Data protection & cookies
Privacy policy
1. general
The protection of your personal data is of particular concern to us. We therefore process your data exclusively in a lawful manner on the basis of the statutory provisions (in particular GDPR, DSG 2018, TKG 2021). In this data protection information, we inform you about the most important aspects of data processing - the type, scope and purposes of the collection and use of personal data - in the context of the use of our website and in the context of other services provided by our company.
1.1 Controller responsible for the processing of your data
The controller (within the meaning of Article 4(7) GDPR) for the processing of your personal data (personal data within the meaning of Article 4(1) GDPR) is:
Salzburger Lungau GmbH
Raikaplatz 242
A-5582 St. Michael im Lungau
Email: info@lungau.at
T +43 (0) 6477 89 88
1.2 Purposes, data categories and legal bases for the processing of personal data
Purposes of processing
The purposes of processing your personal data generally arise from our business activities as a tourism organization: providing our online offers, processing customer inquiries / orders / bookings, accounting, communication with business partners and customers. Detailed information on the purposes of processing and, if applicable, further processing for other compatible purposes as well as the categories of data processed can be found in the detailed descriptions of the individual data processing processes.
General data categories
- Personal master data (e.g. name, date of birth and age, address)
- Contact data (e.g. email address, telephone number, fax number)
- Communication data (time and content of communication)
- Order or booking data (e.g. goods ordered or services commissioned) ordered goods or commissioned services and invoice data such as service period, payment method, invoice date, tax identification number ...)
- Payment data (e.g. account number, credit card data)
- Contract data (contents of contracts of any kind)
- Web usage data (e.g. server data, log files and cookies)
Special categories of data ("sensitive data") pursuant to Art. 9 GDPR
- Health data (only if this is provided to us by you with your express consent to process your order (e.g. arranging a hotel specializing in guests with food intolerances or allergies)
Legal bases for processing
In principle, there is no obligation to provide the data for the data processing described in this privacy policy. The only consequence of not providing this data is that we will not be able to offer these services. The legal basis for the processing of your personal data required to fulfill a contract with you or an order you have placed with us is Art. 6 (1) lit. b GDPR. Insofar as the processing of personal data is necessary to fulfill a legal obligation on our part (accounting obligation, bookkeeping obligation or other legal documentation obligations), Art. 6 (1) lit. c GDPR serves as the legal basis. If the data is processed in your own vital interest, the legal basis for data processing is Art. 6 (1) lit. d GDPR. If we process your data to perform a task assigned to us in the public interest ("sovereign action"), the legal basis is Art. 6 (1) lit. e GDPR. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if your interests, fundamental rights and freedoms do not outweigh our interests, Art. 6 (1) lit. f GDPR ("legitimate interest") serves as the legal basis for the processing. In this case, we will also inform you of our legitimate interests. If we have no other legal basis for the processing of personal data as explained above, we will ask you for your consent to data processing, which in these cases is based on Art. 6 (1) lit. a GDPR or, in the case of processing sensitive data, on Art. 9 (2) lit. a GDPR as the legal basis. You can withdraw this consent at any time free of charge without affecting the lawfulness of processing based on consent before its withdrawal.
1.3 Data transfer to processors and third parties
We process your personal data with the support of processors who assist us in providing our services. These processors are bound by a corresponding agreement within the meaning of Art. Art. 28 GDPR with us to strictly protect your personal data and may not process your personal data for any purpose other than to provide our services. You can find out which processors are involved in the detailed descriptions of the individual data processing processes.
Your personal data is passed on to companies other than our processors to typical business service providers such as banks, tax consultants or auditors. Personal data will only be transferred to state institutions and authorities within the framework of mandatory national legislation.
Depending on your order (e.g. bookings and inquiries), your personal data will only be transmitted to hotel partners or other tourism service providers (members of our organization) to the extent necessary to fulfil your order. The personal data transmitted varies depending on the service.
1.4 Transfers to third countries
In principle, we process your personal data within the EU. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of our processors or third parties, this will only take place if the requirements of Art. 44 et seq. GDPR for the transfer to third countries are met: i.e. on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU or in compliance with officially recognized contractual obligations, the so-called "EU standard contractual clauses". If we refer to the EU standard contractual clauses as the legal basis for the transfer of your personal data, we will also check the permissibility of this data transfer as part of a comprehensive risk assessment. If we come to a negative conclusion, we will not transfer this data to a third country without your express consent in accordance with Art. 49 (1) lit. a GDPR.
1.5 Data erasure and storage duration
Your personal data will be deleted by us as soon as the purpose for which we collected your data no longer applies. Data may also be stored if we continue to process the data for a purpose compatible with the original purpose. It may also be stored if this is provided for by laws, regulations or other provisions to which our company is subject.
1.6 Data sources
We generally collect your personal data from you. We also receive personal data from some of our partners. You can find information on this in the respective detailed information in this data protection information.
1.7 Profiling
We do not use any procedures for automated decision-making or profiling that have a legal effect on you or significantly affect you in a similar way. However, with your consent, we will use your usage data to get to know your interests better and thus be able to show you information that is of interest to you or make you customized offers or show you corresponding information on third-party websites or social media platforms.
1.8 Safeguarding your data protection rights
In principle, you have the right to information, correction, deletion and restriction of the processing of personal data in accordance with the GDPR. If the legal basis for the processing of your personal data is your consent or a contract concluded with you, you also have the right to data portability. You have the right to withdraw any consent you may have given to the processing of your personal data. This does not affect the lawfulness of the processing of your personal data up to the time of withdrawal. You have the right to object to the processing of your personal data for the purpose of direct marketing. If you object, your personal data will no longer be processed for the purpose of direct marketing. You can find a detailed explanation of these rights here in Chapter III.
Right to lodge a complaint
If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in any way, you can lodge a complaint with the competent supervisory authority. In Austria, this is the data protection authority (Barichgasse 40-42, A-1030 Vienna, email: dsb@dsb.gv.at)
2. Visiting our website
In this section, we inform you how we process your personal data when you visit our website
2.1 Presentation of the website
Server data
For technical reasons, the following data, which your Internet browser transmits to us or to our web space provider (so-called "server log files"), is collected on the legal basis of § 165 (3) S 3 TKG 2021 (required for the operation of our website):
- Browser type and version
- Operating system and device type used (e.g. desktop / mobile)
- Website from which you are visiting us (referrer URL)
- Website you are visiting
- Date and time of your access
- Your Internet Protocol address (IP address)
This data, which is anonymous for us, is stored separately from any personal data you may have provided for 7 days and therefore does not allow us to draw any conclusions about a specific person. It is evaluated for statistical purposes in order to optimize our website and our offers.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" or by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Technical service providers
We create and edit the content of our website with the help of the following service providers, which we have obliged to do so by a corresponding agreement within the meaning of Art. 28 GDPR. Art. 28 GDPR to process your data exclusively within the scope of our order:
Technical design:
- KWER Maximilian Tosch | Agentur für Werbung, Design & Kommunikation (Murtalstraße 641, A-5582 St. Michael). Further information on data protection at: https://www.kwer.at/datenschutz
Web hosting:
- Hetzner Online GmbH (Industriestr. 25, D-91710 Gunzenhausen). Further information on data protection at: https://www.hetzner.com/de/legal/privacy-policy/
2.2 Cookies
Cookie Banner - Cookies on our website - Consent Management System
Our website uses cookies that help us to make our website more user-friendly and efficient for you, to carry out statistical analyses of the use of our website or to display content that may be of interest to you on other websites. Cookies are small data records that are used to store information during or about visits to websites and are stored on the website visitor's computer. The legal basis for cookies that are absolutely necessary for the proper operation of our website (e.g. shopping cart cookie) is § 165 (3) S 3 TKG 2021. Cookies that are not necessary for the function of our website (e.g. analysis or marketing cookies) are deactivated and are only activated by your consent in accordance with Art. 6 (1) lit. a GDPR in our cookie banner ("Accept"). You can activate or deactivate individual cookies or cookie groups by clicking on "Settings". If you restrict the use of cookies on our website, you may no longer be able to use all the functions of our website to their full extent. You can find detailed information about the cookies used on our website in our cookie banner.
The legal basis for the use of this cookie banner (consent management platform) to control and document your consent or settings regarding cookies and other tools requiring consent to access our website is our legal obligation pursuant to Art. 6 (1) lit. c GDPR. When you access our website, a connection is established with the server of the provider of our cookie banner and a cookie is subsequently stored in your browser to save your cookie settings. The processed data will be stored until the specified storage period expires or you delete these cookies.
We use the following cookie banner / provider:
- Contao-Cookiebar (open source software - hosted on our website server) from Contao Association (3250 Lyss, Switzerland). More information on data protection at: https://contao.org/de/datenschutzerklaerung
Change the cookie settings in your web browser
You can specify how the web browser you are using handles cookies, i.e. which cookies are allowed or rejected, in your web browser settings. You can also delete cookies already stored on your computer/device yourself at any time. Where exactly these settings are located depends on the respective web browser. Detailed information on this can be accessed via the help function of the respective web browser.
In addition, you have the option to generally object to cookies and similar tracking technologies via the services listed below by setting your individual preferences - which technologies you want to allow for usage and interest-based advertising:
- European Interactive Digital Advertising Alliance (EDAA): https://www.youronlinechoices.com/de/praferenzmanagement/
- Network Advertising Initiative (NAI): https://optout.networkadvertising.org/?c=1#!%2F
2.3 Communication with us
Contact form and email
On our website, we offer you the option of contacting us by email and/or via a contact form. In this case, the information you provide will be processed for the purpose of processing your contact on the legal basis of contract fulfillment pursuant to Art. 6 (1) lit. b GDPR. We have a legitimate interest pursuant to Art. 6 (1) lit. f GDPR in the use of a contact form. The legitimate interest lies in offering our website visitors a way to contact us that does not require them to open their own email client. In the case of contact/order forms in which we request the salutation in addition to the first and last name, we do this on the basis of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR. Our interest lies in addressing our customers and business partners in a personalized, polite manner. There is no legal or contractual obligation to provide this personal data. The only consequence of not providing this data is that you will not be able to submit your request and we will not be able to process it. Your data will only be passed on to third parties if this is stated on the website or in this privacy policy or is necessary for the fulfillment of the contract or is required by law. We only store your data for as long as is necessary to process your inquiries or for any queries you may have.
2.4 Online store(s) / booking portal(s)
For the purpose of providing contractual services as well as their payment and execution in the context of online purchases, bookings and brochure orders, we process your personal master data, contract and payment data as well as communication data (IP address and server log files) on the basis of the legal bases of Art. 6 (1) lit. b GDPR (contract fulfillment) and Art. 6 (1) lit. c GDPR (legal obligation for invoicing and archiving).
We store this data as long as the purpose requires it, legal regulations provide for this (retention period of invoices according to § 132 BAO for 7 years; voucher orders until the expiry of the redemption period for 30 years) or we need this data on the legal basis of Art. 6 (1) lit. f GDPR (legitimate interest) to defend against possible liability claims. If you cancel the order process, we store the data for 14 days to clarify possible problems during the order process.
There is no legal or contractual obligation to provide personal data. The only consequence of not providing it is that we will not be able to process your bookings/orders.
Feratel DESKLINE online bookings, booking inquiries and brochure orders
For the processing of online bookings, brochure orders and inquiries, we process your personal data in order to be able to provide you with the booked services with the help of our service provider feratel Media Technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck). For this purpose, we store and process inventory data, communication data, contract data, payment data of our customers, interested parties and other business partners. The processing is carried out for the purpose of providing contractual services or for the fulfillment of pre-contractual services on the basis of the legal bases of Art. 6 (1) lit. b GDPR (booking processes, answering requests for quotations and sending brochures) and Art. 6 (1) lit. c GDPR (legally required retention periods for bookings or invoices). For this purpose, the data fields marked as required are necessary for the establishment and fulfillment of the contract. We disclose your personal data to third parties (hotel partners or other tourism service providers) within the scope of this data processing on the legal basis of Art. 6 (1) lit. b GDPR (if it is necessary to process a booking), or on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR for the use of corresponding booking software. We have concluded a corresponding agreement with the company feratel in accordance with Art. 28 GDPR as a processor, which ensures that your data is processed exclusively within the scope of our order. Further information on feratel's data protection can be found at https://www.feratel.com/datenschutz.html.
feratel webshop
We use the system of feratel Media Technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck) as our processor to process orders/bookings for vacation vouchers, merchandising articles and tourist services. The following information is required to process orders/bookings: Title, first and last name, address, e-mail address. We have concluded a corresponding agreement with feratel as a processor in accordance with Art. 28 GDPR, which ensures that your data is processed exclusively within the scope of our order. Further information on feratel's data protection can be found at: https://www.feratel.com/datenschutz.html.
External payment service providers
For the payment of order transactions / bookings, we use external payment service providers on the legal basis of Art. 6 (1) lit. b GDPR (fulfillment of contract), via whose platforms you can make your payments. The payment data you enter when placing an order (e.g. account numbers, credit card numbers incl. check digits, passwords / TANs etc.) are processed exclusively by our payment service providers and cannot be viewed by us. We only receive confirmation from our payment service providers that the payment has been made or information that the payment could not be made. Further information on data protection and the terms and conditions of our payment service providers can be found at:
Datatrans AG, Kreuzbühlstrasse 26, CH-8008 Zurich,
Tel. +41 44 256 81 91
Email: info@datatrans.ch
https://www.datatrans.ch/de/datenschutzbestimmungen/
2.5 E-mail newsletter
E-mail newsletter MailChimp
The legal basis for sending the newsletter is your consent within the meaning of Art. Art. 6 (1) lit. a GDPR. Registration for our newsletter takes place using the double opt-in procedure. In this way, we ensure that no one can register with third-party email addresses (e.g. with your email address). Your consent can be revoked at any time free of charge by clicking on the "Unsubscribe link" at the end of each mailing. The legality of the data processing operations that have already taken place up to that point remains unaffected by the revocation. After you unsubscribe from our newsletter, we will continue to store your e-mail address for 3 years on the basis of our legitimate interest (Art. 6 (1) lit. f GDPR) in order to be able to prove your originally given consent if necessary. We use "MailChimp", a service provided by Intuit Inc (2700 Coast Avenue, Mountain View, CA 94043, USA), to send our newsletter. With the help of MailChimp, we can analyze our newsletter campaigns. When an email sent with MailChimp is opened, a connection is established with MailChimp's servers. This allows us to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information such as the time of retrieval, the IP address, browser type and operating system of the recipient are registered. This information is used exclusively for the statistical analysis of our newsletter. The purpose of these analyses is to better adapt future newsletters to the interests of the recipients. Mailchimp is a certified partner of the EU-US Data Privacy Framework. The legal basis for data transfers to the USA is therefore an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR. Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. We have concluded a processor agreement within the meaning of Art. Art. 28 GDPR with MailChimp (https://mailchimp.com/legal/data-processing-addendum/). Further information on the lawfulness of data transfers from MailChimp to the USA and the special security measures taken in this regard can be found at https://mailchimp.com/help/Mailchimp-european-data-transfers/. General data protection information from MailChimp can be found at https://mailchimp.com/legal/privacy/.
2.6 Digital information services / registration
Digital vacation companion PIA "My Lungau"
For the use of our digital vacation companion PIA (Personal Interest Assistant), provided by our service provider feratel Media Technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck), it is possible to register on the respective Progressive Web App (abbreviated PWA) of the Digital Holiday Advisor on our website via a terminal device (e.g. smartphone, PC) and create a profile. By registering or identifying themselves, users can use the services of the Digital Vacation Companion. In order to use the information services and receive service offers from the operator, it is necessary to register by providing your e-mail address. In this context, we collect your name and e-mail address, the duration of the planned stay and the booked accommodation, insofar as this is necessary for the use of the digital concierge services. In addition, cookies and web analysis tools are used to collect and store data that provides information about your interest in products. We use this information for the purpose of advertising products offered through various types of marketing campaigns, such as sending a newsletter by email and short messages when the digital vacation companion is activated. The legal basis for this data processing is your consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke this consent at any time free of charge. The legality of the data processing operations that have already taken place up to that point remains unaffected by the revocation. After unsubscribing your e-mail address, we will continue to store it for 3 years on the basis of our legitimate interest (Art. 6 (1) lit. f GDPR) in order to be able to prove your originally given consent if necessary. There is no obligation to provide this data. If you do not wish to provide this data, the only consequence is that we will not be able to offer you this service. Your data will only be provided to third parties if this is necessary for the processing of reservations. If the above-mentioned data is changed and/or supplemented by you in the course of registration or identification, this supplemented/changed data will also be stored and processed. We only store your data for as long as this is necessary to fulfill the purpose or due to legal obligations on our part. We have concluded a corresponding agreement with the company feratel in accordance with Art. 28 GDPR as a processor, which ensures that your data is processed exclusively within the scope of our order. Further information on feratel's data protection can be found at https://www.feratel.com/datenschutz.html.
2.7 Web analysis - Statistical analysis of our website
Google Tag Manager
We use the service of the provider Google Ireland Limited ("Google") (Gordon House, Barrow Street, Dublin 4, Ireland) to manage website tags via a common tool. The Google Tag Manager tool itself (which implements the tags) is a domain that does not set cookies or collect any other personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager. Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least in some cases) data transfers to the USA is therefore an adequacy decision by the European Commission within the meaning of Art. 45 (3) GDPR. Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. Further information on Google's data protection at: https://www.google.com/policies/privacy/. More information on how Google uses personal data: https://business.safety.google/privacy/.
Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited ("Google") (Gordon House, Barrow Street, Dublin 4, Ireland). The legal basis for the use of this service is your consent in accordance with Art. 6 (1) lit. a GDPR. Google Analytics uses cookies that are stored on the website visitor's computer and that enable an analysis of the use of our website by the website visitor. The information generated by the cookie about your use of our website is generally stored on European servers and only transmitted to a Google server in the USA and stored there in exceptional cases. We use Google Analytics with activated IP anonymization. This means that your IP address is generally truncated by Google within the European Union and only in exceptional cases is the full IP address transmitted to a Google server in the USA and only truncated there. Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least occasional) data transfers to the USA is therefore an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR. Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. The IP address transmitted by the corresponding browser as part of Google Analytics is not merged with other Google data. On our behalf, Google will use the information collected to evaluate the use of the website in order to compile reports on website activity. The collection by Google Analytics can be prevented by the site visitor adjusting the cookie settings for this website. The collection and storage of the IP address and the data generated by cookies can also be objected to at any time with effect for the future. The corresponding browser plugin can be downloaded and installed at the following link https://tools.google.com/dlpage/gaoptout. User data is stored for 14 months. Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy (https://policies.google.com/privacy) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated). More information on how Google uses personal data: https://business.safety.google/privacy/.
Google Signals extension for Google Analytics
As an additional function to Google Analytics, we use "Google Signals" on this website. If you have activated personalized ads in your Google account and have linked the device you use to visit our website to your Google account, Google can analyze your usage behavior across devices (cross-device tracking). For example, Google can see how users search for products on a website on a smartphone and later return to complete purchases on a tablet or laptop. The Google Signals extension also provides us with additional demographic data and data on the interests of our website visitors for even more targeted online advertising campaigns, which are, however, anonymous to us. If you want to stop the cross-device analysis by Google, you can deactivate the "Personalized advertising" function in the settings of your Google account. For more information, see: https://support.google.com/My-Ad-Center-Help/answer/12155154?hl=de&ref_topic=11583829&sjid=6726979475871235225-EU You can find more information about Google Signals at the following link: https://support.google.com/analytics/answer/7532985?hl=de#zippy=%2Cthemen-in-diesem-artikel
Google Ads Conversion Tracking
Our website uses the "Google Ads Conversion Tracking" service of the provider. Google Ireland Ltd (Gordon House, Barrow Street, Dublin 4, Ireland). When we place advertisements on Google, we use what is known as conversion tracking. If you click on an ad placed by Google, a cookie is set for conversion tracking (storage period 30 days). This enables us to recognize that you have clicked on one of our ads and have been redirected to our site. However, we do not receive any personal information, but only the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag. We use Google Ads Conversion Tracking on the legal basis of your consent (settings via our cookie banner) in accordance with Art. 6 (1) lit. a GDPR. Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least occasional) data transfers to the USA is therefore an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR. Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy (https://policies.google.com/privacy) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated). More information on how Google uses personal data: https://business.safety.google/privacy/.
Google Enhanced Conversions
We use Google Ads Conversion Tracking in the extended function ("Enhanced Conversions") to be able to record conversions even more precisely and subsequently optimize our advertising measures on Google. This function supplements existing conversion tags. It enables us to send self-collected conversion data from our website to Google as hash values in compliance with data protection regulations. For this purpose, a secure one-way hash algorithm is applied to our self-collected customer data (e.g. email addresses) before it is sent to Google. You can find more information about "Enhanced Conversions" at https://support.google.com/google-ads/answer/9888656?hl=de.
Hotjar
We use "Hotjar", a feedback and analysis service provided by Hotjar Ltd (Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta) to improve the user experience on this website. The following information is collected in relation to the end user's device and browser IP address of the end device in anonymized form, screen resolution of the end device, end device type (individual end device identifiers), operating system and browser type, geographical location (country only), preferred language when viewing the Hotjar-based website and user interactions (mouse events such as movements, position and clicks and keystrokes). The processing of your personal data (storage period 1 year) is based on your consent in accordance with Art. 6 (1) lit. a GDPR. We have concluded a corresponding agreement with the provider of the service in accordance with Art. 28 GDPR as a processor, which ensures that your data is processed exclusively within the scope of our order. Further information on Hotjar's data protection can be found at https://www.hotjar.com/legal/policies/privacy/ and further information on the cookies used by Hotjar at https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies. You can generally refuse the collection of your data by Hotjar by visiting the page https://www.hotjar.com/legal/policies/do-not-track/ and by clicking on "Deactivate Hotjar".
2.8 Web marketing
Google Remarketing
Our website uses the functions of "Google Analytics Remarketing" in conjunction with the cross-device functions of Google AdWords and Google DoubleClick on the legal basis of your consent in accordance with Art. 6 (1) lit. a GDPR. The provider is Google Ireland Ltd (Gordon House, Barrow Street, Dublin 4, Ireland). This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g. cell phone) can also be displayed on another of your end devices (e.g. tablet or PC). If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. In this way, the same personalized advertising messages can be displayed on every device on which you sign in with your Google account. To support this function, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to define and create target groups for cross-device advertising. Cookies are deleted after 1 year. Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least occasional) data transfers to the USA is therefore an adequacy decision by the European Commission within the meaning of Art. 45 (3) GDPR. Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. You can permanently object to cross-device remarketing/targeting by deactivating personalized advertising in your Google account; follow this link: https://www.google.com/settings/ads/onweb/. The summary of the data collected in your Google account is based exclusively on your consent, which you can give or revoke at Google (Art. 6 (1) lit. a GDPR). Further information on Google's data protection at: https://www.google.com/policies/privacy/. More information on how Google uses personal data: https://business.safety.google/privacy/.
Meta pixels
In order to place targeted ads on meta platforms (Facebook and Instagram) and to be able to track user actions after they have seen or clicked on a meta ad, we use the meta pixel of Meta Platforms Ireland Ltd (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) within our website on the legal basis of your consent in accordance with Art. 6 (1) lit. a GDPR. This enables us to display information of interest to you on meta platforms and to evaluate and optimize our meta advertisements with the anonymous data collected in this way (we do not see any personal data of individual users, only the overall effect). Storage period max. 12 months. Meta links this data to the Meta account of Meta users according to their data protection information and can thus show them content that corresponds to their interests. Meta is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least occasional) data transfers to the USA is therefore an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR. Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. You can find specific information on how the Meta pixel works in the Meta help section at https://de-de.facebook.com/business/help/651294705016616. You can make settings regarding usage-based advertising on Meta platforms yourself in your Meta account: https://www.facebook.com/settings?tab=ads. Further information can be found in Facebook's privacy policy at https://www.facebook.com/privacy/explanation.
Analysis and tracking tool "Cause-effect"
Our website uses the functions and services of Mario Krispler - URSACHE WIRKUNG (Schanzplatz 5, A-5400 Hallein) on the legal basis of your consent pursuant to Art. 6 (1) lit. a GDPR in order to analyze visitor behavior on our website and also to use this information to present our website visitors with relevant advertisements, including on third-party platforms. This enables us to centrally control and thus optimize the costs and benefits of our online marketing activities. For this purpose, URSACHE WIRKUNG uses the re-targeting technologies specified in this data protection information. URSACHE WIRKUNG does not set its own cookies for this purpose. Only anonymous and pseudonymous data is collected for us and no additional personal data is stored. We have concluded a corresponding agreement with URSACHE WIRKUNG as a processor in accordance with Art. 28 GDPR, which ensures that your data is processed exclusively within the scope of our order. Further information on data protection at URSACHE WIRKUNG can be found at: https://www.ursache-wirkung.at/de/datenschutz/.
2.9 Integration of further services and contents of third parties
We integrate third-party content and functions within our website. This always presupposes that the providers of this content or functions are aware of the IP address of the users (website visitors). Without the IP address, they would not be able to send the content to the respective user's browser. The IP address is therefore required to display this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. However, we have no influence over whether the third-party providers store the IP address, e.g. for statistical purposes. The legal basis for the use of these services, insofar as they are necessary for the function of our website, is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR, otherwise your consent pursuant to Art. 6 (1) lit. a GDPR. Information on the purpose and scope of further processing and use of the data by the providers of the embedded services/content as well as further information within the meaning of Art. Art. 13 and 14 GDPR can be found under the information links below. The following services/content are embedded in our website:
General Solutions map service
We use the map service of General Solutions Steiner GmbH (Bruggfeldstraße 5/III, 6500 Landeck) for cartographic display. For this purpose, the map material is loaded from the General Solutions Steiner GmbH server. The following data is transmitted to General Solutions: the page visited on our website, the IP address of your device and, if applicable, location data. The legal basis for the processing of your data is Art. 6 (1) lit. f GDPR (legitimate interest). Our legitimate interest lies in an appealing presentation of our online offerings and the geographical presentation of the offerings in our region. In the case of location data from mobile devices, the legal basis is your consent in accordance with Art. 6 (1) lit. a GDPR, in that you authorize the transfer of location data on your mobile device. Further information on data protection from General Solutions can be found at: https://general-solutions.eu/uploads/Datenschutzerklaerung.pdf.
YouTube
We embed videos from the "YouTube" platform of the provider Google Ireland Ltd (Gordon House, Barrow Street, Dublin 4, Ireland) in extended data protection mode. The implementation is based on Art. 6 (1) lit. f GDPR, whereby our interest lies in the smooth integration of the videos and the appealing design of our website. However, we only use YouTube if you have consented to this. The legal basis for the processing of your data is therefore your consent in accordance with Art. 6 (1) lit. a GDPR, which you can revoke at any time for the future. When you visit a page in which we have embedded a YouTube video, a connection to the Google servers is established and the content is displayed on the website by notifying your browser. According to Google, in extended data protection mode, your data (in particular which of our web pages you have visited) and device-specific information, including your IP address, are only transmitted to the YouTube server when you watch the video. Google is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least occasional) data transfers to the USA is therefore an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR. Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. If you are logged in to Google at the same time, this information will be assigned to your Google member account. You can prevent this by logging out of your member account before visiting our website or by making individual settings in your Google account under the following link: https://adssettings.google.com/authenticated. Further information on YouTube's data protection at: https://www.google.com/policies/privacy/. More information on how Google uses personal data: https://business.safety.google/privacy/.
TrustYou reviews
We integrate a widget from TrustYou on our website to display reviews of our member businesses (accommodation in our region). The provider of this service is TrustYou GmbH (Agnes-Pockels-Bogen 1, D-80992 Munich). In order to integrate or display these reviews, it is necessary for the IP address and information about the device, browser version and language settings of our website visitors to be transmitted to the TrustYou server (server location Germany). There is a legitimate interest on our part iSd. Art. 6 (1) lit. f GDPR for the use of TrustYou. Our legitimate interest lies in transparent information regarding the quality of our member companies. You have the right to object to the processing. Whether the objection is successful must be determined as part of a balancing of interests. Further information on data protection at TrustYou can be found at: https://www.trustyou.com/de/downloads/privacy-policy-de.pdf.
Webcams (feratel)
We integrate webcams from feratel media technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck) into our website to display the current weather in our region. The implementation is based on our legitimate interest in accordance with Art. 6 (1) lit. f GDPR, whereby our interest lies in providing information on the current weather in our region within our website. When you call up a page in which we have embedded webcams, a connection is established to the provider's servers and the content is displayed on the website by notifying your browser. For this purpose, it is necessary that your IP address together with some browser information (browser type, browser version, etc.) together with information about when you accessed these pages is transmitted to the provider's servers. Further information on data protection at feratel media technologies AG can be found at https://www.feratel.com/datenschutz.html.
3. Other data processing in business and customer contact
In this section we inform you about other data processing processes outside our website.
3.1 Job applications
The contact details and application documents sent to us in the course of a job application are processed by us exclusively internally for the purpose of selecting suitable candidates for an employment relationship. There is no legal or contractual obligation to provide personal data. The only consequence of not providing this data is that you will not be able to submit your application and we will not be able to process it. The personal data transmitted will be stored by us in accordance with the statutory provisions for a maximum of 6 months, or for a maximum of 2 years if the applicant has expressly consented to the documents being kept on file.
3.2 Online presences in social media
In addition to our website, we maintain online presences within social networks and platforms. The legal basis for using these services is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Our legitimate interest lies in communicating with the customers and business partners active there and being able to inform them about our services on these networks. When accessing the respective networks and platforms, the terms and conditions and data protection guidelines of the respective operators of these networks apply. Further information on the processing of your personal data by the respective providers of these services (which personal data is processed for which purposes on which legal basis, how long this data is stored by the respective provider and, if applicable, information on profiling and third country transfers) can be found below in the descriptions of the individual services or via the information links provided there.
Facebook fan page
We operate a Facebook fan page on the "Facebook" platform of Meta Platforms Ireland Ltd (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). [The legal basis for the processing of the associated personal data is our legitimate interest within the meaning of Art. Art. 6 (1) lit. f GDPR. Our legitimate interest lies in providing customers and potential new customers with information about us and our offers via this information channel. We would like to point out that you use this Facebook page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). When you visit our Facebook page, Facebook collects, among other things, your IP address and other information that is collected in the form of cookies or other tracking technologies. The data collected about you in this context is processed by Facebook and may be transferred (at least in part) to the USA. Facebook / Meta is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least in some cases) data transfers to the USA is therefore an adequacy decision of the European Commission within the meaning of Art. 45 (3) GDPR. Art. 45 (3) GDPR, with which the European Commission certifies that the USA has an adequate level of data protection. In a decision, the CJEU determined that "Facebook" and the operator of a Facebook fan page process this personal data as joint controllers within the meaning of Art. Art. 26 GDPR. Facebook provides the contract for joint data processing under the following link: https://www.facebook.com/legal/terms/page_controller_addendum. As the operator of our fan page, we have no influence on the specific content of the agreement. What information Facebook receives and how it is used (how Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users in order to individualize content or advertising, how long Facebook stores this data, whether data from a visit to the Facebook page is passed on to third parties, etc.) is described by Facebook in general terms in its data usage guidelines. There you will also find information on how to contact Facebook and the settings options for advertisements. The privacy policy is available at the following link https://www.facebook.com/privacy/policy/. As fan page operators, we do not receive any additional (non-public) information about individual Facebook users from the analyses by Facebook, but only statistically prepared information (e.g. total number of page views, page activity, post reach, etc.), which helps us to make our posts more attractive.
Instagram is an online service for sharing photos and videos. We have a profile (account) on Instagram. The provider is Meta Platforms Ireland Ltd (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). Further information on the processing of your personal data through the use of Instagram as well as a way to contact us can be found at https://privacycenter.instagram.com/policy/
Pinterest is a mixture of social network and search engine that focuses on visual content, i.e. images and videos. We use this service to generate interest for other of our content on the Internet (in particular our website) with so-called PINs. The provider of this service is Pinterest Europe Ltd (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland). Further information on the processing of your personal data through the use of Pinterest as well as a way to contact us can be found at https://policy.pinterest.com/de/terms-of-service.
Tiktok
TikTok is a video portal for short videos that also offers the functions of a social network. We use this service to generate interest in our offers with short videos. The provider is TikTok Technology Ltd (10 Earlsfort Terrace, Dublin, D02 T380, Ireland). Further information on the processing of your personal data through the use of Pinterest as well as a way to contact us can be found at https://www.tiktok.com/legal/privacy-policy-eea?lang=de.
YouTube
We use a YouTube channel via the video portal "YouTube" to publish our videos. The provider of the service is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Further information on the processing of your personal data through the use of YouTube as well as a way to contact us can be found at https://www.google.com/policies/privacy/.
3.3 Competitions
Your personal data provided for participation in our competitions (email address, name, address) will only be used by us to determine a winner, to inform them of the prize and to send out prizes. Your data will not be passed on to third parties. The legal basis for the processing of your personal data is contract fulfillment pursuant to Art. 6 para. 1 lit. b GDPR. There is no legal or contractual obligation to provide personal data. The only consequence of not providing the data is that you will not be able to take part in the competition. Your data will be stored for the duration of the competition and - for the processing of any prize and compensation claims - for a maximum of 3 years afterwards and then deleted. By participating, you also consent to your name being published on our website and on our public social media channels if you win.
3.4 Photo/video documentation at events
At events, we may take photos and videos of these events or have them taken by photographers commissioned by us, in which you are recognizable as a participant in these events. We need these photos/videos to document and promote our events and will therefore also publish them in our media (e.g. print brochures, website and social media) and make them available to other media owners (print and online) to promote our event. There is no legal or contractual obligation on your part to provide this data. The legal basis for the processing of your personal data (images and videos on which you are recognizable) is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Our legitimate interest lies in our right to public relations (presentation of our activities) and the promotion of our events. You have the right to object to the processing. Please send your objection to the email address we have provided in this privacy policy. However, it can be assumed that our above-mentioned interest in using the photos does not unduly interfere with your rights as the person depicted. This is particularly the case as we take these photos/videos in public spaces and point out the production and use of the photos/videos in advance of each event. We also always ensure that no legitimate interests of persons depicted are violated. If your personal rights and freedoms are violated by an image / video created by us for reasons worthy of special consideration, we will refrain from further processing / publication. Removal from print media that have already been circulated is not possible. In this case, however, we will delete them from our website or our social media channels. We generally delete photos/videos of events if we no longer need these images to document and promote these events.
3.5 Guest card system
Guest card system feratel - Lungau Card
For the use of our regional guest card, we process your personal data (first name, surname, date of birth, period of stay and country of origin/postcode) with the help of our service provider feratel Media Technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck) for the purpose of providing you with the benefits of the free card. Furthermore, it is necessary to store your usage data for the purpose of billing and to make this data available to our service providers for the purpose of controlling internal billing. The legal basis for processing is your consent in accordance with Art. 6 (1) lit. a GDPR, which you give us when you register as a guest at your accommodation provider. You can revoke this consent at any time free of charge. Uses already made remain unaffected by this and are stored for billing purposes. There is no legal or contractual obligation to provide personal data. The only consequence of not providing it is that we will not be able to provide you with the guest card. [We have concluded a corresponding agreement with the company feratel in accordance with Art. 28 GDPR as a processor, which ensures that your data is processed exclusively within the scope of our order. Further information on feratel's data protection can be found at https://www.feratel.com/datenschutz.html.