© Skicircus Saalbach Hinterglemm Leogang Fieberbrunn

Data protection declaration

We take protection of your personal data very seriously. This data protection document explains the type, extent, and purpose of the processing of personal data (hereafter referred to as “data”) within what we offer online, any websites, functions and contents to do with them, and also external online presence, such as for example our social media profile (hereafter referred to as “online range”). In regards to the terms used, such as for example “processing”, or “responsible person”, we refer to the definitions in article 4 of the data protection regulations (DSGVO).

 

 

Contacting us

If you complete a form on the website or contact us by e-mail, data you enter will be stored for the purpose of processing your enquiry and in case of any other questions that may ensue. Without this data, we are unable to process your enquiry. This data is not passed on without your permission.

 

 

Contact administration

We process data to do with administration tasks and organisation of our business, financial accounting, and in pursuance of our legal duties such as archiving, for example. In doing so, we process the same data that we process in fulfilling our contractual services. The legal basis for the processing procedure is laid out in Art. 6 Para. 1 lit. c. DSGVO, Art. 6 Para. 1 lit. f. DSGVO. Processing affects customers, interested parties, business partners, and website visitors. The purpose and our interest in data-processing is in the administration, accounting, office organisation, and archiving of data, i.e. tasks that serve to aid us in the running of our business, performing our duties, and delivering our services. Deletion of data in regard to contractual services and contractual communication concerns the details being used in the data processing procedure.

 

In our processing, we publish or forward data to financial administration services, consultancies such as tax advisers or auditors, for example, and payment service providers. Furthermore, as part of our commercial interests, we store the data of delivery service providers, event organisers, and other business partners, with the purpose of contact in the future, for example. This data is mainly data concerning businesses, and we basically store this data permanently.

 

 

Ski ticket shop - Online lift ticket purchase

The company Elements collects customer data in the ski ticket shop and this information is stored for the duration of the validity of the lift ticket for the purpose fraud prevention. All personal data in orders that is more than one season old is made anonymous. When producing a ticket, the personal data is transferred to the Skidata system. In season ticket purchase, the address and an up-to-date photo are necessary. It should be noted that the address and photo are automatically deleted after an offset time of 240 days after the ticket runs out, and any data is anonymised. Thanks to the “offset time”, season ticket holders can purchase a ticket for the following year without having to provide their data and photo again. Guests receive a letter with details about this from the lift company prior to the new period of validity, together with an order form. The season-ticket holder’s data is used exclusively for the lift companies in the Skicircus Saalbach Hinterglemm Leogang Fieberbrunn and is not passed on to third parties.

 

 

Skidata - Customer data for ski passes (online purchase or bought at the lift office)

In order to purchase season tickets, a current address and photo are necessary. It should be noted that the address and photo are automatically deleted after an offset time of 240 days after the ticket runs out, and the data is anonymised. Thanks to the “offset time”, season ticket holders can purchase a ticket for the following year without having to provide their data and photo again. Guests receive a letter with details about this from the lift company prior to the new period of validity, together with an order form. The season-ticket holder’s data is used exclusively for the lift companies in the Skicircus Saalbach Hinterglemm Leogang Fieberbrunn and is not passed on to third parties. The order forms, which may include credit card numbers, are deleted appropriately after a period of at the most 3 months.

 

 

Contractual data processors involved

  • Skiline (skiline.cc): Alturos Destinations GmbH, Lakeside B03, 9020 Klagenfurt
  • Public Wi-Fi: Loop21 Mobile Net GmbH, Hirschstettner Straße 19-21 L1, 1220 Wien

 

Group information

In order to receive special discounts, for example for bus groups, groups of children or youth groups, and school groups, a list of participants is necessary when making a purchase which includes dates of birth. At the end of each season, these lists are immediately deleted or destroyed. Only address data of the group leaders in question and of the organisation / school are used with agreement for marketing purposes.

 

 

Photocompare - Information according to Art 13 DSGVO

It should be noted that for the purpose of access control, when a ski pass holder enters a turnstile for the first time, a reference photo is taken. This reference photo is compared by the lift staff to the photo on each subsequent turnstile equipped with a camera. The reference photo is deleted immediately once the ski pass runs out of, and other photos are deleted at the most 30 minutes after going through a turnstile. In cases of suspected misuse, photos can be manually stored. It should be noted that it is also possible to purchase day passes that are technically configured so that no photo is taken when entering a turnstile, and in such cases spot checks may be made by lift staff.

 

 

Ski accidents - reporting

The Bergbahnen Fieberbrunn GmbH reserves the right to invoice for use of the piste rescue service. Information regarding the injured party (name, address, date of birth, accommodation, accident information, type of injury, location of accident, transport of the injured party, costs, piste and weather conditions, witnesses) is stored for the purpose of issuing an invoice and for any possible legal consequences for 3.5 years. In order to continually improve the piste rescue service, all injured parties from the past year are contacted at the beginning of the new season and asked how satisfied they were with our piste rescue service.

 

 

Access data / server log files

When this website is used, our provider collects data each time it is accessed (so called server log files). This data contains: name of the website accessed, data, date and time of access, amount of data transferred, log of successful access, browser type and version, user operating system, referrer URL, IP address and the accessing provider. The provider uses the protocol data solely for statistical analysis for the purpose of the business, security, and optimisation.

 

 

Cookies

Cookies settings

Our website employs the use of so-called cookies. These are small portions of textual data that are stored by your browser. They do not cause any kind of damage. We use cookies simply to make our website more user-friendly. Some cookies remain stored on your device until you delete them. They enable us to recognise your browser when you next visit. If you do not want this to occur, you can setup your browser so that it informs you about its use of cookies and you can choose to allow them on an individual basis. If you choose to deactivate cookies, the functionality of our website may be impeded.

 

In accordance with legal requirements in Austria (§ 132 Para. 1 BAO), account information, receipts/invoices, account details, pay slips, business papers, income and expenditure reports etc. are kept for 7 years, or for 22 years if it concerns property and for 10 years for documentation concerning electronic services, telecommunication, radio, and television that is undertaken by businesses not based in EU states, and for the Mini-One-Stop-Shop (MOSS).

 

 

Data deletion

Data processed by us is deleted in accordance with Art. 17 and 18 DSGVO and anonymised, or limited in its processing. In as far as it is not expressly mentioned within this data protection document, any data stored by us is deleted or anonymised as soon as it is no longer necessary for its purposes and its deletion / anonymisation does not contravene any legal duty to store it. As far as any data is not deleted / anonymised, because it is deemed necessary for other and legally permissible purposes, it’s processing procedure is limited. This means that the data is blocked and not processed for other purposes. This refers to data which must be kept for tax or business purposes, for example.

 

 

Business related processing

In addition, we process contractual data (e.g. contract item, duration, customer category) and payment details (e.g. bank details, payment history) of our customers, interested parties, and business partners for the purpose of fulfilling contractual services, customer service, marketing, advertising, and market research.

 

 

Business analysis and market research

In order to run our business in a commercial way and to be able to recognise market trends and the desires of our customers and users, we analyse available data about business history, contracts, enquiries etc. We process stock data, communication data, contractual data, payment data, user data, and meta data in accordance with Art. 6 para. 1 lit. f. DSGVO. Those concerned are customers, interested parties, business partners, visitors, and users of our online services.

 

Analysis is undertaken for the purpose of business evaluation, marketing, and market research. The analysis serves to improve user friendliness and business efficiency, and optimise our range. Analysis serves only our purposes and details are not published externally unless they are anonymous analysis details with summarised values.

 

 

Administration, accounting, office organisation & contact administration

We process data in the course of our general administration tasks and organisation of our company, accounts, and in compliance with our legal duties such as archiving, for example. To do this, we process the same data that we process as part of delivering our contractual services. The legal guidelines for this processing are laid out in Art. 6 para. 1 lit. c. DSGVO, Art. 6 para. 1 lit. f. DSGVO. Processing affects customers, interested parties, business partners, and website visitors. The purpose and our interest in data-processing is in the administration, accounting, office organisation, and archiving of data, i.e. tasks that serve to aid us in the running of our business, performing our duties, and delivering our services. Deletion of data in regard to contractual services and contractual communication concerns the details being used in the data processing procedure.

 

In our processing, we publish or forward data to financial administration services, consultancies such as tax advisers or auditors, for example, and payment service providers. Furthermore, as part of our commercial interests, we store the data of delivery service providers, event organisers, and other business partners, with the purpose of contact in the future, for example. This data is mainly data concerning businesses, and we basically store this data permanently.

 

On the whole, all of our analysis of business economics and general tendencies is produced anonymously wherever possible.

 

 

Web analysis

This website uses Google analytics, a web analysis service provided by Google Inc. (“Google”). Google analytics uses so-called “cookies”, text data, which are stored on your computer and enable analysis of your use of the website. The information retrieved by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. Google is certified under the Privacy Shield agreement and therefore guarantees to abide by European data protection laws.

 

If IP anonymisation has been activated on this website, your IP address will be shortened by Google within the European union member states or in other contractual states of the European economic area agreement. Only in exceptional cases will your full IP address be transferred to a Google server in the USA and shortened there. Google is certified under the Privacy Shield agreement and therefore guarantees to abide by European data protection laws. As contracted by the company in charge of this website, Google will use this information in order to analyse your use of the website, create reports about website activities, and inform the website owner of website usage and Internet use of linked services. The IP address provided by your browser through the use of Google analytics is not combined with any other data by Google. You can prevent cookies being stored by adjusting the settings of your browser software appropriately. We would like to inform you however, that in doing so you may impede various functions of this website considerably. You can prevent the collection of data produced by the cookie and data concerning your use of the website (including your IP address) being transferred to Google and processed by Google by downloading and installing a plug-in by following this link https://tools.google.com/dlpage/gaoptout?hl=en.

 

For more information about terms of use and data protection, please visit https://www.google.com/analytics/terms/us.html or https://support.google.com/analytics/answer/6004245?hl=en. Please be aware that on this website, Google analytics uses the code “gat._anonymizeIp();” in order to enable anonymous collection of IP addresses (so-called IP masking). You can prevent this by setting up your browser not to install any cookies. An appropriate contract for data processing has been agreed with the provider.

 

 

Facebook-Pixel and Facebook-Conversion

Within our online range, as part of our legal interest in analysis, optimisation, and economic running of our business, we use the social network Facebook’s “Facebook-Pixel”. This is run by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Facebook is certified under the Privacy-Shield-Agreement and therefore guarantees to abide by European data protection laws.

 

With the assistance of Facebook Pixel, it is possible for Facebook to target visitors to our online range with the display of adverts (so-called “Facebook ads”) that are geared to them. We use Facebook Pixel to target Facebook users who have either shown interest in our online range or show certain characteristics (e.g. interest in certain topics or products that are chosen because of websites visited) with our Facebook ads. With the help of Facebook Pixel, we want to be sure that our Facebook ads correspond to the potential interest of the user and are not annoying. With the help of Facebook Pixel, we can also understand the effectiveness of Facebook advertising for statistical and market research purposes as we can see whether users have been forwarded to our website by clicking on a Facebook advert (so-called “conversion”).

The use of data by Facebook is in accordance with Facebook’s data usage guidelines. General information about the display of Facebook ads is detailed in Facebook’s data usage guidelines. Specific information and details about Facebook Pixel and the way it works is available in Facebook’s help section.

 

You can deny Facebook Pixel access and use of your data for the display of Facebook ads. In order to set what type of adverts are shown to you within Facebook, you can call up the Facebook site for this purpose and obtain information about settings of user-based adverts. The settings are platform independent, that means they apply for all devices, desktop computers, or mobile devices.

 

You can choose not to accept cookies which serve to give information about range and advertising purposes by calling up the deactivation site of the network advertising initiative and also the US American website Aboutads, or the European website Your Online Choices.

 

 

Online presence in social media

We use our online presence within social networks and platforms to communicate with customers who are active there, interested parties and users, and inform them about the services we offer. It should be noted that user data may be processed outside the European Union. There may therefore be risks to users because, for example, it could prove difficult to apply the rights of users. As regards US providers who are certified under the Privacy Shield, it should be noted that in doing so they are obliged to comply the EU data protection standards.

 

On the whole, user data is processed for market research and advertising purposes. For example, by analysing user behaviour and therefore deduced user interests, a user profile of usage can be made. This usage profile can be used to choose adverts within and outside platforms which are deemed to correspond to the interests of the user. For this purpose, cookies are usually used which are stored on the user computer and store information about user behaviour and user interests. In addition, there may also be data in the usage profile that is independent of the devices used by the user (especially if users are members of platforms where logging in is necessary).

 

The processing of user personal data is undertaken as part of our legal interests in effective user information and communication with users in accordance with Art. 6 para. 1 lit. f. DSGVO. If the user is asked for their consent for data processing (i.e. they declare their consent e.g. by ticking a box or clicking a confirm box), the legal basis for processing is in accordance with Art. 6 para. 1 lit. a., Art. 7 DSGVO.

 

For detailed information about the processing in question and the possibilities of opting out (opt-out), we refer you to the links of the providers below.

 

Also, should any questions arise concerning information or about the implementation of user rights, we would like to point out that this is most effectively carried out by contacting the provider directly. The providers alone have access to the user data and can give information about appropriate measures.

 

- Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland) - Data Policy

Opt-Out

Privacy Shield

 

- Google/ YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – Data policy

Opt-Out

Privacy Shield

 

- Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)

Data Policy/Opt-Out

 

- Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)

Data Policy

Opt-Out

Privacy Shield

 

 

Integration of services and content of third parties

Within our online range, based on our legal interests (interests in analysis, optimisation, and economic operation of our online range in accordance with Art. 6 para. 1 lit. f. DSGVO), we use content or service offers from third parties in order to integrate their contents and services such as for example videos or text (hereafter referred to simply as “contents”).

 

This always requires the third parties who offer these contents to register the IP address of the user as without the IP address, they cannot send contents to browsers. The IP address is therefore necessary to enable the display of the contents. We take trouble to use only such contents from providers who use the IP address exclusively for the purpose of delivering the contents. Third-party providers may also use so-called pixel tags (invisible graphics also known as “web beacons”) for statistical or marketing purposes. These “pixel tags” can analyse information such as user traffic on the website pages. The pseudonymised information may also be stored in cookies on the user device and may contain amongst other things technical information about the browser and operating system, referring websites, visiting time, and details about the use of our online range, and may be linked with such information from other sources.

 

 

Google Maps

This website uses Google maps for displaying map information. In the use of Google maps, Google corrects data about the use of map functions by website visitors. This data is processed and used. For further information about data processing by Google, you can read the data protection information provided by Google at https://policies.google.com/privacy?hl=en&gl=at . There you can change your settings in the data protection Centre so that you can administer and protect your data.

 

 

Use of YouTube

Our website employs YouTube service functions. These functions are provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When associated videos are called up, cookies are stored on the computers of users. If you have deactivated the storage of cookies for Google adverts, when calling up a YouTube video you can also expect that no such cookies are allowed. However, YouTube users other cookies with non-personal user data. If you wish to prevent these, you will need to block them in your browser.

 

 

Newsletter & snow report

On our website you can subscribe to our newsletter and snow report. This uses a double opt-in process. After registering, you receive an e-mail in which you are asked to confirm your registration. Without receiving this data, it is impossible for us to send you the newsletter or snow report. You can unsubscribe from our newsletter or snowreport by clicking the unsubscribe link at the end of each newsletter or snow report. As soon as you have registered for our newsletter or snow report, we will send you a confirmation e-mail with a link to confirm your registration. You can cancel your subscription to the newsletter or snow report at any time. Send your cancellation request to our contact e-mail address. We will then immediately delete your data connected with the delivery of the newsletter and snow report.

 

 

Your rights

You have fundamental rights for information, amendment, deletion, reduction, transfer of data, cancellation, and complaint. If you believe that your data has been processed in a way that contravenes data protection law or your data protection rights have been contravened in any other way, you can register a complaint with the relevant authorities. In Austria, these are the data protection authorities.

Data protection authority Austria:

  • Barichgasse 40-42, 1030 Vienna
  • Phone: +43 152 1520
  • Email: dsb@dsb.gv.at

 

 

You can contact us using the following contact details:

Bergbahnen Fieberbrunn Gesellschaft m.b.H.
Lindau 17
6391 Fieberbrunn
Tyrol, Austria

Phone: +43 535456333-0
Fax.: +43 53545633333
Email: office@bbf.at

FN: FN 33769 k
UID: ATU31861900