search
Search
Close

Data protection information according to Art. 13 and 14 GDPR

1. in general

The protection of your personal data is of particular concern to us. We therefore process your data exclusively in a lawful manner on the basis of the statutory provisions (in particular GDPR, DSG 2018, TKG 2021). In this data protection information, we inform you about the most important aspects of data processing - type, scope and purposes of the collection and use of personal data - in the context of the use of our website and in the context of other services of our company.

1.1 Controller responsible for the processing of your data

The controller (within the meaning of Art. 4(7) GDPR) for the processing of your personal data (personal data within the meaning of Art. 4(1) GDPR) is

Tourismusverband Mühlviertel
Hauptplatz 19
A-4190 Bad Leonfelden
Tel. +43 (0) 50763-100
E-Mail:unterweissenbach@muehlviertel.at

Data protection officer:
We take the protection of personal data seriously and have appointed an external data protection officer for this purpose. Our data protection officer is MMag. Martin Zeppezauer, Thurnbichlweg 54, A-6353 Going am Wilden Kaiser (www.zepedes.com). You can contact our data protection officer at the e-mail addressmartin@zepedes.com .

1.2 Purposes, data categories and legal bases for the processing of personal data

Purposes of the processing

The purposes of processing your personal data generally arise from our business activities as a tourism organisation: providing our online offers, processing customer enquiries / orders / bookings, accounting, communication with business partners and customers. Detailed information on the purposes of processing and, if applicable, further processing for other compatible purposes as well as the categories of data processed can be found in the detailed descriptions of the individual data processing processes.

General data categories

  • Personal master data (e.g. name, date of birth and age, address)
  • Contact data (e.g. e-mail address, telephone number, fax number)
  • Communication data (time and content of communication)
  • Order or booking data (e.g. goods ordered or services commissioned and invoice data such as performance period, method of payment, invoice date, tax identification number, etc.)
  • Payment data (e.g. account number, credit card details)
  • Contract data (contents of contracts of any kind)
  • Web usage data (e.g. server data, log files and cookies)
  • Geodata (e.g. app usage data)

Special categories of data ("sensitive data") pursuant to Art. 9 GDPR

  • Health data (only if you provide us with this data with your express consent to process your order (e.g. arranging a hotel specialising in guests with food intolerances or allergies))

Legal basis for the processing

In principle, there is no obligation to provide the data for the data processing described in this privacy policy. The only consequence of not providing this data is that we will not be able to offer these services. The legal basis for the processing of your personal data required to fulfil a contract with you or an order you have placed with us is Art. 6 (1) lit. b GDPR. Insofar as the processing of personal data is necessary to fulfil a legal obligation on our part (accounting obligation, bookkeeping obligation or other legal documentation obligations), Art. 6 (1) lit. c GDPR serves as the legal basis. If the data is processed in your own vital interest, the legal basis for data processing is Art. 6 (1) lit. d GDPR. If we process your data to fulfil a task assigned to us in the public interest ("sovereign action"), the legal basis is Art. 6 (1) lit. e GDPR. If the processing is necessary to safeguard a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh our interests, Art. 6 (1) lit. f GDPR ("legitimate interest") serves as the legal basis for the processing. In this case, we will also inform you of our legitimate interests. If we have no other legal basis for the processing of personal data as explained above, we will ask you for your consent to data processing, in which case we rely on Art. 6 (1) lit. a GDPR or, in the case of processing sensitive data, Art. 9 (2) lit. a GDPR as the legal basis. You can withdraw this consent at any time free of charge without affecting the lawfulness of processing based on consent before its withdrawal.

1.3 Data transfer to processors and third parties

We process your personal data with the support of processors who assist us in providing our services. These processors are bound by a corresponding agreement within the meaning of Art. Art. 28 GDPR with us to strictly protect your personal data and may not process your personal data for any purpose other than to provide our services. You can find out which processors are involved in the detailed descriptions of the individual data processing processes.

Your personal data is passed on to companies other than our processors to typical commercial service providers such as banks, tax consultants or auditors. Personal data is only transferred to state institutions and authorities within the framework of mandatory national legislation.

Depending on your order (e.g. bookings and enquiries), your personal data may also be transferred to hotel partners or other tourism service providers (members of our organisation) only to the extent necessary to fulfil your order. The personal data transmitted varies depending on the service.

1.4 Transfers to third countries

In principle, we process your personal data within the EU. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of our processors or third parties, this will only take place if the requirements of Art. 44 et seq. GDPR for the transfer to third countries are met: i.e. on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU or in compliance with officially recognised contractual obligations, the so-called "EU standard contractual clauses". If we refer to the EU standard contractual clauses as the legal basis for the transfer of your personal data, we will also check the permissibility of this data transfer as part of a comprehensive risk assessment. If we come to a negative conclusion, we will not transfer this data to a third countrywithout your express consent in accordance with Art. 49 (1) lit. a GDPR.

1.5 Data erasure and storage duration

Your personal data will be deleted by us as soon as the purpose for which we collected your data no longer applies. Data may also be stored if we continue to process the data for a purpose compatible with the original purpose. It may also be stored if this is provided for by laws, regulations or other provisions to which our company is subject.

1.6 Data sources

We generally collect your personal data from you. We also receive personal data from some of our partners. Information on this can be found in the respective detailed information in this data protection information.

1.7 Profiling

We do not use any procedures for automated decision-making or profiling that have a legal effect on you or significantly affect you in a similar way. However, with your consent, we will use your usage data to get to know your interests better and thus be able to show you information of interest to you or make you customised offers or show you corresponding information on third-party websites or social media platforms.

1.8 Safeguarding your data protection rights

In principle, you have the right to information, correction, deletion and restriction of the processing of personal data in accordance with the GDPR. If the legal basis for the processing of your personal data is your consent or a contract concluded with you, you also have the right to data portability. You have the right to withdraw any consent you may have given to the processing of your personal data. This does not affect the lawfulness of the processing of your personal data up to the time of revocation. You have the right to object to the processing of your personal data for the purpose of direct marketing. If you object, your personal data will no longer be processed for the purpose of direct marketing. You can find a detailed explanation of these rights here in Chapter III.

Right to lodge a complaint

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can lodge a complaint with the competent supervisory authority. In Austria, this is the data protection authority (Barichgasse 40-42, A-1030 Vienna, e-mail: dsb@dsb.gv.at).
 

2. visiting our website

In this section, we inform you how we process your personal data when you visit our website.

2.1 Display of the website

Server data

For technical reasons, on the legal basis of Section 165 (3) sentence 3 TKG 2021 (required for the operation of our website), the following data, which your Internet browser transmits to us or to our web space provider, is collected (so-called "server log files")

  • Browser type and version
  • Operating system and device type used (e.g. desktop / mobile)
  • Website from which you visit us (referrer URL)
  • Website that you visit
  • Date and time of your access
  • Your internet protocol address (IP address)

This data, which is anonymous for us, is stored separately from any personal data you may have provided for 7 days and therefore does not allow us to draw any conclusions about a specific person. It is evaluated for statistical purposes in order to optimise our website and our offers.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" or by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Technical service providers

We create and edit the content of our website with the help of the following service providers, which we have obliged to do so by a corresponding agreement within the meaning of Art. 28 GDPR. Art. 28 GDPR to process your data exclusively within the scope of our order:

Technical conception:

Web hosting:

2.2 Cookies

Cookie Banner - Cookies on our website - Consent Management System

Our website uses cookies that help us to make our website more user-friendly and efficient for you, to carry out statistical analyses of the use of our website and to show you content that may be of interest to you on other websites. Cookies are small data records that are used to store information during or about visits to websites and are stored on the website visitor's computer. The legal basis for cookies that are absolutely necessary for the proper operation of our website (e.g. shopping basket cookie) is § 165 (3) S 3 TKG 2021. Cookies that are not necessary for the function of our website (e.g. analysis or marketing cookies) are deactivated and are only activated by your consent in accordance with Art. 6 (1) lit. a GDPR in our cookie banner ("Accept"). By clicking on "Settings", you can activate or deactivate individual cookies or cookie groups. If you restrict the use of cookies on our website, you may no longer be able to use all the functions of our website to their full extent. Detailed information about the cookies used on our website can be found in our cookie banner.

The legal basis for the use of this cookie banner (consent management platform) to control and document your consent or settings regarding cookies and other tools requiring consent to access our website is our legal obligation pursuant to Art. 6 (1) lit. c GDPR. When you access our website, a connection is established with the server of the provider of our cookie banner and a cookie is subsequently stored in your browser to save your cookie settings. The processed data is stored until the specified storage period expires or you delete these cookies.

We use the following cookie banner / provider:

  • "Consent Management Platform TTG" from TTG Tourismus Technologie GmbH (Freistädter Str. 119, A-4040 Linz). More information on data protection at:https://www.ttg.at/datenschutz

Changing the cookie settings in your web browser

You can specify how the web browser you use handles cookies, i.e. which cookies are accepted or rejected, in the settings of your web browser. You can also delete cookies already stored on your computer/device yourself at any time. Where exactly these settings are located depends on the respective web browser. Detailed information on this can be accessed via the help function of the respective web browser.

It is also possible to generally object to cookies and similar tracking technologies via the services listed below by setting your individual preferences - which technologies you wish to allow for usage and interest-based advertising:

2.3 Communication with us

Contact form and e-mail

On our website, we offer you the option of contacting us by email and/or via a contact form. In this case, the information you provide will be processed for the purpose of processing your contact on the legal basis of contract fulfilment pursuant to Art. 6 (1) lit. b GDPR. We have a legitimate interest pursuant to Art. 6 (1) lit. f GDPR in the use of a contact form. The legitimate interest lies in offering our website visitors a way to contact us that does not require them to access their own email client; there is no legal or contractual obligation to provide this personal data. The only consequence of not providing this data is that you will not be able to submit your request and we will not be able to process it. Data will only be passed on to third parties if this is stated on the website or in this data protection declaration or is necessary for the fulfilment of the contract or is required by law. We only store your data for as long as is necessary to process your enquiry or for any queries you may have.
 

2.4 Online shop(s) / booking portal(s)

We process your personal master data, contract and payment data as well as communication data (IP address and server log files) for the purpose of providing contractual services and their payment and execution in the context of online purchases, bookings and brochure orders on the basis of the legal bases of Art. 6 (1) lit. b GDPR (fulfilment of contract) and Art. 6 (1) lit. c GDPR (legal obligation for invoicing and archiving).

We store this data as long as the purpose requires it, legal regulations provide for this (retention period of invoices according to § 132 BAO for 7 years; voucher orders until the expiry of the redemption period for 30 years) or we need this data on the legal basis of Art. 6 (1) lit. f GDPR (legitimate interest) to defend against possible liability claims. If you cancel the order process, we store the data for 14 days to clarify possible problems during the order process.

There is no legal or contractual obligation to provide personal data. The only consequence of not providing this data is that we will not be able to process your bookings/orders.

Feratel DESKLINE online bookings, booking enquiries and brochure orders

For the processing of online bookings, brochure orders and enquiries, we process your personal data in order to be able to provide you with the booked services with the help of our service provider feratel Media Technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck). For this purpose, we store and process inventory data, communication data, contract data, payment data of our customers, interested parties and other business partners. The processing is carried out for the purpose of providing contractual services or for the fulfilment of pre-contractual services on the basis of the legal bases of Art. 6 (1) lit. b GDPR (booking processes, answering requests for quotations and sending brochures) and Art. 6 (1) lit. c GDPR (legally required retention periods for bookings or invoices). For this purpose, the data fields marked as required are necessary for the establishment and fulfilment of the contract. We disclose your personal data to third parties (hotel partners or other tourism service providers) within the scope of this data processing on the legal basis of Art. 6 (1) lit. b GDPR (if it is necessary to process a booking), or on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR for the use of corresponding booking software. We have concluded a corresponding agreement with the company feratel in accordance with Art. 28 GDPR as a processor, which ensures that your data is processed exclusively within the scope of our order. Further information on feratel's data protection can be found athttps://www.feratel.com/datenschutz.html.

INCERT voucher system and merchandising articles

We use the system of the company INCERT eTourismus GmbH & Co KG (Leonfeldner Strasse 328, A-4040 Linz) as our processor to process orders for holiday vouchers and merchandising articles. It enables the automated sale of vouchers via "print@home" as well as the individual personalisation of vouchers with dedications, designs and barcodes. The following information is required to process orders: Title, first and last name, address, e-mail address. This data is processed for the purpose of providing contractual services or for the fulfilment of pre-contractual services on the legal basis of Art. 6 (1) lit. b GDPR. We have concluded a corresponding agreement with INCERT as a processor in accordance with Art. 28 GDPR, which ensures that your data is processed exclusively within the scope of our order. Further information on INCERT's data protection can be found athttps://www.incert.at/datenschutz/.

External payment service providers

We use external payment service providers on the legal basis of Art. 6 (1) lit. b GDPR (fulfilment of contract) for the payment of order transactions / bookings, via whose platforms you can make your payments. The payment data you enter when placing an order (e.g. account numbers, credit card numbers incl. check digits, passwords / TANs etc.) are processed exclusively by our payment service providers and cannot be viewed by us. We only receive confirmation from our payment service providers that the payment has been made or information that the payment could not be made. Further information on data protection and the terms and conditions of our payment service providers can be found at

2.5 E-mail newsletter

E-mail newsletter (TTG)

You can register for our newsletter on our website. The legal basis for sending the newsletter is your consent within the meaning of Art. Art. 6 (1) lit. a GDPR. Registration for our newsletter takes place using the double opt-in procedure. This ensures that no-one can register with other people's email addresses (e.g. your email address). Your consent can be revoked at any time free of charge by clicking on the "Unsubscribe link" at the end of each mailing. The legality of the data processing operations that have already taken place up to that point remains unaffected by the cancellation. After cancellation of your e-mail address, we will continue to store it for 3 years on the basis of our legitimate interest (Art. 6 (1) lit. f GDPR) in order to be able to prove your originally given consent if necessary. We use the service provider TTG Tourismus Technologie GmbH (Freistädter Str. 119, A-4040 Linz) to send out our newsletter. With the help of TTG, we can analyse our newsletter campaigns. When an email sent with the TTG newsletter tool is opened, a connection is established with the TTG servers (server location Linz, Austria). This enables us to determine whether a newsletter message has been opened and which links, if any, have been clicked on. The purpose of these analyses is to better adapt future newsletters to the interests of the recipients. In addition, technical information such as the time of access, the IP address, browser type and operating system of the recipient are registered. Also on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR, we will use information from our customer database about your previous orders / bookings / enquiries in order to only send you newsletters with content that is of interest to you. We have concluded a processor agreement with TTG within the meaning of Art. Art. 28 GDPR to ensure that your data is only processed to the extent desired by us and authorised by you. General data protection information from TTG at: https://www.ttg.at/datenschutz/.

2.6 Web analysis - Statistical analyses of our website

Google Tag Manager

We use the service of the provider Google Ireland Limited ("Google") (Gordon House, Barrow Street, Dublin 4, Ireland) to manage website tags via a common tool. The Google Tag Manager tool itself (which implements the tags) is a domain that does not set cookies or collect any other personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager. Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least occasional) data transfers to the USA is therefore an adequacy decision by the European Commission within the meaning of Art. 45 (3) GDPR. Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. Further information on Google's data protection can be found athttps://www.google.com/policies/privacy/. More information on how Google uses personal data:https://business.safety.google/privacy/.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited ("Google") (Gordon House, Barrow Street, Dublin 4, Ireland). The legal basis for the use of this service is your consent in accordance with Art. 6 (1) lit a GDPR. Google Analytics uses cookies that are stored on the website visitor's computer and that enable the use of our website by the website visitor to be analysed. The information generated by the cookie about your use of our website is usually stored on European servers and only in exceptional cases transferred to a Google server in the USA and stored there. We use Google Analytics with activated IP anonymisation. This means that your IP address is generally truncated by Google within the European Union and only in exceptional cases is the full IP address transmitted to a Google server in the USA and only truncated there. Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least occasional) data transfers to the USA is therefore an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR. Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. The IP address transmitted by the corresponding browser as part of Google Analytics is not merged with other Google data. On our behalf, Google will use the information collected to analyse the use of the website in order to compile reports on website activity. The collection by Google Analytics can be prevented by the site visitor adjusting the cookie settings for this website. The collection and storage of the IP address and the data generated by cookies can also be cancelled at any time with effect for the future. The corresponding browser plugin can be downloaded and installed at the following linkhttps://tools.google.com/dlpage/gaoptout. User data is stored for 14 months. Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy (https://policies.google.com/privacy) and in the settings for the display of adverts by Google (https://adssettings.google.com/authenticated). More information on how Google uses personal data: https://business.safety.google/privacy/.

Matomo (On-Premise) TTG

Our website uses the open source web analysis service Matomo from the provider Innocraft Inc, 150 Willis ST, 6011 Wellington, New Zealand). This enables us to anonymously analyse the user behaviour of our website visitors in order to optimise both our website and our advertising. We have installed Matomo on our own servers. This means that no data is passed on to Matomo. We process the following data: Your IP address (anonymised by shortening), previously visited URL (referrer - if transmitted by the browser), name and version of your operating system as well as the name, version and language setting of your browser. The use of the Matomo analysis tool is based on our legitimate interest in accordance with Art. 6 (1) lit. f GDPR. Our legitimate interest lies in the anonymised analysis of the user behaviour of our website visitors in order to optimise both our website and our advertising. If you have given us your consent to set "analysis" cookies, Matomo will also set cookies. This allows us to recognise returning users and "analyse" their behaviour on our website in more detail. The processing of this data (storage for a maximum of 13 months) is based on Art. 6 (1) lit. a GDPR. You can revoke your consent at any time in the cookie settings. Further information on Matomo's data protection can be found athttps://matomo.org/gdpr-analytics/.

2.7 Web marketing

Facebook pixel

In order to place targeted advertisements on Facebook and to be able to track user actions after they have seen or clicked on a Facebook advertisement, we use the Facebook pixel of Meta Platforms Ireland Ltd (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on the legal basis of your consent in accordance with Art. 6 (1) lit. a GDPR within our website. This enables us to display information of interest to you on Facebook and to evaluate and optimise our Facebook advertisements with the anonymous data collected in this way (we do not see any personal data of individual users, only the overall effect). Storage period max. 12 months. Facebook links this data to the Facebook account of Facebook users according to their data protection information and can thus show them content that corresponds to their interests. Meta is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least occasional) data transfers to the USA is therefore an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR. Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. Specific information on how the Facebook Pixel works can be found in the Facebook help section athttps://de-de.facebook.com/business/help/651294705016616. You can make settings regarding usage-based advertising on Facebook yourself in your Facebook account:https://www.facebook.com/settings?tab=ads. Further information can be found in Facebook's privacy policy athttps://www.facebook.com/privacy/explanation.

Microsoft Advertising

Our website uses the Universal Event Tracking (UET) functions of Microsoft Advertising (formerly Bing Ads) of Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA) on the legal basis of your consent in accordance with Art. 6 (1) lit. a GDPR. Via UET, Microsoft stores a cookie in the browser of the website visitor to enable the use of the website to be analysed if the user has reached our website via an advertisement from Microsoft Advertising. This enables Microsoft and us to recognise whether a website visitor has previously clicked on an ad and been redirected to our website as a result. No IP addresses are stored in this process. No other personal information about the identity of the website visitor is stored either. Microsoft is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least occasional) data transfers to the USA is therefore an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR. Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. You can prevent the collection of data generated by the cookie and related to your use of the website and the processing of this data by Microsoft by using the opt-out option at the following linkhttps://account.microsoft.com/privacy/ad-settings/signedout?lang=de-DE. Further information on data protection from Microsoft and Bing Ads can be found athttps://privacy.microsoft.com/de-de/privacystatement.

2.8 Integration of other third-party services and content

We integrate third-party content and functions within our website. This always presupposes that the providers of this content or functions recognise the IP address of the user (website visitor). Without the IP address, they would not be able to send the content to the browser of the respective user. The IP address is therefore required to display this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. However, we have no influence over whether the third-party providers store the IP address, e.g. for statistical purposes. The legal basis for the use of these services, insofar as they are necessary for the function of our website, is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR, otherwise your consent pursuant to Art. 6 (1) lit. a GDPR. Information on the purpose and scope of the further processing and use of the data by the providers of the embedded services/content as well as further information within the meaning of Art. Art. 13 and 14 GDPR can be found under the information links below. The following services/content are embedded in

destination.one Maps

We use the "destination.one" service of neusta destination.one GmbH (Münchenerstraße 1, D-86899 Landsberg am Lech) for the cartographic representation of the accommodation providers in our region. The map material is loaded from the destination.one server for this purpose. The following data is transmitted to destination.one: the page visited on our website, the IP address of your end device, the content of the request, location data, operating system and the language and version of the browser software. destination.one uses cookies that are stored on your browser to analyse your request. The legal basis for the processing of your data is Art. 6 (1) lit. f GDPR (legitimate interest). Our legitimate interest lies in an appealing presentation of our online offer and the geographical presentation of the offers in our region. In the case of location data from mobile devices, the legal basis is your consent in accordance with Art. 6 (1) lit. a GDPR by authorising the transfer of location data on your mobile device. Further information on data protection from destination.one at:https://www.destination.one/datenschutz/.

Captcha.eu (spam protection)

We use the Captcha.eu service from Captcha GmbH (Muthgasse 2, A-1190 Vienna) on our website to protect your orders via the Internet form. We use this service to protect our website and visitors to our website from misuse, bots and spam. Captcha.eu checks whether entries in our forms (e.g. enquiry form, brochure order etc.) are made by humans or whether programmes (bots) are used for this purpose. This requires the following data to be collected and transmitted to Captcha.eu in order to check whether the input is made by a human or a bot: Your IP address (is shortened before saving and can then no longer be assigned to you), referrer website (website from which you were linked to our website), device and browser type of your PC/tablet/smartphone, cookie or local storage value (remains on your end device) and, in particular, mouse movements and time intervals between keystrokes. We use Captcha.eu on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Our legitimate interest lies in protecting our website and our website visitors from misuse and spam. According to Captcha.eu, the processed data is stored for a maximum of 6 months. You can find further information on data protection at Captcha.eu athttps://www.captcha.eu/dsgvo-user.

YouTube

We integrate videos from the "YouTube" platform of the provider Google Ireland Ltd (Gordon House, Barrow Street, Dublin 4, Ireland) in extended data protection mode. The implementation is based on Art. 6 (1) lit. f GDPR, whereby our interest lies in the smooth integration of the videos and the appealing design of our website. However, we only use YouTube if you have consented to this. The legal basis for the processing of your data is therefore your consent in accordance with Art. 6 (1) lit. a GDPR, which you can revoke at any time for the future. When you visit a page in which we have embedded a YouTube video, a connection to the Google servers is established and the content is displayed on the website by notifying your browser. According to Google, in extended data protection mode, your data (in particular which of our web pages you have visited) and device-specific information, including your IP address, are only transmitted to the YouTube server when you watch the video. Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least occasional) data transfers to the USA is therefore an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR. Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection If you are logged in to Google at the same time, this information will be assigned to your Google member account. You can prevent this by logging out of your member account before visiting our website or by making individual settings in your Google account under the following link:https://adssettings.google.com/authenticated. Further information on data protection from YouTube can be found athttps://www.google.com/policies/privacy/. More information on how Google uses personal data:https://business.safety.google/privacy/.

Webcams

We integrate webcams from other websites of providers in our region into our website to provide up-to-date information about the weather in our region. The implementation is based on our legitimate interest in accordance with Art. 6 (1) lit. f GDPR, whereby our interest lies in providing information on the current weather in our region within our website. When you call up a page in which we have embedded webcams, a connection is established to the provider's servers and the content is displayed on the website by notifying your browser. For this purpose, it is necessary that your IP address together with some browser information (browser type, browser version, etc.) together with information about when you accessed these pages is transmitted to the provider's servers.

3 Other data processing in business and customer contact

In this section we inform you about other data processing outside our website.

3.1 Job applications

The contact details and application documents sent to us in the course of a job application are processed by us exclusively internally for the purpose of selecting suitable candidates for an employment relationship. There is no legal or contractual obligation to provide personal data. The only consequence of not providing this data is that you will not be able to submit your application and we will not be able to process it. The personal data transmitted will be stored by us in accordance with the statutory provisions for a maximum of 6 months, in the case of the applicant's express consent to keep the documents on file for a maximum of 2 years.

3.2 Online presences in social media

In addition to our website, we maintain online presences within social networks and platforms. The legal basis for using these services is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Our legitimate interest lies in being able to communicate with the customers and business partners active there and to inform them about our services on these networks. When accessing the respective networks and platforms, the terms and conditions and data protection guidelines of the respective operators of these networks apply. Further information on the processing of your personal data by the respective providers of these services (which personal data is processed for which purposes on which legal basis, how long this data is stored by the respective provider and, if applicable, information on profiling and third country transfers) can be found below in the descriptions of the individual services or via the information links provided there.

Facebook fan page

We operate a Facebook fan page on the "Facebook" platform of Meta Platforms Ireland Ltd (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). The legal basis for the processing of the associated personal data is our legitimate interest within the meaning of Art. 6 (1) lit. Art. 6 (1) lit. f GDPR. Our legitimate interest lies in providing customers and potential new customers with information about us and our offers via this information channel. We would like to point out that you use this Facebook page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). When you visit our Facebook page, Facebook collects, among other things, your IP address and other information that is collected in the form of cookies or other tracking technologies. The data collected about you in this context is processed by Facebook and may be transferred (at least in part) to the USA. Facebook / Meta is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least in some cases) data transfers to the USA is therefore an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR. Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. In a decision, the European Court of Justice found that "Facebook" and the operator of a Facebook fan page process this personal data as joint controllers within the meaning of Art. 26 GDPR. Art. 26 GDPR. Facebook provides the contract for joint data processing under the following linkhttps://www.facebook.com/legal/terms/page_controller_addendum. As the operator of our fan page, we have no influence on the specific content of the agreement. What information Facebook receives and how it is used (how Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users in order to individualise content or advertising, how long Facebook stores this data, whether data from a visit to the Facebook page is passed on to third parties, etc.) is described by Facebook in general terms in its data usage guidelines. There you will also find information on how to contact Facebook and the settings options for adverts. The privacy policy is available at the following link:https://www.facebook.com/privacy/policy/. As a fan page operator, we do not receive any additional (non-public) information about individual Facebook users from the analyses by Facebook, but only statistically processed information (e.g. total number of page views, page activity, post reach, etc.), which helps us to make our posts more attractive.

Instagram

Instagram is an online service for sharing photos and videos. We have a profile (account) on Instagram.The provider is Meta Platforms Ireland Ltd (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).Further information on the processing of your personal data through the use of Instagram as well as a way to contact us can be found athttps://privacycenter.instagram.com/policy/

Pinterest

Pinterest is a mixture of social network and search engine that focuses on visual content, i.e. images and videos. We use this service to generate interest in other of our content on the Internet (in particular our website) with so-called PINs. The provider of this service is Pinterest Europe Ltd (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland). Further information on the processing of your personal data through the use of Pinterest, as well as a way to contact us, can be found athttps://policy.pinterest.com/de/terms-of-service.

LinkedIn

We use the web-based social networking service LinkedIn to stay in contact primarily with business partners. The provider is LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland). Further information on the processing of your personal data through the use of LinkedIn as well as a way to contact us can be found athttps://de.linkedin.com/legal/privacy-policy.

YouTube

We use a YouTube channel via the video portal "YouTube" to publish our videos. The provider of the service is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Further information on the processing of your personal data through the use of YouTube as well as a way to contact us can be found athttps://www.google.com/policies/privacy/.

3.3 Competitions

Your personal data (email address, name, address) provided for participation in our competitions will only be used by us to determine a winner, to inform them of the prize and to send out prizes. Your data will not be passed on to third parties. The legal basis for the processing of your personal data is contract fulfilment in accordance with Art. 6 para. 1 lit b GDPR. There is no legal or contractual obligation to provide personal data. The only consequence of not providing the data is that you will not be able to take part in the competition. Your data will be stored for the duration of the competition and - for the processing of any prize and compensation claims - for a maximum of 3 years afterwards and then deleted. By participating, you also consent to your name being published on our website and on our public social media channels if you win.

3.4 Photo/video documentation at events

At events, we may take photos and videos of these events or have them taken by photographers commissioned by us, in which you are recognisable as a participant in these events. We need these photos/videos to document and promote our events and will therefore also publish them in our media (e.g. print brochures, website and social media) and make them available to other media owners (print and online) to promote our event. There is no legal or contractual obligation on your part to provide this data. The legal basis for the processing of your personal data (images and videos in which you are recognisable) is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Our legitimate interest lies in our right to public relations (presentation of our activities) and the promotion of our events. You have the right to object to the processing. Please send your objection to the email address we have provided in this privacy policy. However, it can be assumed that our above-mentioned interest in using the photos does not unduly interfere with your rights as the person depicted. This is particularly the case as we take these photos/videos in public spaces and point out the production and use of the photos/videos in advance of each event. We also always ensure that no legitimate interests of the persons depicted are violated. If your personal rights and freedoms are violated by an image / video created by us for reasons worthy of special consideration, we will refrain from further processing / publication. Removal from print media that have already been circulated is not possible. In this case, however, we will delete them from our website or our social media channels. We generally delete photos / videos of events if we no longer need these images to document and promote these events.

3.5 Registration for events and functions

It is possible to register for events organised by various providers in our region at our information offices. For this purpose, we process your personal data (name, e-mail address and telephone number). This data is processed by us on the legal basis of Art. 6 (1) lit. b GDPR (fulfilment of contract/pre-contractual measures) and also passed on to the respective organiser. This data will be deleted or destroyed by us after the event.

3.6 Johannesweg APP, Tour de Alm APP, Stoakraftweg APP and Castles & Palaces APP

For the use of our "Johannesweg APP", "Tour de Alm APP", "Stoakraftweg APP" and "Burgen & Schlösser APP", provided by our service provider APPtimal Softwarelösungen e.U. (Marktfeld 14, 4323 Münzbach), it is possible to install the app on a mobile phone or tablet. Registration is not necessary. The purpose of data processing is to provide maps, information on routes and tours (incl. route planner), taxis, public transport, elevation profile, links to webcams and other tourist services. We process the following data for this purpose: the operating system and device type used (e.g. Android/IOS), the date and time of your access as well as your mobile user ID and geodata. The legal basis for this data processing is your consent in accordance with Art 6 (1) lit a GDPR. You can revoke this consent at any time free of charge. The legality of the data processing operations that have already taken place up to that point remains unaffected by the revocation. There is no obligation to provide this data. If you do not wish to provide this data, the only consequence is that we will not be able to offer you this service, or not to the full extent (e.g. geodata for the navigation function). We only store your data for as long as this is necessary for the purpose or due to legal obligations on our part. We have concluded a corresponding agreement with APPtimal Softwarelösungen e.U. as a processor in accordance with Art. 28 GDPR, which ensures that your data is processed exclusively within the scope of our order. Further information on data protection from APPtimal Softwarelösungen e.U. at: https://www.apptimal.at/datenschutz/.

Current version of the data protection information from 12/02/2025