Legal notice and data protection

The protection of personal data and the safeguarding of your right to data protection is of particular concern to us. You can revoke your consent to this privacy policy or individual points in writing at any time by contacting us by e-mail at info@montafon.at or by post at Montafon Tourismus GmbH, Montafonerstr. 21, 6780 Schruns / Austria.

This privacy policy describes how Montafon Tourismus GmbH (hereinafter referred to as "we") as the operator of the website www.montafon.at, including its event pages (montafon.at/m3/en, montafon.at/montafon-arlberg-marathon, montafon.at/weltcup/en, montafon.at/montafoner-resonanzen) and our accommodation booking process hotels.montafon.at, uses the personal information that is collected when you visit the website, online applications and mobile platforms that contain a link to this privacy policy.

This Privacy Policy also applies to the Montafon App, it does not apply to websites, online applications or mobile platforms that are not linked to this Privacy Policy or to those that are operated by third parties alone. Please read the privacy statements published on such websites, online applications or mobile platforms.

By using this website and the above-mentioned websites, you agree to the following provisions of our privacy policy.

If additional online services are used by us, the data protection provisions of the respective product apply in the valid version. However, you will be informed of this separately.

Montafon Tourismus GmbH
Montafonerstr. 21, 6780 Schruns / Austria
T. +43 50 6686
info@montafon.at
montafon.at

Data protection coordinator and your contact person for all questions regarding data protection at Montafon Tourismus GmbH is Mr. Michael Junginger. You can reach him by e-mail at michael.junginger@montafon.at or T. + 43 506686 140.

The legislator stipulates that the privacy policy must be easy to understand. We would therefore like to start by briefly explaining the most important terms to ensure that we have a common understanding. Therefore, when we use the following terms in the declaration, they have the following meaning.

3.1 "Personal data"

means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3.2 "Data subject"

means any identified or identifiable natural person to whom the personal data relating to the processing relates.

3.3 "File system"

means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.

3.4 "Controller"

means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

3.5 "Processing"

means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3.6 "Consent"

any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3.7 "Restriction of processing"

the marking of stored personal data with the aim of limiting their processing in the future.

3.8 "Profiling"

any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

3.9 "Pseudonymization"

means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

3.10. "Processor"

means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

3.11. "Recipient"

a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

3.12. "Third party"

means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

3.13. "Personal data breach" means

a breach of security leading to the destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, whether accidental or unlawful.

3.14. "Health data"

personal data relating to the physical or mental health of a natural person, including the provision of health care services, and revealing information about his or her health status.

3.15. "Supervisory authority"

an independent public authority established by a Member State in accordance with Article 51 - in Austria, this is the data protection authority in Vienna.

3.16. "Online offer (website)"

means the information made available by us under the domain www.montafon.at, including the subpages that can be accessed via this page, if these subpages refer to this data protection declaration and it is not a third-party offer - as may be the case, for example, when a link is created.

3.17. "Data protection coordinator"

is a person not defined in the Regulation whose task is to coordinate all persons and bodies entrusted with the processing of your personal data and who is available to answer your questions about data protection.

We only process the personal data that you provide to us as a user of the website and/or as a customer, for example as part of an inquiry or registration or to conclude a contract, or if personal data is automatically collected through the use of our online offer.

4.1 Information provided by you

Information that we expressly ask you to enter in the respective service, which the service thus collects directly from you, may contain the following information: Contact details, such as your name, postal address, your e-mail address and telephone number, title voluntarily provided by you as well as other information voluntarily provided by you, e.g. in connection with participation in competitions (e.g. images, texts, etc.) or the interests you have indicated.

4.2 Information collected through the use of our online offer

In order to maintain security and improve user-friendliness, our website processes data that is generated through the use of our website without you having to actively provide it. This is access data / server log files. We collect data about every access to the service (so-called server log files). The access data includes: Name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer Uniform Resource Locator ("URL") (the previously visited page), IP address and the requesting provider.
We use the log data only for statistical evaluations for the purpose of operation, security and optimization of the Service. However, we reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use based on concrete evidence.

4.3 Summarizing list

For the sake of clarity, we list the purposes for which we process your data. In the next section, we explain the legal bases on which we base our processing.

We process your personal data

• for the purpose of contract fulfillment and contract management
• to provide and improve our service and support
• to contact you according to your request
• to personalize our services and provide the content you have selected
• to invite you to participate in surveys or similar promotions
• for data analysis
• for internal audits
• for the development of new products
• to identify trends in usage
• to determine the effectiveness of our marketing activities to which you have expressly consented in a customer agreement with us
• to prevent and detect security threats, fraud and other malicious activity
• to comply with our legal obligations and enforce our agreements
• to create accounts and statistics on access behavior (e.g. number of times a source is accessed, number of times the customer accesses a source in total and per source, changes in access frequency)
• to help you with a booking/order, to deliver it and to invoice it

5.1 Fulfillment of the contract

We base our data processing in relation to the fulfillment of the business relationship on Art 6 para 1 lit b GDPR (the processing is for the performance of a contract to which you as the data subject are a party. The same applies to such processing operations that are necessary for the performance of pre-contractual measures, for example in cases of inquiries about our products or services.

5.2 Consent

For data processing that is not related to a contract or pre-contractual measures and if the processing is not based on our legitimate interest, we will obtain your consent. In these cases, you will be informed separately and in the specific case and asked to consent to the processing of your personal data. You can withdraw your consent at any time with effect for the future. In such cases, please contact our data protection coordinator.

5.3 Legitimate interest

A legitimate interest in the processing of your personal data may be justified if your interests or fundamental rights and freedoms do not outweigh our specific interests in the processing of your personal data. A legitimate interest in the processing of your personal data may arise, for example, from an existing contractual relationship with us. Likewise, the processing of your personal data for the purpose of direct marketing can be regarded as processing serving a legitimate interest.

5.4 Legal obligation

We must also process personal data to fulfill tax obligations. In these cases, the processing is based on Art. 6 para. 1 lit. c GDPR.

5.5 Vital interests

In exceptional cases, such as accidents or disasters, we may process your personal data. In these cases, we base our processing on Art. 6 para. 1 lit. d GDPR.

Our website uses cookies and tracking pixels. We use so-called "session cookies", "persistent cookies", "third party cookies" and tracking pixels on the browser side. Cookies are small text files that are sent when you visit a website and are temporarily stored on the hard disk of the device you are using to visit the website. If the corresponding server of our website is called up again by the user of the website and/or customer, the browser of the user of the website and/or customer sends the previously received cookie back to the server. The server can then evaluate the information received through this process in various ways. For example, cookies can be used to make it easier to navigate the website, to enable the order process to be carried out or to control the display of advertisements.

We use the following types of cookies on our website:

• "Session" cookies, are temporary and are deleted when the browser is closed;
• "Persistent" cookies, remain in place until they expire or are deleted manually
• "Third party" cookies, i.e. cookies from third-party providers such as Google Inc, are used for behavioral advertising.
• "Tracking pixels" (counting graphics) are electrical graphics, also known as "one-pixel images", which enable recording or analysis.

If you, as a customer or user of our website, wish to prevent the use of cookies, you can do so by making local changes to the settings on your end device by opening the Internet browser used on your end device, i.e. the software suitable for opening and displaying Internet pages (e.g. Internet Explorer, Firefox, Safari, etc.). In many cases, the "Help" button of most browsers will show you how you can be notified when a new cookie is set and how you can block cookies.

Please note, however, that completely deactivating cookies may limit the functionality of the website.

We also offer you the option of controlling cookies or tracking pixels directly via our website. To view the current settings, please click here: Deactivating cookies.

Please note that the settings you make will be saved as a cookie. This is technically necessary and means that if you delete all cookies, this setting will also be deleted and must be made again.

Tracking pixels are 1x1 pixel graphics that are used to track user data. When you visit our website as a user and/or customer, the pixel is loaded. In web analysis, the loaded or not loaded pixel can be used to check whether a user has visited the page or not. We use these tracking pixels to analyze and improve our advertising measures and the functionality of our website.

If you want to prevent the use of tracking pixels, you can configure your e-mail software or browser so that graphics are only loaded after manual consent. There are also special browser plug-ins that are able to recognize and block tracking pixels.

6.1 Purpose of cookies and tracking pixels

We only use the log data for statistical evaluations for the purpose of operation, security and optimization of the service. However, we reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use based on concrete evidence.

The use of web analysis services serves to continuously improve our functions and services. Only non-personal data is used for analysis and reporting purposes. We do not combine this data with other personal data.

7.1 Google Analytics

We use various web analysis services, including Google Analytics from Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. These analysis services use "cookies", text files that are stored on your computer and enable your use of the website to be analyzed. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google complies with the data protection provisions of the "EU-US Privacy Shield".

These analysis services will use this information to evaluate your use of the website, to compile reports on website activity for the website operator and to provide other services relating to website activity and internet usage. The IP address transmitted by the user's browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link(tools.google.com/dlpage/gaoptout?hl=en). You can find more information on terms of use and data protection at google.com/analytics/terms/en.html or at policies.google.com/privacy?hl=en.

We would like to point out that on this website Google Analytics has been expanded to include the AnonymizeIP service in order to ensure an anonymized collection of IP addresses (so-called IP masking).
This function was developed by Google so that websites can comply with the applicable data protection regulations and recommendations of the local data protection authorities if they prohibit the storage of the full IP address. The anonymization or masking of the IP takes place as soon as the IP addresses arrive in the Google Analytics data collection network and before any storage or processing of the data takes place. You can find more information on IP anonymization at support.google.com/analytics/answer/2763052?hl=en.

7.2 Google Remarketing

We use Google Remarketing technology, a service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. With the help of this function, we can target you as a website visitor with advertising by displaying personalized, interest-based advertisements when you visit other websites in the Google or DoubleClick Display Network. Google uses cookies, which are stored on your computer, to analyze your website usage, demographic characteristics and interests. Google uses cookies, which are stored on your computer, to analyze your website usage, which is a prerequisite for the use of interest-based advertisements. The information generated by the cookie is transmitted to a Google server, stored there and can be analyzed by us in the context of statistics and used to create interest-based advertisements. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. You can object to the collection and storage of data at any time with effect for the future. You can deactivate the use of cookies by Google by visiting google.com/policies/technologies/ads to deactivate Google advertising. Alternatively, you can disable the use of cookies by third parties by visiting the opt-out page of the Network Advertising Initiative at optout.networkadvertising.org/?c=1. You can find further information on Google's data protection provisions at policies.google.com/privacy?hl=en.

7.3 Custom Audience

We use the Facebook "Custom Audience" technology, a service of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA. The data collected through the integration of cookies, web beacons or similar third-party technologies allows us to measure and design our advertising activities on Facebook more effectively and, for example, to display posts or advertisements only to visitors to our website. We only use cookies, web beacons and similar, proven and widely used third-party technologies to collect this data. We do not pass on lists of personal data to Facebook or upload them to Facebook. The data collected is only transmitted to Facebook in encrypted form. Any personal data of individual users is not visible to us. You can find more information on this in Facebook's privacy policy at facebook.com/about/privacy. If you do not wish data to be collected via "Custom Audience", you can deactivate "Custom Audience" here facebook.com/ads/preferences/?entry_product=ad_settings_screen.

With our newsletters we inform you about us and our offers. To receive our newsletter, you must provide your e-mail address. Before sending the newsletter, you must expressly confirm to us as part of the so-called double opt-in procedure that we should activate the newsletter service for you. You will then receive a confirmation and authorization e-mail from us asking you to click on the link contained in this e-mail to confirm that you wish to receive our newsletter. You can unsubscribe from the newsletter at any time. To do so, you must click on the link provided in the newsletter. Your e-mail address will be used exclusively by us and will not be passed on to third parties.

When you register for the newsletter, we save the date of registration and your voluntarily completed interest-related information. This storage serves as proof in the event that a third party misuses your e-mail address and registers to receive the newsletter without your knowledge.

We use the E-Marketing Suite ("EMS") software from Wilken GmbH, Hörvelsinger Weg 29-31, 89081 Ulm, Germany, to send our newsletter.

These contain a tracking pixel. This allows us to determine whether the emails have been opened or whether the links contained in the emails have been clicked on. We use this information to improve our e-mail service and evaluate which information is read or clicked on the most. We link this data to actions you have taken on our website. The information collected in this way is stored by the newsletter provider Wilken on its server in Germany. You can object to this tracking at any time by clicking on the separate link provided in each email or by informing us via the email address info@montafon.at. When you delete the email, the tracking pixel is also automatically deleted. Our normal text emails do not contain tracking pixels.

A so-called "Shariff" plugin is used on our website. This open source program allows you to share content from our website on various social media platforms. However, Shariff only transmits your data to the respective social media platform after you have actively clicked on the button.

9.1 Facebook

We cooperate with Facebook as a provider of a social network and have concluded an agreement on joint responsibility with Facebook Ireland Ltd (the Facebook "page controller addendum"). As part of this cooperation, your browser is automatically connected to the selected service provider (e.g. Facebook) when you use the respective service. For example, your IP address, cookies and other information are transmitted to the respective service provider if you have previously visited their website. This data transfer only takes place when you interact with these social networks.

A share button of the social network Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook") is integrated on our website. The share button can be recognized by the logo.

The Facebook share button is set up in compliance with data protection regulations. Only when you click on the "Share button" on our website (and only then) will a direct connection be established between your browser and the social network operator's server. According to the operator of the social network in question, no personal or company-related data is collected by the social networks without a click on the respective share button. Such data, including the IP address, is only collected and processed for logged-in members. If you do not wish your visit to our website to be associated with your respective social network user account, please log out of the respective social network user account beforehand.

At this point, we would like to point out that, as the provider of the website, we have no knowledge of the content of the transmitted data or its use by the social network, insofar as it goes beyond the operation of a Facebook fan page (Facebook Insights). Further information on the use of data by the social network can be found in Facebook's privacy policy.

9.2 Use of Facebook plugins

Plugins from the social network facebook.com - operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook") - are used on our website. These can be recognized by one of the Facebook logos (white "f" on a blue tile or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin".

When you access a website on our website that has such a plugin, a connection to the Facebook servers is established and the plugin is displayed on the website by notifying your browser. This tells the Facebook server which of our websites you have visited. If you are logged in to Facebook as a member, Facebook assigns this information to your personal Facebook user account. When you use the plugin functions (e.g. by clicking the "Like" button or posting a comment), this information is also assigned to your Facebook account. This can only be prevented by logging out before using the plugin.

You can find more information on the collection and use of data by Facebook as well as your rights in this regard and options for protecting your privacy in Facebook's privacy policy: www.facebook.com/policy.php.

It is also possible to block Facebook social plugins with add-ons for your browser.

9.3 Facebook Insights

We use Facebook Insights. This means that personal data about you as a visitor to our Facebook page is processed and can be analyzed. In the course of this data processing, there is joint responsibility between us and Facebook in accordance with Art. 26 GDPR. Facebook has added a supplement regarding the controller, which is available for download at www.facebook.com/legal/terms/page_controller_addendum. Please also note the data protection information on our Facebook page.

In the course of participating in a sporting event in the Montafon, we obtain your consent to the processing of personal data. This currently takes place at the following events: (M3 Montafon Mountain Bike Marathon, Montafon Arlberg Marathon). In the course of the event, we also process data that is required for the fulfillment of the contractual or legal obligation of the controller in accordance with Art. 6 para. 1 lit. b and c or f GDPR, insofar as this is necessary for performance/results recording or results management in connection with registration or participation in (sporting) events or competitions. This data is also stored and made publicly accessible in accordance with Art. 17 para. 3 in conjunction with Art. 89 GDPR for archiving purposes in the public interest and legitimate interests of the controller and stored and made publicly accessible by the Austrian Federal Sports Organization BSO, 1040 Vienna, Prinz-Eugen-Str. 12.

In the event of an inquiry (non-binding inquiry, inquiry about accommodation) or a booking, your data will be passed on to our hosts in the Montafon and stored and processed in the Feratel booking system and in our Wilken GmbH CRM system. If you make a booking via our system, we use your contact details to send you travel-related products and services (pre-trip info mail and a post-trip e-mail inviting you to rate the accommodation you have booked).

On our website and via our app, you can quickly and easily book admission tickets, mountain experiences and "activities" in general. For the technical implementation of the booking process, we use the activity booking software of the company regiondo. regiondo acts for us as a processor within the meaning of the GDPR. The software used manages our offers and is also used to manage the associated dates, availability and bookings, the placement of customer orders and communication with you before and after the purchase process.

We or our processor process your data that is necessary for the establishment and execution of the contract with you. This includes, in particular, personal master data provided by you, contact data (e.g. telephone number and email address), contract master data (e.g. contractual relationship, product or contract interest), customer history, contract billing and payment data and log data.

If we do not provide activities or services ourselves, we pass on the data required for the provision of services to the provider. We will let you know who this is and the contact details before you book. We delete your data when it is no longer required for the purposes mentioned and there is no other justification or obligation for further storage.

You can access the Outdooractive offer via our website and the Montafon app. Please read the current information on data protection carefully. Outdooractive GmbH & Co KG, Missener Straße 18, 87509 Immenstadt; Privacy policy: corporate.outdooractive.com/en/privacy-policy.

14.1 Order processing

As part of a world based on the division of labor, we use both internal and external processors to process personal data.

Within Montafon Tourismus GmbH, access to your personal data is granted to those departments or employees who need this data to fulfill pre-contractual measures or contractual obligations and to protect legitimate interests. The employees are obliged to handle and protect your data with care.

In addition, processors commissioned by us (in particular IT and back office service providers and printers) will only receive your personal data if they need it to fulfill the respective service and have undertaken to comply with data protection regulations by means of a processor agreement.

14.2 Disclosure of your personal data

In certain cases, we are entitled or obliged to pass on your personal data. This may be

• to enforce or comply with an official order, a law, a regulation or a coercive measure
• to detect and prevent security threats, fraud or other malicious activity
• to protect or enforce our rights or property; or
• to protect the rights or personal safety of our employees and third parties

Some of your personal data is stored by the respective service provider, e.g. Google, Facebook etc. in the USA and disclosed by them for certain purposes. To find out the purposes for which your data is disclosed, we recommend that you review the respective privacy policies.

If your personal data is transferred to third countries or international organizations, this will only be done on the basis of the provisions of Art. 44 et seq. of the GDPR, so that a level of protection appropriate to the data protection applicable in the EU/EEA is not undermined.

In accordance with the General Data Protection Regulation, as a data subject you are entitled to the rights and remedies listed under this point. To assert your rights and if you have any questions, please contact our data protection coordinator.

15.1 Right to confirmation of processing and right to information

As a data subject, you have the right to request confirmation from us as to whether personal data concerning you is being processed by us. You can contact us at any time for this purpose.

As a data subject, you have the right to receive information from us at any time free of charge about the personal data stored about you and a copy of this information. Your right to information includes the following information

• the purposes of processing,
• the categories of personal data processed by us
• the recipients or categories of recipients to whom the personal data have been or will be disclosed
• if possible, the planned duration for which your personal data will be stored or, if this is not possible, the criteria for determining this duration
• the existence of your right to rectification or erasure of personal data concerning you or to restriction of processing by us as controller or your right to object to such processing
• the existence of a right to lodge a complaint with the Austrian data protection authority as the supervisory authority
• if your personal data is not collected from you as the data subject: All available information about the origin of this data

Furthermore, as a data subject, you have the right to obtain information as to whether your personal data has been transferred to a third country or to an international organization. If this is the case, you as the data subject have the right to obtain information about the appropriate safeguards in connection with the transfer.

15.2 Right to rectification

As a data subject, you have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you.

15.3 Right to erasure (right to be forgotten)

As the data subject, you have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the following grounds applies and insofar as the processing is not necessary

• Your personal data have been collected or otherwise processed for such purposes for which they are no longer necessary.
• You have withdrawn your consent on which the processing was based pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR and there is no other legal basis for the processing.
• You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or as the data subject you object to the processing pursuant to Art. 21 (2) GDPR.
• Your personal data has been processed unlawfully.
• The deletion of your personal data is necessary to fulfill a legal obligation under Union law or the law of the Republic of Austria to which we are subject as the controller.

15.4 Right to restriction of processing

As a person affected by the processing of personal data, you have the right to demand that we, as the controller, restrict processing if one of the following conditions is met

• The accuracy of the personal data is contested by you as the data subject, for a period enabling us as the controller to verify the accuracy of your personal data.
• The processing is unlawful and you as the data subject oppose the erasure of your personal data and request the restriction of their use instead.
• We as the controller no longer need your personal data for the purposes of the processing, but you as the data subject require them for the establishment, exercise or defense of legal claims.
• You as the data subject have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

15.5 Right to data portability

As a data subject affected by the processing of personal data, you have the right to receive the personal data concerning you, which you as the data subject have provided to us as the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising your right to data portability pursuant to Art. 20 (1) GDPR, you as the data subject have the right to have your personal data transmitted directly from us as the controller to another controller, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

15.6 Right to object

As the data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR.

If we process your personal data for the purpose of direct marketing, you as the data subject have the right to object at any time to the processing of your personal data for the purpose of such marketing. There is no weighing of interests in this case.

15.7 Right of appeal

The Austrian Data Protection Authority, which you can reach at dsb.gv.at, is responsible for applications regarding the violation of the right to information, violation of the right to confidentiality, rectification or erasure.

Your data will be stored and processed in personal form until the end of the business relationship or until the expiry of the guarantee, warranty, limitation and statutory retention periods applicable to us as the controller; in addition, until the end of any specific legal disputes in which data is required as evidence; or until the end of the third year after the last contact with us as the controller, if we base the processing for marketing purposes on a legitimate interest. If we process your data on the basis of your consent, we will do so until you withdraw your consent - unless a reason arises beforehand that makes further processing/storage inadmissible.

Only those employees who are entrusted with the processing of personal data have access to your personal data.

We also protect your personal data from unauthorized access through encrypted storage, a role authorization concept, a data backup concept and physical protection measures for the servers. The security measures are continuously revised and adapted in line with technological progress.

In order to keep you up to date with our data processing, we will adapt our privacy policy if necessary. You will find the current version on this page. If you have any questions about the processing of your personal data, please contact our data protection coordinator.