Privacy Information According to Art. 13 and 14 GDPR
1. General
The protection of your personal data is of particular concern to us. We therefore process your data exclusively in a lawful manner on the basis of the statutory provisions (especially GDPR, DSG 2018, TKG 2021). In this privacy policy, we inform you about the most important aspects of data processing – type, scope and purposes of the collection and use of personal data – in the context of the use of our website and in the context of other services of our company.
Only the German version of our privacy policy is legally binding text. The English translation serves as a legally non-binding information. Deviations of the English text or how it could be understood do not affect the exclusive legal validity of the German text and its meaning.
1.1. Responsibility for the Processing of your Data
The responsible person (“controller” within the meaning of Art. 4 no. 7 GDPR) of the processing of your personal data (“personal data” within the meaning of Art. 4 no. 1 GDPR) is:
TOURISMUSVERBAND RAURIS
Sportstraße 2
A-5661 Rauris
Tel.: +43 6544 20022
E-Mail: info@raurisertal.at
Data protection officer:
We take the protection of personal data seriously and have appointed an external data protection officer for this purpose. Our data protection officer is MMag. Martin Zeppezauer, Thurnbichlweg 50, A-6353 Going am Wilden Kaiser (www.zepedes.com). You can contact our data protection officer at the email address martin@zepedes.com.
1.2. Purposes, Categories of Data and Lawfulness of the Processing of Personal Data
Purposes of the processing of personal data
The purposes of processing your personal data generally result from our business activities as a tourism organization: making our online offers available, processing customer inquiries / orders / bookings, accounting, communication with business partners and customers. Detailed information on the purposes of processing and, if necessary, further processing for other compatible purposes as well as the processed data categories can be found in the detailed descriptions of the individual data processing processes.
General categories of data
· Personal master data (e.g. name, date of birth and age, address)
· Contact details (e.g. email address, telephone number, fax number)
· Communication data (time and content of communication)
· Order or booking data (e.g. ordered goods or commissioned services and invoice data such as service period, payment method, invoice date, tax identification number ...)
· Payment details (e.g. account number, credit card details)
· Contract data (content of contracts of any kind)
· Web usage data (e.g. server data, log files and cookies)
Processing of special categories of personal data according to Art. 9 GDPR
· Health data (only if you have given us your explicit consent to process your order (e.g. mediation of a hotel specializing in guests with food intolerances or allergies))
Lawfulness of the processing of personal data
There is basically no obligation to provide the data for the data processing described in this data protection declaration. Failure to provide this data simply means that we cannot offer these services. The legal basis for the processing of your personal data, which is necessary for the fulfilment of a contract with you or an order from you to us, is Art. 6 (1) lit. b GDPR. Insofar as the processing of personal data is necessary on our part to fulfil a legal obligation (accounting obligation, bookkeeping obligation or other legal documentation obligations), Art. 6 (1) lit. c GDPR serves as the legal basis. If the processing of the data takes place in your own vital interest, the legal basis for the data processing is Art. 6 (1) lit. d GDPR. If we process your data to carry out the task assigned to us in the public interest (“sovereign action”), the legal basis is Art. 6 (1) lit. e GDPR. If processing is necessary to safeguard a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh our interests, Art. 6 (1) lit. f GDPR (“legitimate interest”) serves as the legal basis for processing. In this case, we will also inform you about our legitimate interests. Unless we have any other legal basis explained above for the processing of personal data, we will ask for your consent to data processing, whereby in these cases we refer to Art. 6 (1) lit. a GDPR or in the case of the processing of special categories of data based on Art. 9 (2) lit. a GDPR as the legal basis. You can revoke this consent at any time free of charge without affecting the legality of the processing carried out on the basis of the consent until the revocation.
1.3. Transfers of Personal Data to Data Processors and Third Parties
We process your personal data with the support of data processors who support us in providing