacy/ you can also generally prevent tracking for the display of interest-based content by Criteo on the browser you are using by selecting the opt-out under this link. We process the above-mentioned personal data with Criteo as "joint controllers" and have concluded an agreement with Criteo pursuant to Article 26 GDPR within the framework of a Data Protection Agreement, which obliges both partners among other things, to provide you with the relevant information about this joint processing within the meaning of the Art. 12 to 14 GDPR, to ensure appropriate protection of this data and to enable you to exercise your rights as a data subject according  the Art. 15-21 GDPR. To exercise your rights as a data subject, you can contact us or Criteo directly. Both partners will forward your request to the other partner if necessary. Further general information on Criteo's data protection can be found at: https://www.criteo.com/de/privacy/.


Microsoft Clarity

This website uses functions of the web analysis service Microsoft Clarity. The provider of this service is Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA). The legal basis for the use of this service is your consent pursuant to Art. 6 (1) lit a GDPR. We use Microsoft Clarity to analyze our website usage (reach measurement, recognition of returning users), to be able to display content of interest to our website visitors on third-party platforms (cross-device tracking / remarketing) and for conversion measurement (measurement of the effectiveness of our marketing activities on third-party platforms). The user analysis takes place on the basis of a pseudonymous user ID and thus on the basis of pseudonymous data. In doing so, we process usage data in pseudonymised form (when did you visit which pages of our website, mouse movements, scrolling movements), meta or communication data (your IP address, data about the device you are using) and location data (approximately where you were at the time of visiting our website). Through appropriate settings, we have ensured that data collection by Microsoft is already pseudonymous through so-called IP masking (shortening your IP address). Microsoft is a certified partner of the EU-US Data Privacy Framework. The legal basis for data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. You can generally prevent the collection of data relating to your use of the website and the processing of this data by Microsoft by using the opt-out option under the following link: https://account.microsoft.com/privacy/ad-settings/signedout?lang=de-DE. Further information on Microsoft's data protection can be found at: https://privacy.microsoft.com/de-de/privacystatement.
 

 

2.10. Integration of other Third-Party Services and Content

We integrate content or functions of third parties within our website. This always presupposes that the providers of this content or functions perceive the IP address of the users. Without the IP address, they would not be able to send the content to the browser of the respective user. The IP address is therefore required for the presentation of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. However, we have no influence on whether the third-party providers store the IP address, e.g. for statistical purposes. The legal basis for the use of these services, insofar as they are necessary for the functioning of our website, is our legitimate interest in accordance with Art. 6 (1) lit. f GDPR, otherwise your consent according to Art. 6 (1) lit a GDPR. Information on the purpose and scope of the further processing and use of the data by the providers of the embedded services/content as well as further information within the meaning of the Art. 13 and 14 GDPR can be found under the information links listed below. The following services/content are embedded in our website:

 

Google Maps

Our website uses the Google Maps service of the provider Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland). This function makes it possible to display corresponding map material within our website. Your IP address as well as information about the browser version and language settings are transmitted to the servers of Google Ireland Ltd. According to Google's own information, the data is stored by Google for 1 year. There is a legitimate interest on our part within the meaning of the Art. 6 (1) lit. f GDPR for the use of Google Maps. Our legitimate interest lies in an appealing presentation of our online offer or the geographical presentation of the offers of our region. However, we only use Google Maps if you have given your consent. The legal basis for the processing of your data is therefore your consent in accordance with Art. 6 (1) lit. a GDPR. Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least case-by-case) data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection.  For more information about Google's privacy policy, please visit:  https://policies.google.com/privacy. Learn more about how Google uses personal data: https://business.safety.google/privacy/.

 

Outdoor Active

We use for the cartographic representation of tours (e.g. hiking tours, ski tours, bicycle and bike tours, etc.) the service "Outdoor Active" of Outdooractive GmbH & Co. KG (Missener Straße 18, D-87509 Immenstadt). For this purpose, the map material is loaded from the Server of Outdoor Active. The following data is transmitted to Outdoor Active:  the visited page of our website, the IP address of your device, content of the request, location data, operating system as well as language and version of the browser software. Outdoor Active uses cookies for the evaluation of your request, which are stored on your browser. The legal basis for the processing of your data is Art. 6 (1) lit. f GDPR (legitimate interest). Our legitimate interest consists in an appealing presentation of our online offer or the geographical presentation of the offers of our region. In the case of location data from mobile devices, the legal basis is your consent under Art. 6 (1) lit. a GDPR by releasing the transfer of location data on your mobile device.  Further information on Outdoor Active's data protection can be found at: https://corporate.outdooractive.com/en/privacy-policy/?noredirect=en_US.

 

Google reCAPTCHA

To protect your orders via website form, this website uses the reCAPTCHA service of Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland). The query carried out serves to distinguish whether the input is made by a human or abusively by automated, machine processing. By activating IP anonymisation on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google ReCAPTCHA will not be merged with other Google data. In principle, we have a legitimate interest within the meaning of Art. Art. 6 (1) lit. f GDPR for the use of Google ReCAPTCHA. Our legitimate interest lies in protecting our website from spam software. However, we only use Google ReCAPTCHA if you have consented to this. The legal basis for the processing of your data is therefore your consent in accordance with Art. 6 (1) lit. a GDPR. Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least occasional) data transfers to the USA is therefore an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR. Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection.  For more information about Google's privacy policy, please visit: https://policies.google.com/privacy. Learn more about how Google uses personal data: https://business.safety.google/privacy/.

 

YouTube

We integrate videos from the platform "YouTube" of the provider Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland) in extended data protection mode. The implementation takes place on the legal basis of Art. 6 (1) lit. f GDPR, whereby our interest lies in the smooth integration of the videos and the thus appealing design of our website. However, we only use YouTube if you have given your consent. The legal basis for the processing of your data is therefore your consent in accordance with Art. 6 (1) lit. a GDPR, which you can revoke at any time for the future.  When you visit a page in which we have embedded a YouTube video, a connection to the Google servers is established and the content is displayed on the website by notifying your browser. According to Google's information, in the extended data protection mode, your data (in particular which of our websites you have visited) as well as device-specific information including the IP address will only be transmitted to the YouTube server when you watch the video. Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least case-by-case) data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. If you are logged in to Google at the same time, this information will be assigned to your Google member account. You can prevent this by logging out of your member account before visiting our website or by making individual settings in your Google account under the following link: https://adssettings.google.com/authenticated. Further information on YouTube's privacy policy can be found at:  https://www.google.com/policies/privacy/. Learn more about how Google uses personal data: https://business.safety.google/privacy/.

 

Wordlift
Our website uses the WordLift plugin to analyse the content and to display metadata in the source code of our website for search engines on the basis of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR. Our legitimate interest lies in a better ranking of our website on various search engines. The WordLift plugin is a service of the provider WordLift s.r.l (Via Giulia117, 00186 Rome, Italy). The application does not collect any personal data, the IP address of your browser is not stored by WordLift. For more information on WordLift's privacy policy, please visit : https://wordlift.io/gdpr/ or https://wordlift.io/privacy-policy/.

 

Spotify

We have integrated music from the platform "Spotify" of the provider Spotify AB (Regeringsgatan 19, SE-111 53 Stockholm, Sweden) on our website. Clicking on a piece of the playlist establishes a direct connection between your browser and the Spotify server.  Spotify receives the information that you have visited our website with your IP address. If you click on the "Like" or "Share" button while logged in to your Spotify cookie, you can share the contents of our site via social media, which allows Spotify to associate your visit to our website with your user account. If you want to prevent this, log out of your Spotify user account before activating content from our SoundCloud playlist. The further processing of your personal data is the responsibility of Spotify AB. Further information on Spotify's data privacy policy can be found at: https://www.spotify.com/de/legal/privacy-policy/.

 

GeoSphere Austria weather forecast
We integrate weather forecast data from the provider GeoSphere Austria (Hohe Warte 38, A-1190 Vienna) into our website. The implementation takes place on the basis of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR, whereby our interest lies in information about weather forecasts for our region within our website. When you visit a page in which we have embedded GeoSphere Austria weather data, a connection to the GeoSphere Austria servers is established and the content is displayed on the website by notifying your browser. For this purpose, it is necessary that your IP address including some browser information (browser type, browser version, etc.) including information about when you accessed these pages is transmitted to the GeoSphere Austria server. Further information on GeoSphere Austria´s data protection can be found at: https://www.zamg.ac.at/cms/de/topmenu/datenschutz.

 

Webcams (feratel)
For the current presentation of the weather in our region, we integrate webcams of feratel media technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck) into our website. The implementation takes place on the basis of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR, whereby our interest lies in information on the current weather in our region within our website. When you visit a page in which we have embedded webcams, a connection to the servers of the providers is established and the content is displayed on the website by notifying your browser. For this purpose, it is necessary that your IP address including some browser information (browser type, browser version, etc.) including information about when you accessed these pages is transmitted to the servers of the providers. Further information on the privacy policy of feratel media technologies AG can be found at: https://www.feratel.com/datenschutz.html.


Webcams (Panomax)
For the current presentation of the weather in our region, we integrate webcams from our service provider Panomax GmbH (Landesstraße 23, A-5302 Henndorf a. W.) into our website. The implementation takes place on the basis of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR, whereby our interest lies in information on the current weather in our region within our website. When you visit a page in which we have embedded webcams, a connection to the servers of the providers is established and the content is displayed on the website by notifying your browser. For this purpose, it is necessary that your IP address including some browser information (browser type, browser version, etc.) including information about when you accessed these pages is transmitted to the servers of the providers. Further information on Panomax's privacy policy can be found at: https://www.panomax.com/datenschutz.html.

 

Social Media Aggregator walls.io
In order to display social media content relevant to us (e.g. posts by Instagram or Facebook users about us), we integrate the online tool "walls.io" from the provider Walls.io GmbH (Schönbrunnerstraße 213/215, A-1120 Wien) into our website. The implementation is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR, whereby our interest is to provide our website visitors with an overview of interesting contributions from other social media accounts about us. When you visit a page in which we have embedded walls.io, a connection to the walls.io servers is established and the content is displayed on the website by notifying your browser. For this purpose, it is necessary that your IP address together with some browser information (browser type, browser version, etc.) as well as information about when you accessed these pages is transmitted to the walls.io server. Further information on walls.io´s data protection can be found at: https://walls.io/privacy

 

3. OTHER DATA PROCESSING IN BUSINESS AND CUSTOMER CONTACT

 

In this section we inform you about other data processing processes outside our website.

 

3.1. Job Applications

The contact data and application documents transmitted to us in the course of a job application will be processed by us exclusively internally for the purpose of selecting suitable candidates for an employment relationship. There is no legal or contractual obligation to provide the personal data. Failure to do so will only result in you not submitting your request and we will not be able to process it. The personal data transmitted in this way will be stored by us in accordance with the statutory provisions for a maximum of 6 months, in the case of the explicit consent of the applicant to keep the documents in evidence, for a maximum of 2 years.

 

3.2. Online Presence in Social-Media

In addition to our website, we maintain online presences within social networks and platforms. The legal basis for using these services is our legitimate interest in accordance with Art. 6 (1) lit. f GDPR. Our legitimate interest lies in communicating with the customers and business partners there and in being able to inform them about our services on these networks. When accessing the respective networks and platforms, the terms and conditions and the privacy policies of the respective operators of these networks apply. Further information on the processing of your personal data by the respective providers of these services (which personal data is processed for which purposes on the basis of which legal basis, how long this data is stored by the respective provider and, if applicable, how long this data is stored by the respective provider). Information on profiling and third-country transfers) can be found below in the descriptions of the individual services or via the information links listed there.


Facebook Fanpage
We operate a Facebook fan page on the "Facebook" platform of the company Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). The legal basis for the processing of the personal data associated with this is our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. Our legitimate interest is to provide customers and potential new customers with information about us and our offers via this information channel. We would like to point out that you use this Facebook page and its functions at your own risk. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). When you visit our Facebook page, Facebook collects, among other things: Your IP address and other information collected in the form of cookies or other tracking technologies. The data collected about you in this context will be processed by Facebook and may be (at least partially) transferred to the USA. Facebook / Meta is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least on a case-by-case basis) data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR, with which the European Commission certifies an adequate level of data protection in the USA. In a decision, the ECJ found that "Facebook" and the operator of a Facebook fan page are responsible for this personal data as joint controllers within the meaning of Art. 26 GDPR. Facebook provides the contract for joint data processing at the following link: https://www.facebook.com/legal/terms/page_controller_addendum. We, as the site operator of our fan page, have no influence on the specific contents of the agreement. What information Facebook receives and how it is used (how Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users in order to individualize content or advertising, how long Facebook stores this data, whether data from a visit to the Facebook page is passed on to third parties, and much more), describes Facebook in general terms in its data usage policy. There you will also find information about how to contact Facebook and how to set up advertisements. The Privacy Policy is available at the following link: https://www.facebook.com/privacy/policy/. As a fan page operator, we do not receive any additional (not publicly visible) information about individual Facebook users from Facebook's analyses, but only statistically processed information (e.g. total number of page views, page activity, post reach, etc.) that helps us to make our posts more attractive.


Instagram
Instagram is an online service for sharing photos and videos. We have a profile (account) on Instagram. The provider is Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). For more information on the processing of your personal data through the use of Instagram and how to contact us, please visit: https://privacycenter.instagram.com/policy/


Pinterest
Pinterest is a mixture of social network and search engine whose focus is on visual content, i.e. images and videos. We use this service to generate interest in other of our content on the Internet (especially our website) with so-called PINs. The provider of this service is Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland). For more information on the processing of your personal data through the use of Pinterest and how to contact us, please visit: https://policy.pinterest.com/de/terms-of-service.


Tiktok
TikTok is a video portal for short videos that also offers functions of a social network. We use this service to generate interest in our offers with short videos. The provider is TikTok Technology Ltd. (10 Earlsfort Terrace, Dublin, D02 T380, Ireland). For more information on the processing of your personal data through the use of Pinterest and how to contact us, please visit: https://www.tiktok.com/legal/privacy-policy-eea?lang=de.


X (Twitter)
We use the short message service X (Twitter). The provider is X Corp. (1355 Market Street, Suite 900, San Francisco, CA 94103, USA). If you live in the European Union, EFTA countries or the United Kingdom, the controller of your personal data is Twitter International Unlimited Company (One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland). For more information on the processing of your personal data through the use of X and how to contact us, please visit: https://x.com/de/privacy.


LinkedIn
In order to stay in contact primarily with business partners, we use the web-based social network service LinkedIn. The provider is LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland). For more information on the processing of your personal data through the use of LinkedIn and how to contact us, please visit: https://de.linkedin.com/legal/privacy-policy.


YouTube
We use a YouTube channel via the video portal "YouTube" to publish our videos. The service is provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). For more information on the processing of your personal data through the use of YouTube and how to contact us, please visit: https://www.google.com/policies/privacy/.


Vimeo
We use a Vimeo channel via the video portal "Vimeo" to publish our videos. The provider of the service is Vimeo Inc. (555 West 18th Street, New York 10011, USA). For more information on the processing of your personal data through the use of Vimeo and how to contact us, please visit: https://vimeo.com/privacy.

 

3.3. Sweepstakes

Your personal data provided for participation in our competitions (e-mail address, name, address) will be used by us exclusively to identify a winner, inform him of the prize and send him prizes. Your data will not be passed on to third parties. The legal basis for the processing of your personal data is the fulfilment of the contract in accordance with Article 6 (1) lit. b GDPR. There is no legal or contractual obligation to provide the personal data. Failure to provide the data will only result in you not being able to participate in the competition. Your data will be stored for the duration of the competition and – for the processing of any prizes and claims for damages – for a maximum of 3 years thereafter and then deleted. By participating, you also agree that your name will be published on our website as well as on our public social media channels in the event of winning.

 

3.4.  Photo/Video documentation at events

In the case of events, it may happen that we create photos and videos of these events or have them created by photographers commissioned by us, on which you are recognizable as a participant of these events. We need these photos / videos to document and advertise our events and will therefore also publish them in our media (e.g., print brochures, website and social media) and make them available to other media owners (print and online) for the promotion of our event. There is no legal or contractual obligation on your part to provide this data.  The legal basis for the processing of your personal data (images and videos on which you are recognizable) is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Our legitimate interest lies in our right to public relations (presentation of our activities) and the promotion of our events.  You have the right to object to the processing.  Please address your objection to the e-mail address provided by us in this data protection declaration.  However, it can be assumed that our above-mentioned interest in the use of the photos does not unduly interfere with your rights as a person depicted. This is especially true because we create these photos / videos in public space and point out the production and use of the photos / videos in the run-up to each event. We also always make sure that no legitimate interests of persons depicted are violated.  If, for reasons particularly worthy of consideration, your personal rights and freedoms are violated by an image / video created by us, we will refrain from further processing / publication. Removal from print media that have already been circulated cannot take place. In this case, however, we will make a deletion on our website or in our social media channels.  We generally delete photos / videos of events if we no longer need these images to document and advertise these events.

 

3.5. Guest Card System

CapCorn guest card system

For the use of our regional guest card, we process your personal data (first name, last name, date of birth, period of stay and country of origin/postal code) with the help of our service provider CapCorn (CapCorn Company Software GmbH, Flugplatzstraße 52/17, A-5700 Zell am See) for the purpose of providing you with the advantages of the free card. Furthermore, it is necessary to store your usage data for the purpose of internal billing and to make it available to our service providers for the control of internal billing. The legal basis of the processing is your consent in accordance with Art. 6 (1) lit a GDPR, which you give us as part of your guest report in your accommodation establishment. You can revoke this consent at any time free of charge. Uses that have already been made remain unaffected for billing purposes. There is no legal or contractual obligation to provide the personal data. Failure to do so will only result in us not being able to provide you with the guest card.  We have concluded a corresponding data processing agreement with CapCorn in accordance with Art. 28 GDPR as a data processor, which ensures that your data is processed exclusively within the scope of our order. Further information on CapCorn's data protection can be found at:  https://www.capcorn.at/CapCorn_Datenschutzrichtlinien_DE.pdf

 

3.6. Registration for Events and Guest Programme

It is possible to register for events of different providers in our region in our information offices. For this purpose, we process your personal data (name, e-mail address and telephone number). This data will be processed by us on the basis of the legal basis of Art. 6 (1) lit. b GDPR (contract fulfilment/pre-contractual measures) and also passed on to the respective organizer. This data will be deleted or destroyed by us after the event.

 

3.7. Digital Information Services

Saalbach App

For the use of our Saalbach app, provided by our service provider INTERMAPS Software GmbH (Schönbrunner Straße 80/6, A-1050 Vienna), it is possible to install the app on a mobile phone or tablet. The purpose of data processing is the provision of maps, GPS tracking, support for orientation and navigation in our ski resorts as well as information on open lifts & slopes, weather, live webcams, events, snow heights and ski huts as well as other available offers. For this purpose, we process the following data: operating system and device type used (e.g. Android/IOS), the date and time of your access as well as your mobile user ID and geodata. The legal basis for this data processing is your consent in accordance with Art. 6 (1) lit a GDPR. You can revoke this consent at any time free of charge. The legality of the data processing operations already carried out up to that point remains unaffected by the revocation. There is no obligation to provide this data. If you do not want to provide this data, it only has the consequence that we cannot offer you this service, or not in full (e.g. geodata for the navigation function). We only store your data as long as this corresponds to the purpose or is necessary due to legal obligations on our part. We have concluded a corresponding agreement with the company INTERMAPS Software GmbH in accordance with Art. 28 GDPR as a processor, which ensures that your data is processed exclusively within the scope of our order. Further information on Intermaps' data protection can be found at: https://www.intermaps.com/de/Privacy.html.

 

4. OTHER DATA PROCESSING IN THE BUSINESS AND CUSTOMER CONTACT OF THE CABLE CAR COMPANIES

 

In the following, we describe data processing activities of the lift companies that are indicated in this privacy statement as jointly responsible parties under "Point 2. - Visiting this website" of this privacy statement.

 

Ski ticket shop - online purchase of cable car tickets
The company Elements collects the customer data in the ski ticket shop and these are stored for the validity of the lift ticket for the purpose of fraud prevention. To create the ticket, the personal data is transferred to the Skidata system. The legal basis for the data processing in this case is the fulfilment of the contract Art. 6 (1) lit. b DSGVO. We would like to point out that ticket purchasers who order tickets not only for themselves but also for other persons are themselves responsible for processing the personal data of these persons only with their consent. The address and a recent photograph are required for the purchase of season tickets. We would like to point out that the address will be automatically deleted after the expiry of the validity plus 1250 days, as well as the photo after the expiry of the validity plus 240 days, and the admissions will be anonymised. Due to the fixed "offset time", the season ticket holder can purchase a ticket again in the following year without having to redo his or her data and photo. In this regard, the guest receives a letter including an order form from the lifts before the new validity period. The data of the season ticket holder will be used exclusively for the lifts in the Skicircus Saalbach Hinterglemm Leogang Fieberbrunn and will not be passed on to third parties. The order forms, including credit card numbers if applicable, will be deleted or properly disposed of after three months at the latest.

 

Skidata - customer data for ski tickets (purchase online or at the ticket office)
Photos (taken at the cash desk) are required for ski passes valid for 9 days or more. These photos will be deleted after expiry. For the purchase of season tickets, the address and a current photo are required. We would like to point out that the address is automatically deleted after the expiry of the validity plus 1250 days, as well as the photo after the expiry of the validity plus 240 days, and the admissions are anonymised. Due to the fixed "offset time", the season ticket holder can purchase a ticket again in the following year without having to redo his or her data and photo. In this regard, the guest receives a letter including an order form from the lifts before the new validity period. The data of the season ticket holder will be used exclusively for the lifts in the Skicircus Saalbach Hinterglemm Leogang Fieberbrunn and will not be passed on to third parties. The order forms, including credit card numbers if applicable, will be deleted or properly disposed of after three months at the latest.

 

Group information
In order to receive special discounts for e.g. bus groups, children's and youth groups as well as school groups, it is necessary to present a list of participants, including dates of birth, at the time of purchase. These lists will be deleted or disposed of immediately after the respective season. Address data of the respective group leaders and the organisation/school will be used for marketing purposes.


Photocompare - Information according to §24 DSG 2000 
It is pointed out that for the purpose of access control, a reference photo of the ski pass holder is taken each day when passing through a turnstile equipped with a camera for the first and last time. This reference photo is compared by the staff of the lifts with the photos taken at each subsequent crossing of a turnstile equipped with a camera. 
These reference photos are stored for a maximum of 7 days and then deleted, the other photos are deleted at the latest 30 minutes after each person has passed through a turnstile. In case of suspicion (misuse), the photo can be saved manually.
Please note that it is also possible to purchase 1-day ski passes which are technically configured in such a way that no photo is taken when passing through the turnstile; in this case, however, random checks by the cable car staff must be expected.

 

Skiing accidents - reports 
The lift companies reserve the right to charge for the use of the piste rescue service. The information of the injured person (name, address, date of birth, accommodation, ski pass number, course of the accident, type of injury, accident site, transport, costs, piste & weather conditions, witness details;) will be stored for 3.5 years for the preparation of the invoice and for possible legal claims. 

 

Snapshot Stations
Snapshot stations are located on Kohlmais, Schattberg, Reiterkogel, Zwölferkogel and on the west summit. By triggering the snapshot camera, you agree that your photo will be stored on saalbach.com/snapshot for a fortnight, is freely accessible and can be downloaded.

 

Current version of the privacy policy of 18 September 2024

This cookie policy has been created and updated by CookieFirst.com. CookieFirst.com.