1.1 This data protection information applies to the processing of all personal data in the following organisations:
i. Pyhrn-Priel Tourismus GmbH, FN 216132t, LG Steyr
ii. Tourismusverband Pyhrn-Priel, tourism association within the meaning of the Upper Austrian Tourism Act
iii. Touristische Freizeiteinrichtungen Pyhrn-Priel GmbH, FN 237954h, LG Steyr
as well as any other legal entities founded or acquired in the future that are majority-owned by the aforementioned organisations (hereinafter all "Tourismus Pyhrn-Priel").
Contact details for enquiries / cancellations:
Tourismus Pyhrn-Priel, Bahnhofstraße 2, 4580 Windischgarsten Fax: +43 (0) 7562 5266-10 / E-Mail: info@pyhrn-priel.net
1.2 The protection of personal data and compliance with the relevant data protection regulations - currently Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - "GDPR") and the Data Protection Act 2018 as amended ("DSG 2018") and the legal acts adopted on the basis thereof - have the highest priority at Tourismus Pyhrn-Priel. In accordance with Art. 12 and 13 GDPR, this data protection information provides an overview of which data is processed by Tourismus Pyhrn-Priel and for what purposes and how Tourismus Pyhrn-Priel guarantees the protection of this data.
1.3 This data protection information can be accessed electronically at any time on the website https://www.urlaubsregion-pyhrn-priel.at/datenschutz, printed out, downloaded and stored on a storage medium.
1.4 The terms used in this data protection information are to be understood as defined in Art 4 GDPR.
2.1 The controller within the meaning of Article 4(7) GDPR is the organisation listed in point 1.1. that decides on the purposes and means of processing personal data, i.e. is the contractual partner, carries out pre-contractual measures or is subject to the legal obligation to process data. The website www.urlaubsregion-pyhrn-priel.at ("website") is operated by Pyhrn-Priel Tourismus GmbH, meaning that only Pyhrn-Priel Tourismus GmbH is responsible for all data processing relating to the website. If the responsibility for data processing between the organisations listed under point 1.1. is unclear, Pyhrn-Priel Tourismus GmbH is responsible in case of doubt. Joint responsibility of several organisations in accordance with point 1.1. only exists if and to the extent that they jointly decide on the purposes and means of processing personal data.
2.2 The data protection officer of the organisations listed in point 1.1. is
KPMG Security Services GmbH
FN 356786k, HG Wien
Zweigniederlassung Linz, Kudlichstraße 41, 4020 Linz
E-Mail: DSBA-pyhrn-priel@kpmg.at
3.1 Tourismus Pyhrn-Priel processes (see Art 4 Z 2 GDPR) personal data ("data") of natural persons ("data subject" or individually gender-neutral "data subject") within the meaning of Art 4 Z 1 GDPR.
3.2 The term "data subject" includes all categories of persons affected by the data processing. These include in particular members, employees, job applicants, interested parties and contact persons, customers and other contractual partners of Tourismus Pyhrn-Priel (such as in particular suppliers, subcontractors and consultants) as well as their contact persons and users of the online offer of Tourismus Pyhrn-Priel (see further point 4.).
3.3 Tourismus Pyhrn-Priel processes data only in compliance with the principles laid down in Art 5 ff GDPR and only if at least one lawfulness condition pursuant to Art 6 para 1 GDPR is fulfilled. The purpose and duration of processing as well as the legal basis for data processing are regulated by category in point 4.
3.4 Tourismus Pyhrn-Priel also processes special categories of personal data within the meaning of Art. 9 para. 1 GDPR ("sensitive data"). Tourismus Pyhrn-Priel only processes sensitive data if a case of Art 9 para 2 GDPR exists, in particular if this is necessary due to labour and social law regulations (Art 9 para 2 lit b) leg cit) or if this data is voluntarily provided or disclosed by the data subject (e.g. in CVs of job applicants) (Art 9 para 2 lit a) and e) leg cit).
3.5 If necessary, i.e. if no other lawfulness condition listed in Art. 6 para. 1 GDPR or - in the case of sensitive data - no other case of Art. 9 para. 2 GDPR exists (or as a precautionary measure in addition to this), Tourismus Pyhrn-Priel will obtain the consent of the data subjects. If data subjects voluntarily disclose data not required by Tourismus Pyhrn-Priel, they will not be "collected" by Tourismus Pyhrn-Priel and the data subject thereby gives their express consent to the processing of this data by Tourismus Pyhrn-Priel. Data subjects have the right to revoke any consent given in whole or in part at any time. The revocation is to be addressed to Tourismus Pyhrn-Priel (contact details see point 1.1.). Although the revocation of consent is not bound to any particular form, it is recommended to declare the revocation in text form (e.g. letter, e-mail or fax) for verification purposes. The withdrawal of consent does not affect the processing of data on the basis of other conditions pursuant to Art. 6 para. 1 GDPR or other cases pursuant to Art. 9 para. 2 GDPR or the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
3.6 Tourism Pyhrn-Priel will also only disclose, transfer or pass on data if at least one of the lawfulness conditions listed in Art. 6 para. 1 GDPR or - in the case of sensitive data - a case of Art. 9 para. 2 GDPR exists. The categories of recipients to whom Tourismus Pyhrn-Priel passes on data are - apart from the recipients listed by category in point 4 - in particular the processors pursuant to Art 28 GDPR, authorities and courts and, in the case of debt collection measures, debt collection agencies and lawyers. Tourismus Pyhrn-Priel does not transmit any data to recipients in a non-EU member state or to international organisations without consent. Within the Tourismus Pyhrn-Priel company, the organisational units and employees receive the data they need to fulfil their duties.
3.7 Automated decision-making ("profiling") does not take place at Tourismus Pyhrn-Priel.
4.1 Processing of data within the framework of the Pyhrn-Priel Tourist Board
Tourismus Pyhrn-Priel collects and processes data of the members of the Tourismus Pyhrn-Priel Tourist Board and their executive bodies and, if necessary, of persons attributable to them (employees) on the basis of Art 6 para 1 lit b) (fulfilment of a contract) and c) (fulfilment of a legal obligation) GDPR.
4.2 Processing of data when expressing interest in offers from Tourismus Pyhrn-Priel and when contacting Tourismus Pyhrn-Priel
When expressing interest in offers from Tourismus Pyhrn-Priel and when contacting Tourismus Pyhrn-Priel, data of persons interested in offers from Tourismus Pyhrn-Priel and of persons making contact (in particular via the website) are processed on the basis of Art 6 para 1 lit b) GDPR (implementation of pre-contractual measures) for the purpose of transmitting targeted offers and processing enquiries. The following data categories are processed: Access data, master data, contact data and correspondence/communication/content data. In order to process the offer or enquiry and to answer any follow-up questions, the data of interested parties and contacting persons will be stored for a period of six months from the date of the enquiry or contact and then deleted.
4.3 Processing of data when ordering and performing contractual services
When ordering and executing contractual services, Tourismus Pyhrn-Priel collects and processes the data necessary for the purpose of fulfilling the contract, in particular access, master, contact, correspondence/communication/content, order/contract, invoice and bank/account/payment data, depending on the type of legal relationship, on the basis of Art. 6 para. 1 lit. b) GDPR and the data to be collected in accordance with the applicable legal provisions (also) on the basis of Art. 6 para. 1 lit. c) GDPR. The data will be processed and stored for as long as this is necessary for the fulfilment of the contractual relationships (including post-contractual obligations) and for legal (in particular VAT) reasons. Insofar as this is necessary for the purpose of fulfilling the contract, customer data will also be passed on to the vicarious agents and consultants of Tourismus Pyhrn-Priel involved in the processing of the contractual relationship on the basis of Art 6 para 1 lit b) GDPR.
4.4 Processing of data when purchasing Pyhrn-Priel Cards
On the basis of Art. 6 (1) (b) GDPR, Tourismus Pyhrn-Priel also processes the data requested when ordering a Pyhrn-Priel Card and absolutely necessary for the provision of services or card use as well as other data voluntarily provided by the person concerned for the purpose of service optimisation (depending on the type of card, in particular master, contact and bank/account/payment data as well as place/destination, date/period and scope of the services offered or used). Data required for the fulfilment of the contract or provision of services will be marked accordingly during the ordering process. The data on which the Pyhrn-Priel-Cards are based will be stored for the period of validity of the respective card, otherwise for a maximum of 48 months and then deleted.
4.5 Processing of data when visiting the website
When visiting the website, necessary (technical) data (access data within the meaning of point 7. and cookies within the meaning of point 8.) of the website visitors are collected and processed for the operation, security and optimisation of the website on the basis of the legitimate interests of Tourismus Pyhrn-Priel in accordance with Art 6 para 1 lit f) GDPR (see further points 7. and 8.).
4.6 Data processing when using online platforms
Tourismus Pyhrn-Priel operates a platform on the website which interested parties can use to access information and documents about offers in the Pyhrn-Priel region online and to book excursions and/or stays in the region online with external service providers. The data collected from the data subject during the booking process, in particular the number of persons, first and last name, address/address, country, date of birth, e-mail address, telephone number, arrival/departure data, other information about the excursion/stay and payment information, are processed in the "feratelDeskline® WebClient" system to process the booking. However, Tourismus Pyhrn-Priel only provides the platform free of charge and without obligation and does not enter into any contractual relationship with the interested party. Any contracts are concluded exclusively between the interested party and the external service provider. Tourismus Pyhrn-Priel therefore collects the data required for booking via the system on the basis of its legitimate interests in accordance with Art. 6 Para. 1 lit f) GDPR (in particular its interest in promoting and supporting regional companies) and makes the booking data available to the external service provider via the system. Mandatory data is labelled accordingly during the booking process. Payment transactions are always carried out in encrypted form.
4.7 Processing of data from job applicants
Tourismus Pyhrn-Priel processes applicant data - in particular master data, contact data, correspondence/communication/content data and other data provided by the applicant in their application - on the basis of Article 6(1)(b) GDPR (implementation of pre-contractual measures). If an (online) form is provided for applications, the data required for the assessment of the application will be marked accordingly. Sensitive data voluntarily provided by the job applicant in their application will be processed on the basis of Art 9 para 2 lit a) GDPR. Tourismus Pyhrn-Priel processes and stores this data - subject to a (pending, announced or imminent) legal dispute - for a period of six months from receipt of the application.
4.8 Processing of employee data
Furthermore, data, such as master data, contact data, correspondence/communication/content data, contract data, personnel administration data and payroll data in particular, are processed on a (labour) contractual and legal basis (Art 6 para 1 lit b) and c) GDPR), as well as sensitive data voluntarily provided by employees and required under labour and social law regulations (such as sick notes) on the basis of Art 9 para 2 lit a) and lit c) GDPR. This data is also forwarded to a payroll accountant, banks for processing salary payments and the social insurance institution for further processing. For the purpose of contacting customers and contractual partners, professional contact data and portrait photos of employees may be published on the website on the basis of the legitimate interest of Tourismus Pyhrn-Priel in a smooth business process in accordance with Art. 6 Para. 1 lit f) GDPR and § 12 Para. 2 Z 4 DSG 2018.
4.9 Processing of data for the purpose of direct advertising
If Tourismus Pyhrn-Priel receives the e-mail address of data subjects in connection with a sale or the provision of a service, it is authorised to send direct advertising by e-mail in the form of information and mailings for its own or similar products and services on the basis of its legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. Data subjects have the right to object to the processing of data concerning them for the purpose of such advertising at any time (in particular also during the transmission of e-mails) (see point 15.8.).
4.10. Processing of data when sending email newsletters
If Tourismus Pyhrn-Priel sends out e-mail newsletters, it collects and processes the e-mail address of subscribers to e-mail newsletters only on the basis of consent in accordance with Art. 6 para. 1 lit a) GDPR and stores it until the subscribers have unsubscribed or revoked their consent (see points 12. and 15.10.).
4.11. Processing of digital holiday companion data (hereinafter referred to as "Franzi")
In order to use Franzi, it is possible to register and create a profile via a terminal device (e.g. smartphone, PC) on the respective Progressive Web App (abbreviated PWA) of Franzi of Tourismus Pyhrn-Priel. After registration or identification, the customer can use the services of Franzi. In order to use the information services and receive service offers from Tourismus Pyhrn-Priel, it is necessary to register by providing an e-mail address.
In this context, Tourismus Pyhrn-Priel collects the following data: Name, e-mail address, residential address, date of birth, insofar as this is necessary for the use of Franzi's offers or the collection of registration data. In addition, data is collected as described in point 8 of this privacy policy.
Tourismus Pyhrn-Priel processes the data collected via Franzi only on the basis of consent within the meaning of Art 6 para 1 lit a) GDPR also for the purposes of advertising Your data for the purposes of advertising the products offered by Tourismus Pyhrn-Priel or in the region through marketing campaigns of various kinds (e.g. sending newsletters by e-mail, sending messages in Franzi's PWA).
Your data will only be passed on to third parties if this is necessary for the purpose of processing the guest registration.
If the above-mentioned data is changed and/or supplemented in the course of registration or by you, this supplemented/changed data will also be stored and processed by Tourismus Pyhrn-Priel.
As things stand at present, no cookies that are not absolutely necessary for the operation or functioning of Franzi are used. If (in the future) cookies are also used that are not absolutely necessary for this purpose, they will only be used on the basis of consent in accordance with Art. 6 para. 1 lit a) GDPR, which can be given by actively clicking on a tick box. Otherwise, point 8 applies.
4.12. Processing of data when purchasing an employee card
Tourismus Pyhrn-Priel also processes the data requested when ordering an employee card and absolutely necessary for the provision of services or use of the card, as well as other data voluntarily provided by the person concerned for the purpose of optimising services (depending on the type of card, in particular master, contact and bank/account/payment data as well as place/destination, date/period and scope of the services offered or used) on the basis of Art. 6 para. 1 lit. b) GDPR. Data required for the fulfilment of the contract or provision of services will be marked accordingly during the ordering process. The data on which the employee card is based will be stored for the period of validity of the respective card, otherwise for a maximum of 48 months and then deleted.
4.13. Processing of data for the tourist registration system
Tourismus Pyhrn-Priel acts as an administrative assistant to the municipalities in the area of tourist registration. On the basis of the Registration Act 1991, the Upper Austrian Tourism Act 2018 as amended and the Tourism Statistics Ordinance 2002, data such as in particular the first and last name of all persons, gender, date of birth, address data, citizenship, nationality, as well as voluntarily provided data (such as e-mail address) are transmitted to Tourismus Pyhrn-Priel and processed. This data is stored for 7 years in accordance with the statutory retention periods.
Tourismus Pyhrn-Priel does not process any data that is not collected from the data subjects themselves, with the exception of necessary technical access data in accordance with point 7. when accessing the website and data collected by necessary cookies in accordance with point 8.
6.1 Tourismus Pyhrn-Priel does not process and store data permanently, but only in accordance with the time limits prescribed in the applicable legal provisions, but in any case for as long as this is necessary for the purposes for which the data was collected. Tourismus Pyhrn-Priel stores data in a form that enables the identification of data subjects only for as long as is necessary for the purposes for which they are processed.
6.2 If it is possible to specify a retention or storage period for data, this is regulated by category in point 4. In the case of existing contractual relationships, the corresponding data - subject to other legal bases that permit data processing beyond this - will be processed and stored for as long as is necessary for the fulfilment of the contractual relationships (including post-contractual obligations).
6.3 If data is only processed on the basis of consent (see point 3.5.), this data will be deleted immediately following withdrawal of consent by the data subject in accordance with Art. 7 para. 3 GDPR and will not be processed (any further). The same applies in the event of a justified objection pursuant to Art 21 GDPR, if data is only processed on the basis of a legitimate interest pursuant to Art 6 para 1 lit f) GDPR.
7.1 Persons can visit the website without providing any personal data. Tourismus Pyhrn-Priel (specifically the controller: Pyhrn-Priel Tourismus GmbH) only collects and processes data of a technical nature about each access to the website in the context of the operation of its website, which are processed automatically when accessing the website and which are considered personal data or could be used to identify the person or personal data of data subjects and which are stored in so-called server log files ("access data"). This includes the IP address, unique device identification, type and version of the operating system and browser, file name and path, type of transmission protocol, date and time of access, bytes transferred, referrer URL (previously visited page) and the requesting provider.
7.2 Tourismus Pyhrn-Priel does not process this access data for the purpose of identifying the person or determining other personal data of the person concerned, but exclusively for the purpose of operation, needs-based design, adaptation, improvement, maintenance, optimisation and further development of the website (including functions, services, modules and features) as well as for error detection and correction, to maintain system security and - if web analysis tools are used - for the purpose of internal statistical evaluation, without drawing conclusions about the person concerned. There is also no profiling.
7.3 The provision, maintenance and administration of the web server is carried out by the processor TTG Tourismus Technologie GmbH, Freistädter Straße 119, 4041 Linz.
8.1 Cookies are files that are stored locally in the cache of the website visitor's Internet browser and are used in particular to offer additional functions on the website, to make it more user-friendly, effective and secure by recognising the accessing Internet browser and by storing temporary files and - if web analysis tools are used - to enable an (anonymised) analysis of the use of the website.
8.2 Cookies that are absolutely necessary for the functioning of the website are used on the basis of the legitimate interests of Tourismus Pyhrn-Priel pursuant to Art 6 para 1 lit f) GDPR in the operation, security and optimisation of the website. Any other cookies are processed on the basis of consent pursuant to Article 6(1)(a) GDPR, which can be given by actively clicking on a tick box when visiting the website. Data subjects have the option of withdrawing their consent at any time by deactivating and/or deleting cookies in the settings of their internet browser and specifying how long they are stored and when they are deleted. The procedure for this depends on the Internet browser used by the data subject. However, non-acceptance and deactivation of cookies may result in certain functions and/or content of the websites not working or not working as expected.
8.3 Session cookies are stored temporarily for the duration of access by the data subject and deleted after the browser is closed; persistent cookies remain stored on the data subject's end device until they remove them from their browser.
8.4 Purpose of the cookies actually used by us if consent is given:
Technically necessary cookies: These cookies help to make the website usable by enabling basic functions such as page navigation and access to secure websites. Our website cannot function properly without these cookies.
Cookies for analysis purposes: These cookies help us to analyse user behaviour.
Cookies for marketing purposes: These cookies are used to show visitors advertisements of interest across the website, including from third parties.
Personalisation cookies: These cookies are used to show you personalised content relevant to your interests.
The following web analysis tools are used on the website on the basis of consent in accordance with Art. 6 (1) (a) GDPR, which can be given by actively clicking on a tick box when visiting the website.
This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited ("Google") (Gordon House, Barrow Street, Dublin 4, Ireland). The legal basis for the use of this service is your consent in accordance with Art. 6 (1) lit a GDPR. Google Analytics uses cookies that are stored on the website visitor's computer and that enable the use of our website by the website visitor to be analysed. The information generated by the cookie about your use of our website is usually stored on European servers and only in exceptional cases transferred to a Google server in the USA and stored there. We use Google Analytics with activated IP anonymisation. This means that your IP address is generally truncated by Google within the European Union and only in exceptional cases is the full IP address transmitted to a Google server in the USA and only truncated there. The IP address transmitted by the relevant browser as part of Google Analytics is not merged with other Google data. On our behalf, Google will use the information collected to analyse the use of the website in order to compile reports on website activity. The collection by Google Analytics can be prevented by the site visitor adjusting the cookie settings for this website. The collection and storage of the IP address and the data generated by cookies can also be cancelled at any time with effect for the future. The corresponding browser plugin can be downloaded and installed at the following link: https://tools.google.com/dlpage/gaoptout. We have concluded a corresponding agreement with the provider of the service in accordance with Art. 28 GDPR as a processor, which ensures that your data is processed exclusively within the scope of our order. Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy(https://policies.google.com/privacy) and in the settings for the display of advertisements by Google(https://adssettings.google.com/authenticated).
The website uses tracking from Adform A/S, 1. sal. K, Wildersgade 10B, 1408 København, Denmark. Adform uses a cookie to display targeted adverts via the Adform platform. For this purpose, the geographical origin, device type and pages viewed are recorded, but no information identifying individuals.
This website uses the open source web analysis service Matomo, a service of InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769, ("Matomo"). Matomo uses technologies that enable cross-page recognition of the user to analyse user behaviour. Matomo is hosted exclusively on our own servers so that all analysis data remains with us and is not passed on. The IP address is anonymised before storage (shortened by the last two bytes).
With the help of Matomo, we are able to collect and analyse data about the use of our website by website visitors. This allows us to find out when which pages were accessed and from which region. We also record various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g. click behaviour).
The processing of the data is based on our legitimate interest in the anonymised analysis of user behaviour in order to optimise our website (Art. 6 (1) lit. f GDPR). If you have given us your consent to set "analysis" cookies, Matomo will also set cookies. This allows us to recognise returning users and "analyse" their behaviour on our website in more detail. This data is processed on the basis of Art. 6 (1) lit. a GDPR. You can revoke your consent at any time in the cookie settings.
Apart from not giving their consent, data subjects have the option at any time to deactivate and/or delete cookies in the settings of their Internet browser, as well as to specify how long they are stored and when they are deleted. The procedure for this depends on the Internet browser used by the data subject. In addition, data subjects can prevent the processing of data generated by cookies and related to their use by downloading and installing the browser add-on available at http://tools.google.com/dlpage/gaoptout?hl=de to deactivate Google Analytics or by deactivating Adform under the link https://site.adform.com/de/privacy-center/platform/widerrufsrecht/. Furthermore, data subjects can delete the data processed by Adform here: https://site.adform.com/privacy-center/platform-privacy/right-to-be-forgotten/.
10.1 Furthermore, the remarketing function within the Google AdWords service is used on the website on the basis of consent pursuant to Art 6 para 1 lit a) GDPR, which can be given during the visit by actively clicking on a tick box. With the remarketing function, Tourismus Pyhrn-Priel can present adverts based on the interests of the data subject on other websites within the Google display network (on Google itself, so-called "Google Ads", or on other websites). For this purpose, the interaction of the data subject on the website is analysed, e.g. which offers the data subject was interested in, in order to be able to show the data subject targeted advertising on other websites even after visiting the website of Tourismus Pyhrn-Priel. Tourismus Pyhrn-Priel uses the "Google Tag Manager" to manage Google marketing services.
10.2 For this purpose, (re)marketing tags ("web beacons") are integrated into the website when the website is accessed, on which Google marketing services are activated after consent has been granted. These are used to set cookies in the data subject's internet browser, which record the visits. In particular, the following data is recorded in this file: the website visited, what content the data subject was interested in, what offers the data subject clicked on, technical information about the data subject's browser and operating system, referring websites, visit time/duration of visit, information about the use of the online offer/interaction with the website, IP address of the data subject. If the data subject subsequently visits other websites, they can be shown adverts tailored to their interests. The data collected in this way is only used to uniquely identify a web browser and is processed pseudonymously as part of Google Marketing Services. The information collected by Google Marketing Services about the data subject is transmitted to Google and stored on Google servers in the USA (see section 9.1.).
10.3 When using the Google AdWords service, so-called "conversion tracking" is used. If data subjects have reached the website via an advert placed by Google, Google AdWords places cookies on the data subject's computer. These cookies lose their validity after 30 days and are not used for personal identification. The information collected with the help of conversion cookies is used to compile statistics for Tourismus Pyhrn-Priel. If the data subject visits the website and the cookies have not yet expired, Pyhrn-Priel Tourism can recognise that the data subject clicked on the ad and was redirected to the website. Tourismus Pyhrn-Priel thus learns the total number of data subjects who clicked on its advert and were redirected to its website. However, it does not receive any information with which data subjects can be personally identified.
10.4 Apart from not giving their consent, data subjects have the option of deactivating personalised advertising by Google marketing services in their Internet browser settings at any time. Alternatively, data subjects have the option of downloading and installing a browser plug-in to deactivate personalised advertising at the following link: https://www.google.com/settings/ads/plugin.
11.1 Plugins from third-party providers are also used on the website to integrate their content and services (such as videos). However, such plugins are only accessed on the basis of consent in accordance with Art. 6 (1) (a) GDPR. If data subjects consent to the use of such plugins, a connection to the servers of the third-party providers is established and the corresponding plugin is accessed. The content of the plugins is transmitted directly to the data subject's browser by the respective third-party provider. By accessing the plugins, the third-party providers receive the information that the data subject's browser has accessed the Tourismus Pyhrn-Priel website, even if the data subject is not registered with the relevant third-party provider or is not currently logged in. The plugin transmits log data to the respective servers of the third-party providers. This log data contains the following data IP address, the address of the websites visited that also contain plugin functions, the type and settings of the browser, the date and time of the request, the way the plugin is used and cookies.
11.2 The processing of the data by the third-party providers takes place within the framework of the respective data protection regulations of the third-party providers. As the operator of the website, Tourismus Pyhrn-Priel has no knowledge of the content of the data transmitted to the third-party providers or how it is processed. Third-party providers may in any case use so-called pixel tags (invisible graphics or "web beacons") for statistical or marketing purposes. In addition, pseudonymous information may be stored in cookies on the data subject's device and may contain, among other things, technical information about the browser and operating system, referring websites, visiting time and other information about the use of the Tourismus Pyhrn-Priel website, as well as being linked to such information from other sources.
11.3 If the data subject is registered with the third-party providers and logged into user accounts of the third-party providers, the third-party provider can personally assign the user behaviour to the data subject. The data subject can prevent this by logging out of their user account beforehand. If a data subject is not a member of the third-party provider, the third-party provider can still obtain and store certain data (see point 11.1.).
11.4 Apart from not giving consent, data subjects can completely prevent the loading of plugins with add-ons for their browser, e.g. with the script blocker "NoScript"(http://noscript.net/). In addition, reference is also made once again to the possibility of deactivating cookies (see point 8.2.).
11.5 The following presentation provides an overview of third-party providers as well as their content and links to their privacy policies, which contain further information on the processing of data by the third-party providers and objection options:
11.6 Some of the third-party providers are certified under the Privacy Shield Agreement and thus guarantee compliance with the European level of data protection, such as Google(https://www.privacyshield.gov/ps/participant?id=a2zt000000001L5AAI&status=Active) and Facebook(https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
12.1 Tourism Pyhrn-Priel sends physical brochures by post as well as e-mail newsletters and electronic notifications with advertising information - subject to direct advertising in accordance with point 4.9 - only on the basis of consent in accordance with Art 6 para 1 lit a) GDPR. To register for the e-mail newsletter, it is sufficient to provide an e-mail address.
12.2 The registration for the e-mail newsletter is carried out in a so-called double opt-in procedure, i.e. after registering for the e-mail newsletter, the person concerned receives an e-mail in which he is asked to confirm his registration. This confirmation is necessary so that no-one can register with a third-party e-mail address. Registrations for the e-mail newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the IP address and the time of registration and confirmation. Changes to the stored data are also logged.
12.3 The dispatch of e-mail newsletters and electronic notifications is carried out by the dispatch service provider and processor TTG Tourismus Technologie GmbH, Freistädter Straße 119, 4041 Linz. Tourismus Pyhrn-Priel has concluded an order processing contract with the dispatch service provider, in which the latter undertakes to process and protect the data of the persons concerned only in accordance with Art 28 GDPR on behalf of Tourismus Pyhrn-Priel and not to pass it on to third parties (see point 13 below).
12.4 In the case of registration for an e-mail newsletter, the e-mail, registration data and IP address of the data subjects will be processed and stored until they unsubscribe from the newsletter. The data processed after registration, namely the emails sent to the data subjects, whether and when they were opened or blocked or marked as spam, whether they could not be delivered temporarily or permanently and the links clicked on are stored for a period of 12 months and then deleted. Data subjects can unsubscribe from the e-mail newsletter at any time, i.e. revoke their consent. A link to unsubscribe from the e-mail newsletter can be found at the end of each e-mail.
13.1 If data is processed on behalf of Tourismus Pyhrn-Priel, it shall only work with processors within the meaning of Art. 4 (8) GDPR who offer sufficient guarantees that appropriate technical and organisational measures are implemented in such a way that the processing is carried out in accordance with existing legislation and the protection of the rights of the data subjects is guaranteed. For this purpose, Tourismus Pyhrn-Priel concludes appropriate contracts with its processors (unless these third-party providers already have appropriate conditions) that meet the requirements of Art 28 GDPR and complies with Art 44 ff GDPR for processors based in third countries. 13.2 Processors of Tourismus Pyhrn-Priel are currently:
Tourismus Pyhrn-Priel takes appropriate and suitable technical and organisational measures for the security of the data and data processing, taking into account the criteria of Art 32 GDPR, and ensures that the data is protected against unauthorised or unlawful processing and against loss, damage and alteration.
15.1 Tourismus Pyhrn-Priel safeguards the rights of the data subjects in accordance with the applicable legal provisions. According to the current legal situation, the data subjects are entitled to the (abstract) rights listed below. The data subjects can assert their rights by submitting an appropriately specified request - preferably in text form (e.g. letter or e-mail) - to Tourismus Pyhrn-Priel (for contact details see point 1.1.). If the applicable legal provisions stipulate deadlines for the fulfilment of the request, Tourismus Pyhrn-Priel will comply with these.
15.2 Right to confidentiality
Tourismus Pyhrn-Priel respects the fundamental right of the data subject to data protection in accordance with § 1 para. 1 DSG 2018 and the right to data secrecy in accordance with § 6 DSG 2018.
15.3 Right to access and information
Under the conditions and in accordance with Art. 13 to 15 GDPR, the data subject has the right to information about the processing of their data by Tourismus Pyhrn-Priel and about their rights.
15.4 Right to rectification and completion
Under the conditions and in accordance with Art. 16 GDPR, the data subject has the right to rectification of inaccurate and completion of incomplete data concerning him/her.
15.5 Right to erasure
Under the conditions and in accordance with Art. 17 GDPR, the data subject has the right to demand the immediate deletion of data concerning him/her.
15.6 Right to restriction of processing
Under the conditions and in accordance with Art. 18 GDPR, the data subject has the right to request the restriction of the processing of their data.
15.7 Right to data portability
Under the conditions and in accordance with Art. 20 GDPR, the data subject has the right to receive the data concerning him or her, which he or she has provided to Tourismus Pyhrn-Priel, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller or to have Tourismus Pyhrn-Priel transmit the data processed directly to another controller, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
15.8 Right to object
Under the conditions and in accordance with Art 21 GDPR, the data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Art 6(1)(e) or (f) GDPR. In the event of a justified objection, Tourismus Pyhrn-Priel will no longer process the data of the data subject affected by the objection, unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the establishment, exercise or defence of legal claims. If the data subject objects to processing for direct marketing purposes, their data will no longer be processed for these purposes.
15.9 Right not to be subject to an automated decision
Under the conditions and in accordance with Art. 22 GDPR, the data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
15.10. Right of cancellation
Pursuant to Art. 7 (3) GDPR, the data subject has the right to withdraw their consent to the processing of data concerning them at any time without affecting the lawfulness of processing based on consent before its withdrawal.
15.11. Right to lodge a complaint
Pursuant to Art 77 GDPR in conjunction with Section 24 DSG 2018, the data subject has the right to lodge a complaint with the competent supervisory authority (data protection authority) without prejudice to any other administrative or judicial remedy.
15.12. Right to judicial remedy
Pursuant to Art 79 GDPR in conjunction with Section 27 DSG 2018, the data subject has the right to an effective judicial remedy against a legally binding decision of the supervisory authority concerning him/her (right of appeal to the Federal Administrative Court), without prejudice to any other administrative or extrajudicial remedy.