Data protection information pursuant to Art. 13 and 14 GDPR
- General
The protection of your personal data is of particular concern to us. We therefore process your data exclusively in a lawful manner on the basis of the statutory provisions (GDPR, DSG 2018, TKG 2021). In this data protection information, we inform you about the most important aspects of data processing - the type, scope and purposes of the collection and use of personal data - in the context of the use of our website and other services provided by our company.
-
- Person responsible for processing your data
Person responsible (within the meaning of Art. 4(7) GDPR) for the processing of your personal data (personal data within the meaning of Art. 4(1) GDPR):
Tourism Association Traunsee-Almtal
Toscanapark 1
4810 Gmunden
Phone: +43 7612 74451
E-Mail: info@traunsee-almtal.at
Data Protection Officer:
We take the protection of personal data seriously and have appointed an external data protection officer for this purpose. Our data protection officer is MMag. Martin Zeppezauer, Thurnbichlweg 50, A-6353 Going am Wilden Kaiser (www.zepedes.com). You can contact our data protection officer at the e-mail address martin@zepedes.com.
-
- Purposes, data categories and legal bases for the processing of personal data
Purposes of processing
The purposes of processing your personal data generally result from our business activities as a tourism organization: providing our online offers, processing customer inquiries / orders / bookings, accounting, communication with business partners and customers. Detailed information on the purposes of processing and, if applicable, further processing for other compatible purposes as well as the categories of data processed can be found in the detailed descriptions of the individual data processing processes.
General categories of data
- Personal master data (e.g. name, date of birth and age, address)
- Contact data (e.g. e-mail address, telephone number, fax number)
- Communication data (time and content of communication)
- Order or booking data (e.g. goods ordered or services commissioned and invoice data such as performance period, method of payment, invoice date, tax identification number, etc.)
- Payment data (e.g. account number, credit card data)
- Contract data (contents of contracts of any kind)
- Web usage data (e.g. server data, log files and cookies)
Special categories of data ("sensitive data") pursuant to Art. 9 GDPR
- Health data (only if you have provided us with this data with your express consent to process your order (e.g. arranging a hotel specialising in guests with food intolerances or allergies))
Legal basis for processing
In principle, there is no obligation to provide the data for the data processing described in this privacy policy. The only consequence of not providing this data is that we will not be able to offer these services. The legal basis for the processing of your personal data required to fulfil a contract with you or an order you have placed with us is Art. 6 (1) lit. b GDPR. Insofar as the processing of personal data is necessary to fulfil a legal obligation on our part (accounting obligation, bookkeeping obligation or other legal documentation obligations), Art. 6 (1) lit. c GDPR serves as the legal basis. If the data is processed in your own vital interest, the legal basis for data processing is Art. 6 (1) lit. d GDPR. If we process your data to fulfil a task assigned to us in the public interest ("sovereign action"), the legal basis is Art. 6 (1) lit. e GDPR. If the processing is necessary to safeguard a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh our interests, Art. 6 (1) lit. f GDPR ("legitimate interest") serves as the legal basis for the processing. In this case, we will also inform you of our legitimate interests. If we have no other legal basis for the processing of personal data as explained above, we will ask you for your consent to data processing, which in these cases is based on Art. 6 (1) lit. a GDPR or, in the case of the processing of sensitive data, on Art. 9 (2) lit. a GDPR as the legal basis. You can withdraw this consent at any time free of charge without affecting the lawfulness of processing based on consent before its withdrawal.
-
- Data transfer to processors and third parties
We process your personal data with the support of processors who support us in the provision of our services. These processors are bound by a corresponding agreement within the meaning of Art. Art. 28 GDPR with us to strictly protect your personal data and may not process your personal data for any purpose other than to provide our services. You can find out which processors are involved in the detailed descriptions of the individual data processing processes.
Your personal data is passed on to companies other than our processors to typical commercial service providers such as banks, tax consultants or auditors. Personal data is only transferred to state institutions and authorities within the framework of mandatory national legislation.
Depending on your order (e.g. bookings and enquiries), your personal data may also be transferred to hotel partners or other tourism service providers (members of our organisation) only to the extent necessary to fulfil your order. The personal data transmitted varies depending on the service.
-
- Transfers to third countries
In principle, we process your personal data within the EU. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of our processors or third parties, this will only take place if the requirements of Art. 44 et seq. GDPR for the transfer to third countries are met: i.e. on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU or in compliance with officially recognised contractual obligations, the so-called "EU standard contractual clauses". If we refer to the EU standard contractual clauses as the legal basis for the transfer of your personal data, we will also check the permissibility of this data transfer as part of a comprehensive risk assessment. If we come to a negative conclusion, we will not transfer this data to a third country without your express consent in accordance with Art. 49 (1) lit. a GDPR in conjunction with Art. 6 (1) lit. a GDPR.
Information about data transfers to the USA
The Google Tag Manager, Google Analytics, Google Ads Conversion Tracking, Google Remarketing, Google Fonts and YouTube services also transfer your data (at least occasionally) to the USA as a third country. Authorities or secret services in the USA can access your data without you having any legal recourse. The European Court of Justice has therefore established that there is no adequate level of data protection within the meaning of Art. 44 et seq. of the GDPR for data transfers from the EU to the USA. For this reason, the legal basis for the use of this service is your express consent in accordance with Art. 49 (1) lit. a GDPR.
-
- Data erasure and storage duration
Your personal data will be deleted by us as soon as the purpose for which we collected your data no longer applies. Data may also be stored if we continue to process the data for a purpose compatible with the original purpose. It may also be stored if this is provided for by laws, regulations or other provisions to which our company is subject.
-
- Data sources
We collect your personal data exclusively from you and do not use any other data sources.
-
- Profiling
We do not use any procedures for automated decision-making or profiling that have a legal effect on you or significantly affect you in a similar way. However, with your consent, we will use your usage data to get to know your interests better and thus be able to show you information of interest to you or make you customised offers or show you corresponding information on third-party websites or social media platforms.
-
- Safeguarding your data protection rights
In accordance with the GDPR, you have the right to information, correction, deletion and restriction of the processing of your personal data. If the legal basis for the processing of your personal data is your consent or a contract concluded with you, you also have the right to data portability. You have the right to withdraw any consent you may have given to the processing of your personal data. This does not affect the lawfulness of the processing of your personal data up to the time of revocation. You have the right to object to the processing of your personal data for the purpose of direct marketing. If you object, your personal data will no longer be processed for the purpose of direct marketing. A detailed explanation of these rights can be found here in Chapter III.
Right to complain
If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can lodge a complaint with the competent supervisory authority. In Austria, this is the data protection authority (Wickenburggasse 8, 1080 Vienna, e-mail: dsb@dsb.gv.at).
- Visit our website
In this section, we inform you how we process your personal data when you visit our website.
-
- Presentation of the website
Server data
For technical reasons, the following data, which your Internet browser transmits to us or to our web space provider, is collected on the legal basis of § 165 (3) S 3 TKG 2021 (required for the operation of our website) (so-called "server log files"):
- Browser type and version
- Operating system and device type used (e.g. desktop / mobile)
- Website from which you visit us (referrer URL)
- Website that you visit
- Date and time of your access
- Your internet protocol address (IP address)
This anonymous data is stored separately from any personal data you may have provided and therefore does not allow us to draw any conclusions about a specific person. It is evaluated for statistical purposes in order to optimise our website and our offers.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" or by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Technical service providers
We create and edit the content of our website with the help of the following service providers, which we have obliged by a corresponding agreement within the meaning of Art. 28 GDPR to process your data exclusively within the scope of our order. Art. 28 GDPR to process your data exclusively within the scope of our order:
Technical conception and server hosting:
- TTG Tourismus Technologie GmbH (Freistädter Str. 119, A-4040 Linz)
- Cookies
Cookie Banner - Cookies on our website
Our website uses cookies to help us make our website more user-friendly and efficient for you, to carry out statistical analyses of the use of our website and to show you content that may be of interest to you on other websites. Cookies are small text files that are used to store information during or about visits to websites and are stored on the website visitor's computer. The legal basis for cookies that are absolutely necessary for the proper operation of our website (e.g. shopping basket cookie) is § 165 (3) S 3 TKG 2021. Cookies that are not necessary for the function of our website (e.g. analysis or marketing cookies) are deactivated and are only activated by your consent in accordance with Art. 6 (1) lit. a GDPR in our cookie banner ("Accept"). By clicking on "Settings", you can activate or deactivate individual cookies or cookie groups. If you restrict the use of cookies on our website, you may no longer be able to use all the functions of our website to their full extent. Detailed information about the cookies used on our website can be found in our cookie banner.
Reference to data transfers to the USA
The Google Tag Manager, Google Analytics, Google Ads Conversion Tracking, Google Remarketing, Google Fonts and YouTube services also transfer your data (at least occasionally) to the USA as a third country. Authorities or secret services in the USA can access your data without you having any legal recourse. The European Court of Justice has therefore established that there is no adequate level of data protection within the meaning of Art. 44 et seq. of the GDPR for data transfers from the EU to the USA. For this reason, the legal basis for the use of this service is your express consent in accordance with Art. 49 (1) lit. a GDPR.
Changing the cookie settings in your web browser
How the web browser you are using handles cookies, i.e. which cookies are accepted or rejected, can be determined by you in the settings of your web browser. You can also delete cookies already stored on your computer/device yourself at any time. Where exactly these settings are located depends on the respective web browser. Detailed information on this can be accessed via the help function of the respective web browser.
It is also possible to generally object to cookies and similar tracking technologies via the services listed below by setting your individual preferences - which technologies you wish to allow for usage and interest-based advertising:
- European Interactive Digital Advertising Alliance (EDAA): https://www.youronlinechoices.com/de/praferenzmanagement/
- Network Advertising Initiative (NAI):
https://optout.networkadvertising.org/?c=1#!%2F- Communication with us
Contact form and e-mail
On our website, we offer you the opportunity to contact us by email and/or via a contact form. In this case, the information you provide will be processed for the purpose of processing your contact on the legal basis of contract fulfilment pursuant to Art. 6 (1) lit. b GDPR. There is no legal or contractual obligation to provide this personal data. The only consequence of not providing this data is that you will not be able to submit your request and we will not be able to process it. Data will only be passed on to third parties if this is stated on the website or in this privacy policy or is necessary for the fulfilment of the contract or is required by law. We only store your data for as long as is necessary to process your enquiry or for any queries you may have.
-
- E-Mail-Newsletter
E-Mail-Newsletter (TTG)
You can register for our newsletter on our website. The legal basis for sending the newsletter is your consent within the meaning of Art. Art. 6 (1) lit. a GDPR. Registration for our newsletter takes place using the double opt-in procedure. This ensures that no-one can register with other people's email addresses (e.g. your email address). You can revoke your consent at any time free of charge by clicking on the "Unsubscribe link" at the end of each mailing. The legality of the data processing operations that have already taken place up to that point remains unaffected by the cancellation. After cancellation of your e-mail address, we will continue to store it for 3 years on the basis of our legitimate interest (Art. 6 (1) lit. f GDPR) in order to be able to prove your originally given consent if necessary. We use the service provider TTG Tourismus Technologie GmbH (Freistädter Str. 119, A-4040 Linz) to send out our newsletter. With the help of TTG we can analyse our newsletter campaigns. When an email sent with the TTG newsletter tool is opened, a connection is established with the TTG servers (server location Linz, Austria). This enables us to determine whether a newsletter message has been opened and which links, if any, have been clicked on. The purpose of these analyses is to better adapt future newsletters to the interests of the recipients. In addition, technical information such as the time of access, the IP address, browser type and operating system of the recipient are registered. Also on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR, we will use information from our customer database about your previous orders / bookings / enquiries in order to only send you newsletters with content that is of interest to you. We have concluded a processor agreement with TTG within the meaning of Art. Art. 28 GDPR to ensure that your data is only processed to the extent desired by us and authorised by you. General data protection information from TTG at: www.ttg.at/datenschutz/.
-
- Web analysis - Statistical analyses of our website
Google Tag Manager
We use the service of the provider Google Ireland Limited ("Google") (Gordon House, Barrow Street, Dublin 4, Ireland) to manage website tags via a common tool. The Google Tag Manager tool itself (which implements the tags) is a domain that does not set cookies or collect any other personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager. Further information on data protection from Google can be found at: www.google.com/policies/privacy/.
Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited ("Google") (Gordon House, Barrow Street, Dublin 4, Ireland). The legal basis for the use of this service is your consent in accordance with Art. 6 (1) lit a GDPR. Google Analytics uses cookies that are stored on the website visitor's computer and that enable the use of our website by the website visitor to be analysed. The information generated by the cookie about your use of our website is usually stored on European servers and only in exceptional cases transmitted to a Google server in the USA and stored there. We use Google Analytics with activated IP anonymisation. This means that your IP address is generally truncated by Google within the European Union and only in exceptional cases is the full IP address transmitted to a Google server in the USA and only truncated there. The IP address transmitted by the relevant browser as part of Google Analytics is not merged with other Google data. On our behalf, Google will use the information collected to analyse the use of the website in order to compile reports on website activity. The collection by Google Analytics can be prevented by the site visitor adjusting the cookie settings for this website. The collection and storage of the IP address and the data generated by cookies can also be objected to at any time with effect for the future. The corresponding browser plugin can be downloaded and installed at the following link: tools.google.com/dlpage/gaoptout. We have concluded a corresponding agreement with the provider of the service in accordance with Art. 28 GDPR as a processor, which ensures that your data is processed exclusively within the scope of our order. Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy (https://policies.google.com/privacy) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).
Google Ads Conversion Tracking
Our website uses the "Google Ads Conversion Tracking" service of the provider . Google Ireland Ltd (Gordon House, Barrow Street, Dublin 4, Ireland). When we place adverts on Google, we use what is known as conversion tracking. If you click on an advert placed by Google, a cookie is set for conversion tracking (storage period 30 days). This enables us to recognise that you have clicked on one of our ads and have been redirected to our site. However, we do not receive any personal information, but only the total number of users who clicked on one of our adverts and were redirected to a page with a conversion tracking tag. We use Google Ads Conversion Tracking on the legal basis of your consent (settings via our cookie banner) in accordance with Art. 6 (1) lit. a GDPR. Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy (https://policies.google.com/privacy) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).
-
- Web marketing
Google Remarketing
Our website uses the functions of "Google Analytics Remarketing" in conjunction with the cross-device functions of Google AdWords and Google DoubleClick on the legal basis of your consent in accordance with Art. 6 (1) lit. a GDPR. The provider is Google Ireland Ltd (Gordon House, Barrow Street, Dublin 4, Ireland). This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC). If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. In this way, the same personalised advertising messages can be displayed on every end device on which you log in with your Google account. To support this function, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to define and create target groups for cross-device advertising. You can permanently opt out of cross-device remarketing/targeting by disabling personalised advertising in your Google Account by following this link: www.google.com/settings/ads/onweb/. The data collected in your Google account is summarised exclusively on the basis of your consent, which you can give or revoke at Google (Art. 6 (1) lit. a GDPR). Further information on Google's data protection can be found at: www.google.com/policies/privacy/.
-
- Integration of other third-party services and content
We integrate third-party content and functions within our website. This always presupposes that the providers of this content or functions recognise the IP address of the user. Without the IP address, they would not be able to send the content to the respective user's browser. The IP address is therefore required to display this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. However, we have no influence over whether the third-party providers store the IP address for statistical purposes, for example. The legal basis for the use of these services, insofar as they are necessary for the function of our website, is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR, otherwise your consent pursuant to Art. 6 (1) lit. a GDPR. Information on the purpose and scope of the further processing and use of the data by the providers of the embedded services/content as well as further information within the meaning of Art. Art. 13 and 14 GDPR can be found under the information links below. The following services/content are embedded in our website:
ecmaps
We use the "ecmaps" service of hubermedia GmbH (Gaberlplatz 5, D-93462 Lam) for the cartographic representation of our region. For this purpose, the map material is loaded from the ecmaps server. The following data is transmitted to ecmaps: the page visited on our website, the IP address of your end device, the content of the request, location data, operating system and the language and version of the browser software. The legal basis for the processing of your data is Art. 6 (1) lit. f GDPR (legitimate interest). Our legitimate interest lies in an appealing presentation of our online offerings and the geographical presentation of the offerings in our region. In the case of location data from mobile devices, the legal basis is your consent in accordance with Art. 6 (1) lit. a GDPR by authorising the transfer of location data on your mobile device. Further information on data protection from ecmaps at: www.hubermedia.de/datenschutz/.
Google Fonts
Our website uses the web fonts service of the provider Google Ireland Ltd (Gordon House, Barrow Street, Dublin 4, Ireland) for the standardised display of fonts and icons. When you access one of our pages, your browser loads the required web fonts from the servers of Google Ireland Ltd. into your browser cache in order to display fonts and icons correctly. Your IP address and information about the browser version and language settings are transmitted to the Google Ireland Ltd. servers. According to Google's own information, the data is stored by Google for 1 year. There is a legitimate interest on our part iSd. Art. 6 (1) lit. f GDPR for the use of Google Fonts. Our legitimate interest lies in a uniform and visually appealing presentation of our website and faster loading times. However, we only use Google Fonts if you have consented to this. The legal basis for the processing of your data is therefore your consent in accordance with Art. 6 (1) lit. a GDPR. Further information on data protection by Google Fonts can be found at: developers.google.com/fonts/faq or www.google.com/intl/de/policies/privacy/. To generally prevent the execution of JavaScript codes, a JavaScript blocker can be installed. Further information on this can be found at: www.noscript.net or www.ghostery.com.
YouTube
We integrate videos from the "YouTube" platform of the provider Google Ireland Ltd (Gordon House, Barrow Street, Dublin 4, Ireland) in extended data protection mode. The implementation is based on Art. 6 (1) lit. f GDPR, whereby our interest lies in the smooth integration of the videos and the appealing design of our website. However, we only use YouTube if you have consented to this. The legal basis for the processing of your data is therefore your consent in accordance with Art. 6 (1) lit. a GDPR, which you can revoke at any time for the future. When you visit a page in which we have embedded a YouTube video, a connection to the Google servers is established and the content is displayed on the website by notifying your browser. According to Google, your data (in particular which of our websites you have visited) and device-specific information, including your IP address, will only be transmitted to the YouTube server in extended data protection mode when you watch the video. In some cases, information is transmitted to the parent company Google Inc. based in the USA, to other Google companies and to external Google partners, some of which may be located outside the European Union. By clicking on the video, you consent to this transmission. If you are logged in to Google at the same time, this information will be assigned to your Google member account. You can prevent this by logging out of your member account before visiting our website or by making individual settings in your Google account under the following link: adssettings.google.com/authenticated. Further information on YouTube's data protection can be found at: www.google.com/policies/privacy/.
Current version of the privacy policy from 02/08/2022