1. General
ZELLER BERGBAHNEN ZILLERTAL GmbH & Co KG, Comm. reg. no. 22212s, Innsbruck Regional Court, Rohr 23, 6280 Zell am Ziller, Tel.: +43 (0)5282/7165 , email: datenschutz@zillertalarena.com, (hereinafter “we” or “us”) processes personal data. We would like to inform you in this document about the processing of your personal data in connection with the use of our website wiesenalm.at (“website”) in accordance with the provisions of the General Data Protection Regulation (GDPR), the Data Protection Act (DSG) and the Telecommunications Act (TKG).
2. Definitions
For better understanding, the following is a brief explanation of the key terms used in this privacy policy:
2.1 Personal data
(hereinafter referred to as “data”) are all data containing information about personal or factual circumstances of natural persons, such as name, address, email address, telephone number, date of birth, age, gender, social security number, video recordings, photos, etc. Data of legal persons are not subject to the provisions of the GDPR, but may be covered by the fundamental right to data protection under Section 1 of the GDPR.
2.2. Processing
is a process carried out with or without the help of automated procedures or any such series of processes in connection with personal data, such as the collection, recording, organisation, ordering, storage, amendment or modification, reading, querying, use, publication through transmission, dissemination, comparison or linking, restriction, erasure or destruction.
2.3. Controller
is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
2.4. Processor
is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
2.5. Recipient
is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party.
3. Purpose and legal basis of personal data processing
We process your data if this is necessary for the fulfilment of the contract or due to a legal obligation or if you provide us with this data voluntarily. For data processing beyond this, we obtain your consent before processing the data. If our legitimate interest in data processing outweighs your interest in data protection, processing may also take place without your consent. There is no automated decision making including profiling.
Registration is not required to use our website.
We generally collect this information directly from you. However, in the course of concluding a contract, we may collect your data from third parties.
In particular, the following categories of personal data (“data”) are processed:
DATA | PURPOSE | BASIS |
Contact details (name, address, email address, date of birth) | This data is only processed if you enter it voluntarily in our contact form. The data will only be used to reply to your enquiry. | Point (a), (b), and (f) of Art. 6 (1) GDPR |
Technical information (IP address, operating system) | This data is necessary so that the website opened on your initiative can be displayed to you in the correct form. | Point (f) of Art. 6 (1) GDPR |
Marketing information | Your interactions on the website are recorded and therefore your interests are collected by analysis tools, based on your consent. This data is processed for analysis and marketing purposes in order to offer you relevant products and services. | Point (a) of Art. 6 (1) GDPR |
There is no obligation to provide the personal data listed. In some cases, the processing of data is necessary to conclude a contract or due to legal obligations.
4. Personal data recipients
Recipients assist us in complying with statutory or legal obligations, in initiating and performing contracts, in providing services that require your consent or in carrying out processing that is in our legitimate interests, such as marketing activities in particular. We send or partially disclose the data to the following recipients (processors or responsible parties), in particular:
FUNCTION | RECIPIENT | BASIS | DATA PROTECTION |
Analysis tool | Google Ireland Limited | Consent | Link |
We only transfer your data to other recipients if you have either given us or the recipient your consent to the transfer of data, if the transfer of data is necessary for the conclusion or fulfilment of the contract, or if we are legally obliged to transfer data.
Some recipients or processors process data outside the European Union in a third country. We only transfer data to third countries if there is an adequacy decision by the European Commission according to Art. 45 GDPR or if the recipient guarantees us (for example through standard contractual clauses, binding internal data protection regulations, approved codes of conduct, etc.) that appropriate guarantees according to Art. 46 GDPR exist for an adequate level of data protection for the data. There is no adequacy decision for recipients in the United States of America. There is no intention to transfer data to an international organisation. Please contact us for more detailed information on the appropriate guarantees.
5. Retention period or criteria for determining the retention period
Data is only retained for as long as is necessary due to statutory retention obligations, as a matter of principle. It may also be retained if this is necessary to enforce or defend third-party claims. Important retention periods can be found below:
RETENTION REQUIREMENT | DURATION |
Obligation under company law to retain records in accordance with Art. 190, 212 UGB: | 7 years |
Sales tax law retention obligation for invoices according to Art. 11 (2) 3rd subparagraph VAT Act (UStG): | 7 years |
Warranty according to Art. 933 Austrian Civil Code (ABGB): | 2 years |
Claims arising from a contract for work and services according to Art. 1486 ABGB (if the service was rendered within the scope of a commercial or other business operation): | 3 years |
General damages according to Art. 1489 ABGB (compensation claims): | 3 years/30 years |
Liability claims according to Art. 13 Product Liability Act (PHG): | 10 years |
6. Cookies
We use cookies on our website and webshop for display purposes, to handle the ordering process and to improve our services, which are stored on your terminal device.
Some cookies are only stored until you close the browser again (session cookies), whereas certain cookies are stored for a longer period of time and can recognise you when you return to this site (persistent cookies). Cookies can be set either by us (1st party cookies) or by other providers (3rd party cookies). Some cookies are absolutely necessary for the website to work (indispensable cookies), some cookies record visits and the origin of the visitor and measure this data without the cookies being able to establish a link to you personally (performance cookies). Certain cookies are used for marketing purposes (marketing cookies).
You can select which cookies you wish to accept using the cookie declaration when you visit the website and webshop for the first time. Your consent is required for all non-essential cookies. If you wish to withdraw consent or change your cookie settings, you can do this using our cookies tool on the website.
7. Your rights
7.1. Right to information
You have the right to obtain confirmation whether personal data is processed; if this is the case, you have the right to access such personal data and information below: The following information is recorded:
- The purposes of processing;
- The personal data categories;
- The recipients or categories of recipients;
- If possible, the planned period for which the personal data will be retained or, if this is not possible, the criteria for determining this retention period;
- The existence of a right to rectify or erase the personal data concerned or to restrict processing by the controller or a right to object to such processing;
- The existence of a right of appeal to a supervisory authority;
- All available information on the origin of the data;
- The existence of automated decision-making including profiling.
7.2. Right to rectification
You have the right to demand the controller rectify incorrect personal data or complete incomplete personal data.
7.3. Right to erasure
You have the right to demand the controller erase personal data without delay, if one of the following reasons applies:
- The personal data are no longer necessary for the purposes for which they were collected.
- You withdraw the consent on which the processing was based and there is no other legal basis for the processing.
- You object to the processing (Art. 21 (1) GDPR) and there are no legitimate grounds for the processing or you object to the processing according to Art. 21 (2) GDPR)
- The personal data has been processed unlawfully.
- The erasure of personal data is necessary to comply with a legal obligation.
- The personal data was collected in relation to information society services provided in accordance with Article 8 (1).
The right to erasure does not exist insofar as the processing is necessary
- To exercise the right to freedom of expression and information;;
- To comply with a legal obligation,
- To perform a task carried out in the public interest;
- For reasons of public interest in the field of public health;
- For archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes;
- To establish, exercise or defend legal claims.
7.4. Right to restrict processing
You have the right to demand the restriction of processing if one of the following conditions is met:
- The accuracy of the personal data is contested for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of personal data;
- The controller no longer needs the personal data but you need it to establish, exercise or defend
- legal claims;
- You have objected to the processing in accordance with Art. 21 (1), as long as it has not yet been determined whether the legitimate grounds of the controller prevail.
If the processing of the personal data has been restricted, this personal data — with the exception of its storage — may only be processed with your consent or to establish, exercise or defend legal claims or for the protection of the rights of another natural or legal person or for reasons of a significant public interest.
7.5. Right to data portability
You have the right to receive the personal data you have provided to a controller in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that the processing is based on consent or on a contract and the processing is carried out with the aid of automated processes.
When exercising the right to data portability, you have the right to demand that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible.
7.6. Right to object
You have the right to object to the processing of personal data which is carried out on the basis of point (e) or (f) of Art. 6 (1) GDPR at any time on grounds relating to your particular situation; this also applies to profiling based on those provisions. The controller will no longer process the personal data, unless they are able to demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or if processing serves to establish, exercise or defend legal claims.
If personal data is processed for the purpose of direct marketing, you have the right to object to the processing of your personal data for such marketing at any time; this also applies to profiling insofar as it is related to such direct marketing.
7.7. Right to revoke consent
You have the right to revoke consent based on point (a) of Art. 6 (1) or point (a) of Art. 9 (2) at any time without affecting the lawfulness of the processing until revocation.
7.8. Right to complain
You have the right to complain to the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, T.: 00431521522569, E.: dsb@gsb.gv.at, if you believe that the processing violates applicable data protection law.
Version: June 2021