Data protection Leoganger Bergbahnen
DATA PROTECTION DECLARATION
This Data Protection Declaration clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the websites, functions and contents connected with it as well as external online presences, such as our Social Media Profile (hereinafter referred to collectively as "online offer"). Regarding the terms used, such as "processing" or "responsible person", we refer to the definitions in Art. 4 of the Basic Data Protection Regulation (GDPR).
Bergbahnen Fieberbrunn GmbH
Tel. +43 535456333
Tel. +43 5354 56304
Tourismusverband Saalbach Hinterglemm
Glemmtaler Landesstraße 550
Saalbacher Bergbahnen GmbH
Hinterglemmer Bergbahnen GmbH
BBSH Bergbahnen Saalbach-Hinterglemm GmbH
DATA PROTECTION COORDINATION
Leoganger Bergbahnen GmbH
Types of processed data
- Inventory data (e.g. names, addresses)
- Contact data (e.g. E-Mail, telephone numbers)
- Content data (e.g. text entries, photographs, videos)
- Usage data (e.g. websites visited, interest in content, access times)
- Meta/communication data (e.g. device information, IP addresses)
The purpose of processing
- Provision of the online offer, its functions, and contents
- Responding to contact requests and communication with users
- Security measures
- Audience measurements
- "Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
- "Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is having a broad meaning and covers virtually all data processing
- The "body responsible" is the natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
Relevant legal basis
In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not stated in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 Para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the purpose of fulfilling our services and implementing contractual measures and answering enquiries is Art. 6 Para. 1 lit. b GDPR, the legal basis for processing for the purpose of fulfilling our legal obligations is Art. 6 Para. 1 lit. c GDPR, and the legal basis for processing for the purpose of safeguarding our legitimate interests is Art. 6 Para. 1 lit. f GDPR. If vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
We kindly ask you to inform yourself regularly about the content of our Data Protection Declaration. We will adapt the Data Protection Declaration as soon as we make necessary changes in data processing. We will inform you as soon as the changes made, mean it is necessary for you to take action to cooperate (e.g. to give your consent) or to receive other individual notification.
Cooperation with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transfer it to them or otherwise grant them access to the data, this is only done on the basis of a legal authorisation (e.g. if the data must be transferred to third parties, such as payment service providers, in accordance with Art. 6 Para. 1 letter b GDPR for the fulfilment of the contract), if you have given your consent, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties to process data based on a so-called "contract processing agreement", this is done based on Art. 28 GDPR.
ORDER DATA PROCESSORS INVOLVED
Booking system, guest, and Service Partner Data Management
Alturos Destinations GmbH, Lakeside B03, 9020 Klagenfurt
Public WIFI at lift stations
Loop21 Mobile Net GmbH, Hirschstettner Straße 19-21 L1, 1220 Wien
DATA PROCESSING DETAILS
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA) or if this is done in the context of using the services of third parties or disclosure or transfer of data to third parties, this will only take place if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or transfer the data in a third country if the special conditions of Art. 44 ff. GDPR. Through the services Mailchimp Newsletter, Google Analytics, Google Remarketing, Facebook-Pixel and Facebook-Conversion as well as Youtube, which are integrated in this website, your data will (at least in some cases) also be transferred to the USA. Authorities or secret services in the USA can access your data without legal possibilities. The ECJ has therefore found that there is no sufficient level of data protection in the sense of Art 45ff GDPR for data transfers from the EU to the USA. For this reason, the legal basis for the use of this service is your express consent pursuant to Art. 49 (1) lit. a GDPR ivm. Art. 6 para. 1 lit. a GDPR.
The rights of people concerned
You have the right to obtain confirmation as to whether or not data in question is being processed and to obtain information about this data and to receive further information and a copy of the data in accordance with Art. 15 GDPR. In accordance with Art. 16 GDPR, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you. In accordance with Art. 17 GDPR, you have the right to demand that data relating to you be deleted immediately or, alternatively, in accordance with Art. 18 GDPR, to demand that the processing of the data be restricted. You have the right to demand that the data concerning you which you have made available to us be received in accordance with Art. 20 GDPR and to demand that it be passed on to other responsible parties. You also have the right under Art. 77 GDPR to lodge a complaint with the competent supervisory authority.
Right of revocation
You have the right to revoke consent you have given in accordance with Art. 7 para. 3 GDPR with effect for the future.
Right of objection
You can object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR. In particular, you may object to processing for the purposes of direct advertising.
Our website uses HTTP-cookies to store user-specific data.
What exactly are cookies?
Every time you surf the internet, you use a browser. Common browsers are for example Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text-files in your browser. These files are called cookies.
Cookies save certain parts of your user data, such as e.g. language or personal page settings. When you re-open our website, your browser submits these “user specific” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are familiar to. In some browsers every cookie has its own file, in others such as Firefox, all cookies are stored in one single file.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner-websites (e.g. Google Analytics). Every cookie is individual, since every cookie stores different data. The expiration time of a cookie also varies – it can be a few minutes, or up to a few years. Cookies are no software-programs and contain no computer viruses, trojans or any other malware. Cookies also cannot access your PC’s information.
This is an example of how cookie-files can look:
purpose: differentiation between website visitors
expiration date: after 2 years
A browser should support these minimum sizes:
- at least 4096 bytes per cookie
- at least 50 cookies per domain
- at least 3000 cookies in total
Which types of cookies are there?
There are 4 different types of cookies:
These cookies are necessary to ensure the basic function of a website. They are needed when a user for example puts a product into their shopping cart, then continues surfing on different websites and comes back later in order to proceed to the checkout. Even when the user closed their window priorly, these cookies ensure that the shopping cart does not get deleted.
These cookies collect info about the user behaviour and record if the user potentially receives any error messages. Furthermore, these cookies record the website’s loading time as well as its behaviour within different browsers.
These cookies care for an improved user-friendliness. Thus, information such as previously entered locations, fonts or data in forms stay saved.
These cookies are also known as targeting-Cookies. They serve the purpose of delivering individually adapted advertisements to the user. This can be very practical, but also rather annoying.
Upon your first visit to a website you are usually asked which of these cookie-types you want to accept. Furthermore, this decision will of course also be saved in a cookie.
How can I delete cookies?
If you want change or delete cookie-settings and would like to determine which cookies have been saved to your browser, you can find this info in your browser-settings:
If you generally do not want to allow any cookies at all, you can set up your browser in a way, to notify you whenever a potential cookie is about to be set. This gives you the opportunity to manually decide to either permit or deny the placement of every single cookie. The settings for this differ from browser to browser. Therefore, it might be best for you to search for the instructions in Google. If you are using Chrome, you could for example put the search phrase “delete cookies Chrome” or “deactivate cookies Chrome” into Google.
How is my data protected?
If you want to learn more about cookies and do not mind technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.
Deletion of data
The data processed by us will be deleted, made anonymous or restricted in their processing in accordance with articles 17 and 18 of the GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted or anonymised as soon as they are no longer required for their intended purpose and no legal storage obligations stand in the way of deletion/anonymisation. If the data is not deleted/anonymised because it is required for other and legally permissible purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
According to legal requirements in Austria, the storage is carried out in particular for 7 J according to § 132 (1) BAO (bookkeeping documents, records/invoices, accounts, vouchers, business documents, statement of income and expenditure, etc.), for 22 years in connection with real estate and for 10 years for documents in connection with electronically provided services, telecommunications, radio and television services provided to non-entrepreneurs in EU Member States and for which the Mini-One-Stop-Shop (MOSS) is used.
In addition, we process contract data (e.g. subject matter of the contract, duration, customer category) as well as payment data (e.g. bank details, payment history) of our customers, interested parties and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.
Requests for information
If you wish to exercise your right to information, we will be pleased to inform you within the statutory period for reply what personal data we have about you and in what form we process it. Please send us an Email for this purpose.
The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online service. For this purpose, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online service on the basis of our legitimate interests in the efficient and secure provision of this online service in accordance with Art. 6 Para. 1 letter f GDPR in conjunction with Art. 28 GDPR (conclusion of contract processing agreement)
Collection of access data and log files
We, or our hosting provider, on the basis of our legitimate interests in the sense of Art. 6 Par. 1 lit. f. GDPR data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the website previously visited), IP address and the requesting provider. For security reasons (e.g. to clarify misuse or fraud), log file information is stored for a maximum of 7 days and then deleted. Data whose further storage is required for evidence purposes is excluded from deletion until the respective incident has been finally clarified.
Economic analyses and market research
In order to run our business economically, to identify market trends, customer and user wishes, we analyse the data available to us on business transactions, contracts, enquiries, etc. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6 Paragraph 1 lit. f. GDPR, whereby the persons concerned include customers, interested parties, business partners, visitors and users of the online offer.
The analyses are carried out for the purpose of business management evaluations, marketing, and market research. The analyses serve us to increase user-friendliness, to optimise our offer and for business management purposes. The analyses serve only us and are not disclosed externally unless they are anonymous analyses with summarised values.
Registration MY CIRCUS
In principle, registration is not mandatory to use our website. However, after registering, users of this website will have access to their personal, protected customer area ("My Circus"). Here one can view and manage their bookings and ticket purchases, as well as personalise our information (newsletter, presentation of our website, etc.) according to their interests. The interests indicated by users in this customer area as well as the interests assumed by the user's behaviour (viewing certain contents on "My Circus") are protected by the companies designated as "RESPONSIBLE COMPANIES" in this data protection declaration and, also, by our partners and jointly responsible parties in the sense of the "Responsible Companies". Art. 26 DSGVO, the Tourismusverband Saalbach Hinterglemm (Glemmtaler Landesstraße 550, A-5753 Saalbach, +43 (0)6541 6800-68, www.saalbach.com, email@example.com) and the Saalfelden Leogang Touristik GmbH (Mittergasse 21a, 5760 Saalfelden T +43 6582 70660, www.saalfelden-leogang.com, firstname.lastname@example.org) to display personalised content to users on this and these partners' websites. The legal basis for the fact that the personal data entered (title, first name, surname, country, language, date of birth, e-mail address, password, interests, newsletter subscriptions and purchase data), as well as interest profiles accepted through use, are stored by the partners named here and us and processed for the provision of additional content is the consent of the users in the course of registration under Art 6 (1) lit. a DSGVO. There is no legal or contractual obligation to provide this personal data. Non-provision merely means that users of our website cannot use this individual customer area. The personal data of registered users will be stored for the duration of registration and a maximum of 3 years after that, in the case of online purchases for a maximum of 10 years, and then deleted. The purpose of further storage after completion of registration is to be able to identify the person responsible in the event of any violations of the law. It is therefore in our overriding interest as per Art 6 Paragraph 1 letter f DSGVO. The consent to our newsletters can be revoked free of charge each time our newsletters are sent by clicking on "unsubscribe", or the settings can be changed at any time in the customer account. To prevent unauthorised access to your personal data by third parties, the data transmission of the data processed on "My Circus" to our partners and us is encrypted.
Administration, financial accounting, office organisation & contact management
We process data within the framework of administrative tasks as well as the organisation of our operations, financial accounting, and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process within the scope of providing our contractual services. The basis for processing is Art. 6 Para. 1 lit. c. GDPR, Art. 6 para. 1 lit. f. GDPR. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose of and our interest in the processing is administration, financial accounting, office organisation, archiving of data, i.e. tasks which serve to maintain our business activities, perform our tasks, and provide our services. The deletion of data regarding contractual services and contractual communication is in accordance with the information provided in these processing activities.
In doing so, we disclose or transfer data to the tax authorities, consultants, such as tax advisors or auditors, as well as other fee-paying agencies and payment service providers.
Furthermore, we store information on suppliers, event organisers and other business partners based on our business interests, e.g. for the purpose of contacting them at a later date. We store these mostly company-related data permanently.
For the rest, the macroeconomic analyses and general trend determinations are prepared anonymously wherever possible.
When contacting us (e.g. by contact form, e-mail, telephone or via social media), the user's details are processed for the purpose of handling the contact request and its processing in accordance with Art. 6 Para. 1 lit. b) GDPR. The user's details may be stored in a customer relationship management system ("CRM system") or comparable enquiry organisation.
We delete the requests if they are no longer necessary. We review the necessity every two years; furthermore, the statutory archiving obligations apply.
Data protection notices in the application procedure
We process the applicant data only for the purpose and within the scope of the application procedure in accordance with the legal requirements. The applicant data is processed for the purpose of fulfilling our (pre-)contractual obligations within the scope of the application procedure in accordance with Art. 6 Para. 1 lit. b. GDPR Art. 6 para. 1 lit. f. GDPR if the data processing becomes necessary for us, e.g. within the framework of legal procedures.
The application procedure requires applicants to provide us with their application details. If we offer an online form, the necessary applicant data is marked, otherwise it is derived from the job description and basically includes personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, CV and certificates. In addition, applicants can voluntarily provide us with additional information.
By submitting their application to us, applicants agree to the processing of their data for the purposes of the application procedure in accordance with the type and scope described in this data protection declaration.
Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are voluntarily communicated as part of the application procedure, their processing is additionally carried out in accordance with Art. 9 Para. 2 letter b GDPR (e.g. health data, such as severely disabled status or ethnic origin). Insofar as special categories of personal data within the meaning of Article 9 paragraph 1 GDPR are requested from applicants in the course of the application procedure, their processing is additionally carried out in accordance with Article 9 paragraph 2 letter a GDPR (e.g. health data if this is necessary for the exercise of the profession).
If made available, applicants can submit their applications to us by means of an online form on our website. The data will be transmitted to us in encrypted form according to the state of the art.
Applicants can also send us their applications by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and that the applicants themselves must ensure that they are encrypted. We can therefore not take any responsibility for the transmission path of the application between the sender and the receipt on our server and therefore recommend rather to use an online form or the postal dispatch. This is because instead of applying via the online form and e-mail, applicants still have the option of sending us their application by post.
The data provided by applicants may be further processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a job offer is not successful, the applicants' data will be deleted in accordance with legal requirements. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
Subject to a justified revocation by the applicants, the deletion will take place after the expiry of a period of six months so that we can answer any follow-up questions regarding the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses will be archived in accordance with tax law requirements.
LIFT COMPANY OFFERS
Ski ticket shop – purchasing lift tickets online
The company Elements collects the customer data in the ski ticket shop and these data are stored for the validity of the lift ticket for the purpose of fraud prevention. To create the ticket, the personal data is transferred to the Skidata system. The legal basis for data processing in this case is the fulfilment of the contract Art. 6 (1) lit. b GDPR. We would like to point out that ticket purchasers who order tickets not only for themselves but also for other persons are responsible for processing the personal data of these persons only with their consent. To purchase season tickets, the address and a recent photograph are required. We would like to point out that the address will be automatically deleted after expiry plus 1250 days, and the photo after expiry plus 240 days, and access will be anonymised. Due to the defined "offset time", the season ticket holder can purchase a ticket again in the following year without having to re-enter his data and photo. In this regard, the guest will receive a letter including an order form from the lift company before the new validity period begins. The season ticket holder's data will be used exclusively for the lift companies in the Skicircus Saalbach Hinterglemm Leogang Fieberbrunn and will not be passed on to third parties. The order forms, if necessary, including credit card numbers, will be deleted, or properly disposed of after three months at the latest.
Skidata - Customer data for ski tickets (purchases online or at the cash desk)
For ski passes of 9 days or more, photos (taken at the ticket office) are required. These photos will be deleted after their validity expires. To purchase season tickets, the address and a current photo are required. Please note that the address will be automatically deleted at the end of the validity period plus 1250 days, and the photo at the end of the validity period plus 240 days. Due to the defined "offset time", the season ticket holder can purchase a ticket again in the following year without having to re-enter his data and photo. In this regard, the guest will receive a letter including an order form from the lift company before the new validity period begins. The season ticket holder's data will be used exclusively for the lift companies in the Skicircus Saalbach Hinterglemm Leogang Fieberbrunn and will not be passed on to third parties. The order forms, if necessary, including credit card numbers, will be deleted, or properly disposed of after three months at the latest.
Evidence of low epidemiological risk for ski pass validity ("2G proof").
According to the COVID-19 measure ordinance, persons using our cable car facilities for recreational purposes must show valid proof of a low epidemiological risk. Currently, this is a "2G proof" (vaccinated or recovered). The legal basis for the control of this proof through us is the lawful obligation for this control according to § 3 (2) Z 1 of the 3rd COVID-19 measures ordinance in connection with Art. 6 (1) lit. c DSGVO. For the purpose of simplifying the control of this proof for multi-day and season tickets, there is the possibility of storing the 2G proof, provided that you give us your express consent to do so. The legal basis for the storage of the 2-G proof is therefore your express consent pursuant to Art. 9 (2) lit. a DSGVO for the processing of health data. In the case of digital sales channels, this consent can be given by confirming a checkbox, and in the case of purchases at our cash registers on site, by your signature of a corresponding consent form in paper. There is no legal obligation to store the 2-G proof, instead of storing it, an individual check of the 2G proof can take place each time you enter a cable car. For the automated storage and control of your 2-G proof, we use the services of our order processor SKIDATA (SKIDATA Austria GmbH, Hochthronstraße 1-7, A-5083 Grödig/Salzburg). We have concluded a corresponding agreement with the company SKIDATA in accordance with Art. 28 DSGVO as an order processor, which ensures that your data is processed exclusively within the scope of our order. For more information on Skidata's data protection, please visit: https://www.skidata.com/en-us/data-privacy/. We store your 2G proof in principle for the duration of the validity of your multi-day or season ticket. Beyond this, processing may take place if this is necessary for the assertion or defense of claims. You can revoke your consent at any time by sending us an e-mail, without this having any effect on the lawfulness of the processing until the revocation.
For example, in order to receive special discounts for bus groups, children & youth groups as well as school groups, it is necessary to present a list of participants, including their dates of birth, when purchasing. These lists will be deleted or disposed of immediately after the respective season. Address data of the respective group leaders and the organisation/school are used for marketing purposes.
Photocompare - Information according to §24 DSG 2000
Please note that for the purpose of access control, a reference photo of the ski pass holder is taken every day when passing through a turnstile equipped with a camera for the first and last time. This reference photo will be compared by the employees of the cable cars with the photos that are taken each time the ski pass holder passes through a turnstile equipped with a camera. These reference photos are stored for a maximum of 7 days and then deleted; the other photos are deleted at the latest 30 minutes after each passage through a turnstile. In case of suspicion (abuse), the photo can be saved manually.
Please note that it is also possible to purchase 1-day ski passes, which are technically configured in such a way that no photo is taken when passing through the turnstile, but in this case random checks by the staff of the lift companies must be expected.
Skiing accidents - Reports
The lift companies reserve the right to charge for the use of the piste rescue service. The injured person's information (name, address, date of birth, accommodation, ski pass number, accident circumstances, type of injury, accident site, transport, costs, piste & weather conditions, witness details ;) will be stored for 3.5 years for the purpose of issuing the invoice and for possible legal claims.
There is a photopoint station at the Lärchfilzkogl. By activating the camera, you agree that your photo will be stored for a fortnight on fieberbrunn.com/photopoint, can be freely accessed (after activation) and downloaded.
With the following notes we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your right of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.
Content of the newsletter: We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter referred to as "newsletter") only with the consent of the recipients or a legal permission. Insofar as the contents of the newsletter are specifically described in the context of a registration for the newsletter, they are decisive for the consent of the users. Furthermore, our newsletters contain information about our services and us.
Double-Opt-In and record keeping
The registration for our newsletter takes place in a so-called double opt-in procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that nobody can register with bogus e-mail addresses. The newsletter registrations are logged to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored by the dispatch service provider are also logged.
Registration data: To subscribe to the newsletter, it is sufficient to enter your e-mail address. Optionally, we ask you to enter a name for the purpose of personal contact in the newsletter
The dispatch of the newsletter and the associated measurement of success is based on the consent of the recipients in accordance with Art. 6 (1) lit. a, Art. 7 GDPR in conjunction with Art. 107 (2) TKG or based on the legal permission in accordance with Art. 107 (2) and (3) TKG.
The registration procedure is recorded based on our legitimate interests pursuant to Art. 6 (1) lit. f GDPR. We are interested in the use of a user-friendly and secure newsletter system that serves our business interests and meets the expectations of the users and allows us to prove that we have given our consent.
You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. We may store the unsubscribed e-mail addresses for up to three years based on our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for deletion is possible at any time, provided that the former existence of a consent is confirmed at the same time.
Newsletter - Dispatch service provider
We use "MailChimp", a service provided by Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA, to send out our newsletter. With the help of MailChimp, we can analyse our newsletter campaigns. When you open an email sent with MailChimp, a connection is established with MailChimp's servers. This allows us to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information such as the time of the retrieval, the IP address, browser type and operating system of the recipient are registered. This information cannot be assigned by us to the respective newsletter recipient, but is used exclusively for the statistical analysis of our newsletter. The purpose of these analyses is to better adapt future newsletters to the interests of the recipients. The legal basis for data transfers to the USA is provided by the standard contractual clauses agreed with MailChimp in conjunction with our review of the permissibility of these data transfers in terms of a comprehensive risk assessment. We have concluded a data processor agreement iSd. Art. 28 DSGVO with MailChimp (https://mailchimp.com/legal/data-processing-addendum/). Further information on the legality of the data transfers from MailChimp to the USA and the special security measures taken for this purpose can be found at: https://mailchimp.com/help/Mailchimp-european-data-transfers/. General data protection information from MailChimp at: https://mailchimp.com/legal/privacy/
Newsletter – performance measurement
The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file which is retrieved from our server when the newsletter is opened or, if we use a dispatch service provider, from their server. Within the framework of this retrieval, technical information such as information on the browser and your system, as well as your IP address and the time of the retrieval are initially collected.
This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined by means of the IP address) or the access times. Statistical surveys also include determining whether newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be allocated to the individual newsletter recipients. However, it is neither our intention nor, if used, that of the dispatch service provider to observe individual users. The evaluations serve us much more to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
MARKETING, PERFORMANCE MEASUREMENT & ANALYSIS
Google will use this information on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website and the internet. In doing so, pseudonymous user profiles of the users can be created from the processed data.
We only use Google Analytics with activated IP anonymisation. This means that the IP address of users is shortened by Google within member states of the European Union or in other states which are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user's browser is not combined with other data from Google. Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google by downloading the browser plugin here.
On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) the marketing and remarketing services (in short "Google Marketing Services") of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").
Google is certified under the Privacy-Shield-Agreement and thus offers a guarantee to comply with European data protection law.
Google's marketing services allow us to display ads for and on our website in a more targeted manner to show users only ads that potentially match their interests. For example, if a user is shown ads for products that he or she has been interested in on other websites, this is called "remarketing". For these purposes, when our and other websites on which Google marketing services are active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (instead of cookies, comparable technologies can also be used). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, what content he is interested in and which offers he has clicked on, as well as technical information on the browser and operating system, referring websites, visiting time and other information on the use of the online offer. The IP address of the user is also recorded, whereby we inform within the framework of Google Analytics that the IP address is shortened within member states of the European Union or in other states which are party to the Agreement on the European Economic Area and only in exceptional cases is it transmitted in full to a Google server in the USA and shortened there. The IP address is not merged with user data within other Google offers. Google may also combine the above-mentioned information with information from other sources. If the user subsequently visits other websites, advertisements tailored to the user's interests may be displayed.
User data is processed pseudonymously within the framework of Google marketing services. This means that Google does not store and process e.g. the name or e-mail address of the user but processes the relevant data cookie-related within pseudonymous user profiles. This means that from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who that cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected by Google marketing services about users is transmitted to Google and stored on Google's servers in the USA.
The Google marketing services we use include the online advertising programme "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". Cookies can therefore not be tracked via the websites of AdWords customers. The information collected through the cookie is used to compile conversion statistics for AdWords customers who have opted into conversion tracking. AdWords customers are informed of the total number of users who have clicked on their ad and been redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users
We may also use the "Google Tag Manager" to integrate and manage Google's analysis and marketing services into our website.
Facebook-Pixel, Custom Audiences und Facebook-Conversion
Within our online offer, the so-called "Facebook pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), is used due to our legitimate interests in the analysis, optimisation and economic operation of our online offer and for these purposes. Facebook is certified under the Privacy-Shield-Agreement and thus provides a guarantee that it complies with European data protection law.
On the one hand, the Facebook pixel enables Facebook to determine the visitors of our online offer as a target group for the presentation of ads (so-called "Facebook ads"). Accordingly, we use the Facebook Pixel to display the Facebook Ads placed by us only to those Facebook users who have also shown an interest in our online offer or who exhibit certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) which we transmit to Facebook (so-called "custom audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook Ads correspond to the potential interest of the users and are not annoying. With the help of the Facebook Pixel, we can also track the effectiveness of Facebook Ads for statistical and market research purposes by seeing whether users are redirected to our website after clicking on a Facebook Ad (so-called "conversion").
The processing of data by Facebook takes place within the framework of Facebook's Data Use Policy. Accordingly, general information on the display of Facebook Ads, in the Facebook Data Usage Policy. Specific information and details about the Facebook pixel and its functionality can be found in the Facebook help area.
You may object to the collection by the Facebook pixel and use of your data to display Facebook Ads. To control what types of ads are displayed to you within Facebook, you can go to the page set up by Facebook and follow the instructions on usage-based advertising settings. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
Online presence in social media
We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
Unless otherwise stated in our data protection declaration, we process the data of users if they communicate with us within the social networks and platforms, e.g. write articles on our online presences or send us messages.
Integration of third-party services and content
Within our online offer, we set the following priorities based on our legitimate interests (i.e. interest in the analysis, optimisation, and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use content or service offers from third parties to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content").
This always presupposes that the third-party providers of this content are aware of the IP address of the users, as without the IP address they would not be able to send the content to their browsers. The IP address is therefore necessary for the display of these contents. We make every effort to use only such content whose respective providers use the IP address only to deliver the content. Third party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information on the browser and operating system, referring web pages, visiting time and other details on the use of our online offer, as well as being linked to such information from other sources.