Data protection information according to Art 12 and 13 GDPR
Version: V6 | Status: March 2023Download as PDF
1. Introduction, validity
1.1. This data protection information applies to the processing of all personal data in the following facilities:
i. Pyhrn-Priel Tourismus GmbH, FN 216132t, LG Steyr
ii. Tourist Board Pyhrn-Priel Tourist Association, iSd Oö. Tourism law
iii. Tourist Recreational Facilities Pyhrn-Priel GmbH, FN 237954h, LG Steyr
as well as future further established or acquired legal persons, the majority of which are owned by the aforementioned institutions (hereinafter all "Tourism Pyhrn-Priel").
Contact details for inquiries / revocations:
Tourism Pyhrn-Priel, Bahnhofstraße 2, 4580 Windischgarsten Fax: +43 (0) 7562 5266-10 / email: firstname.lastname@example.org
1.2. The protection of personal data and compliance with the relevant data protection regulations - currently Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data, on the free movement of data and on the repeal of Directive 95/46 / EC (General Data Protection Regulation - "GDPR") and the Data Protection Act 2018 in the currently applicable version ("DSG 2018") as well as the legal acts issued on the basis thereof - have top priority at Tourismus Pyhrn-Priel. This data protection information provides an overview of which data from Tourismus Pyhrn-Priel is processed for which purposes and how Tourismus Pyhrn-Priel guarantees the protection of this data in accordance with Art. 12 and 13 GDPR.
1.3. This data protection information can be accessed electronically at any time on the website https://www.urlaubsregion-pyhn-priel.at/datenschutz, printed out, downloaded and saved on a storage medium.
1.4. The terms used in this data protection information are defined in terms of Art 4 GDPR.
2nd person in charge, data protection officer
2.1. The person responsible within the meaning of Article 4 (7) GDPR is that in point 1.1. Cited institution, which decides on the purposes and means of processing personal data, is therefore a contractual partner, carries out pre-contractual measures or is subject to the legal obligation to process data. The website www.urlaubsregion-pyhrn-priel.at (“Website”) is operated by Pyhrn-Priel Tourismus GmbH, so that only this person is responsible for all data processing related to the website. Should the responsibility for data processing between the points 1.1. If the listed facilities are unclear, Pyhrn-Priel Tourismus GmbH is responsible in case of doubt. A joint responsibility of several institutions according to point 1.1. exists only if and to the extent that they jointly decide on the purposes and means of processing personal data.
2.2. Data protection officer of the 1.1. mentioned facilities is:
KPMG Security Services GmbH
FN 356786k, HG Vienna Branch
office Linz, Kudlichstraße 41, 4020 Linz
3. Processing of personal data in general
3.1. Tourism Pyhrn-Priel processes (see Art 4 Z 2 GDPR) personal data ("data") of natural persons ("data subject" or individually gender-neutral "data subject") within the meaning of Art 4 Z 1 GDPR.
3.2. The term affected includes all categories of data subjects. These include, in particular, members, employees, job applicants, interested parties and contacts, customers and other contractual partners of Tourismus Pyhrn-Priel (such as in particular suppliers, subcontractors and consultants) as well as their contact persons and users of Tourismus Pyhrn-Priel's online offer (see further point 4.).
3.3. Tourism Pyhrn-Priel processes data only in compliance with the principles set out in Art 5 ff GDPR and only if at least one legality condition according to Art 6 Para 1 GDPR is met. Purpose and duration of processing as well as the legal basis for data processing are regulated in category 4 in point 4.
3.4. Tourism Pyhrn-Priel also processes special categories of personal data within the meaning of Article 9 (1) GDPR ("sensitive data"). Tourismus Pyhrn-Priel only processes sensitive data if there is a case under Article 9 (2) GDPR, in particular if this is necessary due to labor and social law regulations (Article 9 (2) (b) leg cit) or if this data is from Those affected (e.g. in the CVs of job applicants) are voluntarily stated or disclosed (Art 9 Para 2 lit a) and e) leg cit).
3.5. If necessary, i.e. unless there are other legality conditions listed in Art. 6 Para. 1 GDPR or - in the case of sensitive data - no other case of Art. 9 Para. If those affected voluntarily disclose data not required by Tourismus Pyhrn-Priel, they will not be "collected" by Tourismus Pyhrn-Priel and the data subject gives their express consent to the processing of this data by Tourismus Pyhrn-Priel. Affected parties have the right to revoke any consent given at any time in whole or in part. The revocation is to be sent to Tourismus Pyhrn-Priel (contact details see point 1.1.). Although the revocation of consent is not tied to any specific form, it is recommended to declare the revocation in text form (e.g. letter, e-mail or fax) for verification purposes. The revocation of the consent does not affect the processing of data on the basis of other conditions pursuant to Art. 6 Para. 1 GDPR or other cases pursuant to Art. 9 Para.
3.6. Disclosure, transmission or transfer of data by Tourismus Pyhrn-Priel also only takes place if there is at least one legality condition specified in Art.6 (1) GDPR or - for sensitive data - a case in Art.9 (2) GDPR. The categories of recipients to whom Tourismus Pyhrn-Priel passes data are - apart from the recipients categorized in point 4 - in particular the processors in accordance with Art.28 GDPR, authorities and courts and, in the case of debt enforcement measures, collection agencies and lawyers. Tourism Pyhrn-Priel does not transmit any data to recipients in a non-EU member state or to international organizations without consent. Within the Pyhrn-Priel tourism organization, the organizational units and employees receive the data they need to fulfill their duties.
3.7. Automated decision making (“profiling”) does not take place at Tourismus Pyhrn-Priel.
4. Collection of data from the data subject and processing of the same
4.1. Processing of data in the context of the Pyhrn-Priel tourism association
Tourism Pyhrn-Priel collects and processes data of the members of the Pyhrn-Priel Tourism Association and their organ administrators and, if necessary, of them, on the basis of Art 6 Para 1 lit b) (performance of a contract) and c) (performance of a legal obligation) (Employee).
4.2. Processing of data when expressing interest in offers from Tourismus Pyhrn-Priel and when contacting Tourismus Pyhrn-Priel
When expressing interest in offers from Tourismus Pyhrn-Priel and when contacting Tourismus Pyhrn-Priel, data from interested parties in offers from Tourismus Pyhrn-Priel and from contact persons (in particular via the website) is based on Art 6 para 1 lit b) GDPR (implementation of pre-contractual measures) for the purpose of transmitting targeted offers and processing inquiries. The following data categories are processed: access, master, contact and correspondence / communication / content data. In order to process the offer or the inquiry and to answer any follow-up questions, the data of interested parties and contact persons is stored for a period of six months from the inquiry or contact and then deleted.
4.3. Processing of data when ordering and performing contractual services
When ordering and executing contractual services, Tourismus Pyhrn-Priel collects and processes the data necessary for the fulfillment of the contract, depending on the type of legal relationship, in particular access, master, contact, correspondence / communication / content, ordering - / Contract, invoice and bank / account / payment data, on the basis of Art 6 Para 1 lit b) GDPR as well as the data to be collected according to the applicable legal provisions (also) on the basis of Art 6 Para 1 lit c) GDPR. The data will be processed and stored for as long as is necessary for the fulfillment of the contractual relationships (including post-contractual obligations) and for legal (in particular sales tax) reasons. If this is necessary for the purpose of fulfilling the contract, data from customers based on Art 6 Para 1 lit b) GDPR will also be passed on to the vicarious agents and consultants of Tourismus Pyhrn-Priel dealing with the execution of the contractual relationship.
4.4. Processing of data when purchasing Pyhrn-Priel cards
Tourism Pyhrn-Priel processes on the basis of Art 6 Para 1 lit b) GDPR also the data requested when ordering a Pyhrn-Priel Card and absolutely necessary for the provision of services or card use as well as other data voluntarily disclosed by the person concerned to optimize the service (depending on Art the card, in particular master, contact and bank / account / payment data as well as place / destination, date / period and scope of the services offered or used). Data that is absolutely necessary for the fulfillment of the contract or the provision of services is marked accordingly in the course of the ordering process. The data on which the Pyhrn-Priel Cards are based are stored for the validity period of the respective card, otherwise for a maximum of 48 months and then deleted.
4.5. Processing of data when visiting the website
When visiting the website, necessary (technical) data (access data in the sense of point 7 and cookies in the sense of point 8) of the website visitors for the operation, security and optimization of the website based on the legitimate interests of Tourism Pyhrn Priel on this according to Art 6 Para. 1 f) GDPR collected and processed (see further points 7 and 8).
4.6. Data processing when using online platforms
Tourism Pyhrn-Priel operates a platform on the website through which interested parties can access information and documents about offers in the Pyhrn-Priel region online and book excursions and / or stays in the region online with external service providers. The data collected from the person concerned in the course of the booking process, such as in particular the number of people, first and last name, address / address, country, date of birth, email address, telephone number, arrival / departure dates, other information about the excursion / stay and payment information , are processed to process the booking in the "feratelDeskline® WebClient" system. Tourism Pyhrn-Priel, however, only provides the platform free of charge and without obligation and does not enter into any contractual relationship with the interested party. Any contracts are concluded exclusively between the interested party and the external service provider. Tourism Pyhrn-Priel therefore uses the system to collect the data necessary for booking based on their legitimate interests in accordance with Article 6 (1) (f) GDPR (in particular their interest in the application and support of regional companies) and provides the booking data via the System available to the external service provider. Required data are marked accordingly during the booking process. Payment transactions are encrypted in any case.
4.7. Processing of data from job applicants
Tourismus Pyhrn-Priel processes applicant data – in particular master, contact, correspondence/communication/content data and other data that the applicant provides in his application – on the basis of Art 6 Para 1 lit b) GDPR (implementation of pre-contractual measures ). If an (online) form is provided for applications, the data required for the assessment of the application will be marked accordingly. Sensitive data voluntarily provided by the job applicant in his application will be processed on the basis of Art 9 Para 2 lit a) GDPR. Tourismus Pyhrn-Priel processes and stores this data - subject to a (pending, announced or imminent) legal dispute - generally for a period of six months from receipt of the application.
4.8. Processing data from employees
Furthermore, on (employment) contractual and legal basis (Art 6 Para 1 lit b) and c) DSGVO) data, in particular master, contact, correspondence/communication/content, contract, personnel administration and payroll data , as well as on the basis of Art. 9 Para. 2 lit a) and lit c) GDPR also processes voluntarily disclosed and required sensitive data (such as sick leave) of employees in accordance with labor and social law regulations. This data also flows to a personal accountant, banks to process salary payments and the social security agency for further processing. For the purpose of contacting customers and contractual partners, based on Tourismus Pyhrn-Priel’s legitimate interest in a smooth course of business in accordance with Art 6 Para 1 lit f) GDPR and Section 12 Para 2 Z 4 DSG 2018, professional contact details and portrait photos of employees on the website to be published.
4.9. Processing of data for the purpose of direct advertising
If Tourismus Pyhrn-Priel receives the e-mail address of the person concerned in connection with a sale or the provision of a service, it is entitled due to its legitimate interest in accordance with Art 6 Paragraph 1 Letter f) GDPR, by direct mail by e-mail in the form of To transmit information and mailings for own or similar products and services. Data subjects have the right to object at any time (especially when transmitting the emails) to the processing of data relating to them for the purpose of such advertising (see point 15.8.).
4.10. Processing of data when sending email newsletters
If Tourismus Pyhrn-Priel sends e-mail newsletters, it collects and processes the e-mail address of subscribers to e-mail newsletters only on the basis of consent in accordance with Article 6 (1) (a) GDPR and stores them for as long as until the subscribers have unsubscribed or have withdrawn their consent (see points 12 and 15 October).
4.11. Processing of data from digital vacation companions (hereinafter referred to as "Franzi")
To use Franzi, it is possible to register and create a profile on the respective Progressive Web App (abbreviated PWA) from Franzi der Tourismus Pyhrn-Priel using a device (e.g. smartphone, PC). With a registration or identification, the customer can use the services of Franzi. In order to use the information and receive the services offered by Tourismus Pyhrn-Priel, it is necessary to register by providing your e-mail address.
In this context, Tourismus Pyhrn-Priel collects the following data: name, e-mail address, home address, date of birth, insofar as this is necessary for the use of Franzi's offers or the collection of registration data. In addition, data is collected as described in point 8 of this data protection declaration.
Tourismus Pyhrn-Priel only processes the data collected via Franzi on the basis of consent within the meaning of Art 6 Para 1 lit a) GDPR, also for the purpose of advertising your data for the purposes of advertising the products offered by Tourismus Pyhrn-Priel or in the region Marketing campaigns of various kinds (e.g. sending newsletters by e-mail, sending messages in Franzi's PWA).
Your data will only be passed on to third parties if this is necessary for the purpose of processing the guest registration.
If the above data is changed and/or supplemented in the course of registration or by you, this supplemented/modified data will also be stored and processed by Tourismus Pyhrn-Priel.
According to the current status, no cookies are used when operating Franzi that are not absolutely necessary for operation or functioning. If (in the future) cookies are also used that are not absolutely necessary for this, they will only be used on the basis of consent in accordance with Art. 6 Para. 1 lit a) GDPR, which can be given by actively clicking on a tick box. Otherwise point 8 applies.
4.12. Processing of data when purchasing an employee card
Tourismus Pyhrn-Priel processes on the basis of Art 6 Para 1 lit b) GDPR also the data requested when ordering an employee card and absolutely necessary for the provision of services or card use as well as other data voluntarily provided by the person concerned to optimize performance (depending on the type of card in particular Master, contact and bank/account/payment data as well as place/destination, date/period and scope of the services offered or used). Data that is absolutely necessary for the fulfillment of the contract or the provision of services will be marked accordingly in the course of the ordering process. The data on which the employee card is based is stored for the period of validity of the respective card, otherwise for a maximum of 48 months and then deleted.
5. Collection of data from third parties
Tourism Pyhrn-Priel generally does not process any data that is not collected from the person concerned, except for the necessary technical access data in accordance with point 7 when accessing the website and data collected by necessary cookies in accordance with point 8.
6. Duration of data processing, retention and storage period
6.1. Tourism Pyhrn-Priel does not process and store data permanently, but only in accordance with the deadlines stipulated in the applicable legal regulations, but at least as long as this is necessary for the purposes for which the data was collected. Tourismus Pyhrn-Priel stores data in a form that only enables those affected to be identified for as long as is necessary for the purposes for which they are processed.
6.2. If it is possible to specify a storage or storage period for data, this is regulated in category 4 in point 4. In the case of existing contractual relationships, the relevant data - subject to other legal bases that also permit data processing - will be processed and stored for as long as is necessary for the fulfillment of the contractual relationships (including post-contractual obligations).
6.3. If data is only processed on the basis of consent (see point 3.5.), This data will be deleted immediately as a result of the consent being withdrawn on the part of the data subject, and will not (further) be processed. The same applies in the event of a legitimate objection in accordance with Art.21 GDPR, if data is only processed on the basis of a legitimate interest in accordance with Art.6 Para. 1 lit.
7. Collection of access data when using the website
7.1. People can visit the website without providing personal information. Tourism Pyhrn-Priel (specifically responsible: Pyhrn-Priel Tourismus GmbH) only collects and processes data of a technical nature about every access to the website as part of the operation of its website, which is automatically processed when it is accessed and which are considered personal or to determine the Person or personal data of data subjects could be used and are stored in so-called server log files ("access data"). This includes the IP address, unique device identification, type and version of the operating system and browser, file name and path, type of transmission protocol, date and time of access, transferred bytes, referrer URL (previously visited page) and the requesting provider.
7.2. Tourism Pyhrn-Priel does not process this access data for the purpose of identifying the person or determining other personal data of the person concerned, but only for the purpose of operation, the needs-based design, adaptation, improvement, maintenance, optimization and further development of the website (including Functions, services, modules and features) as well as for error detection and correction, for maintaining system security and - if web analysis tools are used - for the purpose of internal statistical evaluation without drawing any conclusions about the person concerned. There is also no profiling.
7.3. The provision, maintenance and administration of the web server is carried out by the processor TTG Tourismus Technologie GmbH, Freistädter Straße 119, 4041 Linz.
8.1. Cookies are files that are stored locally in the cache of the website visitor's Internet browser and that are used in particular to offer additional functions on the website that can be used to recognize the accessing Internet browser and store temporary files in a user-friendly, effective manner. to make it more secure, and - if web analysis tools are used - to enable an (anonymized) analysis of the use of the website.
8.2. Cookies, which are absolutely necessary for the functioning of the website, are used on the basis of the legitimate interests of Tourismus Pyhrn-Priel in accordance with Article 6 (1) (f) GDPR in the operation, security and optimization of the website. Any other cookies are processed on the basis of consent in accordance with Article 6 (1) (a) GDPR, which can be granted when you visit the website by actively clicking a tick box. Those affected have the option of withdrawing their consent at any time by deactivating and / or deleting cookies in the settings of their Internet browser, and specifying how long they are stored and when they are deleted. The procedure for doing this depends on the internet browser used by those affected. However, not accepting and deactivating cookies can result in certain functions and / or content of the website not working or not working as expected.
8.3. Session cookies are temporarily stored for the duration of the access by the person concerned and deleted after the browser is closed; Persistent cookies remain on the end device of the person concerned until they remove it from their browser.
9. Web analysis tools
The following web analysis tools are used on the website on the basis of consent in accordance with Art 6 Para 1 lit a) GDPR, which can be granted by visiting a tick box when you visit.
9.1. Google Analytics
9.1.2. Google uses this information to evaluate the use of the website, to compile reports on website activity for Pyhrn-Priel tourism and to provide it with other services related to website activity. Furthermore, Google uses the transmitted information, among other things, to provide, maintain and improve its services, to develop new services, to measure the effectiveness of certain advertisements and to protect against fraud and abuse.
The website uses the tracking of Adform A / S, 1. sal. K, Wildersgade 10B, 1408 København, Denmark. Adform uses a cookie to display target group-oriented advertisements via the Adform platform. For this purpose, the geographical origin, device type and pages accessed, but no information for the identification of people are recorded.
This website uses the open source web analytics service Matomo, a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769, ("Matomo"). Matomo uses technologies that enable cross-site recognition of the user to analyze user behavior. Matomo is hosted exclusively on our own servers, so that all analysis data remain with us and are not passed on. The IP address is anonymized before it is saved (shortened by the last two bytes).
With the help of Matomo we are able to collect and analyze data about the use of our website by website visitors. This enables us to find out when which page views were made and from which region they come. We also record various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors carry out certain actions (e.g. click behaviour).
The data is processed based on our legitimate interest in the anonymous analysis of user behavior in order to optimize our website (Art. 6 (1) lit. f GDPR). If you have given us your consent to set "analysis" cookies, additional cookies will be set by Matomo. This means that returning users can also be recognized and their behavior on our website can be "analyzed" in more detail. This data is processed on the basis of Art. 6 (1) lit. a GDPR. You can revoke your consent at any time in the cookie settings.
Apart from not giving your consent, data subjects have the option at any time to deactivate and / or delete cookies in the settings of their internet browser and to specify how long they are stored and when they are deleted. The procedure for doing this depends on the internet browser used by those affected. In addition, those affected can prevent the processing of data generated by cookies and related to their use by using the browser add-on available at http://tools.google.com/dlpage/gaoptout?hl=de to deactivate Google Download and install Analytics or deactivate Adform under the link https://site.adform.com/de/privacy-center/platform/widrufsrecht/. Furthermore, data subjects can delete the data processed by Adform here: https://site.adform.com/privacy-center/platform-privacy/right-to-be-forgotten/.
10. Google marketing services, remarketing
10.1. Furthermore, the remarketing function within the Google AdWords service is used on the website on the basis of consent in accordance with Article 6 (1) (a) GDPR, which can be granted when visiting by actively clicking a tick box. With the remarketing function, Tourism Pyhrn-Priel can present the affected parties with advertisements based on their interests on other websites within the Google display network (on Google itself, so-called "Google Ads", or on other websites). For this purpose, the interaction of the person concerned on the website is analyzed, e.g. which offers the person concerned was interested in, in order to be able to display targeted advertising to the person concerned even after visiting the Pyhrn-Priel Tourism website on other websites. Tourismus Pyhrn-Priel uses the "Google Tag Manager" to manage the Google marketing services.
10.2. For this purpose, (re) marketing tags ("web beacons") are integrated into the website when the website is accessed, on which Google marketing services are activated after consent has been given. With their help, cookies are set in the internet browser of the person concerned, which record the visits. In particular, the following data is recorded in this file: the website visited, what content the person concerned was interested in, what offers the person concerned clicked on, technical information on the browser and operating system of the person concerned, referring websites, time of visit / length of stay, information on the use of the online Offers / interaction with the website, IP address of the person concerned. If the person concerned then visits other websites, the advertisements tailored to his interests can be displayed. The data collected in this way only serve to clearly identify a web browser and is processed pseudonymously as part of the Google marketing services. The information collected by Google Marketing Services about the data subject is transmitted to Google and stored on Google servers in the USA (see section 9.1.).
10.3. So-called "conversion tracking" is used when using the Google AdWords service. If data subjects have reached the website via an advertisement placed by Google, Google AdWords places cookies on the data subject's computer. These cookies lose their validity after 30 days and are not used for personal identification. The information obtained using the conversion cookies is used to compile statistics for Pyhrn-Priel Tourism. If the person concerned visits the website and the cookies have not yet expired, Tourismus Pyhrn-Priel can recognize that the person concerned clicked on the ad and was forwarded to the website. Tourism Pyhrn-Priel thus finds out the total number of people affected who clicked on their ad and were forwarded to their website. However, it does not receive any information that can be used to personally identify those affected.
10.4. Apart from not giving your consent, those affected have the option at any time to deactivate personalized advertising through Google marketing services in their Internet browser settings. Alternatively, those affected have the option of downloading and installing a browser plug-in at the following link to deactivate personalized advertising: https://www.google.com/settings/ads/plugin.
11. Integration of services and content from third parties, social plugins
11.1. Third-party plugins are also used on the website to integrate their content and services (such as videos). However, such plugins are only called up on the basis of consent in accordance with Article 6 (1) (a) GDPR. If data subjects consent to the call of such plugins, a connection to the servers of the third party providers is established and the corresponding plugin is called. The content of the plugins is transmitted directly from the respective third party provider to the person's browser. By calling up the plugins, the third-party providers receive the information that the browser of the person concerned has accessed the Tourismus Pyhrn-Priel website, even if they are not logged in to the relevant third-party provider or are not currently logged in. The plugin transmits log data to the respective third-party server. This log data contains the following data: IP address, the address of the websites visited, which also contain plug-in functions, type and settings of the browser, date and time of the request, the use of the plug-in and cookies.
11.2. The processing of the data by the third party providers takes place within the framework of the respective data protection regulations of the third party providers. Tourism Pyhrn-Priel, as the operator of the website, has no knowledge of the content of the data transmitted to the third party providers or their processing. In any case, third-party providers can use so-called pixel tags (invisible graphics or "web beacons") for statistical or marketing purposes. In addition, pseudonymous information can be stored in cookies on the device of the person concerned and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information on the use of the Tourismus Pyhrn-Priel website, as well as such information from other sources get connected.
11.3. If the person concerned is registered with the third-party provider and logged into user accounts of the third-party provider, the third-party provider can personally assign the user behavior to the person concerned. The data subject can prevent this by logging out of their user account beforehand. If a person concerned is not a member of the third-party provider, the third-party provider can still find out and save certain data (see point 11.1.).
11.4. Apart from not giving consent, those affected can completely prevent the plug-ins from being loaded with add-ons for their browser, for example with the script blocker "NoScript" (http://noscript.net/). In addition, attention is also drawn to the possibility of deactivating cookies (see point 8.2.).
11.5. The following illustration provides an overview of third-party providers as well as their content and links to their data protection regulations, which contain further information on the processing of data by third-party providers and options for objection:
- Social plugins of the social network “Facebook”, which is operated by Meta Platforms Ireland, Ltd, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (data protection regulations: https://www.facebook.com/about/privacy) is operated; the plugins can represent interaction elements or content (e.g. videos, graphics or text contributions) and can be recognized by one of the Facebook logos (white "f" on a blue tile, the terms "like", "like" or a "thumbs up") -Characters) or are marked with the addition "Face-book Social Plugin"; the list and appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins;
- Social plugins of the “Twitter” service of the third-party provider Twitter, Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (data protection regulations: https://twitter.com/de/privacy);
- Social plugins of the "Instagram" service of the third-party provider Instagram, Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA (data protection regulations: http://instagram.com/about/legal/privacy)
- Social plugins of the social network "Pinterest" of the third-party provider Pinterest, Inc, 635 High Street, Palo Alto, CA, 94301, USA (data protection regulations: https://about.pinterest.com/de/privacy-policy);
- Social plugins of the “Snapchat” service of the third-party provider Snapchat, Inc, Attn: copyright Agent, 63 Market Street, Venice, CA 90291, USA (data protection regulations: www.snapchat.com/l/de-de/ privacy);
- The "Google reCAPTCHA" service from the third-party provider Google to differentiate whether the entry is made by a natural person or improperly through automated and automated processing;
- Maps of the "Google Maps" service from the third-party provider Google;
- Videos from the "YouTube" platform from the third-party provider Google;
- Videos of the "Vimeo" platform from the third-party provider Vimeo, LLC with headquarters at 555 West 18th Street, New York, New York 10011 (data protection regulations: https://vimeo.com/privacy).
11.6. Some of the third-party providers are certified under the Privacy Shield Agreement and thereby guarantee compliance with the European data protection level, such as Google (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active) and face-book ( https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
12. Email newsletters and electronic notifications
12.1. Tourism Pyhrn-Priel sends physical brochures by post as well as e-mail newsletters and electronic notifications with advertising information - subject to direct advertising in accordance with point 4.9. - only on the basis of consent in accordance with Art 6 Para 1 lit a) GDPR. To register for the e-mail newsletter, it is sufficient to enter an e-mail address.
12.2. The registration for the e-mail newsletter takes place in a so-called double opt-in procedure, ie the person concerned receives an e-mail after registering for the e-mail newsletter, in which he is asked to confirm his registration. This confirmation is necessary so that no one can register with a different email address. The registrations for the e-mail newsletter are logged in order to be able to demonstrate the registration process in accordance with the legal requirements. This includes storing the IP address and the time of registration and confirmation. Changes to the stored data are also logged.
12.3. The e-mail newsletter and electronic notifications are sent by the shipping service provider and processor, TTG Tourismus Technologie GmbH, Freistädter Straße 119, 4041 Linz. Tourismus Pyhrn-Priel has concluded an order processor contract with the shipping service provider, in which the latter undertakes to process, protect and not pass on the data of those concerned only in accordance with Art. 28 GDPR on behalf of Tourismus Pyhrn-Priel ( see point 13 below).
12.4. If you subscribe to an email newsletter, the email, login data and IP address of the person concerned will be processed and stored until they unsubscribe from the newsletter. The data processed after registration, namely the emails sent to those affected, whether and when they were opened or blocked or marked as spam, whether they could not be delivered temporarily or permanently, and the links clicked for a period of 12 months saved and then deleted. Those affected can unsubscribe from the e-mail newsletter at any time, ie withdraw their consent. A link to unsubscribe from the email newsletter can be found at the end of each email.
13. Data processing on behalf of Tourismus Pyhrn-Priel
13.1. If data is processed on behalf of Tourismus Pyhrn-Priel, it only works with contract processors within the meaning of Art 4 No. 8 GDPR, who offer sufficient guarantees that suitable technical and organizational measures are carried out in such a way that the processing is in accordance with the existing ones Legislation is in place and the protection of the rights of those affected is guaranteed. For this purpose, Tourismus Pyhrn-Priel concludes corresponding contracts with their processors (provided these third-party providers do not already have the relevant conditions) that meet the requirements of Art 28 GDPR and observes Art 44 ff GDPR for processors based in third countries.
13.2. Processors from Tourismus Pyhrn-Priel are currently:
- TTG Tourismus Technologie GmbH, Freistädter Straße 119, 4041 Linz (IT support)
- feratel media technologies AG (feratelDeskline® WebClient)
- feratel media technologies AG (Personal Interests' Assistant - PIA - FRANZI)
- TTG Tourismus Technologie GmbH (sending e-mail newsletter)
- Google, LLC (web analysis, marketing, remarketing)
- Meta Platforms Ireland, Ltd
- Twitter, Inc
- Instagram, Inc
- Pinterest, Inc
- Snapchat, Inc
- Vimeo, Inc
- Datatrans AG - payment processor
- Atlassian Service Desk
- BMD SYSTEMHAUS GmbH (accounting)
14. Security of data processing
Tourism Pyhrn-Priel takes appropriate and suitable technical and organizational measures for the security of data and data processing, taking into account the criteria of Art 32 GDPR and ensures that the data is protected against unauthorized or unlawful processing and against loss, damage and change.
15. Rights of those affected
15.1. Tourism Pyhrn-Priel safeguards the rights of those affected in accordance with the applicable legal provisions. According to the current legal situation, the data subjects have the following (abstract) rights. Those affected can assert their rights by sending a correspondingly specific request - recommended in text form (e.g. letter or email) - to Tourismus Pyhrn-Priel (contact details see point 1.1.). Tourism Pyhrn-Priel will meet these deadlines, provided that the applicable legal provisions provide deadlines for completing the request.
15.2. Right to confidentiality
Tourism Pyhrn-Priel upholds the fundamental right of the person concerned to data protection in accordance with § 1 Paragraph 1 DSG 2018 and the right to data confidentiality in accordance with § 6 DSG 2018. 15.3. Right to information and information Under the conditions and in accordance with Art 13 to 15 GDPR, the person concerned has the right to information and information about the processing of his data by Tourismus Pyhrn-Priel and his rights.
15.4. Right to rectification and completion
Under the conditions and in accordance with Art.16 GDPR, the person concerned has the right to correct incorrect and complete incomplete data concerning him.
15.5. Right to cancellation
Under the conditions and in accordance with Article 17 GDPR, the person concerned has the right to request the immediate deletion of data relating to him.
15.6. Right to restriction of processing
Under the conditions and in accordance with Article 18 GDPR, the person concerned has the right to request that the processing of their data be restricted.
15.7. Right to data portability
Under the conditions and in accordance with Article 20 GDPR, the person concerned has the right to receive data relating to him, which he has provided to Tourism Pyhrn-Priel, in a structured, common and machine-readable format and to transmit this data to another person responsible or from tourism To request Pyhrn-Priel to transfer the data processed by it directly to another responsible person, insofar as this is technically feasible and provided that the rights and freedoms of other people are not thereby impaired.
15.8. Right to object
Under the conditions and in accordance with Article 21 GDPR, the person concerned has the right, for reasons that arise from his particular situation, at any time against the processing of data relating to him, which takes place on the basis of Article 6 (1) (e) or (f) GDPR To file an objection. In the event of a justified objection, Tourismus Pyhrn-Priel will no longer process the data of the data subject affected by the objection, unless it can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves the purpose of Assertion, exercise or defense of legal claims. If the data subject objects to processing for direct marketing purposes, their data will no longer be processed for these purposes.
15.9. Right not to be subjected to an automated decision
Under the conditions and in accordance with Article 22 GDPR, the person concerned has the right not to submit to a decision based solely on automated processing - including profiling - which has legal effect or similarly significantly affects him.
15.10. Right of withdrawal
Pursuant to Art 7 (3) GDPR, the data subject has the right to revoke his consent to the processing of data relating to him at any time without affecting the legality of the processing carried out based on the consent until the revocation.
15.11. Right to complain
Pursuant to Art 77 GDPR in conjunction with Section 24 DSG 2018, the person concerned has the right to lodge a complaint with the relevant supervisory authority (data protection authority) without prejudice to any other administrative or judicial remedy.
15.12. Right to judicial remedy
Pursuant to Art 79 GDPR in conjunction with Section 27 DSG 2018, the person concerned has the right to an effective judicial remedy against a legally binding decision of the supervisory authority (right to appeal to the Federal Administrative Court) without prejudice to any other administrative or extrajudicial legal remedy.
17.1. Despite all precautions and measures taken by TOURISM PYHRN-PRIEL, it can not be ruled out that there will be data disclosure, loss, damage or alteration and that the affected person will suffer damage. TOURISM PYHRN-PRIEL assumes no responsibility or liability for any damages or consequential damages arising out of or in connection with data disclosure, loss, damage or alteration, unauthorized and / or manipulative access to or interference with data processing and transmission, and violations of data protection regulations ( DSGVO, DSG 2018), which were not unlawfully and culpably caused by her or their attributable persons. In particular, TOURISMUS PYHRN-PRIEL assumes no responsibility or liability for any damages incurred by the AFFECTED through the use of its DATA by GOOGLE or any other third party. The TOURISM PYHRN-PRIEL WEBSITE contains links to other websites the content of which TOURISMUS PYHRN-PRIEL has no influence. TOURISM PYHRN-PRIEL assumes no responsibility or liability for this content. The content and accuracy of the information provided there is the sole responsibility of the respective provider of the linked website.
17.2. If the AFFECTED consumer is within the meaning of the Consumer Protection Act (KSchG), TOURISM PYHRN-PRIEL shall be liable to the AFFECTED for damages - with the exception of personal injury as well as material and financial loss as a result of a breach of contractual primary obligations - only in the case of intent or gross negligence.
17.3. If the AFFECTANT is not a consumer within the meaning of the KSchG, TOURISM PYHRN-PRIEL shall be liable to the affected for damages - with the exception of personal injury - only in case of intent and gross negligence and the liability for mere financial losses, consequential damages, damages from claims of third parties and loss of profit is excluded.
17.4. The liability of TOURISMUS PYHRN-PRIEL is in any case limited to the amount of liability insurance available for the specific case of damage.
17.5. The foregoing exclusions or limitations of liability also apply to TOURISMUS PYHRN-PRIEL owners, bodies and their members, employees, agents and responsible assistants, as well as to contracted processors and to all persons recruited by them.
18. Applicable law, jurisdiction
This ADE is subject to substantive Austrian law, excluding the conflict of laws rules of international private law. For consumers within the meaning of the Consumer Protection Act, this choice of law applies only insofar as it does not deprive the protection granted by mandatory provisions of the law of the state in which the consumer has his habitual residence. For data protection disputes or disputes arising out of or in connection with this ADE, including disputes about their validity, the exclusive jurisdiction of the competent court at the headquarters of Pyhrn-Priel Tourismus GmbH is agreed, as far as the non-mandatory law (in particular the KSchG or the Regulation (EU) No 1215/2012 - EUTRO).
19. Cooperation with supervisory authorities
TOURISM PYHRN-PRIEL is committed to working with the relevant regulatory authorities to handle any complaint concerning the processing of the DATA that it can not resolve with the PARTY concerned.
20. ADE changes, severability clause
20.1. TOURISM PYHRN-PRIEL regularly reviews the adherence and timeliness of this ADE, and reserves the right to amend or supplement it at any time and without cause, including, but not limited to, compliance with applicable law and interest of the data subject (in particular the transparency of the processing concerning him). If the AFFILIATE's consent is required or contains elements of the ADE Contractual Relationships with AFFECTED PARTIES, the changes will only be made with the consent of the PARTICIPANT.
20.2. Modified or supplemented ADE are published on the WEBSITE of TOURISMUS PYHRN-PRIEL (see contact details point 1.1.) And can therefore be retrieved, printed and downloaded electronically at any time by the interested party.
20.3. Should individual provisions of this ADE be or become ineffective, this will not affect the validity of the remaining provisions.
21. Further information
THE CONFIDENCE OF THE AFFECTED IN TOURISM PYHRN-PRIEL AND ITS PERFORMANCE IS TOURISM PYHRN-PRIEL A SPECIAL concern. For questions on the processing and use of the data, TOURISM PYHRN-PRIEL is listed under point 1.1. contact information is available.
Attachments to this ADE form an integral part of it.