PRIVACY POLICY
1. GENERAL
1.1 This data protection declaration explains which personal data (the „Data“) are processed when using the internet services of Kitzbueheler Alps Projekt Gmbh, Obere Gänsbachgasse 7, 6370 Kitzbuehel, Tyrol-Austria, FN 435794 z („we“), under www.kitzbuehelalps.com („our Website“), and how this Data is subsequently protected by Kitzbueheler Alps Projekt Gmbh as the controller.
1.2 You will find information on our processing of Data below, or you may contact us at office@kitzbuehelalps.com. The Website contains links to third-party websites. We have no control over the content or privacy practices of these other websites. Please read the respective data protection provisions of these other websites that you visit. 2. PROCESSING OF DATA 2.1 When you visit our Website, we process the Data that you voluntarily provide (e.g. in connection with a product or service request, contact form, registration, communication with you personally, or your job application), such as title, name, contact data (telephone number, address, email address).
2.2 However, you can also visit our website without actively providing us with disclosures about your identity. In this case, we will only gather the personal data transmitted by your browser to our server. This data will be anonymised or gathered using pseudonyms in order to deliver the contents of the website to the user’s computer and in order to perform an evaluation for the purposes of optimising and monitoring the functionality of our web presence while ensuring the security of our information technology systems (Art. 6 Para. 1 Letter f GDPR).
2.3 Our log files contain disclosures about the date and time of retrieval of our website, browser type, version and settings, your operating system and Internet service provider, about the websites used by you to get to our website or which called up by you via our website, as well as the quantity of data transmitted.
2.4 Your IP address will likewise be gathered on a case-by-case basis, i.e. an address allocated by your Internet service provider to your computer once to connect to the Internet. This IP address enables communication on the Internet. Your Internet service provider can retrace the IP address allocated to you at a given point in time. Since the full IP address allows at least to establish an indirect relation to an identifiable person on this account, we will exclusively gather your IP address in an abbreviated (anonymised) form to ensure that establishing any relation to an identifiable person by us will be excluded, and we will store it separately from any personal data.
2.5 Collection of such data to provide the website and to store the data in log files will be absolutely necessary to ensure operation of the website. Any possibility to object does not exist in this context.
2.6 Cookies
2.6.1 Furthermore, our website also uses cookies to collect your data exclusively while using pseudonyms. Cookies are small data packages generated by a web server and placed on the hard drive of your computer while your computer is communicating with the web server.
2.6.2 These information can also include Data such as IP address, web browser, device type, unique device identification numbers, name of the file accessed, date and time of access, amount of data transmitted, notification of successful access. We may also collect information about how your device interacts with our Website, such as which pages were accessed and which links were clicked. Some of these Data may be collected by using cookies or similar technologies.
2.6.3 We use two types of cookies: (1) necessary cookies, without which the function of our website would not be possible or only to a limited extent (for which consent is not necessary), and (2) optional cookies for purposes of website analysis and marketing. By collecting this information, we can better understand who visits our website, where visitors come from and what content on our website they are interested in. We use this information for our internal analysis and to improve the quality of our website and to better tailor it to the interests of our visitors. Furthermore, the Data can be used to guarantee network and data security.
2.7 Google Analytics
2.7.1 For optimization purposes our website uses the web analytics tool by Google LLC. (“Google”). Google Analytics uses cookies. Google Analytics places a cookie on your computer to recognize you on an anonymous basis when you return to a particular website. Google uses the information obtained by the cookie to store a profile of which pages you have visited within a session.
2.7.2 The stored information of the use of the Website (e.g. pages visited, time spent on the Website) generated by the cookies is transmitted and saved on a server by Google in the USA. This Website has activated the IP anonymization, whereby the IP address is shortened by Google within the EU and the EEA. Only in exceptional cases the whole IP address is first transferred to a server of Google in the USA and then shortened. Google is certified under the EU-U.S. Privacy Shield, so that an adequate level of data protection is ensured when processing Data in the USA. Google is a processor for our company and processes the Data solely on our behalf. We have a direct customer relationship with Google for the use of Google Analytics, by accepting the „Data Processing Amendment“ for Google Analytics. To find out more about the „Data Processing Amendment“ in Google Analytics please visit: https://support.google.com/analytics/answer/3379636?hl=en&utm_id=ad.
2.7.3 The Data received from Google Analytics will be used by us for our own business activities and planning, as well as for marketing activities, in order to better understand how the content of our website and the associated experience can be optimized. The IP address processed by Google Analytics will not be merged with other data from Google.
2.7.4 This Website uses the „Demographics“ function of Google Analytics. Thereby reports can be created which contain information about age, gender and interests of site users. These data originate from interest-based advertisements of Google as well as user data from third party providers. These data cannot be attributed to natural persons.
2.7.5 You can also disable the collected website specific data (IP address) through cookies sent and processed by Google, by downloading and installing the following browser plugin (https://tools.google.com/dlpage/gaoptout?hl=en).
2.8 GA Audiences & Remarketing
2.8.1 Our websites use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. This service is provided by Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
2.8.2 This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified based on your previous usage and surfing behavior on one device (e.g. your mobile phone), on other devices (such as a tablet or computer).
2.8.3 Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalized promotional messaging.
2.8.4 To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion.
2.8.5 You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link: https://www.google.com/settings/ads/onweb/.
2.8.6 The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give or withdraw from Google per Art. 6 (1) (a) DSGVO. For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing anonymous user behavior for promotional purposes.
2.8.7 For more information and the Google Privacy Policy, go to: https://www.google.com/policies/technologies/ads/.
2.9 Double Click by Google
2.9.1 Doubleclick by Google is a service of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Doubleclick by Google uses cookies to show you ads which are relevant for you. Your browser is assigned a pseudonymous identification number (ID) to check which ads are displayed in your browser and which ads are viewed. According to Google the cookies contain no personal information. The use of DoubleClick cookies only allows Google and its partner web pages to display ads on the basis of prior visits of our or other web pages on the Internet. The information generated by the cookies is sent by Google to a server in the US for analysis and is stored there. Google is certified under the EU-US Privacy Shield, so that an adequate level of data protection is ensured for the processing of personal data in the US. In no case will Google combine your data with other data collected by Google.
2.9.2 You may prevent the storage of cookies by using the respective setting of your browser software. You may also prevent the collection of data generated by the cookies and related to your use of these web pages for Google as well as the processing of such data by Google by downloading and installing the browser plugin available via the following link under the Item DoubleClick Deactivation Plugin.
2.10 Hotjar
2.10.1 In order to improve the user’s experience on the website the operator uses Hotjar, a feedback and analysis service owned by Hotjar Ltd (‘Hotjar’), Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe.
2.10.2 By using Hotjar, the operator can track and evaluate the user’s behavior (mouse movements, clicks, scroll height etc.) on the website. For this purpose Hotjar uses cookies on the user’s terminal device and transfers the user’s IP address to a Hotjar server where it is stored in an anonymized format for a maximum of one year.
2.10.3 For more detailed information on Hotjar data processing please go to https://www.hotjar.com/privacy
2.10.4 Users can block Hotjar at any time through the “Do Not Track” header: http://overheat.de/opt-out.html
2.10.5 Users can also opt-out of Hotjar tracking by using the following link: https://www.hotjar.com/opt-out. Furthermore, the user can prevent the use of cookies within the scope of Hotjar by selecting the appropriate settings in the browser. In this case, however, the full functionality of this website may not be available.
2.11 Cookie Consent
By clicking on the “OK”-button in the Website’s cookie banner you agree to the use of the cookies described under items 2.7 to 2.10 to the above described extent. The consent can be withdrawn at any time by deleting the cookies form the device and browser and adjusting the browser settings; this, however, may compromise the functionality of the Website. The withdrawal of the consent does not affect the lawfulness of processing based on consent before its withdrawal.
2.12 Google reCAPTCHA
2.12.1 We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).
reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google.
2.12.2 The reCAPTCHA analyses take place completely in the background. Website visitors are not advised that such an analysis is taking place.
Data processing is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in protecting its site from abusive automated crawling and spam.
For more information about Google reCAPTCHA and Google’s privacy policy, please visit the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.
3. PURPOSES OF PROCESSING
We process Data for the following purposes
– reply to messages, complaints and service requests you send us;
– reply to and management of job application you send us;
– operation, management, analysis and improvement of our website;
– IT support and maintenance;
– ensuring network and data security.
4. LEGAL BASIS FOR PROCESSING DATA
4.1 The legal basis for the collection and processing of Data depends on the specific context in which we collect it. We may process your Data:
4.1.1 if we have received your consent (Art 6 para 1 lit a GDPR), e.g. in connection with cookies pursuant to § 96 Austrian Telecommunications Act 2003), only to the extent of the consent given. You can withdraw your consent at any time with effect for the future.
4.1.2 in order to manage and fulfill (pre-)contractual obligations (Art 6 para 1 lit b GDPR) in connection with your requests via our Website. Further, we may process your Data in order to fulfill legal obligations (Art 6 para 1 lit c GDPR), such as ensuring network and data security.
4.1.3 on the basis of our legitimate interests (Art 6 para 1 lit f GDPR) or of a third party. These legitimate interests include: effective business management, further development of our services and products as well as for customer acquisition.
4.1.4 Sensitive Data within the meaning of Art 9 GDPR are generally not processed on our Website.
5. RECIPIENTS OF PERSONAL DATA
5.1 We may share the Data with the following recipients:
5.1.1 Our employees who need them to fulfill contractual and legal obligations and legitimate interests, group companies, external service providers (e.g. IT service providers) and partners who provide data processing services for us or who otherwise process Data for the purposes described in this declaration (such as external advisors) or who are disclosed to you when we collect your Data. A list of group companies, service providers and partners is available on request. All recipients are obliged to treat your Data confidentially and to process it only within the framework of the provision of services;
5.1.2 to any competent authority, such as supervisory or safety authorities, or public authorities, a court or other third parties, when disclosure is necessary (i) by law or regulation, (ii) to exercise, protect or defend our statutory rights, or (iii) to protect your important interests or the important interests of another person;
5.1.3 to a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of our business (or any part of it) if we inform the buyer that he may only use your Data for the purposes stated in this data protection declaration;
5.1.4 to any other person upon your consent if necessary.
6. OBLIGATION TO PROVIDE DATA
Some of the Data marked as mandatory fields on the Website are required in order to process your request or notification. Without providing this Data, we may not be able to or not completely to process or respond to your inquiry, notification, report, etc.
7. INTERNATIONAL DATA TRANSFER
7.1 Your Data may be transferred and processed in other countries outside the EU/EEA for which an adequate level of data protection has not yet been established by the EU Commission and which may not provide the same high level of protection. Subject to local laws and regulations Data may be accessible to local authorities or courts.
7.2 However, we have taken appropriate security measures to ensure that your Data remains protected in accordance with this data protection declaration. This includes the application of the EU Commission’s standard contractual clauses for the transfer of Data. Further details on the appropriate safety precautions taken are available on request.
8. DATA RETENTION
8.1 We keep your Data as long as this is necessary for the fulfilment of the purpose or as long as legal retention or documentation obligations, statutory limitation periods (e.g. the special limitation period for damages of 3 years or in specific case the general limitation period of 30 years according to the General Civil Code (ABGB)), or legitimate interests (keeping of evidence for asserting or defending legal claims) exist. 8.2 As soon as there are no legitimate purposes for the further storage of Data, these will either be deleted or made anonymous. If this is not possible (for example because your Data was stored in backup archives), we will store your Data securely and make it inaccessible to further processing until deletion is possible.
9. DATA SUBJECT RIGHTS
9.1 In accordance with applicable law, you have the right to access, correct, request deletion of his Data, to object to the processing of his Data, and portability of your Data, to request restriction of the processing of your Data, and to file a complaint with the data protection authority, when you believe your data protection rights have been violated (in Austria: Austrian Data Protection Authority, Österreichische Datenschutzbehörde).
9.2 If we process your Data on the basis of your consent, you can withdraw your consent at any time. You can withdraw your consent, which you have given by corresponding confirmation within the cookie banner, at any time also by a corresponding setting in your browser. The withdrawal of your consent has no effect on the legitimacy of the processing until your withdrawal.
9.3 To exercise these rights send an email to office@kitzbuehelalps.com or a letter to Kitzbueheler Alps Projekt Gmbh, Obere Gänsbachgasse 7, 6370 Kitzbuehel, Tyrol-Austria.
9.4 Automated decisions within the meaning of Art 22 GDPR mean that a decision that has legal effect on you or significantly affects you in a similar way is automatically made – including profiling – without verification by a natural person. We do not use automated decisions. We process Data partially automated to assess specific individual aspects (profiling) in order to provide you better services and information tailored to your interests.
9.5 The information and services available on the Website are directed at persons over 18 years of age. We will not knowingly process personal data of minors under the age of 18.
THE PLANS, DESIGN AND RENDERINGS ON THIS WEBSITE SERVE THE PURPOSE OF YOUR BETTER ORIENTATION AND VISUALIZATION. THEY, AS WELL AS THE FURNISHING, ARE SUBJECT TO CHANGE WITHOUT NOTIFICATION.