Mountain summer | © Nikolaus Faistauer Photography
Summer in Austria | © Nikolaus Faistauer Photography
Discover now your accommodation

Privacy Zell am See-Kaprun

Privacy Policy and Information According to Art. 13 and 14 GDPR

1.     General


The protection of your personal data is of particular concern to us. We therefore process your data exclusively in a lawful manner on the basis of the statutory provisions (GDPR, DSG 2018, TKG 2021). In this privacy policy, we inform you about the most important aspects of data processing – type, scope and purposes of the collection and use of personal data – in the context of the use of our website and in the context of other services of our company.
Only the German version of our privacy policy is legally binding text. The English translation serves as a legally non-binding information. Deviations of the English text or how it could be understood do not affect the exclusive legal validity of the German text and its meaning.


1.1.    Responsibility for the Processing of your Data 


The responsible person (“controller” within the meaning of Art. 4 no. 7 GDPR) of the processing of your personal data (“personal data” within the meaning of Art. 4 no. 1 GDPR) is:


ZELL AM SEE-KAPRUN TOURISMUS GMBH
Brucker Bundesstr. 1a
A-5700 Zell am See
Tel: +43 6542 770
Fax: +43 6542 72032
Email: welcome@zellamsee-kaprun.com
https://www.zellamsee-kaprun.com/en/imprint


Data protection officer:
We take the protection of personal data seriously and have appointed an external data protection officer for this purpose. Our data protection officer is MMag. Martin Zeppezauer, Thurnbichlweg 50, A-6353 Going am Wilden Kaiser (www.zepedes.com). You can contact our data protection officer at the email address martin@zepedes.com.


1.2.    Purposes, Categories of Data and Lawfulness of the Processing of Personal Data


Purposes of the processing of personal data


The purposes of processing your personal data generally result from our business activities as a tourism organization: making our online offers available, processing customer inquiries / orders / bookings, accounting, communication with business partners and customers. Detailed information on the purposes of processing and, if necessary, further processing for other compatible purposes as well as the processed data categories can be found in the detailed descriptions of the individual data processing processes.


General categories of data


•    Personal master data (e.g. name, date of birth and age, address)
•    Contact details (e.g. email address, telephone number, fax number)
•    Communication data (time and content of communication)
•    Order or booking data (e.g. ordered goods or commissioned services and invoice data such as service period, payment method, invoice date, tax identification number ...)
•    Payment details (e.g. account number, credit card details)
•    Contract data (content of contracts of any kind)
•    Web usage data (e.g. server data, log files and cookies)
Processing of special categories of personal data according to Art. 9 GDPR 
•    Health data (only if you have given us your explicit consent to process your order (e.g. mediation of a hotel specializing in guests with food intolerances or allergies))


Lawfulness of the processing of personal data


There is basically no obligation to provide the data for the data processing described in this data protection declaration. Failure to provide this data simply means that we cannot offer these services. The legal basis for the processing of your personal data, which is necessary for the fulfilment of a contract with you or an order from you to us, is Art. 6 (1) lit. b GDPR. Insofar as the processing of personal data is necessary on our part to fulfil a legal obligation (accounting obligation, bookkeeping obligation or other legal documentation obligations), Art. 6 (1) lit. c GDPR serves as the legal basis. If the processing of the data takes place in your own vital interest, the legal basis for the data processing is Art. 6 (1) lit. d GDPR. If we process your data to carry out the task assigned to us in the public interest (“sovereign action”), the legal basis is Art. 6 (1) lit. e GDPR. If processing is necessary to safeguard a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh our interests, Art. 6 (1) lit. f GDPR (“legitimate interest”) serves as the legal basis for processing. In this case, we will also inform you about our legitimate interests. Unless we have any other legal basis explained above for the processing of personal data, we will ask for your consent to data processing, whereby in these cases we refer to Art. 6 (1) lit. a GDPR or in the case of the processing of special categories of data based on Art. 9 (2) lit. a GDPR as the legal basis. You can revoke this consent at any time free of charge without affecting the legality of the processing carried out on the basis of the consent until the revocation.


1.3.    Transfers of Personal Data to Data Processors and Third Parties


We process your personal data with the support of data processors who support us in providing our services. These data processors are through a corresponding agreement within the meaning of Art. 28 GDPR with us obliged to strictly protect your personal data and may not process your personal data for any purpose other than to provide our services. You can find out which data processors are involved in the detailed descriptions of the individual data processing processes.
Your personal data will be passed on to companies other than our data processors to typical economic service providers such as banks, tax consultants or auditors. Transfer of personal data to state institutions and authorities only takes place within the framework of mandatory national legal provisions.
Depending on your order (e.g. for bookings and inquiries), your personal data will only be transmitted to hotel partners or other tourist service providers (members of our organization) to the extent necessary to fulfil your order. The transmitted personal data vary depending on the service.


1.4.    Transfers of Personal Data to Third Countries or International Organisations


In principle, we process your personal data in the EU. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if we use the services of our data processors or third parties, this will only take place if the requirements of Art. 44 ff. GDPR are available for the transfer to third countries: i.e. on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU or in compliance with officially recognized contractual obligations, the so-called "EU standard contractual clauses". If we rely on the EU standard contractual clauses as the legal basis for the transmission of your personal data, we will also check the admissibility of this data transmission as part of a comprehensive risk assessment. If we come to a negative result, we will not transfer these data without your explicit consent in accordance with Art. 49 (1) lit. a and Art. 6 (1) lit. a GDPR to a third country.


Data transfer to the USA


Through the services integrated in this website, Google Tag Manager, Google Analytics, Google Optimize, Facebook-Pixel, Google Remarketing, Google Maps, Vimeo and YouTube, your data will (at least in some cases) also be transferred to the USA. Authorities or secret services in the USA can access your data without giving you legal recourse. The ECJ has therefore determined that there is no sufficient level of data protection in the sense of Art. 44 to 50 GDPR for data transfers from the EU to the USA. For this reason, the legal basis for the use of this service is your express consent pursuant to Art. 49 (1) lit. a GDPR.


1.5.    Data Erasure and Period of Data Storage


Your personal data will be deleted by us as soon as the purpose for which we collected your data no longer applies. Storage can also take place if we process the data for a purpose that is compatible with the original purpose. It can also take place if this is provided for by laws, ordinances or other provisions to which our company is subject.


1.6.    Data Sources


In principle, we collect your personal data from you. Exceptionally, we also receive information about your purchases or bookings made there from our http://www.kitzsteinhorn.at/ partner websites of Kitzsteinhorn Bergbahnen AG (www.kitzsteinhorn.at) and Schmittenhöhebahn AG (www.schmitten.at), provided that we forward you there from our Zell am See-Kaprun app, our website or our newsletter and you agree to the setting of corresponding marketing cookies on these partner websites. We use this information to be able to show you individualized offers/information on our website, in our app or our newsletter.


1.7.    Profiling


We do not use any automated decision-making or profiling processes that have a legal effect on you or that significantly affect you in a similar manner. With your consent, however, we will use your usage data to get to know your interests better and thus to be able to display information of interest to you or to be able to make you tailor-made offers or to be able to display corresponding information to you on third-party websites or social media platforms.


1.8.    Safeguarding your Data Protection Rights


In principle, you have regarding or processing your personal data the rights of information, correction, erasure, restriction, data portability, revocation and objection in accordance with the GDPR. To do so, please contact us as the controller using the contact details provided in this data protection information. A detailed explanation of these rights can be found here in Chapter III.


Right of complaint


If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can complain to the competent supervisory authority. In Austria, this is the data protection authority (Wickenburggasse 8, 1080 Vienna, email: dsb@dsb.gv.at).


2.    Visiting our Website


In this section we inform you how we process your personal data when you visit our website.


2.1.    Presentation of the Website


Server data


For technical reasons, based on the legal basis of § 165 (3) S 3 TKG 2021 (required for the operation of our website), the following data, which your internet browser transmits to us or to our web space provider, will be processed (so-called "server log files"):


•    Browser type and version
•    Operating system and device type used (e.g. desktop / mobile)
•    Website from which you are visiting us (referrer URL)
•    Website you visit
•    Date and time of your access
•    Your internet protocol address (IP address)


This data, which is anonymous to us, is stored separately from any personal data you may have provided and therefore does not allow us to draw any conclusions about a specific person. They are evaluated for statistical purposes in order to be able to optimize our website and our offers.


SSL or TLS encryption


For security reasons and to protect the transmission of confidential content, such as B. Orders or inquiries that you send to us as the website operator, an SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” or by the lock symbol in your browser line. If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.


Technical service providers


We create and edit the content of our website with the help of the following service provider. With this service provider we have concluded a corresponding agreement according to Art. 28 GDPR to process your data exclusively to the extent of our order:


•    Webagentur - elements.at New Media Solutions GmbH (Gusswerk Halle 6, Söllheimerstraße 16, A-5020 Salzburg)
•    CM System - Pimcore GmbH (Gusswerk Halle 6, Söllheimerstraße 16, A-5020 Salzburg)


2.2.    Cookies


Cookie Banner - Cookies on our website


Our website uses cookies, which help us to make our website more user-friendly and efficient for you, to carry out statistical analyses of the use of our website and also to show you content that is of interest to you on other websites. Cookies are small text files that are used to store information when visiting websites and are stored on the website visitor's computer. The legal basis for cookies, which are absolutely necessary for the proper operation of our website (e.g. shopping cart cookie), is § 165 (3) S 3 TKG 2021. Cookies that are not necessary for the function of our website (e.g. analysis or marketing cookies) are deactivated and will only be activated by your consent in accordance with Art 6 (1) lit. a GDPR in our cookie banner ("Accept"). By clicking on "Settings" you can activate or deactivate individual cookies or cookie groups. If you restrict the use of cookies on our website, you may no longer be able to use all functions of our website to their full extent. You can find detailed information about the cookies used on our website in our cookie banner.


Data transfer to the USA
Through the services integrated in this website, Google Tag Manager, Google Analytics, Google Optimize, Facebook-Pixel, Google Remarketing, Google Maps, Vimeo and YouTube, your data will (at least in some cases) also be transferred to the USA. Authorities or secret services in the USA can access your data without giving you legal recourse. The ECJ has therefore determined that there is no sufficient level of data protection in the sense of Art. 44 to 50 GDPR for data transfers from the EU to the USA. For this reason, the legal basis for the use of this service is your express consent pursuant to Art. 49 (1) lit. a GDPR.


Change the cookie settings in your web browser


How the web browser you are using handles cookies, i.e. which cookies are allowed or rejected, can be determined in the settings of your web browser. You can delete cookies already stored on your computer / device yourself at any time. Where exactly these settings are located depends on the respective web browser. Detailed information on this can be called up using the help function of the respective web browser.


In addition, it is possible to generally object to cookies and similar tracking technologies using the services listed below by setting your individual preferences - which technologies you want to allow for usage and interest-based advertising:


•    European Interactive Digital Advertising Alliance (EDAA): https://www.youronlinechoices.com/uk/your-ad-choices 
•    Network Advertising Initiative (NAI): https://optout.networkadvertising.org/?c=1#!%2F 


2.3.    Communication with us


Contact form and email


On our website, we offer you the option of contacting us by email and / or using a contact form. In this case, the information you provide will be processed for the purpose of processing your contact based on the legal basis of contract fulfilment in accordance with Art. 6 (1) lit. b GDPR. There is no legal or contractual obligation to provide this personal data. Failure to provide it simply means that you do not submit your request and we cannot process it. The data will only be passed on to third parties if this is stated on the website or in this data protection declaration or is necessary for the fulfilment of the contract or if this is required by statutory provisions. We only save your data for as long as is expedient for processing your inquiries or for any queries you may have.


2.4.    Online Shop (s) / Booking Portal (s)


For the purpose of providing contractual services as well as their payment and execution in the context of online purchases, bookings and prospectus orders, we process your personal master data, contract and payment data and communication data (IP address and server log files) on the basis of the legal bases of Art. 6 (1) lit. b GDPR (fulfilment of the contract) as well as Art. 6 (1) lit. c GDPR (legal obligation for invoicing and archiving).


We store this data as long as the purpose requires it, statutory provisions provide for this (retention period of invoices according to § 132 BAO for 7 years; voucher orders until the expiry of the redemption period for 30 years) or we store this data on the basis of the legal basis of Art. 6 (1) lit. f GDPR (legitimate interest) to defend against possible liability claims. If you cancel the order process, we will save the data to clarify possible problems during the order process for 14 days.


There is no legal or contractual obligation to provide personal data. Failure to provide them simply means that we cannot process your bookings / orders.


Feratel DESKLINE online bookings, booking requests and brochure orders


For the processing of online bookings, brochure orders and inquiries, we process your personal data in order to be able to provide you with the booked services with the help of our service provider feratel Media Technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck). For this purpose, we store and process inventory data, communication data, contract data, payment data of our customers, interested parties and other business partners. The processing takes place for the purpose of providing contractual services or for the fulfilment of pre-contractual services on the basis of the legal basis of Art. 6 para. 1 lit. b GDPR (booking processes, answering requests for quotations and sending brochures) as well as Art. 6 (1) lit. c GDPR (legally required retention periods of bookings or invoices). For this purpose, the data fields marked as required are required for the establishment and fulfilment of the contract. We disclose your personal data in the context of this data processing to third parties (hotel partners or other tourist service providers) on the basis of the legal basis of Art. 6 (1) lit. b GDPR (if it is necessary for the processing of a booking process), or on the basis of our legitimate interest according to Art. 6 (1) lit. f GDPR for the use of appropriate booking software. We have concluded a corresponding agreement with feratel in accordance with Art. 28 GDPR as a data processor, which ensures that your data is processed exclusively within the scope of our order. Further information on the data protection of feratel under: https://www.feratel.com/en/privacy-policy.html.


INCERT voucher system and merchandising articles


To process the order of holiday vouchers and merchandising articles, we use the system of the company INCERT eTourismus GmbH & Co KG (Leonfeldner Strasse 328, A-4040 Linz) as our data processor. It enables the automated sale of vouchers by means of "print@home" as well as the individual personalization of vouchers with dedications, designs and barcodes. For the processing of orders, the following information is required: title, first and last name, address, e-mail address.  We have concluded a corresponding agreement with the company INCERT in accordance with Art. 28 GDPR as a data processor, which ensures that your data is processed exclusively within the scope of our order. Further information on INCERT's data protection can be found at: https://www.incert.at/en/data-protection/.


External payment service providers


To pay for the order processes / bookings, we use external payment service providers on the legal basis of Art. 6 (1) lit. b GDPR (fulfilment of the contract), via whose platforms you can make your payments. The payment data entered by you as part of the order (e.g. account numbers, credit card numbers including check digits, passwords / TANs, etc.) are processed exclusively by our payment service providers and are not visible to us. We only receive a confirmation of the payment made or information from our payment service providers that the payment could not be made. Further information on the data protection and terms and conditions of our payment service providers can be found at:


•    Datatrans AG, Kreuzbühlstrasse 26, CH-8008 Zürich.
Tel. +41 44 256 81 91
E-Mail: info@datatrans.ch
https://www.datatrans.ch/de/datenschutzbestimmungen/ 
•    hobex AG, Josef-Brandstätter-Straße 2b, A-5020 Salzburg
T +43 662 2255-0
E-Mail: office@hobex.at 
https://www.hobex.at/at/service/datenschutz_kunden 
•    Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Schweden
Tel. 0046 8-120 120 00
E-Mail: inkorg@klarna.se
https://www.klarna.com/at/datenschutz/ 
•    PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
E-Mail: kundenbetreuung@paypal.com 
https://www.paypal.com/myaccount/privacy/privacyhub?locale.x=de_AT 


2.5.    Email Newsletter


Email newsletter MailChimp


The legal basis for sending the newsletter is your consent according to Art. 6 (1) lit. a GDPR. The registration for our newsletter takes place in the so-called double opt-in procedure. This ensures that no one can log in with foreign e-mail addresses (e.g. with your email address). Your consent can be revoked at any time free of charge by clicking on the "unsubscribe link" at the end of each mailing. The legality of the data processing operations already carried out up to that point remains unaffected by the revocation. After unsubscribing from your email address, we will store it for a period of 3 years on the basis of our legitimate interest (Art. 6 (1) lit. f GDPR) in order to obtain your original consent to be able to prove if necessary. To send out our newsletter, we use "MailChimp", a service of Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. With the help of MailChimp we can analyze our newsletter campaigns. When opening an e-mail sent with MailChimp, a connection is established with the MailChimp servers. This allows us to determine whether a newsletter message has been opened and which links have been clicked on, if any. In addition, technical information such as the time of retrieval, the IP address, browser type and operating system of the recipient are registered. This information is used exclusively for the statistical analysis of our newsletter. The purpose of these analyses is to better adapt future newsletters to the interests of the recipients. The legal basis for data transfers to the USA is the EU standard contractual clauses agreed with MailChimp in connection with our examination of the admissibility of these data transfers in the sense of a comprehensive risk assessment. We have concluded a data processing agreement in the meaning of Art. 28 GDPR with MailChimp (https://mailchimp.com/legal/data-processing-addendum/). Further information on the legality of MailChimp's data transfers to the USA and the special security measures taken for this purpose can be found at:  https://mailchimp.com/help/Mailchimp-european-data-transfers/. General data protection information of MailChimp can be found at:  https://mailchimp.com/legal/privacy/.


2.6.    Digital Information Services / Registration


Digital holiday companion PIA


For the use of our digital holiday companion PIA (Personal Interest Assistant), provided by our service provider feratel Media Technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck), it is possible to register on our website via a terminal device (e.g. smartphone or PC) on the respective Progressive Web App (abbreviated PWA) of the Digital Holiday Companion on our website. With a registration or identification, the services of the Digital Holiday Companion can be used by the user. For the use of the information offers and the receipt of service offers of the operator, it is necessary to register by providing the e-mail address. In this context, we collect your name and e-mail address, the duration of the planned stay and the booked accommodation, insofar as this is necessary for the use of the offers of the digital concierge. In addition, cookies and web analysis tools collect and store data that provide information about your interest in products. We use this information for the purpose of advertising offered products through marketing campaigns of various kinds, such as sending a newsletter by email and short messages when activating the Digital Holiday Companion. The legal basis for this data processing is your consent in accordance with Art. 6 (1) lit a GDPR. You can revoke this consent at any time free of charge. The legality of the data processing operations already carried out up to that point remains unaffected by the revocation. There is no obligation to provide this data. If you do not want to provide this data, it will only mean that we will not be able to offer you this service. Your data will only be transferred to third parties if this is necessary for the processing of reservations. If the above data is changed and/or supplemented by you in the course of registration or identification, these supplemented/changed data will also be stored and processed. We only store your data for as long as this is necessary for the purpose or due to legal obligations on our part.   We have concluded a data processing agreement with feratel in accordance with Art. 28 GDPR, which ensures that your data is processed exclusively within the scope of our order. Further information on feratel's data protection can be found at: https://www.feratel.com/en/privacy-policy.html.


2.7.    Web Analysis - Statistical Analyses of our Website


Google Tag Manager


We use the service of the provider Google Ireland Limited ("Google") (Gordon House, Barrow Street, Dublin 4, Ireland) to be able to manage website tags via a common tool of Google.  The Google Tag Manager tool itself (which implements the tags) is a domain that does not set cookies and does not collect any other personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it will remain in place for all tracking tags   implemented with Google Tag Manager. Further information on Google's data protection   can be found at: https://policies.google.com/privacy?hl=en-GB.


Google Analytics


This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited ("Google") (Gordon House, Barrow Street, Dublin 4, Ireland). The legal basis for the use of this service is your consent in accordance with Art. 6 (1) lit a GDPR. Google Analytics uses cookies that are stored on the website visitor's computer and that enable an analysis of the use of our website by the site visitor. The information generated by the cookie about your use of our website is usually stored on European servers and only in exceptional cases transmitted to a Google server in the USA and stored there. We use Google Analytics with activated IP anonymization. This means that your IP address is usually shortened by Google within the European Union and only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the corresponding browser as part of Google Analytics will not be merged with other Google data. On our behalf, Google will use the resulting information to evaluate the use of the website in order to compile reports on website activity. The collection by Google Analytics can be prevented by the site visitor adjusting the cookie settings for this website. The collection and storage of the IP address and the data generated by cookies can also be objected to at any time with effect for the future. The corresponding browser plugin can be downloaded and installed under the following link:  https://tools.google.com/dlpage/gaoptout. We have concluded a corresponding agreement with the provider of the service in accordance with Art. 28 GDPR as a data data processor, which ensures that your data is processed exclusively within the scope of our order.  Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy (https://policies.google.com/privacy?hl=en-GB) as well as in the settings for the presentation of advertisements by Google (https://adssettings.google.com/authenticated).


Google Optimize


We use the functions of the analysis tool “Google Optimize” to improve the content of our website. The provider of this service is Google Ireland Limited ("Google") (Gordon House, Barrow Street, Dublin 4, Ireland). For this analysis of your surfing behavior, Google uses cookies. The analysis of your website usage supports us in continuously improving the content of our website. The information generated by the cookie about your use of our website is usually stored on European servers and only in exceptional cases transmitted to a Google server in the USA and stored there. We use Google Optimize with activated IP anonymization. This means that your IP address is usually shortened by Google within the European Union and only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google Optimize cookies are stored on the basis of your consent in accordance with Art. 6 (1) lit. a GDPR. The collection by Google Optimize can be prevented by the site visitor adjusting the cookie settings for this website. The collection and storage of the IP address and the data generated by cookies can also be objected to at any time with effect for the future. The corresponding browser plugin can be downloaded and installed under the following link: https://tools.google.com/dlpage/gaoptout. We have concluded a corresponding agreement with the provider of the service in accordance with Art. 28 GDPR as a data processor, which ensures that your data is processed exclusively within the scope of our order. Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy (https://policies.google.com/privacy) as well as in the settings for the presentation of advertisements by Google (https://adssettings.google.com/authenticated).


Hotjar


We use "Hotjar", a feedback and analysis service provided by Hotjar Ltd. (Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta), for an improved user experience on this website. The following information is collected in relation to the end user's terminal and browser: IP address of the terminal in anonymized form, screen resolution of the terminal, type of terminal device (individual terminal identifiers), operating system and browser type, geographic location (country only), preferred language when displaying the Hotjar-based website and user interactions (mouse events such as movements, position and clicks and keystrokes). The processing of your personal data takes place on the basis of your consent in accordance with Art. 6 (1) lit. a GDPR. We have concluded a corresponding agreement with the provider of the service in accordance with Art. 28 GDPR as a data data processor, which ensures that your data is processed exclusively within the scope of our order.  Further information on Hotjar's data protection can be found under  https://www.hotjar.com/legal/policies/privacy/ and further information on the cookies used by Hotjar can be found under  https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies. By visiting the site  https://www.hotjar.com/legal/policies/do-not-track/ and by clicking on "Deactivate Hotjar", you can generally reject the collection of your data by Hotjar.


2.8.    Webmarketing


Google Remarketing


On the legal basis of your consent pursuant to Art. 6 (1) lit. a GDPR, our website uses the functions of "Google Analytics Remarketing" in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland). This feature makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC). If you have given your consent, Google will link your web and app browsing history to your Google Account for this purpose. In this way, the same personalized advertising messages can be displayed on every device on which you sign in with your Google Account. To support this feature, Google Analytics collects Google-authenticated user IDs, which are temporarily linked to our Google Analytics data to define and create audiences for cross-device advertising. You can permanently object to cross-device remarketing/targeting by deactivating personalized advertising in your Google Account; follow this link here:  https://www.google.com/settings/ads/onweb/. The summary of the collected data in your Google Account takes place exclusively on the basis of your consent, which you can give or revoke with Google (Art. 6 (1) lit. a GDPR). Further information on Google's data protection can be found at:  https://www.google.com/policies/privacy/.


Facebook-Pixel


In order to place target group-directed advertisements on Facebook and to be able to track the actions of users after they have seen or clicked on a Facebook advertisement, we use the Facebook pixel of Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).  This allows us to display and evaluate or optimize our Facebook advertisements on Facebook that is of interest to you on Facebook with the data collected anonymously for us (we do not see any personal data of individual users, but only the overall effect). According to their data protection information, Facebook links this data to the Facebook account of Facebook users and can thus display content that corresponds to their interests. For specific information about how the Facebook pixel works, see the Facebook Help Center at:  https://de-de.facebook.com/business/help/651294705016616. You can make settings regarding usage-based advertising on Facebook yourself in your Facebook account:  https://www.facebook.com/settings?tab=ads. Further information can be found in Facebook's privacy policy at:  https://www.facebook.com/privacy/explanation.


Droid Marketing Automation


Our website uses the functions of Droid Marketing Automation on the legal basis of your consent in accordance with Art. 6 (1) lit. a GDPR. The provider of this service is Droid Marketing GmbH (Ungargasse 64-66/1/110, A-1030 Vienna, e-mail   datenschutz@droidmarketing.com). By setting cookies on your device, these functions enable us to analyse your usage behaviour on our website and, based on this, to display certain content to you preferentially. In this way, we can provide you with interest-based, personalized content both within our website and in our newsletter or in our Zell am See-Kaprun app, provided that you use our app or have subscribed to our newsletter. We have a corresponding agreement with the provider of the service iSd. Art. 28 GDPR as a processor, which ensures that your data is processed exclusively within the scope of our order. Further information can be found in the privacy policy of Droid Marketing GmbH: https://droidmarketing.com/datenschutz.html.


In addition, on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR, we receive information from the websites of our partners Kitzsteinhorn Bergbahnen AG (www.kitzsteinhorn.at) and Schmittenhöhebahn AG (www.schmitten.at) in case we forward you to the websites of these partners. In this way, we can also use this information to be able to show you individualized information and offers on our website. The prerequisite for this is, on the one hand, that you agree to the necessary marketing cookies when using these partner websites and, on the other hand, that you are logged in to your app or in your user account of our website, or have subscribed to our newsletter. We process this data as "joint controllers" with the partners named here and have also concluded an agreement with these partners within the meaning of Art. 26 GDPR, which obliges all partners, among other things, to provide you with the corresponding information about this joint processing within the meaning of Art. Articles 12 to 14 GDPR, to ensure appropriate protection of this data and to exercise your rights as a data subject within the meaning of the GDPR. Art. 15-21 GDPR. To exercise your rights as a data subject, you can contact us (Zell am See-Kaprun Tourismus GmbH) as well as our partners Kitzsteinhorn Bergbahnen AG (Kitzsteinhornplatz 1a, A-5710 Kaprun, Tel. +43 (0)6547/8700, E-Mail: office@kitzsteinhorn.at) or Schmittenhöhebahn AG (Salzachtal-Bundesstraße 7, Postfach 8, 5700 Zell am See, Tel. +43 (0) 6542 789 211, E-Mail: datenschutz@schmitten.at).


2.9.    Integration of other Third-Party Services and Content


We integrate content or functions of third parties within our website. This always presupposes that the providers of this content or functions perceive the IP address of the users. Without the IP address, they would not be able to send the content to the browser of the respective user. The IP address is therefore required for the presentation of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. However, we have no influence on whether the third-party providers store the IP address, e.g. for statistical purposes. The legal basis for the use of these services, insofar as they are necessary for the functioning of our website, is our legitimate interest in accordance with Art. 6 (1) lit. f GDPR, otherwise your consent according to Art. 6 (1) lit a GDPR. Information on the purpose and scope of the further processing and use of the data by the providers of the embedded services/content as well as further information within the meaning of the Art. 13 and 14 GDPR can be found under the information links listed below. The following services/content are embedded in our website:


Google Maps


Our website uses the Google Maps service of the provider Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland). This function makes it possible to display corresponding map material within our website. Your IP address as well as information about the browser version and language settings are transmitted to the servers of Google Ireland Ltd. According to Google's own information, the data is stored by Google for 1 year. There is a legitimate interest on our part within the meaning of the Art. 6 (1) lit. f GDPR for the use of Google Maps. Our legitimate interest lies in an appealing presentation of our online offer or the geographical presentation of the offers of our region. However, we only use Google Maps if you have given your consent. The legal basis for the processing of your data is therefore your consent in accordance with Art. 6 (1) lit. a GDPR. For more information about Google's privacy policy, please visit:  https://policies.google.com/privacy.


Vimeo


We integrate videos of the platform "Vimeo" of the provider Vimeo Inc. (555 West 18th Street, New York 10011, USA). The implementation takes place on the basis of  Art. 6 (1)  lit. f GDPR, whereby our legitimate interest lies in the smooth integration of the videos and the thus appealing design of our website. However, we only use Vimeo if you have given your consent. The legal basis for the processing of your data is therefore your consent in accordance with Art. 6 (1) lit. a GDPR. When you visit a page in which we have embedded a Vimeo video, a connection to the Vimeo servers is established and the content is displayed on the website by notifying your browser. According to Vimeo, your data (in particular which of our websites you have visited) as well as device-specific information including the IP address will only be transmitted to the Vimeo server when you watch the video. By clicking on the video, you consent to this transmission. For more information on Vimeo's privacy policy, please visit:  https://vimeo.com/privacy.


YouTube


We integrate videos from the platform "YouTube" of the provider Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland) in extended data protection mode. The implementation takes place on the legal basis of Art. 6 (1) lit. f GDPR, whereby our interest lies in the smooth integration of the videos and the thus appealing design of our website. However, we only use YouTube if you have given your consent. The legal basis for the processing of your data is therefore your consent in accordance with Art. 6 (1) lit. a GDPR. When you visit a page in which we have embedded a YouTube video, a connection to the Google servers is established and the content is displayed on the website by notifying your browser. According to Google's information, in the extended data protection mode, your data (in particular which of our websites you have visited) as well as device-specific information including the IP address will only be transmitted to the YouTube server when you watch the video. In some cases, information is transmitted to the parent company Google Inc., based in the USA, to other Google companies and to external partners of Google, each of which may be located outside the European Union. By clicking on the video, you consent to this transmission. If you are logged in to Google at the same time, this information will be assigned to your Google member account. You can prevent this by logging out of your member account before visiting our website or by making individual settings in your Google account under the following link: https://adssettings.google.com/authenticated. Further information on YouTube's privacy policy can be found at:  https://www.google.com/policies/privacy/.


3.    Other Data Processing in Business and Customer Contact


In this section we inform you about other data processing processes outside our website.


3.1.    Job Applications


The contact data and application documents transmitted to us in the course of a job application will be processed by us exclusively internally for the purpose of selecting suitable candidates for an employment relationship. There is no legal or contractual obligation to provide the personal data. Failure to do so will only result in you not submitting your request and we will not be able to process it. The personal data transmitted in this way will be stored by us in accordance with the statutory provisions for a maximum of 6 months, in the case of the explicit consent of the applicant to keep the documents in evidence, for a maximum of 2 years.


3.2.    Online Presence in Social-Media


In addition to our website, we maintain online presences within social networks and platforms:  Facebook, Twitter, Instagram, TikTok, Pinterest and YouTube in order to communicate with customers and business partners and to connect to them via these networks to be able to inform about our services. When accessing the respective networks and platforms, the terms and conditions and the data protection guidelines of the respective operators of these networks apply.


3.3.    Guest Card System


GuestCard Zell am See-Kaprun: Guest card system feratel


For the use of our regional guest card, we process your personal data (first name, last name, date of birth, period of stay and country of origin/postal code) with the help of our service provider feratel Media Technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck) for the purpose of providing you with the advantages of the costfree guest card. Furthermore, it is necessary to store your usage data for the purpose of internal billing and to make it available to our service providers for the control of internal billing. The legal basis of the processing is your consent in accordance with Art. 6 (1) lit a GDPR, which you give us as part of your guest report in your accommodation establishment. You can revoke this consent at any time free of charge. Uses that have already been made remain unaffected for billing purposes. There is no legal or contractual obligation to provide the personal data. Failure to do so will only result in us not being able to provide you with the guest card. We have concluded a corresponding data processing agreement with feratel in accordance with Art. 28 GDPR as a data processor, which ensures that your data is processed exclusively within the scope of our order. Further information on feratels privacy policy can be found at: https://www.feratel.com/en/privacy-policy.html


SummerCard Zell am See-Kaprun: CapCorn guest card system


For the use of our regional guest card, we process your personal data (first name, last name, date of birth, period of stay and country of origin/postal code) with the help of our service provider CapCorn (CapCorn Company Software GmbH, Flugplatzstraße 52/17, A-5700 Zell am See) for the purpose of providing you with the advantages of the free card. Furthermore, it is necessary to store your usage data for the purpose of internal billing and to make it available to our service providers for the control of internal billing. The legal basis of the processing is your consent in accordance with Art. 6 (1) lit a GDPR, which you give us as part of your guest report in your accommodation establishment. You can revoke this consent at any time free of charge. Uses that have already been made remain unaffected for billing purposes. There is no legal or contractual obligation to provide the personal data. Failure to do so will only result in us not being able to provide you with the guest card.  We have concluded a corresponding data processing agreement with CapCorn in accordance with Art. 28 GDPR as a data processor, which ensures that your data is processed exclusively within the scope of our order. Further information on CapCorn's data protection can be found at:  https://www.capcorn.at/CapCorn_Datenschutzrichtlinien_DE.pdf


3.4.    Customer and business databases


CRM-System von Salesforce


We use the CRM system of the provider Salesforce (Salesforce Germany GmbH, Erika-Mann-Str. 31, 80636 Munich) as a tool for maintaining B2B contacts (e.g. with tour operators, travel agencies, incentive agencies, incentive departments of companies) on the legal basis of our legitimate interest acc. Art. 6 (1) lit. f. GDPR. A transfer of these contacts (names, company name, address data, contact data and interests in holiday topics) to partners in our region (accommodation and other tourist service providers) takes place only at the request of the business partner on legal basis of the consent acc. Art. 6 (1) lit. a GDPR. You can revoke this consent at any time by sending us an e-mail free of charge. We have concluded a corresponding agreement with Salesforce in accordance with Art. 28 GDPR as a processor, which ensures that your data is processed exclusively within the scope of our order. For more information about Salesforce privacy, please visit: https://www.salesforce.com/de/company/privacy/.


3.5.    Guest/Visitor WiFi


We offer freely accessible visitor Wi-Fi in public places as well as in our offices. In order to provide the services of the hotspot for you, the use of personal data of your end device is required. In this context, the MAC addresses (Media Access Control Address) of end devices may also be stored temporarily. Furthermore, we may store log data ("log files") about the type and scope of use of the services for 7 days. This data cannot be assigned directly to your person, but directly to your used device and thus also indirectly to your person. To provide this offer, we use the services of Unwired Networks GmbH (Gonzagagasse 11/25, A-1010 Vienna) as our data processor. We have concluded a corresponding agreement with our processor in accordance with Art. 28 GDPR, which ensures that your data is processed exclusively within the scope of our order.


3.6.    Registration for Events and Guest Programme


It is possible to register for events of different providers in our region in our information offices. For this purpose, we process your personal data (name, e-mail address and telephone number). This data will be processed by us on the basis of the legal basis of Art. 6 (1) lit. b GDPR (contract fulfilment/pre-contractual measures) and also passed on to the respective organizer. This data will be deleted or destroyed by us after the event.


3.7.    Zell am See-Kaprun App


For the use of our "Zell am See-Kaprun App", provided by our service provider Dialogschmiede GmbH (Ungargasse 64-66/1/110, A-1030 Vienna), it is possible to install the app on a mobile phone or tablet and register as a user. By registering, you can use the services of our app to the full extent. We process your data as part of your registration in order to give you your individual access to the Zell am See-Kaprun app, to be able to provide you with individualized information and offers and, as a result, to give you the opportunity to easily use offers from our region via the Zell am See-Kaprun app (e.g. to buy ski tickets, to use public transport for free and much more). For this purpose, we process the following data: first name, surname, e-mail address, operating system and device type used (e.g. Android/IOS), the date and time of your access as well as your mobile user ID and geodata. For the booking, reservation of the services of our partners (hotels, mountain railways or other providers of tourist services of our region), we will ask you for further personal data such as date of birth, age, address, your holiday address, your contact details (e.g. your telephone number for queries), information about the desired services (e.g ordered goods or commissioned services and invoice data (such as service period, method of payment, invoice date), payment data (e.g. account number, credit card data). In addition, we analyze your use of our app in order to be able to show you interest-based, individual offers. The legal basis for this data processing is basically the fulfilment of the contract in accordance with Art. 6 (1) lit. b GDPR or your consent in accordance with Art. 6 (1) lit a GDPR (e.g. use of geodata or subscription to our newsletter). You can revoke these consents at any time free of charge. The legality of the data processing operations already carried out up to that point remains unaffected by the revocation. There is no obligation to provide this data. If you do not want to provide this data, it only has the consequence that we can not offer you this service, or not in full extent (e.g. geodata for the navigation function). We only store your data as long as this corresponds to the purpose or is necessary due to legal obligations on our part. We have concluded a corresponding agreement with Dialogschmiede GmbH in accordance with Art. 28 GDPR as a processor, which ensures that your data is processed exclusively within the scope of our order. Further information on data protection of Dialogschmiede GmbH can be found at: https://www.dialogschmiede.com/datenschutz. Further detailed information on data protection when using our app can be obtained when you register for the app.


Current version of the privacy policy of 02.05.2022