Privacy
Information on the data processing for this website in accordance with Article 13 of the EU General Data Protection Regulation (GDPR) when collecting personal data from the data subject
Zillertal-reisen Oosterom GmbH is responsible for this website and, as a teleservice provider, must inform you at the beginning of your visit in an accurate, transparent, understandable and easily accessible form in clear and plain language about the nature, scope and purpose of the collection and use of personal data. This content must be available to you at all times.
We attach great importance to the security of your data and compliance with data protection regulations. The processing of personal data is subject to the provisions of the European and national legislation in force.
We would like to show you how we handle your personal data and how you can contact us with the following data protection information:
Zillertal-reisen Oosterom GmbH
Unterberg 226
A-6278 Hainzenberg Zillertal
Entry in the commercial register: FN 527299 s
Managing Director: Matthijs Oosterom
Phone: +43 664 8613547
E-mail address: info@zillertal-reisen.com
Data Protection Officer
No Data Protection Officer has been appointed because the requirements for appointment have not been met.
If you have any questions about data protection or other data protection issues, please send an e-mail to the following e-mail address: info@zillertal-reisen.com
A. General
For better understanding, we refrain from gender-specific differentiation. In the interests of equal treatment, similar conditions apply to all sexes. The meaning of the terms used, such as "personal data" or the "processing thereof", can be found in Article 4 of the GDPR.
The personal data processed in the context of this website include:
- Stock data (e.g. names and addresses of customers),
- Contract data (e.g. services used, payment information),
- Usage data (e.g. pages visited on our website) and
- Content data (e.g. input into online forms).
B. Specific
Privacy policy
We guarantee that we will only process your data in connection with the processing of your inquiries and for internal purposes, as well as for the provision of services or content requested by you.
Basic principles of data processing
We only process your personal data in accordance with the relevant data protection regulations. The legal bases are:
- Provision of our contractual services
- Processing is a legal obligation
- Existence of your electronic consent (e.g. subscription to the newsletter)
- Enforcing our legitimate interests
We will be happy to show you where the above legal bases are regulated:
Processing for the performance of our services and the implementation of contractual measures
6(1)(b) GDPR
Processing to comply with our legal obligations
6(1)(c) GDPR
Permission
6(1)(a) and (7) GDPR
Processing for the purposes of our legitimate interests
6(1)(f) GDPR
Transfer of data to third parties
We would like to point out that data will be passed on to third parties.
Your data will only be passed on to third parties within the scope of legal requirements. We only pass on your data if this is necessary, for example for contractual purposes or on the basis of legitimate interests in economic and effective business operations.If we use subcontractors to provide our services, we take appropriate legal precautions and appropriate technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal regulations.
Transfer of data to a third country or an international organisation
A third country should be understood to mean countries where the GDPR is not directly applicable law. In principle, this includes all countries outside the EU or the European Economic Area.
We would like to point out that when using our website, data may be transferred to a third country if you select the services offered through the "Cookie Consent Tool" offered on the website. If you do not select a service, no data will be passed on to third parties.
The European Commission's adequacy decision shall be taken into account. It states that it is a safe third country or a safe international organisation that provides an adequate level of protection.
The following applies to the transfer of data to the USA: Since July 2023, the European Commission has issued an adequacy decision (Data Privacy Framework), which identifies the US as a third country with a level of data protection similar to that of the EU. The adequacy decision can now serve as the basis for data transfers to certified organizations in the United States.
The services used in the USA are certified within the framework of the Data Privacy Framework. Details can be found in the individual services.
Duration of storage of your personal data
We adhere to the principles of data minimization and data avoidance. This means that we will not keep your data for longer than is necessary to achieve the above purposes or as required by law. provide for the different retention periods.
If the respective purpose no longer applies, or after the respective periods have expired, your data will be routinely blocked or deleted in accordance with the statutory provisions.
Contact
By contacting us through the website, you consent to electronic communications. In the context of contacting us electronically, personal data is processed. The information you provide will be stored solely for the purpose of processing the enquiry and for any follow-up questions.
We would like to provide you with the legal basis for this:
• Processing for the performance of our services and the execution of contractual measures
6(1)(b) GDPR
We would like to point out that e-mails may be read or modified in transit without permission and without notice. We would also like to draw your attention to the fact that we use software to filter unsolicited e-mails (spam filters).
The spam filter can be used to reject emails that have been incorrectly marked as spam due to certain characteristics.
What rights do you have?
a) Right of access
You have the right to obtain information about your stored data free of charge. Upon request, we will inform you in writing which of your personal data we have stored. This also includes the origin and recipients of your data as well as the purpose of the data processing.
b) Right to rectification
You have the right to have your data stored with us corrected if it is incorrect. In doing so, you can request a restriction of processing, for example if you contest the accuracy of your personal data.
c) Right to block
You can also have your data blocked. In order to be able to take into account the blocking of your data at all times, this data must be stored in a blocking file for control purposes.
d) Right to erasure
You can request the deletion of your personal data, provided that there are no statutory retention obligations. If such an obligation exists, we will block your data upon request. If the relevant legal requirements are met, we will delete your personal data even without your request.
e) Right to data portability
You have the right to request that we provide you with the personal data that you have provided to us in a format that allows us to transfer it to another entity.
f) Right to lodge a complaint with a supervisory authority
You have the option of contacting one of the data protection supervisory authorities with a complaint.7
The data protection authority responsible for us:
Austrian Data Protection Authority
Wickenburggasse 8
1080 Vienna
Phone: +43 1 521 52-25 69
E-mail address: dsb@dsb.gv.at
Note: A complaint can also be filed with a data protection supervisory authority within the EU.
g) Right to object
You have the right to object at any time to the processing of your data pursuant to Article 6(1)(e) and (f) on grounds relating to your particular situation; This also applies to profiling based on these provisions.
Zillertal-reisen Oosterom GmbH will then no longer process your personal data, unless it can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; This also applies to profiling insofar as it is related to such direct marketing.
In the event of such an objection, we will no longer process your personal data for direct marketing purposes. All you have to do is send us an email.
h) Right of revocation
You have the option of revoking your consent to the processing of your data at any time without giving reasons, with effect for the future. You will not suffer any disadvantages from the withdrawal. All you have to do is send us an email.
However, such a revocation does not affect the lawfulness of the processing carried out up to the time of the withdrawal on the basis of the legal basis of Article 6(1)(a) of the GDPR.
To exercise your rights as a data subject, please send us an e-mail to the following address: info@zillertal-reisen.com
Protection of your personal data
We implement state-of-the-art contractually agreed, technical and organisational security measures to ensure compliance with data protection legislation and thus protect the processed data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons.
Security measures include, in particular, the encrypted transmission of data between your browser and our server. For this purpose, a 128-bit SSL (AES 128) encryption technology is used.
Your personal data is protected in the following ways (extract):
a) Maintaining the confidentiality of your personal data
In order to ensure the confidentiality of your data stored with us, we have taken various measures to control access, access and access.
The security measures used are constantly being improved in line with technological developments. Despite these precautions, due to the insecure nature of the Internet, we cannot guarantee the security of your data transmission to our website. As a result, any data transmission by you is at your own risk.
Protection of minors
Individuals who have not yet reached the age of 16 may only provide us with personal information with the express consent of their legal guardians. This data will be processed in accordance with this privacy policy.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
• Browser type and version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of server request
•IP address
This data is not combined with other data sources.
In accordance with Article 6(1)(f) of the GDPR, the legal basis for the data processing is our legitimate interest.
Cookies
Cookies are small text files that are stored locally in the cache of your internet browser. For example, cookies make it possible to recognize the internet browser. The files are used to help the browser navigate through the website and to make optimal use of all its features.
Cookie consent tool
This website uses a so-called "cookie consent tool" to obtain effective user consent for consent-based cookies and cookie-based applications.
The "Cookie Consent Tool" is shown to users when they visit the site in the form of an interactive user interface, on which consent can be given for certain cookies and/or cookie-based applications by checking the box.
Through the use of the tool, all cookies/services that require consent will only be loaded if the respective user gives the corresponding consent by ticking the box. This ensures that such cookies are only placed on the respective end device of the user if consent has been given.
The tool sets technically necessary cookies to store your cookie preferences. In principle, users' personal data will not be processed.
If, in individual cases, personal data (e.g. IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Article 6 (1).
1 lit. f GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in the legally compliant design of our website.
Another legal basis for the processing is Article 6(1)(c) of the GDPR. As the responsible party, we are legally obliged to make the use of technically redundant cookies dependent on the consent of the respective user.
Further information about the operator and the setting options of the cookie consent tool can be found directly in the respective user interface on our website.
Facebook pixel for creating Custom Audiences
On our website, we also use the so-called "Facebook pixel" of the social network Meta, which is operated by Meta Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland ("Facebook").
When a user clicks on an advertisement displayed on Facebook, an addition is added to the URL of our linked page by Facebook Pixel on the basis of his or her explicit consent. Then, after being forwarded to the user's browser, this URL parameter is written via a cookie into the user's browser, which our linked page sets itself.
The cookie is then read by the Facebook pixel and allows the data, including specific customer data, to be transmitted to Facebook.
The Facebook pixel enables Facebook to determine visitors to our website as a target group for the display of advertisements (so-called "Facebook ads").
We use the Facebook pixel to display the Facebook ads we place only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interest in certain topics or products that are determined on the basis of the websites visited), which we pass on to Facebook (so-called "Custom Audiences").
In addition, we also evaluate the effectiveness of our Facebook ads for statistical or market research purposes by tracking whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
The data collected does not allow us to draw conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with Facebook's Data Use Guidelines (https://www.facebook.com/about/privacy/).
The data may enable Facebook and its partners to place ads on and off Facebook.
The data processing in connection with the use of the Facebook pixel will only take place if you have given your express consent in accordance with Article 6(1)(a) GDPR.
Data will be transferred to a third country (in this case the USA) or an international organisation. Since July 2023, there has been an adequacy decision by the European Commission (Data Privacy Framework), which identifies the US as a third country with a level of data protection similar to that of the EU. The adequacy decision can now serve as the basis for data transfers to certified organizations in the United States.
According to the list of certified companies published by the U.S. Department of Commerce, Meta Platforms, Inc. is listed as a certified company.
You can revoke your consent at any time with effect for the future. You can revoke your consent at any time with effect for the future. To exercise your revocation, deactivate this service via the cookie settings
Google Ads and Google Conversion Tracking
This website uses Google Ads. Ads is an online advertising program provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
In the context of Google Ads, we use so-called conversion tracking.
When you click on an advertisement from Google, a conversion tracking cookie is placed. Cookies are small text files that the internet browser places on the user's computer. These cookies expire after 30 days and are not used to personally identify users.
If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognise that the user has clicked on the advertisement and has been redirected to this page.
Each Google Ads customer receives a different cookie.
The cookies cannot be tracked through the websites of Ads customers. The information collected with the help of the conversion cookie is used to compile conversion statistics for advertising customers who have opted in to conversion tracking.
Customers will see the total number of users who clicked on your ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
If you do not wish to participate in tracking, you can object to this use by slightly deactivating the Google Conversion Tracking cookie via your internet browser under User Settings. They won't be included in conversion tracking metrics.
Your consent to this data processing is subject to Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. To exercise your revocation, deactivate this service via the cookie settings
Note on data processing in the USA by Google: If you click on "Accept all", you also agree that your data may be processed in the USA within the meaning of Article 49 (1) sentence 1 (a) GDPR. According to the current legal situation, the US is considered a country with an inadequate level of data protection.
There is a risk that your data may be processed by the US authorities for control and surveillance purposes. Currently, there are no legal remedies to take action against this practice. You can revoke your consent at any time with effect for the future. To exercise your revocation, deactivate this service via the cookie settings
You can find more information about Google Ads and Google Conversion Tracking in Google's privacy policy: https://policies.google.com/privacy?hl=de
You can set your browser to inform you about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies in certain cases or in general, and activate the automatic deletion of cookies when the browser is closed. If cookies are disabled, the functionality of the this website are restricted.
Google Tag Manager
We use Google's Google Tag Manager service. "Google" is a group of companies consisting of Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and other subsidiaries of Google LLC.
The Google Tag Manager is a support service and processes personal data only for technically necessary purposes. Google Tag Manager takes care of loading other components, which in turn can collect data. Google Tag Manager does not have access to this data.
To the extent required by law, we have obtained your consent to the processing of your data described above in accordance with Article 6(1)(a) of the GDPR in conjunction with § 25 TTDSG.
Data will be transferred to a third country (in this case the USA) or an international organisation.
Since July 2023, there has been an adequacy decision by the European Commission (Data Privacy Framework), which identifies the US as a third country with a level of data protection similar to that of the EU.
The adequacy decision can now serve as the basis for data transfers to certified organizations in the United States. According to the list of certified companies published by the U.S. Department of Commerce, Google LLC. is listed as a certified company.
Newsletter
If you subscribe to our e-mail newsletter, we will regularly send you information about our offers. Personal data is collected for this purpose. The only mandatory information for sending the newsletter is your e-mail address.
The provision of other data is voluntary and is used to address you personally. This data will be used by us for our own advertising purposes in the form of the e-mail newsletter, provided that you have expressly consented to this as follows: "Subscribe to the newsletter"
We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you an e-mail newsletter after you have expressly confirmed to us that you agree to receive the newsletter. We will then send you a confirmation email asking you to confirm that you would like to receive the newsletter in the future by clicking on the respective link.
By activating the confirmation link, you consent to the use of your personal data in accordance with Article 6(1)(a) of the GDPR. When you subscribe to the newsletter, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any misuse of your e-mail address at a later date.
You can unsubscribe from the newsletter at any time via the link in the newsletter or by sending us an e-mail, info@zillertal-reisen.com. After you have unsubscribed, your e-mail address will be immediately removed from our newsletter mailing list and included in a blocking file to ensure that you revoke your consent.
Data processing when opening a customer account
In accordance with Article 6(1)(b) of the GDPR, personal data will be further collected and processed to the extent necessary if you provide it to us when opening a customer account.
You can find out which information is required to open an account in the input screen of the respective form on our website. Your customer account can be deleted at any time and can be done by sending a message to the aforementioned address of the data controller.
After the deletion of your customer account, your data will be deleted, provided that all contracts concluded in this context have been fully processed, there are no statutory retention periods that stipulate otherwise and there is no legitimate interest on our part in further storage.
Provision of personal data for payment
As part of the processing of payments, we pass on payment data to the ordering credit institution.
Payment for online bookings:
Payment by "credit card": If you choose to pay by credit card, the payment details you enter and the necessary data (name, credit card number,...) will be passed on to the respective provider.
In the case of payment via PayPal, we pass on the payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal"). PayPal reserves the right to carry out a credit report for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – "purchase on account" via PayPal.
PayPal uses the result of the creditworthiness check regarding the statistical probability of non-payment to decide on the offer of the respective payment method. The credit report may contain probability values (so-called score values). To the extent that score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure.
Among other things, address data is included in the calculation of the score values. For more information on data protection laws, including the credit bureaus used, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Alternatively, you can also pay directly on site by debit card or cash.
Social Networks
In addition to this online offer, we are also present on various social media, which you can access via corresponding buttons on our website. If you visit such a presence, personal data may be data that is transmitted to the provider of the social network. In addition to the storage of the data that you have specifically entered into these social networks, other information may also be processed by the provider of the social network.