1. General information
The protection of your personal data is of special importance to us. Therefore, we exclusively process your data on the basis of the statutory provisions (GDPR (General Data Protection Regulation), DSG 2018 (Austrian Data Protection Act), TKG 2003 (Austrian Telecommunications Act 2003)), in particular exclusively in a lawful manner pursuant to Art 6 GDPR. In this data protection information we will inform you about the most important aspects of the data processing – type, scope and purposes of the collection and use of personal data – in conjunction with the use of our website and in conjunction with the use of our offers in our ski area.
1.1. Purposes, categories of data and legal basis for the processing of personal data
Purposes of processing:
The purposes for processing your personal data are generally based on our business activities as a cable car company: Making our online offers available, processing customer enquiries, orders/purchases of cable car tickets, accounting, communication with business partners and customers. For detailed information on the purposes of processing and, if applicable, further processing for other compatible purposes, as well as on the categories of data processed, please refer to the detailed descriptions of the individual data processing processes.
General categories of data:
- Personal master data (e.g., name, date of birth and age, address)
- Contact data (e.g., email address, telephone number, fax number)
- Communication data (time and content of communication)
- Order or booking data (e.g., ordered goods or ordered services and invoice data such as period of service, method of payment, invoice date, tax identification number ...)
- Payment details (e.g., account number, credit card details)
- Contract details (contents of contracts of any kind)
- Web usage data (e.g., server data, log files and cookies)
- CCTV images
Special categories of data ("sensitive data") according to Article 9 GDPR:
- Health data: in the context of recovery services of injured persons
Legal basis for processing:
1.2. Data erasure and storage duration
The personal data of the data subject will be erased or blocked as soon as the purpose of the storage ceases to apply. Storage can additionally be carried out if this was envisaged by the European or national legislator in regulations under Union law, other laws or regulations, which our company has to comply with. Data will also be blocked or erased when a storage deadline stipulated by the stated standards expires, unless it is necessary to continue to store the data for the conclusion of a contract or to fulfil a contract.
1.3. Safeguarding of your data protection rights
Pursuant to GDPR you are fundamentally entitled to the rights to information, rectification, erasure, limitation, data portability, revocation and objection.
We as the data controller responsible for the processing of your personal data are accordingly available under the following contact data:
GLETSCHERBAHNEN KAPRUN AG
T: +43 (0)6547/8700
Data protection officer:
We take the protection of personal data seriously and have therefore voluntarily appointed an external data protection officer. Our data protection officer is MMag. Martin Zeppezauer, Thurnbichlweg 50, A-6353 Going am Wilden Kaiser (www.zepedes.com). You can contact our data protection officer under the email address firstname.lastname@example.org.
Right to lodge a complaint:
If you believe that the processing of your data breaches data protection law or your claims under data protection law have been violated in any other manner you can lodge a complaint at the supervisory authority. In Austria this is the data protection authority. (Wickenburggasse 8, 1080 Vienna, email email@example.com).
1.4. Data processor, recipients
We process your personal data with the support of data processors, who support us with providing the services. These data processors are obligated to strict protection of your personal data and may not process your personal data for any other purpose than for the provision of our services. In order to find out which data processors it concerns please refer to the detailed descriptions of the individual data processing processes.
A forwarding of your personal data to other companies than our data processors will only be carried out to typical economic service providers such as e.g. banks, tax advisers, auditors, etc.
1.5. Transfers to third countries
In principle, we process your personal data in the EU area. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of our processors or third parties, this is only done if the conditions of Article 44 et seq. GDPR for the transfer to third countries exist: i.e. on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU or in compliance with officially recognised contractual obligations, the so-called "EU standard contractual clauses". If we refer to the EU standard contractual clauses as the legal basis for the transfer of your personal data, we will also examine the permissibility of this data transfer as part of a comprehensive risk assessment. Should we come to a negative result, we will not transfer this data to a third country without your express consent pursuant to Article 49 (1) (a) GDPR in conjunction with Article 6 (1) (a) GDPR.
Notice regarding data transfer to the USA
The Internet services Google Analytics, Google Remarketing, Google Maps and Youtube will also transmit your data (on a case-by-case basis) to the third-party country USA. The public authorities or intelligence services in the USA may be able to access your data without you having recourse to legal remedies. The CJEU has furthermore established that no adequate level of data protection for data transfer from the EU to the USA exists consistent with Art. 44ff GDPR. For this reason, the legal foundation for use of this service is your expressed consent consistent with Art. 49 (1) (A) GDPR.
1.6. Data sources
We collect your personal data exclusively from you and do not use any other data sources.
We do not use any automated decision-making or profiling procedures that have a legal effect on you or affect you significantly in a similar way. However, with your consent, we will use your usage data to better understand your interests and thereby display information of interest to you or provide you with customised offers, or to display relevant information to you on third-party websites or social media platforms.
2. Visit to our website
In this paragraph, we inform you how we process your personal data when you visit our website.
2.1. Presentation of the website
For technical reasons among others the following data, which your Internet browser transmits to us or to our web space provider, are recorded (so-called server log files):
- browser type and version
- used operating system
- website from which you are visiting us (referrer URL)
- website, which you are visiting
- date and time of your access
- your Internet Protocol (IP) address
These anonymous data will be stored separately from your possibly entered personal data and therefore do not allow any conclusions to be drawn about a certain person. They are evaluated for statistical purposes in order to be able to optimise our internet presence and our offers.
SSL or TLS encryption:
For security reasons and to protect the transfer of confidential contents, such as for example orders or requests, which you send to us as the operator of the site, this site uses an SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If the SSL or TLS encryption is activated, the data which you transmit to us cannot be read by third parties.
Technical service providers
We create and process the content of our website with the help of the following service providers, whom we have engaged by way of a corresponding agreement within the meaning of Article 28 GDPR to process your data exclusively within the scope of our contract:
- Sportalpen GmbH (Siezenheimer Str. 39 C / Panzerhalle, A-5020 Salzburg)
2.2. Communication with us
Contact form and email:
Enquiries regarding accommodation:
2.3. Online shop(s) / Booking portal(s)
For the purpose of providing contractual services as well as their payment and execution within the scope of online purchases, bookings and brochure orders, we process your personal master data, contractual and payment data as well as communication data (IP address and server log files) on the legal basis of Article 6 (1) (b) GDPR (contract performance) as well as Article 6 (1) (c) GDPR (legal accounting and archiving obligations).
We store this data as long as it is required for the purpose, as long as legal provisions provide for this (retention period of invoices according to Section 132 Austrian Federal Fiscal Code (BAO) is 7 years; voucher orders until the expiry of the redemption period for 30 years) or we require this data on the legal basis of Article 6 (1) (f) GDPR (legitimate interest) to protect against possible liability claims. If you cancel the order process, we store the data for 14 days to clarify possible problems during the order process.
There is no legal or contractual obligation to provide personal data. The only consequence of not providing the data is that we cannot process your bookings / orders.
INCERT Voucher System and Merchandising Articles
External payment service providers
Sale of ski passes and day tickets (Starjack)
2.4. Email newsletter
By ticking the checkbox you agree to the processing of the personal data entered by you for the purpose of information about our current offers by means of an email newsletter by us until the consent is revoked. There is no legal or contractual obligation to provide the personal data. The failure to grant consent will merely have the consequence that you will not receive any email newsletter. You have the right to revoke your consent at all times by a written notification or by clicking on the unsubscribe link in the email newsletter without affecting the lawfulness of the processing carried out owing to the consent until the revocation. After revocation your personal data required for sending the email newsletter will be erased by us without delay. We use the services of our data processor the CleverReach company (CleverReach GmbH & Co. KG //CRASH Building, Schafjückenweg 2, 26180 Rastede, Germany) for sending our email newsletter. Further information relating to the data protection of CleverReach is available under: https://www.cleverreach.com/en/privacy-policy/
2.5. Job applications
The contact data and application documents transmitted to Gletscherbahnen Kaprun AG over the course of a job application via the job portal of our website are exclusively processed internally by us for the purpose of selecting suitable candidates for an employment relationship. The personal data transmitted hereby will be stored by us pursuant to the statutory provisions for a max. of 6 months, in the event of the explicit consent of the applicant, to keep the documents as evidence, for a max. of 2 years.
2.6. Integration of services and contents of third parties
It may occur that contents of third parties, such as for example YouTube videos, map material from Google-Maps, RSS-Feeds or graphics from other websites are integrated within this online offer. This always presumes that the provider of these contents (hereinafter referred to as "Third Party Provider") perceives the IP address of the users. As without the IP address, they could not send the contents to the browser of the respective user. The IP address is therefore necessary for the presentation of these contents. Gletscherbahnen Kaprun AG makes an effort to only use such content whose respective provider merely uses the IP address to deliver the contents. However, Gletscherbahnen Kaprun AG has no influence if the Third-Party Provider stores the IP address e.g. for statistical purposes. Insofar as this is known Gletscherbahnen Kaprun AG will inform the users hereof.
You can find more information regarding cookies on WIKIPEDIA.
Change of the cookie settings:
The user can stipulate how the web browser deals with cookies and which cookies are allowed or rejected in the settings of the web browser. Where these settings are precisely located depends on the respective web browser. Detailed information in this respect can be called via the help function of the respective web browser.
Cookies on our website
Our website uses the following providers:
- Google: Google Tag Manager, Google+ Platform, Google Analytics, Google Maps, Google ReCAPTCHA, Google Dynamic Remarketing, Google Double Click and Google Ads Audiences. Serves to store user data in connection with website statistics, marketing and optimisation.
- Facebook: Serves to store user data in connection with the Facebook Pixel, Facebook Custom Audiences and Facebook Connect. You can find further information at Facebook Developer as well as at the Facebook Cookie Notes.
- Hotjar: Serves to store user data in connection with Hotjar. You can find further information in the Hotjar Cookie Information.
2.8. Server log files
For the purpose of monitoring the technical function and for improving the operational security of the web server on the basis of the prevailing legitimate interest of the data controller (technical security measures) this website processes the following personal data in a server log file:
- IP address
- Site from which the file was requested (so-called referrer URL)
- Name of the file
- Date and time of the request (so-called "time stamp")
- Transferred data volume
- Access status (file transferred, file not found, etc.)
- Description of the type of used web browser, abbreviated "browser"; e.g. Mozilla Firefox, Google Chrome, Microsoft Internet Explorer, Microsoft Edge, Apple Safari, Opera, etc.)
These data are only stored person-related temporarily for the duration of seven days. After this time the log files will be deleted.
2.9. Google Analytics
This website uses Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") on the legal basis of the prevailing legitimate interest (analysis of the website use). We have concluded an agreement for this purpose with Google for contract data processing.
This website uses the function "Activation of the IP anonymisation". This way, your IP address is first abbreviated by Google within member states of the European Union or in other contracting states of the Treaty on the European Economic Area. The full IP address is only transferred to a server of Google in the USA and abbreviated there in exceptional cases.
According to information from Google, Google will use the collected data in order to evaluate the use of the website, to compile reports on the website activities and to provide further services associated with the website use and the internet use.
Google will, if applicable, also transfer this information to third parties if this is stipulated by law or if third parties process these data by order of Google.
2.10. Google Analytics Remarketing
Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Through this function it is possible to link the advertising target groups created using Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. This way, interest-related, personalised advertising messages, which were adjusted to suit you depending on your previous usage and surfing behaviour on a terminal device (e.g. mobile phone), can also be displayed on another of your terminal devices (e.g. tablet or PC).
If you have granted a corresponding consent, Google will link your web and app browser history with your Google account for this purpose. This way, the same personalised advertising messages can be placed on each device on which you sign in with your Google account.
In order to support this function Google Analytics records Google-authenticated IDs of the users, which are temporarily linked with our Google Analytics data in order to define and create target groups for the cross-device advertisements.
You can permanently object to the cross-device remarketing / targeting by deactivating personalised advertising in your Google account; follow this link in order to do this.
The summary of the entered data in your Google account is exclusively carried out on the basis of your consent, which you can submit to Google or revoke (Art. 6 Para. 1 lit. a GDPR).
Deactivate Google Analytics:
- You can generally prevent the recording of your user data on our website by setting "Do Not Track" in your web browser. Our website takes the "Do Not Track" signal into consideration, which your web browser then sends to all websites.
- You can generally prevent the recording of your user data by Google Analytics on all websites by downloading and installing the browser plugin available under the following link: Get Google Analytics Opt-out Browser Add-on.
- You can only prevent the recording of your user data by Google Analytics on this website by clicking on the following link. An opt-out cookie is set that prevents the recording of your data on future visits to this website: Deactivate Google Analytics.
2.11. Google Maps
This website uses the product Google Maps of Google Inc. By using Google Maps on this website, you declare that you agree to the collection, processing and use of the automatically collected data by Google Inc, its representatives as well as third parties.
2.12. Google ReCAPTCHA
In order to protect your orders by internet form this website uses the reCAPTCHA service of Google Inc. (Google). The query serves to distinguish whether the input is carried out by a person or improperly by automated, mechanical processing. The query includes the sending of the IP address and, if applicable, further data required by Google for the reCAPTCHA service to Google. For this purpose, your input is transmitted to Google and is further used there. Through the use of reCaptcha, you declare that you agree that the recognition provided by you will flow into the digitalisation of old works. In the event of the activation of IP anonymisation on this website, your IP address will however first be abbreviated by Google within member states of the European Union or in other contracting states of the Treaty on the European Economic Area. The full IP address is only transferred to a server of Google in the USA and abbreviated there in exceptional cases. By order of the operator of this website, Google will use this information in order to evaluate your use of this service. The IP address transmitted by your browser within the scope of reCaptcha will not be aggregated with other data of Google. The deviating data protection provisions of the Google company apply to these data. You can find further information relating to the privacy policies of Google under: https://www.google.com/intl/de/policies/privacy/.
2.13. Facebook Pixel
This website uses Facebook Pixel, a web analysis service of Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook") on the legal basis of the prevailing legitimate interest (analysis of the website use). The data are partly transferred to the USA. The transmission of the data to the USA is carried out on the basis of your consent pursuant to Art. 6 (1) lit a GDPR.
According to information from Facebook, Facebook will use the collected data in order to evaluate the use of the website, to compile reports on the website activities and to provide further services associated with the website use and the internet use.
Facebook will, if applicable, also transfer this information to third parties if this is stipulated by law or if third parties process these data by order of Facebook.
Deactivate Facebook Pixel:
- You can generally prevent the recording of your user data on our website by setting "Do Not Track" in your web browser. Our website takes the "Do Not Track" signal into consideration, which your web browser then sends to all websites.
- You can only prevent the recording of your user data by Facebook Pixel on this website by clicking on the following link. An opt-out cookie is set that prevents the recording of your data on future visits to this website: Deactivate Facebook Pixel.
2.14. Web Fonts
The use of Web Fonts is carried out in the interest of a standard and attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f. GDPR.
For improved user experience on this website we use Hotjar, a feedback and analysis service of Hotjar Ltd. ("Hotjar"), Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe. The following information is collected with regard to the terminal device and browser of the end user:
- IP address of the terminal device in an anonymised form
- Screen resolution of the terminal device
- Type of terminal device (individual terminal devices - identification characteristics) operating system and browser type
- geographical location (only country)
- language preferred with the display of the Hotjar-based website
- mouse events (movements, position and clicks)
- keyboard inputs
- log data
Our servers record information automatically based on random samples, which is collected from Hotjar-based websites. The following fall under these data:
- referring domain
- visited pages
- geographical location (only country)
- language preferred with the display of the website
- date and time when the pages of the website were accessed
The processing of your personal data is carried out on the basis of your consent pursuant to Art. 6 (1) lit a GDPR. Further information relating to the data protection of Hotjar can be found under https://www.hotjar.com/legal/policies/privacy/ as well as further information relating to the cookies used by Hotjar under Hotjar cookie information.
By visiting the opt-out-site of Hotjar and by clicking on "deactivate Hotjar" you can reject the collection of your data by Hotjar when visiting this website at all times.
2.17. Matomo Analytics
Our website uses the open-source web-analysis service Matomo provided by Innocraft Inc, (150 Willis ST, 6011 Wellington, New Zealand). This enables us to conduct anonymized analysis of user behavior on the part of our website visitors, in order to optimize our web offer as well as our advertising. We have installed Matomo on the servers of the technical service provider for our website, Sportalpen GmbH (Siezenheimer Str. 39 C / Panzerhalle, A-5020 Salzburg). No data are shared with Matomo itself. Within this context, we process the following data: your IP address (truncated and thus anonymized), cookies (to differentiate between various visitors – Matomo cookies remain on your device until you delete them), the URL you had visited immediately prior (the referring page – insofar as this data is provided by your browser), the name and version of your operating system as well as the name, version and language setting of your browser. Use of Matomo is on the basis of your consent consistent with Art. 6 (1) (a) GDPR. You may revoke this consent at any time with future effect by adjusting the settings in our cookie banner. By means of a corresponding agreement consistent with Art. 28 GDPR, as our service provider we have obligated Sportalpen GmbH to process your data exclusively within the scope of our agreement. Further information about Matomo may be found at: https://matomo.org/gdpr-analytics/.
3. Visit to our ski area
We will explain the processing of your personal data when using the facilities of our ski area below.
3.1. Skipass control "Photocompare"
It is pointed out that owing to our legitimate interest pursuant to Art. 6 (1) lit f GDPR for the purpose of access control (lift tickets are not transferable pursuant to our General Business Terms and Conditions!) a reference photo of the lift ticket holder is taken when going through a turnstile fitted with a camera for the first time. This reference photo will be compared by the lift staff with those photos which are taken each time a turnstile fitted with a camera is passed through once again. The reference photo will be deleted immediately after expiry of the validity of the lift ticket, the other photos at the latest 30 minutes after a turnstile is respectively passed through. It is pointed out that there is also the possibility to acquire lift tickets which are configured technically so that no photo is taken when passing through the turnstile, however random checks by the lift staff must be expected in this case.
- Photocompare is not used with all lift facilities of the ski area, but only at several special points of entry (e.g. at the valley station).
- All data in connection with Photocompare are stored encrypted. No sound recordings are made.
- Evaluation process:
The Photocompare turnstile facilities at the points of entry are fitted with card readers and cameras. When passing the turnstile, the lift ticket is read and a photo is created automatically. This photo is compared with the respective reference photo of the lift ticket holder for correspondence. This check is carried out by the employee (lift employee) of the client nearest to the turnstile situated in a closed room by personal perception on the screen. An automation-supported image data comparison is not carried out as this would be inadmissible.
If there is a match, there is no cause for the problem. If the human eye, i.e., the employee in the area of the ski lift facility, has doubts about the correspondence of the photo that was just created with the reference photo, they have the possibility to trigger a suspicious case and therefore to prevent the automatic deletion of the image data. It is ensured that as long as no cause has been triggered, all control photos of the points of entry are automatically deleted within a few minutes (however a maximum of 30 minutes after the photo was taken). If in an event a suspicion does not become more concrete, the photo will be deleted immediately. The reference photo taken within the scope of the ski lift ticket purchase will be deleted immediately after the end of the period of validity of the lift ticket.
The client stores entrance times and locations of the lift tickets exclusively for settlement purposes with other ski areas. By means of the (image) data from the Photocompare system no movement profiles of the lift ticket users are created whatsoever.
Besides Photocompare there is also the possibility to purchase a lift ticket which can be configured technically so that no photo is taken when passing through the turnstile. The reference photo is created at the ticket office and is located on the lift ticket, not in the Photocompare system. In this case controls by the lift staff are to be expected.
We offer several photopoints at the Kitzsteinhorn and Maiskogel, which you can use to create photos. When using one of the photopoints a current photo will be taken based on your consent pursuant to Art. 6 (1) lit a GDPR and will be published online or on a screen at the ticket office. The photos will be deleted automatically and completely after 72 hours. You can have the photos you have taken deleted free of charge by a revocation of your consent at any time. Simply contact us for this purpose under firstname.lastname@example.org or by telephone at +43 (0)6547/8621.
Via our website you can contact the external service Skiline for inspection on your personal vertical metre profile. Owing to your consent pursuant to Art. 6 (1) lit a GDPR, Skiline receives information for the creation of the vertical metre profile relating to your lift entries at the Kitzsteinhorn and Maiskogel as well as your ticket number and can calculate the vertical metres and kilometres of piste covered from this information. Otherwise Gletscherbahnen Kaprun AG does not forward any personal data. When calling the Skiline service via our website you leave our web presence, and we can consequently not assume any further liability. Further information of the data controller Skiline under data protection law for the Skiline service can be found under https://www.skiline.cc/declarationOfConsent
3.4. Guest surveys
Explanation relating to data protection within the scope of the SAMON Kitzsteinhorn guest survey, conducted by Manova GmbH: The personal data, which are made available by you, are processed by order of Gletscherbahnen Kaprun AG, Kitzsteinhornplatz 1a, A-5710 Kaprun. The data are exclusively collected for the purpose of conducting the SAMON Kitzsteinhorn guest survey and will not be forwarded to third parties. Your data will be erased as soon as the survey has been completed and will be stored as a maximum for the duration of one year. You can additionally revoke your consent at all times by sending an email with the subject "Revocation Kitzsteinhorn guest survey" to email@example.com. Your data will subsequently be erased immediately.
The SAMON Kitzsteinhorn guest survey is conducted by Gletscherbahnen Kaprun AG. The processing of the collected data is fully carried out by the company MANOVA GmbH in this case as the data processor. We have concluded an agreement with the data processor for the processing according to Art. 28 GDPR.
The results of the survey will be made available to the data controllers, i.e. Gletscherbahnen Kaprun and, if applicable, other partners of the client in a completely anonymous form. The conclusion about the data subject is not possible based on these data. The collected data will be exclusively evaluated for the statistical survey of the guest satisfaction, the holiday behaviour as well as similar questions of tourist research.
You repeatedly have the possibility to participate in competitions of the Kitzsteinhorn. Within the scope of these actions personal data (email address, name, address) will also be collected and processed for the purpose of settlement. The personal data collected within the scope of such a competition will exclusively be used for the processing of the action (in the event of a competition for example for determination of the winners, notification of the winners and the sending of the prize). After termination of the action the data of the participants will be erased. The use of your data collected over the course of the competition for the receipt of newsletters will only take place if you have explicitly consented to this.
3.6. WLAN (WiFi)
The WLAN made available by Gletscherbahnen Kaprun AG can be used free of charge after a confirmation of the General Business Terms and Conditions. The WLAN also serves to provide information about events, attractions and regional information, which is adjusted depending on the area you are in. In order to improve the convenience of the WLAN use, we furthermore store a clear ID of the used device and the access node for recognition and therefore no longer necessary new acceptance of the General Business Terms and Conditions. Furthermore, users of the WLAN can voluntarily register for surveys regarding customer satisfaction and also win prizes hereby. Further information in this respect.
Photos and videos which are made over the course of an event of Gletscherbahnen Kaprun AG can be published on our website or our social media channels (Facebook, Instagram, Youtube). Should you not agree to a photo or shooting published in such a manner, you can contact us at all times and revoke the publication by email to firstname.lastname@example.org.
3.8. Skiing accidents – reports
The mountain railways reserve the right to invoice the operation of the piste rescue service. The information of the injured persons or the parties involved in the accident and witnesses (name, sex, address, telephone number, date of birth, accommodation, holiday location, ski pass number, course of accident, type of injury, place of accident, time of accident, transport from scene/salvage, type of sports/sports equipment, costs, piste & weather conditions, details of witnesses) will be processed by us for the purpose of the necessary medical care of the injured persons owing to the interest of the data subject pursuant to Art. 6 (1) lit d GDPR and owing to our legitimate interest pursuant to Art. 6 (1) lit f GDPR for the creation of the invoice and for possible legal claims. In the event of collisions these data will also be forwarded to the local police station owing to our legal obligation pursuant to Art. 6 (1) lit d GDPR.
3.9. Group information
For the receipt of special discounts e.g. bus groups, children & youth groups as well as groups of school children it is necessary for the fulfilment of the contract pursuant to Art. 6 (1) lit b GDPR to submit a list of participants, incl. the dates of birth upon purchase. Address data of the respective group leaders and the organisation/school will be used owing to our legitimate interest pursuant to Art. 6 (1) lit f GDPR for marketing purposes until an objection is filed.
3.10. Table Reservations Gastronomy
We are pleased to accept table reservations in our gastronomy. The legal basis for this is the fulfilment of a contract pursuant to Art. 6 (1) lit b GDPR. For this purpose, we will require a last name as well as a telephone number. These data will be destroyed directly after your visit to our gastronomy.
3.11. CURRENT NEWS: COVID-19 registration obligation in our gastronomy businesses
Owing to the current legal obligation we must enter the guest data (first name, last name, telephone number, date and time of the visit). This is carried out by QR-Code registration or a data entry sheet in a paper form. We exclusively process these data for the fast contact person tracking in the event of a COVID-19 suspicion. The processing of your aforementioned personal data is carried out accordingly pursuant to Art. 6 Para. 1 lit c and lit d GDPR on the basis of our legal obligation pursuant to Section 2 Z 1 and 2 of Salzburg Governor's Ordinance of 16 October 2020, with which additional measures are stipulated for combatting the spreading of COVID-19. The failure to provide the data has the consequence that we may not serve you any food and drinks in our gastronomy business. We will erase these data after 28 days and will exclusively forward these data to health authorities in accordance with Section 5 Para. 3 Austrian Epidemic Law [Epidemiegesetz] and Section 10 Para. 2 DSG (legal bases within the meaning of Art 9 Para. 2 lit i GDPR) upon request.
3.12. alpin card navigator app
3.13. Proof of low epidemiological risk for ski-pass validity (“2G-verification”)