Data protection declaration Mayrhofner Bergbahnen

We would like to take this opportunity to inform you about the processing of your personal data within the framework of the General Data Protection Regulation (GDPR), the Data Protection Act (DSG) and the Telecommunications Act (TKG). If you need more information, please feel free to contact us at any time.

Personal data

Personal data is all data that contains information about personal or factual circumstances, such as name, address, e-mail address, telephone number, date of birth, age, gender, social security number, video recordings (possibly formulating, photos, payment information, etc.). We only collect, process and use your personal data if this is necessary for the performance of a contract or due to a legal obligation, or if you voluntarily provide us with this data. For further data processing, we obtain your consent before data processing. If our legitimate interest in data processing outweighs your interest in data protection, the processing may also take place without your consent.

As a rule, we collect your data directly from you. However, as part of the conclusion of the contract, it may happen that we collect your data from third parties, for example in the case of bookings by tour operators or booking platforms and the like. We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). Failure to provide the personal data would mean that the contract could not be concluded.

Purposes and legal basis

Provision of services: Name, date of birth, address and payment details may be collected for tickets issued for a period of 1 day or more for the purpose of ensuring that the controller knows with whom the contract has been concluded and to whom there is an obligation to perform. The processing of this data and for this purpose is carried out on the basis of the justification of the fulfilment of the contract in accordance with Article 6 (1) (b) GDPR.Tickets can be used in several areas, each operated by legally independent cable car companies. In order to make this possible and for the internal billing between the individual cable car companies, data will be transmitted to the members of the IG (point 16) for legitimation purposes and processed by them. The processing of this data and for this purpose is carried out on the basis of the justification of the fulfilment of the contract in accordance with Article 6 (1) (b) GDPR and our legitimate interest in accordance with Article 6 (1) (f) GDPR.

Abuse Control: In the case of tickets for which Photocompare is active, a reference photo is taken when the ticket is used for the first time, provided that the terminal used has the technical requirements and the Photocompare procedure is actually active. This reference photo is compared with a control photo for later use and thus checks whether the ticket has been passed on without authorisation. The processing of this data and for this purpose is carried out on the basis of the justification of legitimate interest in accordance with Article 6 (1) (f) GDPR. As part of the abuse control, we reserve the right to collect and store information about the misuse of tickets. In this context, the name, date of birth and address of persons are processed in order to document breaches of contract that have taken place and to refuse future performance. In the event of misuse, persons may be excluded from the provision of services for a period of two years from the breach and we reserve the right to refuse to conclude contracts. Due to the fact that the tickets are bundled (point 20), this information will also be passed on within the IG. This processing is based on the justification of the legitimate interest pursuant to Article 6 (1) (f) GDPR, as our interest in refusing services in the event of a violation of the terms and conditions outweighs the interest of the data subject.

Services: On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our offer within the meaning of Art. 6 (1) (f) GDPR), we use content or services offered by third-party companies within our (web) offer in order to integrate content and services. This assumes that your IP address is transmitted to the third-party providers, as without the IP address, the content cannot be sent to your browser. The IP address is required for the display of this content. Third-party vendors may also use web beacons for statistical or marketing purposes. Web beacons can be used to evaluate information such as visitor traffic to the website. For this purpose, a cookie may also be placed, which contains technical information about the browser and operating system, referring websites, time of visit and other information about the use of our website.

Whistleblower System – „WBS“: The purpose of the WBS is to facilitate the receipt and processing of reports submitted securely and confidentially by our employees and external persons regarding employee conduct that is illegal or in contravention of the object or purpose of legislation. The processing is carried out on the basis of a legal obligation in accordance with Article 6 Paragraph 1 lit c GDPR (legal obligation). • Checking whether the information provided to Us appears plausible and suggests a violation of laws or other legally binding requirements or breaches of duty under the employment contract, • If necessary, further clarification of the reported facts with regard to any violations of laws or other legally binding requirements or breaches of duty under the employment contract, • If necessary, further clarification for the purpose of exonerating employees who are wrongly suspected of wrongdoing, • if necessary, to avert economic and other detriments and to assert or enforce the rights of our Company and • if applicable, the fulfilment of any obligations to cooperate on the part of our Company within the scope of investigations by law enforcement or other authorities. You can report violations at any time via Mayrhofner Bergbahnen Integrity Line while maintaining your identity. If you wish, the responsible employees of Mayrhofner Bergbahnen Aktiengesellschaft will be happy to speak to you personally.

Your rights

You have the right to information about your stored personal data, as well as a right to rectification, data transfer, objection, restriction of processing as well as blocking or deletion of incorrect or inadmissibly processed data within the framework of the provisions of the GDPR. You have the right to withdraw your consent at any time. In the event of revocation, the data processing carried out up to this point remains lawful. If you believe that the processing of your personal data by us violates the applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority. In Austria, this is the responsibility of the Data Protection Authority (https://www.dsb.gv.at/).

Data integrity

The protection of your personal data is ensured by appropriate organisational and technical precautions. These precautions relate in particular to protection against unauthorised, unlawful or accidental access, loss, processing, use and manipulation. Please note that we do not accept any liability whatsoever for the disclosure of information due to errors in data transmission and/or unauthorized access by third parties not caused by us.

Transfers of data to third parties

In order to fulfil our contractual or legal obligations, it may be necessary to transmit your data to processors or other recipients, in particular to public authorities. Processors process your personal data in accordance with instructions and only to the extent necessary for the performance of these tasks. Our processors are, for example, external IT service providers. Below you will find a list of processors or recipients of data used by us:

The Google Fonts service provided by Google, Inc. is used to provide certain fonts on the website. For more information on the processing of personal data by Google Fonts, please see https://developers.google.com/fonts/faq.

We are a member of the interest group of the Zillertal cable cars. A list of members can be found at the end of the Privacy Policy. Data will be passed on to the members of the IG in accordance with the purposes (point 2).

  • The administration of ticket data as well as the transmission of data to members of the IG is carried out by SKIDATA AG, FN 59669z, Untersbergstraße 40, 5083 Grödig/Salzburg.

    SKIDATA also provides the Photocompare procedure described in point 2.

  • The data you provide will be stored within a specially secured EQS Group plc database within the European Union. All data stored within the database is encrypted using state-of-the art methods. Access to the data is strictly limited to appointed case managers. No other entity, including EQS Group plc, possesses the key to decrypt this data and make it readable. You can find the data protection declaration at https://www.eqs.com/about-eqs/data-protection/.

  • As part of notices conerning Whistleblower Protection Act, data can also be passed on as follows: In the course of processing reports within the WBS, it may be necessary for the personal data processed to be transmitted to other group companies within the corporate group if they are also or solely affected by the reported facts. All persons authorised to inspect the data are expressly obliged to maintain confidentiality. o EQS Group is our technical service provider and acts as a processor on the basis of a processing order pursuant to Art. 28 para. 3 GDPR. It may have access to your encrypted data (not in readable form) in the course of maintenance work. o If the processing of the report leads to the conclusion that a violation has occurred, personal data of the accused or, in the case of non-anonymous reports, also of the whistleblower may be transmitted to law enforcement agencies or courts as well as lawyers or consultants commissioned by Us. o Insofar as it is necessary for the assertion and enforcement of claims by our Company and there are no interests of data subjects that are worthy of protection, personal data may also be transferred to opposing parties or insurers.

We will only transmit your data to other recipients if you have given either us or the recipient your consent to the transfer of data, if the data transfer is necessary for the conclusion of a contract or for the fulfilment of the contract, or if we are legally obliged to transmit the data.

We transfer your personal data to recipients within the European Union or to countries for which the EU Commission has decided that they have an adequate level of data protection. If this is not the case, we ensure that the GDPR is complied with by the recipient of the data on the basis of appropriate safeguards. In the USA in particular, there is an adequate level of data protection, provided that the recipients are entered in the list of the Privacy Framework. To the extent that we transfer data to companies in the USA, these companies have submitted to the EU-US Privacy Framework. With self-certification under the Privacy Shield, companies confirm that they comply with the provisions of the GDPR.

Retention of data

Retention for the fulfilment of contractual or legal obligations: We will retain your data for as long as necessary to comply with our contractual or legal obligations. For example, we are required to keep our accounting records for a period of 7 years from the end of the calendar year in question. As part of the storage of your data, we will ensure that your data is only used to the extent necessary for the aforementioned purposes.

As part of the storage of your data, we will ensure that your data is only used to the extent necessary for the aforementioned purposes. Personal data stored within the WBS are usually deleted within two months of the conclusion of the respective investigation, unless they need to be further processed for other purposes, e.g. to fulfil retention obligations or to exercise, assert or defend legal claims.

Retention based on your consent: If you have given us your consent, we will store your data for as long as this has been set out in your declaration of consent or other consent, for example as part of a contract with you.

Retention based on legitimate interests: In addition, we will store your data for as long as is necessary to defend against liability or other claims within the statutory limitation periods. According to Austrian law, these are generally 3 years from knowledge of the damage and the tortfeasor.

Reference photos (see points 2 and 5) will be stored for the validity of the respective ticket and then deleted. Control photos (photos used to compare with the reference photo) will be deleted no later than 48 hours after passing through a turnstile. If control photos are required to preserve evidence of abuse, they will be stored for 14 days. Video surveillance on or in buildings is stored for a maximum of 72 hours for the purpose of property protection.

Booking enquiries that have not led to the conclusion of the contract will be stored by us for a period of 12 months for the purpose of internal analyses, such as the analysis of our offer. We will store application documents for a period of 12 months. Information about violations of our terms and conditions and the data about the person of the infringer will be stored for a period of two years from the date of the violation, unless a longer retention is necessary to assert or defend claims.

Obligations to erasure based on the right to erasure: Our obligations to erase in the event of exercising your right to erasure pursuant to Article 17 GDPR are not affected by the preceding paragraphs.

Collection of general data and information

Our website collects a range of general data and information with each access. The browser, the operating system, the previously visited website, the page accessed, the date and time of the visit, the IP address, the Internet service provider, the amount of data transmitted and other similar data and information may be recorded. This data is used by us for the maintenance of the website and for security purposes. In this respect, we have a legitimate interest in the storage of log files within the meaning of Article 6 (1) (f) GDPR. The anonymous data of the server log files are stored separately from all other personal data.

Cookies

Our website uses so-called cookies. These are small text files that are stored on your device with the help of the browser. We use cookies to make our website user-friendly. Most of the cookies we use are strictly necessary cookies and are automatically deleted from your hard drive at the end of the browser session ("session cookies"). The third-party service providers listed in this Privacy Policy may use persistent cookies to display content correctly or to ensure the functionality of the Service. If you do not wish this to happen, you can set up your browser to inform you about the setting of cookies and to allow this only in individual cases. Insofar as the cookies we use require consent, we will obtain your consent in advance. If cookies are disabled, the functionality of our website may be limited.

Facebook

The provider of the following services is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Social Media Plug In: Each time you access this website, on which a Facebook plug-in has been integrated, the Internet browser is automatically prompted to download a representation of the Facebook plug-in. As part of this technical process, Facebook receives information about which specific sub-page of our website is visited. If you are logged in to Facebook at the same time, Facebook recognizes which specific subpage is being visited. This information is collected and assigned by Facebook to the respective Facebook account without you having to click on the plug-in. If such a transfer to Facebook is not desired, this transmission can be prevented by logging out of your Facebook account. For more information, see https://de-de.facebook.com/privacy/explanation. If you wish to object to this data processing, please contact us for more information.

Custom Audiences: With Facebook Custom Audiences, visitors to our website can receive targeted interest-based advertising. This is done by placing cookies on your device. With the help of cookies, user behaviour when visiting the website can be analysed and then used for targeted product recommendations and interest-based advertising. If you do not wish this to happen, you can opt-out at the following link: https://www.facebook.com/settings/?tab=ads.

Google

General

The provider of the following services is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland. Google's privacy policy can be found here.

However, some services (such as Google Search or Google Maps) are provided by or transmitted to the following company: Google LLC, 1600 Amphitheatre Pkwy, Mountain View, California 94043-1351, USA Google LLC is based in a third country. In its decision of 10.07.2023 on C(2023) 4745 final, the European Commission decided that the United States of America offers an adequate level of data protection within the meaning of Article 45 GDPR if our contractual partner is entered in the list of the EU/US data protection framework. Google LLC is entered in the list, so that the data transfer to the USA is data protection compliant within the meaning of Article 45 GDPR. To learn more about Google LLC's certification, click here.

For the use of Google services and the setting of the necessary cookies, your consent within the meaning of Article 6 (1) (a) GDPR or § 165 (3) TKG will be obtained before processing. Your consent can be freely revoked at any time. Some of Google's services use cookies. An overview of the cookies used, their purpose and storage period can be found in our Cookie Policy or in the Cookie section of this Privacy Policy. Due to the ruling of the European Court of Justice, consent is obtained for cookies even if the cookies are not personal. Prior consent will only not be obtained for cookies if the sole purpose is to send a message or if it is strictly necessary for us to provide you with a service that you have expressly requested.

Google Analytics 4 Google Analytics is a service for collecting, collecting and evaluating data about the behaviour of visitors to websites. Google uses the data and information obtained, among other things, to evaluate the use of our website. By setting the cookie, Google and us are enabled to analyse the use of our website. This cookie causes your internet browser to transmit data to Google for the purpose of online analysis. As part of this technical process, Google receives information about the data subject, the origin of the visitors and clicks in order to compile statistics, collect personal interests and enable commission settlements. Google Analytics 4 does not store the IP addresses of visitors to our website. However, Analytics provides coarse geographic location data by deriving the following metadata from IP addresses: city (and the city's inferred latitude and longitude), continent, country, region, subcontinent (and ID-based counterparts). The IP address data is used exclusively for the derivation of geolocation data and is then immediately discarded. They are not logged, are not accessible and are not used for other purposes. In addition, we have configured Google Analytics 4 in such a way that Google Signal's data is deactivated and no detailed location and device data is collected. A release of the Google Analytics 4 data to other Google services, such as GoogleAds, has not been granted. User and event data will be stored for a period of 14 months if no new activity takes place within this period. If a new activity takes place within this period, the storage period starts again.

You can learn more about Google Analytics 4 here.

Google Maps: We use Google Maps from Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on our website. By using the functions of this map, data is transmitted to Google. You can find out what data is collected by Google and what this data is used for on https://www.google.com/intl/de/policies/privacy/.

Remarketing: Google Remarketing is a function of Google AdWords that enables us to display advertisements to you if you have previously visited our website. Google Remarketing sets a cookie that enables you to be recognized when you subsequently access websites that are also members of the Google advertising network. The cookie is used to store personal information, such as the websites visited. Every time you visit a website on which the Google Remarketing service has been integrated, your internet browser automatically identifies itself with Google. As part of this technical process, Google receives knowledge of personal data, such as the user's IP address or surfing behavior.

An opt-out is possible under the following link: https://adssettings.google.com/authenticated?hl=de. You can also set your browser so that third-party cookies cannot be set.

Google AdWords: Google AdWords is an internet advertising service that allows advertisers to place ads in Google's search engine results as well as on the Google advertising network. If you have come to our website via a Google ad, a so-called conversion cookie will be stored on your system. The conversion cookie is used to store personal information, such as websites visited. A conversion cookie expires after thirty days and is not used to identify you. The conversion cookie is used to track whether you have accessed certain subpages of our website, such as an online shop. The conversion cookie allows both us and Google to understand whether you have generated sales. The data and information collected are used by Google to compile visitor statistics for our website. Neither we nor other Google AdWords advertisers receive any information that could be used to identify you.

Double Click: DoubleClick is an online marketing service and uses cookies to serve ads that are relevant to users. In addition, DoubleClick can use cookie IDs to record so-called conversions. This is the case, for example, when a user sees a DoubleClick ad and later uses the same browser to visit the advertiser's website and make a purchase there. With DoubleClick, your browser automatically establishes a direct connection with Google's server. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out and store your IP address. By disabling the interest-based ads of the providers that are part of the self-regulatory campaign "About Ads" via the link http://www.aboutads.info/choices, this setting being deleted when you delete your cookies; For more information, see https://www.google.de/doubleclick.

YouTube Data protection declaration

On this page of the video service YouTube, we use the company YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. By accessing pages of our website that have integrated YouTube videos, data is transmitted, stored and evaluated to YouTube. If you have a YouTube account and are logged in, this data will be assigned to your personal account and the data stored in it. You can find out what data is collected by Google and what this data is used for on https://www.google.com/intl/de/policies/privacy/.

Instagram Data protection declaration

On our website we use functions of the social media network Instagram of Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Content embedding features (embed function) allow us to view images and videos. When you access pages using such functions, data (IP address, browser data, date and time, cookies) is transmitted to Instagram, stored and evaluated. If you have an Instagram account and are logged in, this information will be associated with your personal account and the information stored in it. The data protection guidelines, the nature of the information Instagram collects and how it uses it can be found at: https://help.instagram.com/155833707900388.

TikTok Data protection declaration

On our website, we use functions of the social media network TikTok of the company TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (Europe). For UK users: TikTok Information Technologies UK Limited, 6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom. The service provider is the Chinese company Beijing Bytedance Technology Ltd. Among other things, your data will also be processed in the USA. The features of embedding TikTok content (embed function) allow us to display images and videos. By calling up pages that use such functions, data (IP address, browser data, date and time, cookies) are transmitted, stored and evaluated to TikTok. If you have a TikTok account and are logged in, this data will be assigned to your personal account and the data stored in it. The privacy policy, what information TikTok collects and how they use it can be found on https://www.tiktok.com/legal/privacy-policy-eea

Push notifications from PushPanda.io

We use browser push notifications from PushPanda.io. Browser push notifications are messages that can be displayed on your device without opening the website or the respective app. No unique user data such as IP addresses or the like, which can lead to direct conclusions about the respective user, is stored. When registering (opt-in procedure) in the notification distribution list, only an identification key and the user's geographic IP information (country and state) are transmitted and stored in PushPanda.io's database. This key is assigned by the respective browser manufacturer (Google, Mozilla, Apple, etc.) and makes it possible to send the notifications to the respective browser later. The shipment is made directly via the browser manufacturers. If the opt-in for push notifications is withdrawn (opt-out), all data stored by PushPanda.io will be deleted and the identification key will become invalid. Information about the opt-out for push notifications can be found on https://www.pushpanda.io/de/links/abmeldung/. PushPanda.io is a service provided by Project K GmbH, based in Innsbruck, Austria.

Newsletter

The newsletter is sent with your consent or legal permission. If you would like to receive our newsletter, only your e-mail address must be provided, otherwise no newsletter can be sent. Information beyond your e-mail address is optional and only serves to personalize the offer (e.g. by selecting a topic about which information should be provided in the newsletter). The data will be used for the purpose of sending advertising. The data will be deleted as soon as you revoke your consent to receive the newsletter. You can send us the revocation via the contact details below. Alternatively, you can unsubscribe directly from the newsletter.

In order to send the newsletter, we need your confirmation that you are the owner of the e-mail address (so-called double opt-in). This confirmation is necessary to ensure that you have actually subscribed to the newsletter. Subscriptions to the newsletter are logged in order to be able to prove the registration process. This includes the storage of the time of registration and confirmation on the one hand, and the IP address on the other. Changes to your stored data will also be logged. You can unsubscribe at any time using the unsubscribe option provided in the newsletter.

When you access the newsletter, a web beacon collects technical information, such as information about your browser and your system, as well as your IP address and time of access. This information is used for the technical improvement of the services based on the technical data or the target groups and reading behavior or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients.

Contact form

If the contact form is used, the personal data you provide will be stored automatically. Depending on the contact form, different personal data is provided as mandatory fields. Insofar as the collection of personal data is designed as a mandatory field, the provision of this data is necessary in the context of the fulfilment or initiation of a contract or due to legal obligations. Such data will be stored for the purpose of processing or contacting you. As a matter of principle, this personal data will not be passed on to third parties. If it is not possible for us to provide an answer, the enquiry together with your personal data will be forwarded to the relevant company for a response. The personal data provided by you will be stored for as long as is necessary in the context of the enforcement and/or defence of claims or on the basis of a legal obligation.

Sweepstakes

If you take part in one of our competitions, the following data will be collected: first name, last name, date of birth, email address and address. This data is necessary for the implementation of the competition and will only be used for this purpose. In this respect, we rely on the justification of the performance of the contract pursuant to Article 6 (1) (b) GDPR for data processing.

If you have given your consent in the context of the competition, your name will be published on our social media channels and on our website. You can revoke this consent at any time. In this case, we will delete the social media post.

Candidacies

You will be informed about vacancies in our company via our website. As part of the application, you have the option of submitting your application documents to us online via our website, electronically by e-mail or by post. Your data will be used and stored for the purpose of evaluation in the application process, to contact you in the application process and, if necessary, to establish an employment relationship.

Contact details

Controller: Mayrhofner Bergbahnen Aktiengesellschaft FN 32918 i, Landesgericht Innsbruck Ahornstrasse 853, 6290 Mayrhofen Tel.: +43/5285/62277-0 E-mail: datenschutz@mayrhofner-bergbahnen.com

The controller is a member of the interest group of the Zillertal cable cars ("IG"), a company under civil law. The cable car companies have joined forces to form the IG, in particular for marketing purposes and for billing purposes. In the absence of legal personality, the IG consists of the legally independent operating companies. The IG consists of the following members:

FINKENBERGER ALMBAHNEN GmbH Persal 200, 6292 Finkenberg Telefon: 05285/62196 info@almbahnen.at

FÜGEN BERGBAHN GesmbH & Co KG Hochfügenerstr 77, 6263 Fügen Telefon: 05288/62991 info@spieljochbahn.at

GERLOSPASS–KÖNIGSLEITEN BERGBAHNEN GmbH Königsleiten 82, 5742 Wald Königsleiten Telefon: 06564/8212 office@koenigsleiten-bahnen.at

SKILIFTGESELLSCHAFT HOCHFÜGEN GmbH Sennereistraße 1, 6263 Fügen Telefon: Büro 05288/62319 info@hochfuegenski.com

HOCHKRIMMLER SEILBAHNENGESELLSCHAFT mbH Oberkrimml 95, 5743 Krimml Telefon: 06564/7325-13 info@gerlosplatte.com 

BERGBAHNEN SKIZENTRUM HOCHZILLERTAL GmbH & Co KG Postfeldstraße 7, 6272 Kaltenbach Telefon: 05283/2800 info@hochzillertal.com 

MAYRHOFNER BERGBAHNEN AKTIENGESELLSCHAFT Ahornstraße 853, 6290 Mayrhofen Telefon: 05285/62277 info@mayrhofner-bergbahnen.com

SCHILIFT-ZENTRUM-GERLOS GmbH HNr. 306, 6281 Gerlos Telefon: 05284/5376 info@bergbahnen.gerlos.at 

TUXER BERGBAHNEN AG HNr 395, 6293 Tux Telefon: 05287/87246 info@eggalm.com

ZELLER BERGBAHNEN ZILLERTAL GmbH & Co KG Rohr 23, 6280 Rohrberg Telefon: 05282/7165 info@zillertalarena.com 

ZILLERTALER GLETSCHERBAHN GmbH & Co KG Hintertux 794, 6293 Tux Telefon: 05287/8510 info@hintertuxergletscher.at

 BERGBAHNEN WILDKOGEL - Oberpinzgauer Fremdenverkehrsbeförderungs- und Bergbahnen AG Wildkogelbahnenstraße 343, 5741 Neukirchen am Großvenediger Telefon: 06565/6405 info@wildkogelbahnen.at