Privacy policy
- 1. General
The protection of your personal data is of particular concern to us. We therefore process your data exclusively in a lawful manner on the basis of the statutory provisions (GDPR, DSG 2018, TKG 2021). In this data protection information, we inform you about the most important aspects of data processing - type, scope and purposes of the collection and use of personal data - in the context of the use of our website and other services of our company.
- 1.1 Controller responsible for the processing of your data
The controller (within the meaning of Art. 4(7) GDPR) for the processing of your personal data (personal data within the meaning of Art. 4(1) GDPR) is
Tourist Office Ausseerland Salzkammergut
Pratergasse 388
A-8990 Bad Aussee
Tel. 43 3622 54040
E-mail: info@ausseerland.at
Data protection officer:
We take the protection of personal data seriously and have appointed an external data protection officer for this purpose. Our data protection officer is MMag. Martin Zeppezauer, Thurnbichlweg 50, A-6353 Going am Wilden Kaiser(www.zepedes.com). You can contact our data protection officer at the e-mail address martin@zepedes.com.- 1.2 Purposes, data categories and legal bases for the processing of personal data
Purposes of the processing
The purposes of processing your personal data generally result from our business activities as a tourism organisation: providing our online offers, processing customer enquiries / orders / bookings, accounting, communication with business partners and customers. Detailed information on the purposes of processing and, if applicable, further processing for other compatible purposes as well as the categories of data processed can be found in the detailed descriptions of the individual data processing processes.
General data categories
• Personal master data (e.g. name, date of birth and age, address)
• Contact data (e.g. e-mail address, telephone number, fax number)
• Communication data (time and content of communication)
• Order or booking data (e.g. goods ordered or services commissioned and invoice data such as performance period, method of payment, invoice date, tax identification number, etc
• Payment data (e.g. account number, credit card details)
• Contract data (contents of contracts of any kind)
• Web usage data (e.g. server data, log files and cookies)Special categories of data (%u201sensitive data') pursuant to Art. 9 GDPR
• Health data (only if you provide us with this data with your express consent to process your order (e.g. arranging a hotel specialising in guests with food intolerances or allergies))Legal basis for the processing
In principle, there is no obligation to provide the data for the data processing described in this privacy policy. The only consequence of not providing this data is that we will not be able to offer these services. The legal basis for the processing of your personal data required to fulfil a contract with you or an order you have placed with us is Art. 6 (1) lit. b GDPR. Insofar as the processing of personal data is necessary to fulfil a legal obligation on our part (accounting obligation, bookkeeping obligation or other statutory documentation obligations), Art. 6 (1) lit. c GDPR serves as the legal basis. If we process your data to fulfil a task assigned to us in the public interest ('sovereign action'), the legal basis is Art. 6 (1) lit. e GDPR. If the processing is necessary to safeguard a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh our interests, Art. 6 (1) lit. f GDPR ('Legitimate interest') serves as the legal basis for the processing. In this case, we will also inform you of our legitimate interests. If we have no other legal basis for the processing of personal data as explained above, we will ask you for your consent to data processing, which in these cases is based on Art. 6 (1) lit. a GDPR or, in the case of the processing of sensitive data, on Art. 9 (2) lit. a GDPR as the legal basis. You can withdraw this consent at any time free of charge without affecting the lawfulness of processing based on consent before its withdrawal.- 1.3 Data transfer to processors and third parties
We process your personal data with the support of processors who support us in the provision of our services. These processors are bound by a corresponding agreement within the meaning of Art. Art. 28 GDPR with us to strictly protect your personal data and may not process your personal data for any purpose other than to provide our services. You can find out which processors are involved in the detailed descriptions of the individual data processing processes.
Your personal data is passed on to companies other than our processors to typical commercial service providers such as banks, tax consultants or auditors. Personal data is only transferred to state institutions and authorities within the framework of mandatory national legislation.
Depending on your order (e.g. bookings and enquiries), your personal data may also be transferred to hotel partners or other tourism service providers (members of our organisation) only to the extent necessary to fulfil your order. The personal data transmitted varies depending on the service.- 1.4 Transfers to third countries
In principle, we process your personal data within the EU. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of our processors or third parties, this will only take place if the requirements of Art. 44 et seq. GDPR for the transfer to third countries are met: i.e. on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU or in compliance with officially recognised contractual obligations, the so-called %u201EEU standard contractual clauses'. If we rely on the EU standard contractual clauses as the legal basis for the transfer of your personal data, we will also check the permissibility of this data transfer as part of a comprehensive risk assessment. If we come to a negative conclusion, we will not transfer this data to a third country without your express consent in accordance with Art. 49 (1) lit. a GDPR in conjunction with Art. 6 (1) lit. a GDPR.
- 1.5 Data erasure and storage duration
Your personal data will be deleted by us as soon as the purpose for which we collected your data no longer applies. Data may also be stored if we continue to process the data for a purpose compatible with the original purpose. It may also be stored if this is provided for by laws, regulations or other provisions to which our company is subject.
- 1.6 Data sources
We collect your personal data exclusively from you and do not use any other data sources.
- 1.7 Profiling
We do not use any procedures for automated decision-making or profiling that have a legal effect on you or significantly affect you in a similar way.
- 1.8 Safeguarding your data protection rights
In accordance with the GDPR, you have the rights to information, rectification, erasure, restriction, data portability, cancellation and objection. To do so, please contact us as the controller using the contact details provided in this data protection information. A detailed explanation of these rights can be found here in Chapter III.
Right to lodge a complaint
If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can lodge a complaint with the competent supervisory authority. In Austria, this is the data protection authority (Wickenburggasse 8, 1080 Vienna, e-mail: dsb@dsb.gv.at).- 2. Visit our website
In this section, we inform you how we process your personal data when you visit our website.
- 2.1 Presentation of the website
Server data
For technical reasons, the following data, which your Internet browser transmits to us or to our web space provider, is collected on the legal basis of § 165 (3) S 3 TKG 2021 (required for the operation of our website) (so-called 'Server log files'):
• Browser type and version
• Operating system and device type used (e.g. desktop / mobile)
• Website from which you visit us (referrer URL)
• Website that you visit
• Date and time of your access
• Your internet protocol address (IP address)
This data, which is anonymous for us, is stored separately from any personal data you may have provided and therefore does not allow us to draw any conclusions about a specific person. It is evaluated for statistical purposes in order to optimise our website and our offers.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from http://' to https://' or by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Technical service providers
We create and edit the content of our website with the help of the following service providers, which we have obliged to do so by a corresponding agreement within the meaning of Art. 28 GDPR. Art. 28 GDPR to process your data exclusively within the scope of our order:
• epcom it-systeme GmbH (Grimminggasse 13, 8940 Liezen)- 2.2 Cookies
Cookie Banner - Cookies on our website
Our website uses cookies to help us make our website fully functional for you. Cookies are small text files that are used to store information during or about visits to websites and are stored on the website visitor's computer. The legal basis for cookies that are absolutely necessary for the proper operation of our website (e.g. shopping basket cookie) is § 165 (3) S 3 TKG 2021. Cookies that are not necessary for the function of our website (e.g. analysis or marketing cookies) are deactivated and are only activated by your consent in accordance with Art 6 (1) lit. a GDPR in our cookie banner ('Accept'). By clicking on 'Settings' you can activate or deactivate individual cookies or cookie groups. If you restrict the use of cookies on our website, you may no longer be able to use all the functions of our website to their full extent. Detailed information about the cookies used on our website can be found in our cookie banner.
Changing the cookie settings in your web browser
You can specify how the web browser you are using handles cookies, i.e. which cookies are permitted or rejected, in the settings of your web browser. You can also delete cookies already stored on your computer/device yourself at any time. Where exactly these settings are located depends on the respective web browser. Detailed information on this can be accessed via the help function of the respective web browser.
It is also possible to generally object to cookies and similar tracking technologies via the services listed below by setting your individual preferences - which technologies you wish to allow for usage and interest-based advertising:
• European Interactive Digital Advertising Alliance (EDAA): https://www.youronlinechoices.com/de/praferenzmanagement/
• Network Advertising Initiative (NAI): https://optout.networkadvertising.org/?c=1#!%2F- 2.3 Communication with us
e-mail
On our website, we offer you the option of contacting us by e-mail. In this case, the information you provide will be processed for the purpose of processing your contact on the legal basis of contract fulfilment pursuant to Art. 6 (1) lit. b GDPR. There is no legal or contractual obligation to provide this personal data. The only consequence of not providing this data is that you will not be able to submit your request and we will not be able to process it. Data will only be passed on to third parties if this is stated on the website or in this privacy policy or is necessary for the fulfilment of the contract or is required by law. We only store your data for as long as is necessary to process your enquiry or for any queries you may have.- 2.4 Online ticket shop
For the processing of online ticket orders, we process your personal data in order to be able to provide you with the booked services with the help of our service provider epcom it-systeme GmbH (Grimminggasse 13, 8940 Liezen). For this purpose, we store and process inventory data, communication data, contract data, payment data of our customers, interested parties and other business partners. The processing is carried out for the purpose of providing contractual services or for the fulfilment of pre-contractual services on the basis of the legal bases of Art. 6 para. 1 lit. b GDPR (booking processes) and Art. 6 para. 1 lit. c GDPR (legally required retention periods for bookings or invoices). For this purpose, the data fields marked as required are necessary for the establishment and fulfilment of the contract. We store this data as long as the purpose requires it, legal regulations provide for this (retention period of invoices according to § 132 BAO for 7 years; we need this data on the legal basis of Art. 6 (1) lit. f GDPR (legitimate interest) to defend against possible liability claims. If you cancel the order process, we store the data for 14 days to clarify possible problems during the order process. There is no legal or contractual obligation to provide personal data. The only consequence of not providing this data is that we will not be able to process your bookings/orders. We disclose your personal data to third parties (hotel partners or other tourism service providers) within the scope of this data processing on the legal basis of Art. 6 (1) lit. b GDPR (if it is necessary to process a booking), or on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR for the use of corresponding booking software. We have concluded a corresponding agreement with the company epcom it-systeme GmbH in accordance with Art. 28 GDPR as a processor, which ensures that your data is processed exclusively within the scope of our order. Further information on data protection at epcom it-systeme GmbH can be found at: https://www.epcom.cc/de/datenschutz.
- 2.5 Web marketing
We do not use any tools (plug-ins, cookies, etc.) for personalised web marketing on this website.
- 2.6 Integration of other third-party services and content
We integrate third-party content and functions within our website. This always presupposes that the providers of this content or functions recognise the IP address of the user. Without the IP address, they would not be able to send the content to the respective user's browser. The IP address is therefore required to display this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. However, we have no influence over whether the third-party providers store the IP address for statistical purposes, for example. The legal basis for the use of these services, insofar as they are necessary for the function of our website, is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR, otherwise your consent pursuant to Art. 6 (1) lit. a GDPR. Information on the purpose and scope of the further processing and use of the data by the providers of the embedded services/content as well as further information within the meaning of Art. Art. 13 and 14 GDPR can be found under the information links below. The following services/content are embedded in our website
Google Maps
Our website uses the Google Maps service provided by Google Ireland Ltd (Gordon House, Barrow Street, Dublin 4, Ireland). This function makes it possible to display corresponding map material within our website. Your IP address and information on the browser version and language settings are transmitted to the servers of Google Ireland Ltd. According to Google's own information, the data is stored by Google for 1 year. There is a legitimate interest on our part iSd. Art. 6 (1) lit. f GDPR for the use of Google Maps. Our legitimate interest lies in a uniform and visually appealing presentation of our website and in a geographical presentation of the offers in our region. You can find more information about Google's privacy policy at: https://www.google.com/intl/de/policies/privacy/.
Current version of the privacy policy from 25/08/2021