Privacy Policy & Information According to Art. 13 and 14 GDPR

1. General

The protection of your personal data is of particular concern to us. We therefore process your data exclusively in a lawful manner on the basis of the statutory provisions (GDPR, DSG 2018, TKG 2021). In this privacy policy, we inform you about the most important aspects of data processing – type, scope and purposes of the collection and use of personal data – in the context of the use of our website and in the context of other services of our company.
Only the German version of our privacy policy is legally binding text. The English translation serves as a legally non-binding information. Deviations of the English text or how it could be understood do not affect the exclusive legal validity of the German text and its meaning.

 

1.1. Responsibility for the Processing of your Data 
 

The responsible person (“controller” within the meaning of Art. 4 no. 7 GDPR) of the processing of your personal data (“personal data” within the meaning of Art. 4 no. 1 GDPR) is:
ZELL AM SEE-KAPRUN TOURISMUS GMBH
Brucker Bundesstr. 1a
A-5700 Zell am See
Tel: +43 6542 770
Fax: +43 6542 72032
Email: welcome@zellamsee-kaprun.com


Data protection officer:

We take the protection of personal data seriously and have appointed an external data protection officer for this purpose. Our data protection officer is MMag. Martin Zeppezauer, Thurnbichlweg 50, A-6353 Going am Wilden Kaiser (www.zepedes.com). You can contact our data protection officer at the email address martin@zepedes.com.

 

1.2. Purposes, Categories of Data and Lawfulness of the Processing of Personal Data
 

Purposes of the processing of personal data

The purposes of processing your personal data generally result from our business activities as a tourism organization: making our online offers available, processing customer inquiries / orders / bookings, accounting, communication with business partners and customers. Detailed information on the purposes of processing and, if necessary, further processing for other compatible purposes as well as the processed data categories can be found in the detailed descriptions of the individual data processing processes.
 

General categories of data

  • Personal master data (e.g., name, date of birth and age, address)
  • Contact details (e.g., email address, telephone number, fax number)
  • Communication data (time and content of communication)
  • Order or booking data (e.g., ordered goods or commissioned services and invoice data such as service period, payment method, invoice date, tax identification number ...)
  • Payment details (e.g., account number, credit card details)
  • Contract data (content of contracts of any kind)
  • Web usage data (e.g., server data, log files and cookies)

 

Processing of special categories of personal data according to Art. 9 GDPR

Health data (only if you have given us your explicit consent to process your order (e.g., mediation of a hotel specializing in guests with food intolerances or allergies))

 

Lawfulness of the processing of personal data

There is basically no obligation to provide the data for the data processing described in this data protection declaration. Failure to provide this data simply means that we cannot offer these services. The legal basis for the processing of your personal data, which is necessary for the fulfilment of a contract with you or an order from you to us, is Art. 6 (1) lit. b GDPR. Insofar as the processing of personal data is necessary on our part to fulfil a legal obligation (accounting obligation, bookkeeping obligation or other legal documentation obligations), Art. 6 (1) lit. c GDPR serves as the legal basis. If the processing of the data takes place in your own vital interest, the legal basis for the data processing is Art. 6 (1) lit. d GDPR. If we process your data to carry out the task assigned to us in the public interest (“sovereign action”), the legal basis is Art. 6 (1) lit. e GDPR. If processing is necessary to safeguard a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh our interests, Art. 6 (1) lit. f GDPR (“legitimate interest”) serves as the legal basis for processing. In this case, we will also inform you about our legitimate interests. Unless we have any other legal basis explained above for the processing of personal data, we will ask for your consent to data processing, whereby in these cases we refer to Art. 6 (1) lit. a GDPR or in the case of the processing of special categories of data based on Art. 9 (2) lit. a GDPR as the legal basis. You can revoke this consent at any time free of charge without affecting the legality of the processing carried out on the basis of the consent until the revocation.

 

1.3. Transfers of Personal Data to Data Processors and Third Parties
 

We process your personal data with the support of data processors who support us in providing our services. These data processors are through a corresponding agreement within the meaning of Art. 28 GDPR with us obliged to strictly protect your personal data and may not process your personal data for any purpose other than to provide our services. You can find out which data processors are involved in the detailed descriptions of the individual data processing processes.
Your personal data will be passed on to companies other than our data processors to typical economic service providers such as banks, tax consultants or auditors. Transfer of personal data to state institutions and authorities only takes place within the framework of mandatory national legal provisions.

 

1.4. Transfers of Personal Data to Third Countries or International Organisations
 

In principle, we process your personal data in the EU. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if we use the services of our data processors or third parties, this will only take place if the requirements of Art. 44 ff. GDPR are available for the transfer to third countries: i.e. on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU or in compliance with officially recognized contractual obligations, the so-called "EU standard contractual clauses". If we rely on the EU standard contractual clauses as the legal basis for the transmission of your personal data, we will also check the admissibility of this data transmission as part of a comprehensive risk assessment. If we come to a negative result, we will not transfer these data without your explicit consent in accordance with Art. 49 (1) lit. a and Art. 6 (1) lit. a GDPR to a third country.

 

1.5. Data Erasure and Period of Data Storage
 

Your personal data will be deleted by us as soon as the purpose for which we collected your data no longer applies. Storage can also take place if we process the data for a purpose that is compatible with the original purpose. It can also take place if this is provided for by laws, ordinances or other provisions to which our company is subject.

 

1.6. Data Sources
 

Visiting this website, we only collect your personal data from you and do not use any other data sources.

 

1.7. Profiling
 

Visiting this website, we do not use any automated decision-making or profiling processes that have a legal effect on you or that significantly affect you in a similar manner.

 

1.8. Safeguarding your Data Protection Rights
 

In principle, you have the right to information, correction, deletion and restriction of the processing of personal data in accordance with the GDPR. If the legal basis for the processing of your personal data is your consent or a contract concluded with you, you also have the right to data portability. You have the right to revoke any consent you may have given to the processing of your personal data. The lawfulness of the processing of your personal data up to the time of revocation is not affected by this. You have the right to object to the processing of your personal data for the purpose of direct marketing. In the event of an objection, your personal data will no longer be processed for the purpose of direct marketing. A detailed explanation of these rights can be found here in Chapter III.

 

Right of complaint

If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can complain to the competent supervisory authority. In Austria, this is the data protection authority (Wickenburggasse 8, 1080 Vienna, email: dsb@dsb.gv.at).

 

2. Visiting our Website

In this section we inform you how we process your personal data when you visit our website.

 

2.1. Presentation of the Website
 

Server data

For technical reasons, based on the legal basis of § 165 (3) S 3 TKG 2021 (required for the operation of our website), the following data, which your internet browser transmits to us or to our web space provider, will be processed (so-called "server log files"):

  • Browser type and version
  • Operating system and device type used (e.g., desktop / mobile)
  • Website from which you are visiting us (referrer URL)
  • Website you visit
  • Date and time of your access
  • Your internet protocol address (IP address)

This data, which is anonymous to us, is stored separately from any personal data you may have provided and therefore does not allow us to draw any conclusions about a specific person. They are evaluated for statistical purposes in order to be able to optimize our website and our offers.


SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as B. Orders or inquiries that you send to us as the website operator, an SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” or by the lock symbol in your browser line. If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.


Technical service providers

We create and edit the content of our website with the help of the following service provider. With this service provider we have concluded a corresponding agreement according to Art. 28 GDPR to process your data exclusively to the extent of our order:

 

2.2. Cookies
 

Cookie Banner - Cookies on our website

Cookies are small text files that are used to store information when visiting websites and are stored on the website visitor's computer. We only use cookies on our website that are absolutely necessary for the proper operation of our website (e.g., shopping cart cookie). The legal basis for these cookies is our legitimate interest in accordance with Art. 6 (1) lit. f GDPR in conjunction with § 165 (3) S 3 TKG 2021. 
Since we do not set cookies on our website for which your consent would be required, you will not find a cookie banner on our website.


Change the cookie settings in your web browser

How the web browser you are using handles cookies, e.g., which cookies are allowed or rejected, can be determined in the settings of your web browser. You can delete cookies already stored on your computer / device yourself at any time. Where exactly these settings are located depends on the respective web browser. Detailed information on this can be called up using the help function of the respective web browser.

In addition, it is possible to generally object to cookies and similar tracking technologies using the services listed below by setting your individual preferences - which technologies you want to allow for usage and interest-based advertising:

 

2.3. Communication with us
 

Contact form and email

On our website, we offer you the option of contacting us by email and / or using a contact form. In this case, the information you provide will be processed for the purpose of processing your contact based on the legal basis of contract fulfilment in accordance with Art. 6 (1) lit. b GDPR. There is no legal or contractual obligation to provide this personal data. Failure to provide it simply means that you do not submit your request and we cannot process it. The data will only be passed on to third parties if this is stated on the website or in this data protection declaration or is necessary for the fulfilment of the contract or if this is required by statutory provisions. We only save your data for as long as is expedient for processing your inquiries or for any queries you may have.

 

2.4. Email Newsletter
 

Droid Marketing Automation

Our website uses the functions of Droid Marketing Automation on the legal basis of your consent in accordance with Art. 6 (1) lit. a GDPR. The provider of this service is Droid Marketing GmbH (Ungargasse 64-66/1/110, A-1030 Vienna, e-mail   datenschutz@droidmarketing.com). By setting cookies on your device, these functions enable us to analyse your usage behaviour on our website and, based on this, to display certain content to you preferentially. In this way, we can provide you with interest-based, personalized content both within our website and in our newsletter or in our Zell am See-Kaprun app, provided that you use our app or have subscribed to our newsletter. We have a corresponding agreement with the provider of the service iSd. Art. 28 GDPR as a processor, which ensures that your data is processed exclusively within the scope of our order. Further information can be found in the privacy policy of Droid Marketing GmbH: https://droidmarketing.com/datenschutz.html.

 

3. Other Data Processing in Business and Customer Contact

Further information on other data processing outside this website can be found at: https://www.zellamsee-kaprun.com/en/privacy.

 

Current version of the privacy policy of 25.08.2022