The protection of your personal data is of particular concern to us. We therefore process your data exclusively in a lawful manner on the basis of the statutory provisions (especially GDPR, DSG 2018, TKG 2021). In this privacy policy, we inform you about the most important aspects of data processing – type, scope and purposes of the collection and use of personal data – in the context of the use of our website and in the context of other services of our company.

Only the German version of our privacy policy is legally binding text. The English translation serves as a legally non-binding information. Deviations of the English text or how it could be understood do not affect the exclusive legal validity of the German text and its meaning.

The responsible person (“controller” within the meaning of Art. 4 no. 7 GDPR) of the processing of your personal data (“personal data” within the meaning of Art. 4 no. 1 GDPR) is:

Tourismusverband Tourismus Lungau SalzburgerLand
Kirchengasse 5
A-5580 Tamsweg
Tel. +43 (0) 6474 2145
E-Mail: info@tourismuslungau.at

Data protection officer:
We take the protection of personal data seriously and have appointed an external data protection officer for this purpose. Our data protection officer is MMag. Martin Zeppezauer, Thurnbichlweg 50, A-6353 Going am Wilden Kaiser (www.zepedes.com). You can contact our data protection officer at the email address martin@zepedes.com.

Purposes of the processing of personal data

The purposes of processing your personal data generally result from our business activities as a tourism organization: making our online offers available, processing customer inquiries / orders / bookings, accounting, communication with business partners and customers. Detailed information on the purposes of processing and, if necessary, further processing for other compatible purposes as well as the processed data categories can be found in the detailed descriptions of the individual data processing processes.

.General categories of data

·         Personal master data (e.g. name, date of birth and age, address)

·         Contact details (e.g. email address, telephone number, fax number)

·         Communication data (time and content of communication)

·         Order or booking data (e.g. ordered goods or commissioned services and invoice data such as service period, payment method, invoice date, tax identification number ...)

·         Payment details (e.g. account number, credit card details)

·         Contract data (content of contracts of any kind)

·         Web usage data (e.g. server data, log files and cookies)

Processing of special categories of personal data according to Art. 9 GDPR

·         Health data (only if you have given us your explicit consent to process your order (e.g. mediation of a hotel specializing in guests with food intolerances or allergies))

Lawfulness of the processing of personal data

There is basically no obligation to provide the data for the data processing described in this data protection declaration. Failure to provide this data simply means that we cannot offer these services. The legal basis for the processing of your personal data, which is necessary for the fulfilment of a contract with you or an order from you to us, is Art. 6 (1) lit. b GDPR. Insofar as the processing of personal data is necessary on our part to fulfil a legal obligation (accounting obligation, bookkeeping obligation or other legal documentation obligations), Art. 6 (1) lit. c GDPR serves as the legal basis. If we process your data to carry out the task assigned to us in the public interest (“sovereign action”), the legal basis is Art. 6 (1) lit. e GDPR. If processing is necessary to safeguard a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh our interests, Art. 6 (1) lit. f GDPR (“legitimate interest”) serves as the legal basis for processing. In this case, we will also inform you about our legitimate interests. Unless we have any other legal basis explained above for the processing of personal data, we will ask for your consent to data processing, whereby in these cases we refer to Art. 6 (1) lit. a GDPR or in the case of the processing of special categories of data based on Art. 9 (2) lit. a GDPR as the legal basis. You can revoke this consent at any time free of charge without affecting the legality of the processing carried out on the basis of the consent until the revocation.

We process your personal data with the support of data processors who support us in providing our services. These data processors are through a corresponding agreement within the meaning of Art. 28 GDPR with us obliged to strictly protect your personal data and may not process your personal data for any purpose other than to provide our services. You can find out which data processors are involved in the detailed descriptions of the individual data processing processes.

Your personal data will be passed on to companies other than our data processors to typical economic service providers such as banks, tax consultants or auditors. Transfer of personal data to state institutions and authorities only takes place within the framework of mandatory national legal provisions.

Depending on your order (e.g. for bookings and inquiries), your personal data will only be transmitted to hotel partners or other tourist service providers (members of our organization) to the extent necessary to fulfil your order. The transmitted personal data vary depending on the service.

In principle, we process your personal data in the EU. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if we use the services of our data processors or third parties, this will only take place if the requirements of Art. 44 ff. GDPR are available for the transfer to third countries: i.e. on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU or in compliance with officially recognized contractual obligations, the so-called "EU standard contractual clauses". If we rely on the EU standard contractual clauses as the legal basis for the transmission of your personal data, we will also check the admissibility of this data transmission as part of a comprehensive risk assessment. If we come to a negative result, we will not transfer these data without your explicit consent in accordance with Art. 49 (1) lit. a and Art. 6 (1) lit. a GDPR to a third country.

Data transfer to the USA
Through the services integrated in this website, Google Tag Manager, Google Analytics, Google Ads Conversion Tracking, Google Remarketing, Facebook Pixel and YouTube, your data will (at least in some cases) also be transferred to the USA. Authorities or secret services in the USA can access your data without giving you legal recourse. The ECJ has therefore determined that there is no sufficient level of data protection in the sense of Art. 44 to 50 GDPR for data transfers from the EU to the USA. For this reason, the legal basis for the use of this service is your express consent pursuant to Art. 49 (1) lit. a GDPR.

Your personal data will be deleted by us as soon as the purpose for which we collected your data no longer applies. Storage can also take place if we process the data for a purpose that is compatible with the original purpose. It can also take place if this is provided for by laws, ordinances or other provisions to which our company is subject.

We only collect your personal data from you and do not use any other data sources.

We do not use any automated decision-making or profiling processes that have a legal effect on you or that significantly affect you in a similar manner. With your consent, however, we will use your usage data to get to know your interests better and thus to be able to display information of interest to you or to be able to make you tailor-made offers or to be able to display corresponding information to you on third-party websites or social media platforms.

In principle, you have the right to information, correction, deletion and restriction of the processing of personal data in accordance with the GDPR. If the legal basis for the processing of your personal data is your consent or a contract concluded with you, you also have the right to data portability. You have the right to revoke any consent you may have given to the processing of your personal data. The lawfulness of the processing of your personal data up to the time of revocation is not affected by this. You have the right to object to the processing of your personal data for the purpose of direct marketing. In the event of an objection, your personal data will no longer be processed for the purpose of direct marketing. A detailed explanation of these rights can be found here in Chapter III.

Right of complaint

If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can complain to the competent supervisory authority. In Austria, this is the data protection authority (Wickenburggasse 8, 1080 Vienna, email: dsb@dsb.gv.at).

In this section we inform you how we process your personal data when you visit our website.

Server data

For technical reasons, based on the legal basis of § 165 (3) S 3 TKG 2021 (required for the operation of our website), the following data, which your internet browser transmits to us or to our web space provider, will be processed (so-called "server log files"):

·         Browser type and version

·         Operating system and device type used (e.g. desktop / mobile)

·         Website from which you are visiting us (referrer URL)

·         Website you visit

·         Date and time of your access

·         Your internet protocol address (IP address)

This data, which is anonymous to us, is stored separately from any personal data you may have provided and therefore does not allow us to draw any conclusions about a specific person. They are evaluated for statistical purposes in order to be able to optimize our website and our offers.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as B. Orders or inquiries that you send to us as the website operator, an SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” or by the lock symbol in your browser line. If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

Technical service providers

We create and edit the content of our website with the help of the following service provider. With this service provider we have concluded a corresponding agreement according to Art. 28 GDPR to process your data exclusively to the extent of our order:

Technical Conception:

·         CONECTO BUSINESS COMMUNICATION GMBH (Mühlenweg 1, A-5751 Maishofen). More information on data protection at: https://www.conecto.at/datenschutz

Webhosting:

Mittwald CM Service GmbH & Co.KG (Königsberger Str. 4 - 6, D-32339 Espelkamp). More information on data protection at: https://www.mittwald.de/datenschutz

Cookie Banner - Cookies on our website

Our website uses cookies, which help us to make our website more user-friendly and efficient for you, to carry out statistical analyses of the use of our website and also to show you content that is of interest to you on other websites. Cookies are small text files that are used to store information when visiting websites and are stored on the website visitor's computer. The legal basis for cookies, which are absolutely necessary for the proper operation of our website (e.g. shopping cart cookie), is § 165 (3) S 3 TKG 2021. Cookies that are not necessary for the function of our website (e.g. analysis or marketing cookies) are deactivated and will only be activated by your consent in accordance with Art 6 (1) lit. a GDPR in our cookie banner ("Accept"). By clicking on "Settings" you can activate or deactivate individual cookies or cookie groups. If you restrict the use of cookies on our website, you may no longer be able to use all functions of our website to their full extent. You can find detailed information about the cookies used on our website in our cookie banner.

ACHTUNG: HIER EINEN LINK ZUM COOKIE BANNER (Einstellungsmöglichkeiten) EINBAUEN

Data transfer to the USA
Through the services integrated in this website, Google Tag Manager, Google Analytics, Google Ads Conversion Tracking, Google Remarketing, Facebook Pixel and YouTube, your data will (at least in some cases) also be transferred to the USA. Authorities or secret services in the USA can access your data without giving you legal recourse. The ECJ has therefore determined that there is no sufficient level of data protection in the sense of Art. 44 to 50 GDPR for data transfers from the EU to the USA. For this reason, the legal basis for the use of this service is your express consent pursuant to Art. 49 (1) lit. a GDPR.

Change the cookie settings in your web browser

How the web browser you are using handles cookies, i.e. which cookies are allowed or rejected, can be determined in the settings of your web browser. You can delete cookies already stored on your computer / device yourself at any time. Where exactly these settings are located depends on the respective web browser. Detailed information on this can be called up using the help function of the respective web browser.

In addition, it is possible to generally object to cookies and similar tracking technologies using the services listed below by setting your individual preferences - which technologies you want to allow for usage and interest-based advertising:

·         European Interactive Digital Advertising Alliance (EDAA): https://www.youronlinechoices.com/uk/your-ad-choices

Network Advertising Initiative (NAI):
https://optout.networkadvertising.org/?c=1#!%2F

Contact form and email

On our website, we offer you the option of contacting us by email and / or using a contact form. In this case, the information you provide will be processed for the purpose of processing your contact based on the legal basis of contract fulfilment in accordance with Art. 6 (1) lit. b GDPR. There is a legitimate interest on our part pursuant to Article 6 (1) lit.  f GDPR for the use of a contact form. The legitimate interest lies in offering our website visitors an opportunity to contact us that does not require them to call up their own e-mail client. There is no legal or contractual obligation to provide this personal data. Failure to provide it simply means that you do not submit your request and we cannot process it. The data will only be passed on to third parties if this is stated on the website or in this data protection declaration or is necessary for the fulfilment of the contract or if this is required by statutory provisions. We only save your data for as long as is expedient for processing your inquiries or for any queries you may have.

Registration Tauernkrone Challenge

We offer you the opportunity to register for the Tauernkrone Challenge on our website via a link to our partner website time2win (TIME2WIN GmbH, Unterhaidach 9, A-4693 Desselbrunn) via the registration form on this partner website. In this case, the information you provide (first and last name, gender, date of birth, e-mail address, club affiliation and other voluntary comments) will be processed for the purpose of processing your registration on the legal basis of the performance of the contract in accordance with Art. 6 (1) lit. b GDPR. We have a legitimate interest in accordance with Art. 6 (1) lit. f GDPR to use a registration form on our partner website time2win. The legitimate interest is to offer our website visitors a way to register for our event that does not require them to call up their own e-mail client. Further information on the processing of your data in connection with your registration on the partner website time2win (time2win will only process your data to the extent necessary for your registration and participation in the Tauernkrone Challenge) can be found at: https://time2win.at/privacy.

To participate in the event, it is also necessary to transmit the name and e-mail address of the participants to "SummitLynx" in order to be able to carry out the evaluations for the challenge. It is also necessary for participants to use the mobile app "SummitLynx" of the provider SummitLynx GmbH (Silberbergweg 237, A-8971 Schladming) in order to collect points. The SummitLynx app is a digital summit book that can also be used for other regions. For the processing of your personal data in the SummitLynx app, SummitLynx GmbH is the controller within the meaning of Sd. Art 4 (7) GDPR for the processing of your personal data (personal data). For more information on the processing of your personal data in this app, please visit: https://www.summitlynx.com/de/page/privacy/. There is no legal or contractual obligation to provide this personal data. Failure to provide it will only mean that you will not be able to submit your request and we will not be able to process it. Disclosure to other third parties will only take place if this is stated on the website or in this privacy policy or if it is necessary for the performance of the contract or if this is required by law. We will only store your data for as long as is appropriate for the processing of your registration. Result lists will be published on our website after the event. The legal basis for this is our legitimate interest in accordance with Art. 6 (1) lit. f GDPR. Our legitimate interest is to make this information available to our participants in a simple way that is still available after the event.

We do not use any services on our website to analyse visitor behaviour.

We don not use tracking/web marketing tools on our website.

We integrate content or functions of third parties within our website. This always presupposes that the providers of this content or functions perceive the IP address of the users. Without the IP address, they would not be able to send the content to the browser of the respective user. The IP address is therefore required for the presentation of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. However, we have no influence on whether the third-party providers store the IP address, e.g. for statistical purposes. The legal basis for the use of these services, insofar as they are necessary for the functioning of our website, is our legitimate interest in accordance with Art. 6 (1) lit. f GDPR, otherwise your consent according to Art. 6 (1) lit a GDPR. Information on the purpose and scope of the further processing and use of the data by the providers of the embedded services/content as well as further information within the meaning of the Art. 13 and 14 GDPR can be found under the information links listed below. The following services/content are embedded in our website:
 

Basemap

We use the map service "Basemap" for cartographic representation, a cartographic product based on the administrative geodata of the nine federal states, the graph integration platform (GIP.at), as well as the country partners, above all the cities and municipalities of Austria. These maps are integrated into our site via our service provider TTG Tourismus Technologie GmbH (Freistädter Str. 119, A-4040 Linz). The legal basis for the processing of your data is Art. 6 (1) lit. f GDPR (legitimate interest). Our legitimate interest consists in an appealing presentation of our online offer or the geographical presentation of the offers of our region. We have concluded a data processing agreement with TTG within the meaning of Art. 28 GDPR to ensure that your data is only processed to the extent desired by us and permitted by you. General data protection information from TTG can be found at:  https://www.ttg.at/datenschutz/.

General Solutions Maps

We use the map service of General Solutions Steiner GmbH (Bruggfeldstraße 5/III, 6500 Landeck) for cartographic representation. For this purpose, the map material is loaded from the server of General Solutions Steiner GmbH. The following data is transmitted to General Solutions: the visited page of our website, the IP address of your end device and, if applicable, the following data: location. The legal basis for the processing of your data is Art. 6 (1) lit. f GDPR (legitimate interest). Our legitimate interest lies in an appealing presentation of our online offer or the geographical presentation of the offers of our region. In the case of location data from mobile devices, the legal basis is your consent under Art. 6 (1) lit. a GDPR by releasing the transfer of location data on your mobile device. Further information on General Solutions' privacy policy can be found at: https://general-solutions.eu/uploads/Datenschutzerklaerung.pdf

Cloudflare

We use the Content Delivery Network (CDN) "Cloudflare" of the provider Cloudflare Germany GmbH (Rosental 7, c/o Mindspace, 80331 Munich, Germany) to increase the security and delivery speed of our website. A CDN is a network of (worldwide) distributed servers that is able to deliver optimized content to the website user. For this purpose, personal data may be processed in server log files of Cloudflare. We use this service on the basis of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR. Our legitimate interest lies in increasing the security of our website and in our interest in being able to make this content available in the shortest possible loading times. You have the right to object to the processing. Whether the objection is successful must be determined in the context of a balancing of interests. For more information on objection and removal options to Cloudflare, please visit: https://www.cloudflare.com/cloudflare-customer-dpa/. Cloudflare is a recipient of your personal data and acts as a processor for us. This corresponds to our legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR not to operate a content delivery network ourselves. The processing of the data provided under this section is neither required by law nor by contract. The functionality of the website is not guaranteed without the processing. Your personal data will be stored by Cloudflare for as long as is necessary for the purposes described. Cloudflare has implemented compliance measures for international data transfers. These apply to all global activities in which Cloudflare processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). If data is also transferred (at least partially) to the USA, Cloudflare Inc. is a certified partner of the EU-US Data Privacy Framework. The legal basis for (at least occasionally) data transfers to the USA is thus an adequacy decision of the European Commission within the meaning of Sd. Art. 45 (3) GDPR, with which the European Commission certifies an adequate level of data protection to the USA. For more information, see: https://www.cloudflare.com/cloudflare-customer-scc/. For more general information on Cloudflare's data protection, please visit: https://www.cloudflare.com/application/privacypolicy/.

In this section we inform you about other data processing processes outside our website.

The contact data and application documents transmitted to us in the course of a job application will be processed by us exclusively internally for the purpose of selecting suitable candidates for an employment relationship. There is no legal or contractual obligation to provide the personal data. Failure to do so will only result in you not submitting your request and we will not be able to process it. The personal data transmitted in this way will be stored by us in accordance with the statutory provisions for a maximum of 6 months, in the case of the explicit consent of the applicant to keep the documents in evidence, for a maximum of 2 years.

.In addition to our website, we maintain online presences within social networks and platforms:  Facebook, Instagram, TikTok und YouTube in order to communicate with customers and business partners and to connect to them via these networks to be able to inform about our services. When accessing the respective networks and platforms, the terms and conditions and the data protection guidelines of the respective operators of these networks apply

Your personal data provided for participation in our competitions (e-mail address, name, address) will be used by us exclusively to identify a winner, inform him of the prize and send him prizes. Your data will not be passed on to third parties. The legal basis for the processing of your personal data is the fulfilment of the contract in accordance with Article 6 (1) lit. b GDPR. There is no legal or contractual obligation to provide the personal data. Failure to provide the data will only result in you not being able to participate in the competition. Your data will be stored for the duration of the competition and – for the processing of any prizes and claims for damages – for a maximum of 3 years thereafter and then deleted. By participating, you also agree that your name will be published on our website as well as on our public social media channels in the event of winning.

In the case of events, it may happen that we create photos and videos of these events or have them created by photographers commissioned by us, on which you are recognizable as a participant of these events. We need these photos / videos to document and advertise our events and will therefore also publish them in our media (e.g., print brochures, website and social media) and make them available to other media owners (print and online) for the promotion of our event. There is no legal or contractual obligation on your part to provide this data.  The legal basis for the processing of your personal data (images and videos on which you are recognizable) is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Our legitimate interest lies in our right to public relations (presentation of our activities) and the promotion of our events.  You have the right to object to the processing.  Please address your objection to the e-mail address provided by us in this data protection declaration.  However, it can be assumed that our above-mentioned interest in the use of the photos does not unduly interfere with your rights as a person depicted. This is especially true because we create these photos / videos in public space and point out the production and use of the photos / videos in the run-up to each event. We also always make sure that no legitimate interests of persons depicted are violated.  If, for reasons particularly worthy of consideration, your personal rights and freedoms are violated by an image / video created by us, we will refrain from further processing / publication. Removal from print media that have already been circulated cannot take place. In this case, however, we will make a deletion on our website or in our social media channels.  We generally delete photos / videos of events if we no longer need these images to document and advertise these events.

It is possible to register for events of different providers in our region in our information offices. For this purpose, we process your personal data (name, e-mail address and telephone number). This data will be processed by us on the basis of the legal basis of Art. 6 (1) lit. b GDPR (contract fulfilment/pre-contractual measures) and also passed on to the respective organizer. This data will be deleted or destroyed by us after the event.

Current version of the privacy policy of 06.03.2025