Confidential data handled responsibly
Personal data (such as name, e-mail address, telephone number) are processed and conveyed by the operator only in a lawful manner - in particular for the fulfillment of contractual or legal obligations, on the basis of predominant legitimate interests of the operator or on the basis of the consent of the user.
The lawfulness of data processing results from the Austrian Data Protection Act as well as from the regulation (EU) 2016/679 (GDPR). The legal basis is specifically detailed in the following processing.
The operator continuously optimises the presentation and services offered for the website users. In order to better understand how the pages are used, the operator saves the following data, short term, each time the site is accessed: name of the website visited, requested details, date/time, volume of data transmitted, message about successful retrieval of data, browser/version/language, operating system, previously visited sites, duration of use, country of origin and anonymised IP-address. By visiting this website, the user, in accordance to Article 6 (1) (a) of the GDPR, gives his/her consent to the short term storage of the IP address of the terminal. The user's IP-address will be deleted when use of the website is complete. The operator uses the aforementioned data anonymously only for statistical purposes in connection with the offer.
On making contact with the operator (eg. by contact formula or e-mail), the following user's information may be stored for the purpose of processing the request, as well as, in the case of follow-up questions: title, first name and surname, postal address, e-mail address, telephone number and additional inquiry-related information (eg. duration of stay, number of persons).
Personal data collected in this manner will be deleted by the operator within three years, after processing of the request has been completed. The personal data disclosed by the user will only be processed and used by the operator to the extent necessary in fulfilling the request and /or for the provision of the requested service.
In the course of this data processing, the operator may forward the collected personal data to the following third parties (see contact details).
Reporting requirementPursuant to the Austrian Reporting Law accommodation participants are required to provide the accommodation provider with the data specified in § 5 and § 10 of the Reporting Law. This relates to the following data:
- Name, date of birth, gender, nationality, country of origin, address plus postal code and
- for international guests - type, number, issue location and issuing authority of a travel document, and also the date of arrival and departure.
Guest registryOwing to our legal obligation arising from § 19 of the Reporting Law-Implementation Order, the accommodation provider shall maintain this data in a Guest Registry and save it for a period of 7 (seven) years, unless it is needed for a longer period of time for other purposes which are named in this Data Protection Statement. The Guest Registry shall be maintained by us in electronic format, and for this purpose the accommodation provider shall transfer the data to an IT services provider. The data shall thus be saved locally. No transmittal into a third country shall occur.
Transmittal of dataThe data categories of “arrival” and “departure,” linked with the country of origin, shall be transmitted to the community where the hospitality company is located, in accordance with § 6 of the Tourism Statistical Order. Also, aggregate data regarding the total number of overnight stays and total number of persons obligated to pay the room tax shall be provided to the Tourism Association of Paznaun - Ischgl, where the accommodation provider are members, and/or to the community. This shall be handled on the basis of § 19 of the Tyrol Accommodation Law.
Legal basis for data processingData processing pursuant to the above Sections 1.1 to 1.3 shall be based on Art. 6 para. 1 lit. c of the DSGVO.
Additional data transmittal to the TVB/MunicipalityIn addition, the accommodation provider shall provide your postal code and year of birth (in a pseudonymized and/or anonymized form) to our municipality and to our TVB for statistical purposes in order to prepare and evaluate the origin and age statistics by the Tourism Association (TVB). This transmittal is based on Art. 6 para. 1 lit. e (transmittal in the public interest) and lit. f (predominate lawful interest) DSGVO. However, you may file an opposition at any time for reasons relating to your particular situation (Art. 21 para. 1 DSGVO).
General informationThe accommodations participant are entitled to obtain a guest card. The guest card grants the owner benefits and/or services at various companies in the region (e.g. reduced admission fees). The guest card is valid for the period of your visit.
Issuance of the Guest CardThe guest card will be issued and validated by the accommodation provider solely at your request. It will be issued according to the Guest Card system employed by the TVB and/or by the accommodation company, either in the form of
- an electronically generated guest card,
- a Guest Card issued on your cell phone or
- a copy of your reservation slip.
Processed Personal DataThe following personal data, obtained from the reservation data (see Section 1 above) will be processed both for the electronically generated, and also for the cell phone-provided Guest Card:
- First and last name, date of birth, country of origin/postal code and the date of arrival and departure.
If the Guest Card is issued in the form of the “reservation slip,” then it will contain the information required by § 5 in connection with § 9 of the Reservations Law (see Section “Reservation Data”). In this case, no electronic processing will be performed relating to the Guest Card.
When using the Guest Card, the following additional personal data will be processed:
- Data relating to the frequency of use of the particular card, service requested, reservations, transaction logging, reference to the reservation data and accommodation company.
This data is required firstly to verify your identity and secondly to verify the validity of the Guest Card for the particular service requests, and if necessary, to allow invoicing of the benefits between the service providers, the TVB and any accommodation companies involved.
Legal Basis for Data ProcessingDie Verarbeitung der Daten für Zwecke der Gästekarte erfolgt aufgrund Ihrer Einwilligung (Art. 6 Abs 1 lit a DSGVO).
Processing of the data for purposes of the Guest Card shall proceed pursuant to your consent (Art. 6 para. 1 lit. a DSGVO). Your consent can be withdrawn at any time by giving oral or written instructions to the accommodation provider at the email address firstname.lastname@example.org.
Operation of the Guest Card SystemThe Guest Card System is operated by the local tourism association (TVB). In addition, local accommodation operators and local companies (service providers) are involved. The data that is processed for the Guest Card will be deleted after 40 (forty) months, unless additional retention is necessary for other lawful purposes (e.g. reporting requirements).
Receivers of the DataData processed for purposes of the Guest Card will be provided to the local Tourist Association for invoicing to the service providers and/or accommodation operators. The individual service providers who provide beneficial services based on the Guest Card, likewise will receive the data, provided you have used the Guest Card services provided by these companies.
To claim the benefits, you must present the particular Guest Card on which the data is recorded, and thus disclose the data to the service provider. The company will then check whether the card is (still)valid, usually by reading the bar code on the Guest Card and by transmitting the bar code data to our IT services provider. At this time personal data will be transmitted to the company, in particular also your identity data (to verify your identity and date of birth).
If the Guest Card has been issued in the form of a reservation slip, then its validity will be checked based on the copy of the reservation slip.
Use of the website is also possible without cookies. The user can deactivate the storage of cookies in his browser, limit cookies to certain websites or set his browser to send a notification before a cookie is stored. The user can delete cookies, at any stage, from the device's hard disk using the browser's privacy functions. In this case, the website's functions and user-friendliness could be restricted. The user's consent forms the legal basis of data processing, in the context of cookies, via the cookie banner.
What is OpenStreetMap?
The OpenStreetMap project was launched in 2004. The goal of the project is and was to create a free map of the world. Users collect data worldwide about buildings, forests, rivers and roads. Over the years, an extensive digital world map has been created by users themselves. Of course, the map is not complete, but in most regions it contains a lot of data.
Why do we use OpenStreetMap on our website?
First and foremost, our website should be helpful to you. And from our point of view, it is always helpful if you can find information quickly and easily. On the one hand, this is of course about our services and products, but on the other hand, we also want you to have access to other helpful information. That's why we also use the OpenStreetMap map service. Because this way we can show you, for example, exactly how to ﬁnd our company. The map shows you the best way to us and your journey becomes a breeze.
What data is stored by OpenStreetMap?
The collected data is subsequently accessible to the corresponding working groups of the OpenStreetMap Foundation. According to the company, personal data is not shared with other individuals or companies unless legally necessary. The third-party provider Pika does store your IP address, but in a truncated form.
The following cookie may be set in your browser when you interact with OpenStreetMap on our website:
Purpose: The cookie is needed to unlock the content of OpenStreetMap.
Expiration date: after 10 years
If you want to view the full screen of the map, you will be linked to the OpenStreetMap website. There, among other things, the following cookies may be stored in your browser:
Purpose: This cookie is used to ensure the operation of the map section.
Expiration date: after one hour
Purpose: The cookie can be used to store session information (i.e. user behavior).
Expiration date: after session end
Purpose: This cookie is set by PIWIk to store or measure user data such as click behavior.
Expiration date: after one year
How long and where is the data stored?
The APl servers, databases, and ancillary services servers are currently located in the United Kingdom (Great Britain and Northern Ireland) and the Netherlands. Your IP address and user information that is stored in shortened form by the web analytics tool Piwik is deleted after 180 days.
How can I delete my data or prevent data storage?
You have the right to access your personal data at any time and object to its use and processing. You can manage, delete or deactivate cookies that may be set by OpenStreetMap in your browser at any time. However, this will prevent the service from working to its full extent. For each browser, managing, deleting or disabling cookies works slightly differently. Under the section "Cookies" you ﬁnd the corresponding links to the respective instructions of the most popular browsers.
If you have consented to OpenStreetMap being used, the legal basis of the corresponding data processing is this consent. According to Art, 6 para, 1 lit, a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data as it may occur during the collection by OpenStreetMap.
From our side, there is also a legitimate interest to use OpenStreetMap to optimize our online service. The corresponding legal basis for this is Art, 6 para, 1 lit, f DSGVO (Legitimate Interests). Nevertheless, we only use OpenStreetMap if you have given your consent.
Source: Created with the privacy generator from AdSimple
What is: reCAPTCHA?
Why do we use reCAPTCHA on our website?
We only want to welcome flesh and blood people to our site. Bots or spam software of any kind may confidently stay at home. That's why we pull out all the stops to protect ourselves and provide the best possible user experience for you. For this reason we use Google reCAPTCHA from Google. This way we can be pretty sure that we remain a 'bot-free' website. By using reCAPTCHA, data is sent to Google to determine if you are actually human, so reCAPTCHA is used to keep our website safe, and by extension, keep you safe. For example, without reCAPTCHA, it could happen that a bot registers as many e-mail addresses as possible during registration, in order to subsequently "spam" forums or blogs with unwanted advertising. With reCAPTCHA we can avoid such bot attacks.
What data is stored by reCAPTCHA?
reCAPTCHA collects personal data from users to determine whether the actions on our website really come from humans. Thus, the IP address and other data required by Google for the reCAPTCHA service may be sent to Google. IP addresses are almost always shortened beforehand within the member states of the EU or other contracting states to the Agreement on the European Economic Area before the data ends up on a server in the USA. The IP address is not combined with other data from Google unless you are logged in with your Google account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube Gmail, etc.) are already placed on your browser. Then, reCAPTCHA sets an additional cookie on your browser and collects a snapshot of your browser window.
The following list of collected browser and user data, does not claim to be exhaustive. Rather, they are examples of data that, to our knowledge, are processed by Google:
- Referrer URL (the address of the page from which the visitor comes).
- IP address (e.g. 126.96.36.199)
- Info about the operating system (the software that allows your computer to run. Known operating systems are Windows. Mac OS X or Linux)
- Mouse and keyboard behavior (every action you perform with the mouse or keyboard is stored)
- Date and language settings (which language or date you have preset on your PC is saved)
- Screen resolution (shows how many pixels the image consists of).
It is undisputed that Google uses and analyzes this data even before you click the "I am not a robot" checkbox. With the Invisible reCAPTCHAN version even the ticking is omitted and the whole recognition process runs in the background. How much and which data Google stores exactly, Google does not tell you in detail.
The following cookies are used by reCAPTCHA: Here we refer to the reCAPTCHA demo version from Google at https://www.google.com/recaptcha. All these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA has set on the demo version.
Purpose: This cookie is set by the Doubleclick company (also owned by Google) to register and report a user's actions on the website in dealing with advertisements. In this way, advertising effectiveness can be measured and appropriate optimization measures can be taken. IDE is stored in browsers under the domain doubleclick.net.
Expiration date: after one year
Purpose: This cookie collects statistics on website usage and measures conversions A conversion occurs, for example. when a user becomes a buyer. The cookie is also used to display relevant advertisements to users. The cookie can be used to prevent a user from seeing the same ad more than once.
Expiration date: after one month
Expiration date: after 9 months
Purpose: The cookie stores the status of a user's consent to use different services provided by Google. CONSENT is also used for security purposes to verify user. Prevent login information fraud and protect user data from unauthorized attacks.
Expiration date: after 19 years
Purpose: NID is used by Google to customize ads to your Google search. With the help of the cookie, Google "remembers" your most entered search queries or your previous interaction with ads. This way you will always get tailored ads. The cookie contains a unique ID to collect personal settings of the user for advertising purposes.
Expiration date: after 6 months
Purpose: Once you tick the "I am not a robot" box, this cookie will be set. The cookie is used by Google Analytics for personalized advertising. DV collects information in anonymous form and is further used to make user distinctions.
Expiration date: after 10 minutes
Note: This list cannot claim to be exhaustive, as experience has shown that Google also changes the choice of its cookies time and again.
How long and where is the data stored?
By inserting reCAPTCHA, data is transferred from you to the Google server. Where exactly this data is stored, Google does not make clear, even after repeated inquiries. Without having received confirmation from Google, it can be assumed that data such as mouse interaction, time spent on the website or language settings are stored on Google's European or American servers. The IP address that your browser transmits to Google is generally not merged with other Google data from other Google services. However, if you are logged into your Google account while using the reCAPTCHA PIugin, the data will be merged. The deviating data protection regulations of the Google company apply to this.
How can I delete my data or prevent data storage?
If you do not want any data about you and your behavior to be transmitted to Google, you must log out of Google completely and delete all Google cookies before you visit our website or use the reCAPTCHA software. Basically, the data is automatically transmitted to Google as soon as you visit our site. To delete this data, you must contact Google support.
Therefore, when you use our website, you agree that Google LLC and its agents automatically collect, process and use data.
Please note that when you use this tool, data about you may be stored and processed outside the EU. Most third countries (including the USA) are not considered secure under current European data protection law. Data to insecure third countries may therefore not simply be transferred, stored and processed there unless there are suitable safeguards (such as EU standard contractual clauses) between us and the non-European service provider.
If you have consented to Google reCAPTCHA being used, the legal basis for the corresponding data processing is this consent. According to Art, 6 para, 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data, as it may occur in the case of both collection by Google reCAPTCHA.
On our part, there is also a legitimate interest in using Google reCAPTCHA to optimize our online service and make it more secure. The corresponding legal basis for this is Art. 6 para. 1 lit. ( DSGVO (Legitimate Interests). Nevertheless, we only use Google reCAPTCHA if you have given your consent.
Google also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the legality and security of data processing.
As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, Google uses so-called standard contractual clauses (:=Art. 46. para. 2 and 3 DSGVU), standard contractual clauses (Standard Contractual Clauses ' SCC) are templates provided by the EU Commission and are intended to ensure that your data also comply with European data protection standards when transferred to and stored in third countries (such as the USA). Through these clauses, Google undertakes to comply with the European level of data protection when processing its relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can ﬁnd the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be ﬁnd at https://business.safety.google/intl/de/adsprocessorterms/. You can learn a bit more about reCAPTCHA on Google's web developer page at https://developers.google.com/recaptcha/. Google does go into more detail here about the technical development of reCAPTCHA, but you will search in vain for precise information about data storage and privacy-related issues there as well. A good overview of Google's basic use of data can be found in the company's own privacy statement at https://www.google.com/intl/de/policies/privacy/.
Source: Created with the privacy generator from AdSimple
To improve our products, automated data processing techniques are used to analyse user behaviour (ie. profiling).
The operator, according to Article 107 (3) of the Telecommunications Act 2003 (TKG 2003) and Article 6 (1) (a) of the GDPR, reserves the right to save the following data permanently and for sending offers and information on services and offers provided by the operator by mail or e-mail, for the purposes of their own advertising purposes: title, first name, surname, postal address, e-mail address, telephone number. The user may object to the processing of his data for this purpose, during the collection, and at any time thereafter by sending an e-mail to email@example.com.
You can feel assured with us
Furthermore, the user has more rights, which are granted by law. These are shown clearly below.
Right to be informed:
It is your right to be informed, if and to what extent your data is processed by us.
Right to Rectification:
If we process incomplete or incorrect personal data about you, you may request a correction or completion at any time.
Right to Erasure / the Right "to be forgotten":
If your personal data is unlawfully processed, you have the right to demand the deletion of your personal data from us. There may well be reasons opposing an immediate deletion (retention requirements or other legal obligations).
Right to Restriction of Processing:
If you contest the accuracy of data, you may request that your data be restricted for the duration of the audit if the processing of your personal information is unlawful, but you do not wish the data to be deleted if it is no longer required for the agreed purpose, as you may need the data for asserting / enforcing legal claims, or if you have objected to the processing of the data.
Right to Data Portability:
You have the right to demand the publication of the data provided by you in machine-readable form, provided that processing takes place on the basis of a consent or a contract.
Right to Objection to Processing:
If the processing of your personal data serves the purpose of performing public-interest tasks, the exercise of official authority or if we have a legitimate interest, you can object to this data processing if there is a legitimate interest in your personal data.
Right of Appeal:
If, in your opinion, the processing of your personal data violates Austrian or European data protection law, please contact us to clarify any questions. Of course you have the right to complain to the Austrian Data Protection Authority (Hohenstaufengasse 3, 1010 Vienna), firstname.lastname@example.org, www.dsb.gv.at) or to a supervisory authority within the EU.
Assertion of Rights:
In order to assert one of the aforementioned rights, please contct us by e-mail at email@example.com. We will be pleased to help you further.
Confirmation of Identity:
To protect your rights and your privacy, in case of doubt, we are entitled to request proof of identity.
Right to Claim for Fees:
If you claim that one of the above-mentioned rights is manifestly unfounded or particularly frequent, we are entitled to charge an appropriate processing fee or refuse to process the application.