Data Privacy Policy

The responsible person (“controller” within the meaning of Art. 4 no. 7 GDPR) of the processing of your personal data (“personal data” within the meaning of Art. 4 no. 1 GDPR) is:

Tourismusverband Schladming Dachstein
Ramsauerstraße 756
A-8970 Schladming
Tel. +43 (0)3687 23310
E-Mail: datenschutz@schladming-dachstein.at 

Data protection officer:
We take the protection of personal data seriously and have appointed an external data protection officer for this purpose. Our data protection officer is MMag. Martin Zeppezauer, Thurnbichlweg 50, A-6353 Going am Wilden Kaiser (www.zepedes.com). You can contact our data protection officer at the email address martin@zepedes.com

The purposes of processing your personal data generally result from our business activities as a tourism organization: making our online offers available, processing customer inquiries / orders / bookings, accounting, communication with business partners and customers. Detailed information on the purposes of processing and, if necessary, further processing for other compatible purposes as well as the processed data categories can be found in the detailed descriptions of the individual data processing processes.

• Personal master data (e.g., name, date of birth and age, address)
• Contact details (e.g., email address, telephone number, fax number)
• Communication data (time and content of communication)
• Order or booking data (e.g., ordered goods or commissioned services and invoice data such as service period, payment method, invoice date, tax identification number ...)
• Payment details (e.g., account number, credit card details)
• Contract data (content of contracts of any kind)
• Web usage data (e.g., server data, log files and cookies)
• Geodata (e.g., app user data) 

• Health data (only if you have given us your explicit consent to process your order (e.g., mediation of a hotel specializing in guests with food intolerances or allergies))

There is basically no obligation to provide the data for the data processing described in this data protection declaration. Failure to provide this data simply means that we cannot offer these services. The legal basis for the processing of your personal data, which is necessary for the fulfilment of a contract with you or an order from you to us, is Art. 6 (1) lit. b GDPR. Insofar as the processing of personal data is necessary on our part to fulfil a legal obligation (accounting obligation, bookkeeping obligation or other legal documentation obligations), Art. 6 (1) lit. c GDPR serves as the legal basis. If the processing of the data takes place in your own vital interest, the legal basis for the data processing is Art. 6 (1) lit. d GDPR. If we process your data to carry out the task assigned to us in the public interest (“sovereign action”), the legal basis is Art. 6 (1) lit. e GDPR. If processing is necessary to safeguard a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh our interests, Art. 6 (1) lit. f GDPR (“legitimate interest”) serves as the legal basis for processing. In this case, we will also inform you about our legitimate interests. Unless we have any other legal basis explained above for the processing of personal data, we will ask for your consent to data processing, whereby in these cases we refer to Art. 6 (1) lit. a GDPR or in the case of the processing of special categories of data based on Art. 9 (2) lit. a GDPR as the legal basis. You can revoke this consent at any time free of charge without affecting the legality of the processing carried out on the basis of the consent until the revocation.

We process your personal data with the support of data processors who support us in providing our services. These data processors are through a corresponding agreement within the meaning of Art. 28 GDPR with us obliged to strictly protect your personal data and may not process your personal data for any purpose other than to provide our services. You can find out which data processors are involved in the detailed descriptions of the individual data processing processes.

Your personal data will be passed on to companies other than our data processors to typical economic service providers such as banks, tax consultants or auditors. Transfer of personal data to state institutions and authorities only takes place within the framework of mandatory national legal provisions.

Depending on your order (e.g., for bookings and inquiries), your personal data will only be transmitted to hotel partners or other tourist service providers (members of our organization) to the extent necessary to fulfil your order. The transmitted personal data vary depending on the service.
 

In principle, we process your personal data in the EU. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if we use the services of our data processors or third parties, this will only take place if the requirements of Art. 44 ff. GDPR are available for the transfer to third countries: i.e. on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU or in compliance with officially recognized contractual obligations, the so-called "EU standard contractual clauses". If we rely on the EU standard contractual clauses as the legal basis for the transmission of your personal data, we will also check the admissibility of this data transmission as part of a comprehensive risk assessment. If we come to a negative result, we will not transfer these data without your explicit consent in accordance with Art. 49 (1) lit. a GDPR to a third country.

Your personal data will be deleted by us as soon as the purpose for which we collected your data no longer applies. Storage can also take place if we process the data for a purpose that is compatible with the original purpose. It can also take place if this is provided for by laws, ordinances or other provisions to which our company is subject.

In principle, we collect your personal data directly from you. We also receive personal data from some of our partners. Information on this can be found in the respective detailed information in this data protection information.

We do not use any automated decision-making or profiling processes that have a legal effect on you or that significantly affect you in a similar manner. With your consent, however, we will use your usage data to get to know your interests better and thus to be able to display information of interest to you or to be able to make you tailor-made offers or to be able to display corresponding information to you on third-party websites or social media platforms.

In principle, you have the right to information, correction, deletion and restriction of the processing of personal data in accordance with the GDPR. If the legal basis for the processing of your personal data is your consent or a contract concluded with you, you also have the right to data portability. You have the right to revoke any consent you may have given to the processing of your personal data. The lawfulness of the processing of your personal data up to the time of revocation is not affected by this. You have the right to object to the processing of your personal data for the purpose of direct marketing. In the event of an objection, your personal data will no longer be processed for the purpose of direct marketing. A detailed explanation of these rights can be found here in Chapter III.

Right of complaint

If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can complain to the competent supervisory authority. In Austria, this is the data protection authority (Barichgasse 40-42, A-1030 Wien, email: dsb@dsb.gv.at).

For technical reasons, based on the legal basis of § 165 (3) S 3 TKG 2021 (required for the operation of our website), the following data, which your internet browser transmits to us or to our web space provider, will be processed (so-called "server log files"):

• Browser type and version
• Operating system and device type used (e.g., desktop / mobile)
• Website from which you are visiting us (referrer URL)
• Website you visit
• Date and time of your access
• Your internet protocol address (IP address)

This data, which is anonymous to us, is stored separately from any personal data you may have provided and therefore does not allow us to draw any conclusions about a specific person. They are evaluated for statistical purposes in order to be able to optimize our website and our offers.
 

For security reasons and to protect the transmission of confidential content, such as B. Orders or inquiries that you send to us as the website operator, an SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” or by the lock symbol in your browser line. If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

We create and edit the content of our website with the help of the following service provider. With this service provider we have concluded a corresponding agreement according to Art. 28 GDPR to process your data exclusively to the extent of our order:
Technical Conception:

• Valantic CX Austria GmbH  (Gusswerk Halle 6, Söllheimerstraße 16, A-5020 Salzburg); More information on data protection at: https://www.valantic.com/de/datenschutzerklaerung/

Webhosting:

• Hetzner Online GmbH (Industriestr. 25, D-91710 Gunzenhausen). More information on data protection at: https://www.hetzner.com/de/legal/privacy-policy/ 

Our website uses cookies, which help us to make our website more user-friendly and efficient for you, to carry out statistical analyses of the use of our website and also to show you content that is of interest to you on other websites. Cookies are small text files that are used to store information when visiting websites and are stored on the website visitor's computer. The legal basis for cookies, which are absolutely necessary for the proper operation of our website (e.g., shopping cart cookie), is § 165 (3) S 3 TKG 2021. Cookies that are not necessary for the function of our website (e.g., analysis or marketing cookies) are deactivated and will only be activated by your consent in accordance with Art 6 (1) lit. a GDPR in our cookie banner ("Accept"). By clicking on "Settings" you can activate or deactivate individual cookies or cookie groups. If you restrict the use of cookies on our website, you may no longer be able to use all functions of our website to their full extent. You can find detailed information about the cookies used on our website in our cookie banner.

How the web browser you are using handles cookies, e.g., which cookies are allowed or rejected, can be determined in the settings of your web browser. You can delete cookies already stored on your computer / device yourself at any time. Where exactly these settings are located depends on the respective web browser. Detailed information on this can be called up using the help function of the respective web browser.

In addition, it is possible to generally object to cookies and similar tracking technologies using the services listed below by setting your individual preferences - which technologies you want to allow for usage and interest-based advertising:

• European Interactive Digital Advertising Alliance (EDAA): https://www.youronlinechoices.com/de/praferenzmanagement/ 
• Network Advertising Initiative (NAI):
  https://optout.networkadvertising.org/?c=1#!%2F 

On our website, we offer you the option of contacting us by email and / or using a contact form. In this case, the information you provide will be processed for the purpose of processing your contact based on the legal basis of contract fulfilment in accordance with Art. 6 (1) lit. b GDPR. There is a legitimate interest on our part pursuant to Article 6 (1) lit.  f GDPR for the use of a contact form. The legitimate interest lies in offering our website visitors an opportunity to contact us that does not require them to call up their own e-mail client. There is no legal or contractual obligation to provide this personal data. Failure to provide it simply means that you do not submit your request and we cannot process it. The data will only be passed on to third parties if this is stated on the website or in this data protection declaration or is necessary for the fulfilment of the contract or if this is required by statutory provisions. We only save your data for as long as is expedient for processing your inquiries or for any queries you may have.

Job Applications

The contact details and application documents transmitted to us or to companies in our region in the course of a job application via the job portal on our website are processed exclusively internally by us or the companies in our region for the purpose of selecting suitable candidates for an employment relationship. There is no legal or contractual obligation to provide personal data. Failure to provide it simply means that you do not submit your request and we cannot process it. The personal data transmitted to us will be stored by us for a maximum of 6 months in accordance with the statutory provisions, and for a maximum of 2 years in the case of the applicant's express consent to keep the documents on record. In the case of applications for a vacancy in one of the companies in our region, the respective provider of the vacancy is responsible within the meaning Art. 4 no. 7 GDPR for the further processing of your personal data transmitted via our contact form. In this case, you can also obtain further data protection information from the respective provider of the vacancy (see contact information).

For the purpose of providing contractual services as well as their payment and execution in the context of online purchases, bookings and prospectus orders, we process your personal master data, contract and payment data and communication data (IP address and server log files) on the basis of the legal bases of Art. 6 (1) lit. b GDPR (fulfilment of the contract) as well as Art. 6 (1) lit. c GDPR (legal obligation for invoicing and archiving).

We store this data as long as the purpose requires it, statutory provisions provide for this (retention period of invoices according to § 132 BAO for 7 years; voucher orders until the expiry of the redemption period for 30 years) or we store this data on the basis of the legal basis of Art. 6 (1) lit. f GDPR (legitimate interest) to defend against possible liability claims. If you cancel the order process, we will save the data to clarify possible problems during the order process for 14 days.

There is no legal or contractual obligation to provide personal data. Failure to provide them simply means that we cannot process your bookings / orders.

For the processing of online bookings, brochure orders and inquiries, we process your personal data in order to be able to provide you with the booked services with the help of our service provider feratel Media Technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck). For this purpose, we store and process inventory data, communication data, contract data, payment data of our customers, interested parties and other business partners. The processing takes place for the purpose of providing contractual services or for the fulfilment of pre-contractual services on the basis of the legal basis of Art. 6 para. 1 lit. b GDPR (booking processes, answering requests for quotations and sending brochures) as well as Art. 6 (1) lit. c GDPR (legally required retention periods of bookings or invoices). For this purpose, the data fields marked as required are required for the establishment and fulfilment of the contract. We disclose your personal data in the context of this data processing to third parties (hotel partners or other tourist service providers) on the basis of the legal basis of Art. 6 (1) lit. b GDPR (if it is necessary for the processing of a booking process), or on the basis of our legitimate interest according to Art. 6 (1) lit. f GDPR for the use of appropriate booking software. We have concluded a corresponding agreement with feratel in accordance with Art. 28 GDPR as a data processor, which ensures that your data is processed exclusively within the scope of our order. Further information on the data protection of feratel under: https://www.feratel.com/en/privacy-policy.html.

To process the order of holiday vouchers and merchandising articles, we use the system of the company INCERT eTourismus GmbH & Co KG (Leonfeldner Strasse 328, A-4040 Linz) as our data processor. It enables the automated sale of vouchers by means of "print@home" as well as the individual personalization of vouchers with dedications, designs and barcodes. For the processing of orders, the following information is required: title, first and last name, address, e-mail address.  The processing of this data is carried out for the purpose of providing contractual services or for the fulfilment of pre-contractual services on the basis of the legal basis of Art. 6 (1) lit. b GDPR.  We have concluded a corresponding agreement with the company INCERT in accordance with Art. 28 GDPR as a data processor, which ensures that your data is processed exclusively within the scope of our order. Further information on INCERT's data protection can be found at: https://www.incert.at/en/data-protection/.

To pay for the order processes / bookings, we use external payment service providers on the legal basis of Art. 6 (1) lit. b GDPR (fulfilment of the contract), via whose platforms you can make your payments. The payment data entered by you as part of the order (e.g., account numbers, credit card numbers including check digits, passwords / TANs, etc.) are processed exclusively by our payment service providers and are not visible to us. We only receive a confirmation of the payment made or information from our payment service providers that the payment could not be made. Further information on the data protection and terms and conditions of our payment service providers can be found at:

• Datatrans AG, Kreuzbühlstrasse 26, CH-8008 Zürich
  Tel. +41 44 256 81 91
  E-Mail: info@datatrans.ch
  https://www.datatrans.ch/de/datenschutzbestimmungen/ 
• Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA
  E-Mail: support@stripe.com
  https://stripe.com/at/privacy 
• QENTA Payment CEE GmbH, Taborstraße1-3/10, 1020 Wien (Niederlassung: Reininghausstraße 10, 8020 Graz)
  Tel.:+43 316 813 681
  E-Mail: support@qenta.at
  https://qenta-cee.at/datenschutz/
• PAYONE GmbH, Zweigniederlassung Österreich, Am Belvedere 10, A-1100 Wien
  Tel. +43 1 71701-1800
  E-Mail: customercare.austria@six-payment-services.com
  https://www.payone.com/AT-de/datenschutz
• Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Schweden
  Tel. 0046 8-120 120 00
  E-Mail: inkorg@klarna.se
  https://www.klarna.com/at/datenschutz/ 
• PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
  E-Mail: kundenbetreuung@paypal.com
  https://www.paypal.com/myaccount/privacy/privacyhub?locale.x=de_AT 

On our website there is the possibility to register for our newsletter. The legal basis for sending the newsletter is your consent acc. Art. 6 (1) lit. a GDPR. The registration for our newsletter takes place in the so-called double opt-in procedure. This ensures that no one can log in with foreign e-mail addresses (e.g., with your email address). Your consent can be revoked at any time free of charge by clicking on the "unsubscribe link" at the end of each mailing. The legality of the data processing operations already carried out up to that point remains unaffected by the revocation. After unsubscribing your email address, we will store it for a period of 3 years on the basis of our legitimate interest (Art. 6 (1) lit. f GDPR) in order to obtain your original consent to be able to prove if necessary. In cases where we collect the data in the context of providing a service for our customers (e.g. registration for the guest card), the legal basis for sending the newsletter is our legitimate interest within the meaning of Sd. Art. 6 (1) lit. f GDPR. In this case, however, it is already possible to refuse the future sending of a newsletter when the data is collected and we ensure that all other requirements of § 174 (4) TKG (exceptions to consent for the sending of newsletters) are also met. To send out our newsletter, we use the service provider "NumBirds", a tool of NumBirds CRM GmbH (Brixnerstraße 3/3, A-6020 Innsbruck). With the help of NumBirds we can analyze our newsletter campaigns. When you open an email sent with the NumBirds newsletter tool, a connection is established with the NumBirds server. This allows us to determine whether a newsletter message has been opened and which links have been clicked on. The purpose of these analyses is to better adapt future newsletters to the interests of the recipients. In addition, technical information such as the time of retrieval, the IP address, browser type and operating system of the recipient are registered. In addition, we use information from some of our other systems such as our feratel booking system, Schladming Dachstein Club or Incert Merchandisingshop, which is connected to your email address, in order to be able to tailor your personalized newsletter even more individually to your interests. We have concluded a data processing agreement with NumBirds CRM GmbH according to Art. 28 GDPR to ensure that your data is only processed to the extent desired by us and permitted by you. General data protection information of NumBirds at: https://www.sports-tourism.at/de-DE/datenschutz-cookies

Why should I register for the customer club and what are the advantages of registering?

Registration is generally not required for the use of this website and the Schladming-Dachstein app. After registering for the customer club on this website or via the app, the user automatically receives information and assistance on their planned stay in the Schladming-Dachstein region as well as other options for using the membership (see below point "For what purposes and on what legal basis(s) is my data processed?"). In principle, there is no legal obligation to provide your personal data required for this purpose, but without your data we cannot provide you with this information or offers reserved for club members.

Registration via social logins (Facebook, Google & Apple)
In order to register on our website and in the app, you can also register via social login services instead of registering directly via the website or the app. This option is only available to registered users of the social networks concerned. To register, you will be redirected to the Facebook or Google page, where you can log in with your user data. This links your Facebook or Google profiles and our website. Through the link, we automatically receive information about you from Facebook Inc. Google Inc. (e.g. name, profile picture, age, gender and friends list as well as any other information that you have declared publicly available on Facebook). There is also the option of registering via Apple. By using "Sign in with Apple", your web browser will automatically establish a direct connection to Apple's server and you will be redirected to Apple's login page. We have no control over the scope and further use of data collected through Apple's use of Apple Sign-In. For the type and scope of data processing, the purposes pursued by Apple, your rights in this regard and setting options for the protection of your personal data, please refer to Apple's privacy policy: https://www.apple.com/privacy/

The customer has the option of having the customer account deleted again. If the customer account should be deleted, send an email with the subject ‘Delete profile’ to digital@schladming-dachstein.at or use the ‘Delete your profile’ function in the ‘Your data’ section. 

Children
Children are prohibited from registering for the customer club. Registration of minors under the age of 18 is permitted with the consent of a parent or guardian. 
Which of my personal data will be processed?

Customer master data (customer account): 

• Salutation
• First and last name (mandatory)
• Customer number (automatically created)
• Adress (optional)
• Land (optional)
• E-mail address (mandatory)
• Phone number (optional)
• Language (mandatory)
• Birthday (optional)
• Travel dates (optional)
• Information on consent / non-consent to profiling or newsletters

Transaction: 

• Bookings, webshop orders and brochure orders via our website
• Evaluations
• Check-ins (from check-in challenges) incl. geodata
• Data on bonus points collected in the bonus world
• Data for the individualized provision of information (see Personalization/Profiling below)

For what purposes and on what legal basis is my data processed?

Registration / Participation in the Club / Use of the App
The legal basis for the processing of the above-mentioned data for participation in the Customer Club or the use / registration in the Schladming-Dachstein App is basically the performance of a contract in accordance with Art. 6 (1) lit. b GDPR. This also applies to the sending of relevant information about the customer club by e-mail and post.

Check-In Challenges
The use of geodata for the Check-In Challenges only takes place after the active consent of the user in accordance with Art. 6 (1) lit. a GDPR in the app.

Bonus World
The Schladming-Dachstein Bonus World (collecting and redeeming bonus points) is only accessible to customer club members. The processing of this data is carried out for the purpose of providing contractual services or for the fulfilment of pre-contractual services on the basis of the legal basis of Art. 6 (1) lit. b GDPR.

Personalization/Profiling
The personalization of the website and the app for registered customers (profiling according to Art 4 no. 4 GDPR) is based on the data entered by the customers themselves in the profile. The legal basis for this is the fulfilment of the contract in accordance with Art. 6 (1) lit. b GDPR. Further personalization of the website and the app for registered customers is based on the behavioural data and interests based on the activities on our website. The legal basis for this is separate consent in accordance with Art. 6 (1) lit a GDPR. This consent can be revoked at any time free of charge with effect for the future in the customer profile in the "Your data" section.

How long will my customer club Schladming Dachstein data be stored?
The personal data will generally be stored for the duration of registration. The data can be viewed and edited in the customer account at any time.

How can I delete my data? 
You have the option of deleting the customer account. If you want the customer account to be deleted, send an e-mail with the subject "Delete profile" to digital@schladming-dachstein.at or use the "Delete your profile" function in the "Your data" area. The data will no longer be actively processed from this point on, but will remain stored for a maximum of up to 3 years afterwards and will then be permanently deleted. The further storage after the registration has been completed has the purpose of being able to identify the controller in the event of any legal violations. It is therefore in the overriding interest of the operator in accordance with Article 6 (1) lit. f GDPR.

Who else might receive my data?
For the processing of the registration and the further processing of the above-mentioned data within our website, we use the services of 
1.    Technical implementation customer club on the website: Valantic CX Austria GmbH (Gusswerk Halle 6, Söllheimerstraße 16, A-5020 Salzburg); Further information on the data protection of Valantic CX Austria GmbH can be found at: https://www.valantic.com/de/datenschutzerklaerung/. 
2.    Mailgun Technologies, Inc., SC-Networks GmbH (112 E Pecan St. #1135 San Antonio, TX 78205 (United States); For more information on Mailgun's data protection, please visit: https://www.mailgun.com/de/rechtliches/datenschutzerklaerung/ 
For the processing of the registration and the further processing of the above-mentioned data within our app, we use the services of
1.    Grizzly New Technologies GmbH (Mondscheingasse 6, A-8010 Graz); further information on the data protection of Grizzly New Technologies GmbH can be found at: https://grizzly.cc/datenschutz/. 
We have concluded a corresponding agreement with the service providers mentioned here in accordance with Art. 28 GDPR as processors, which ensures that your data is processed exclusively within the scope of our order.
 

The customer has the option of having the customer account deleted again. If the customer account should be deleted, send an email with the subject ‘Delete profile’ to digital@schladming-dachstein.at or use the ‘Delete your profile’ function in the ‘Your data’ section. 

The contact data and application documents transmitted to us in the course of a job application will be processed by us exclusively internally for the purpose of selecting suitable candidates for an employment relationship. There is no legal or contractual obligation to provide the personal data. Failure to do so will only result in you not submitting your request and we will not be able to process it. The personal data transmitted in this way will be stored by us in accordance with the statutory provisions for a maximum of 6 months, in the case of the explicit consent of the applicant to keep the documents in evidence, for a maximum of 2 years.

In addition to our website, we maintain online presences within social networks and platforms (Facebook, Twitter, Pinterest, Instagram, LinkedIn, TikTok, FlickR and YouTube) in order to communicate with customers and business partners and to connect to them via these networks to be able to inform about our services. Further data protection information can be found when you access our content on these platforms.

Your personal data provided for participation in our competitions (e-mail address, name, address) will be used by us exclusively to identify a winner, inform him of the prize and send him prizes. Your data will not be passed on to third parties. The legal basis for the processing of your personal data is the fulfilment of the contract in accordance with Article 6 (1) lit. b GDPR. There is no legal or contractual obligation to provide the personal data. Failure to provide the data will only result in you not being able to participate in the competition. Your data will be stored for the duration of the competition and – for the processing of any prizes and claims for damages – for a maximum of 3 years thereafter and then deleted. By participating, you also agree that your name will be published on our website as well as on our public social media channels in the event of winning.

In the case of events, it may happen that we create photos and videos of these events or have them created by photographers commissioned by us, on which you are recognizable as a participant of these events. We need these photos / videos to document and advertise our events and will therefore also publish them in our media (e.g., print brochures, website and social media) and make them available to other media owners (print and online) for the promotion of our event. There is no legal or contractual obligation on your part to provide this data.  The legal basis for the processing of your personal data (images and videos on which you are recognizable) is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Our legitimate interest lies in our right to public relations (presentation of our activities) and the promotion of our events.  You have the right to object to the processing.  Please address your objection to the e-mail address provided by us in this data protection declaration.  However, it can be assumed that our above-mentioned interest in the use of the photos does not unduly interfere with your rights as a person depicted. This is especially true because we create these photos / videos in public space and point out the production and use of the photos / videos in the run-up to each event. We also always make sure that no legitimate interests of persons depicted are violated.  If, for reasons particularly worthy of consideration, your personal rights and freedoms are violated by an image / video created by us, we will refrain from further processing / publication. Removal from print media that have already been circulated cannot take place. In this case, however, we will make a deletion on our website or in our social media channels.  We generally delete photos / videos of events if we no longer need these images to document and advertise these events.

We offer freely accessible visitor Wi-Fi in public places as well as in our offices. In order to provide the services of the hotspot for you, the use of personal data of your end device is required. In this context, the MAC addresses (Media Access Control Address) of end devices may also be stored temporarily. Furthermore, we may store log data ("log files") about the type and scope of use of the services for 7 days. This data cannot be assigned directly to your person, but directly to your used device and thus also indirectly to your person. To provide this offer, we use the services of Unwired Networks GmbH (Gonzagagasse 11/25, A-1010 Vienna) as our data processor. We have concluded a corresponding agreement with our processor in accordance with Art. 28 GDPR, which ensures that your data is processed exclusively within the scope of our order.

It is possible to register for events of different providers in our region in our information offices. For this purpose, we process your personal data (name, e-mail address and telephone number). This data will be processed by us on the basis of the legal basis of Art. 6 (1) lit. b GDPR (contract fulfilment/pre-contractual measures) and also passed on to the respective organizer. This data will be deleted or destroyed by us after the event.