Data Privacy Policy
TSG Tourismus Salzburg GmbH is responsible for the processing of your personally identifiable data on our website.
Our corporate data may be found in the Imprint/Legal Notice.
Data Privacy Officer
Our data privacy officer may be contacted by email at privacy@salzburg.info.
Data Protection
We take the protection of your personally identifiable data very seriously. We process your personally identifiable data according to the provisions of current data privacy laws as well as those of the privacy policy at hand. In general, use of this website is possible without providing personally identifiable data. Insofar as personally identifiable data (such as name, postal or email addresses) is collected, this occurs, to the greatest extent possible, purely on a voluntary basis.
Unless otherwise stated within this data privacy policy, all processing of personally identifiable data occurs within the European Union.
Contracted Data Processing, Recipients
We process your personally identifiable data with the assistance of contractors who support us in providing our services (e.g. Web hosts, email newsletter services). These contractors are contractually obligated to strictly ensure the confidentiality of your personally identifiable data and may not use your personally identifiable data for any purposes other than providing our services. Your personally identifiable data will only be transmitted to industry-typical service providers, such as banks (should we need to transfer funds to you, for example), tax consultants (if you appear in our books), shipping providers (if you ask us to send something to you by post), etc.
Contact Form
After you have submitted the contact form, the personally identifiable information you have provided will be processed in order to respond to your request subject to the permission you expressed by submitting the form to us. You are under no legal or contractual obligation to provide personally identifiable data. Failure to do so will merely result in your being unable to send us your request and our being unable to process it. You have the right to revoke your consent at any time in writing. This shall in no way affect the legality of our having processed your information pursuant to your permission until the point of revocation. You have the right to revoke your consent to the use of your personally identifiable data for the purposes of direct advertising in writing at any time. In the eventuality that you revoke your consent, your personally identifiable data will no longer be used for the purposes of direct advertising.
Registration Form
Subsequent to your having submitted registration, the aforementioned data will be processed in order to fulfill the contract on the basis of the contract which was entered into pursuant to your having submitted said registration for the period of the agreement or until all pre-contractual measures have been taken. The aforementioned data must be provided in order to make use of our services. You have the right to object in writing to use of your personally identifiable data for the purposes of direct advertising. In that case, your personally identifiable data will no longer be used for the purposes of direct advertising.
Prize Contests
After you have submitted the entry form for the prize contest, the data you have provided will be processed in order to conduct the prize contest, subject to the contract for the prize contest and until said prize contest is concluded. You are under no legal or contractual obligation to provide personally identifiable data. However, that data is necessary if you wish to participate in the prize contest. Failure to do so will merely result in your being unable to participate in the prize contest. Your data may be further processed for reasons consistent with the original purpose, and upon the same legal foundation, for purposes of direct advertising not requiring expressed consent, such as advertising sent by means of addressed postage, until such point as you may revoke your consent. In the latter instance, your data will be shared with a mailing service provider. You have the right to object in writing to use of your personally identifiable data for the purposes of direct advertising. In that case, your personally identifiable data will no longer be used for the purposes of direct advertising.
E-Mail-Newsletter
By selecting the checkbox, you consent to the processing of the personally identifiable data you provided for the purpose of sending you information about special offers, news and/or events by means of an email newsletter until such time as you rescind or revoke that consent. You are under no legal or contractual obligation to provide personally identifiable data. Failure to do so will merely result in your being unable to receive the email newsletter. You have the right to revoke your consent at any time, either in writing or by clicking on the unsubscribe link contained in the email newsletter. This shall in no way affect the legality of our having processed your data until such point as your consent was revoked. Similarly and in the same ways, you may revoke your consent to the use of your personally identifiable data for direct advertising purposes. In the event you decide to revoke your consent, your personally identifiable data will no longer be used for direct advertising purposes in the form of an email newsletter.
Cookies
Information on the use of cookies:
This website uses software for analysis of usage.
Evaluation of these data can provide useful insights into user needs, contributing to the further improvement of the quality of our product.
This involves the use of cookies – small blocks of data sent to your browser to enable anonymous recognition of your visit. In general, cookies can be rejected or deleted through appropriate browser settings. Relevant statements made here apply in similar form to other technical browser functions such as Local Storage and Session Storage.
Some of the cookies on this website are necessary for the website to function, and are set based on our legitimate interest in the secure and efficient operation of the website. We do not share personal information with third parties for their own business purposes.
Cookies for the purpose of analysis and profiling are used only with your express consent.
You may at any time revoke any given consent HERE.
Server Log Files
In order to monitor the technical functionality and improve the operational reliability of the Web server and subject to our overriding legitimate interest (technical security measures), our website processes the following personally identifiable data in a Server Log File:
- accessed content
- date and time of server request
- browser type/browser version
- operating system used
- IP address
This data is stored for 8 days and then deleted.
Google Analytics with Google Signals
This website uses Google Analytics, a web analysis service provided by Google Ireland Limited, 4 Barrow St, D04 E5W5 Dublin, Ireland (“Google”) on the basis of your consent (analysis of website use). We have entered into a data processing contract with Google for them to do so. When you access our website, the software automatically establishes a connection to the servers of Google and data is transmitted to those Google servers, some of which are located in the USA. Google Analytics also uses cookies in order to store information about website users and to analyze use of the website. Our website uses the function "IP anonymization". By doing so, if you are located within a member state of the European Union or in a signatory state of the European Economic Area, your IP address will first be truncated and thus anonymized by Google. Only in exceptional cases will your full IP address first be transmitted to a Google server in the USA, where it is then truncated. According to Google, Google will use the data collected in order to analyze website use, compile reports about website activities and provide us with additional services related to website use and Internet use in general. Furthermore, Google may under certain circumstances transmit this information to third parties, insofar as this is legally permissible or if the third party is contracted to process data on behalf of Google. Detailed information about how user data is handled by Google Analytics may be found in the privacy policies of Google and Google Analytics.
In addition, Google Signals is activated on our website. Google Signals, a feature of Google Analytics, enables cross-device reporting and remarketing. This function uses the Google data-linking process in order to gather and process information when users are logged into their Google account and have activated their personalised advertising. Google Signals allows cross-device tracking of users' online behaviour; data points gathered include their remarketing, demographic characteristics and interests.
Any transmission of data to the USA is subject to the adequacy clause as laid out by the European Commission in Art. 45 par. 1 of the GDPR. Within the scope of this, companies who have earned “Privacy Shield” certification are deemed to guarantee an adequate level of data privacy. Google is certified under the "Data Privacy Framework".
Google Analytics Deactivation
- You can prevent the collection of your user data by Google Analytics in general and on all websites by downloading and installing the browser plug-in which is available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
- You can prevent the collection of your user data by Google Analytics on this website only by clicking on the following link: Cookie-Settings
Facebook Pixel
This website uses Facebook Pixel, a Web analysis service provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”) on the legal foundation of your expressed consent (analysis of website use). Some of the data is transferred to the USA. Transmission of data to the USA is conducted in accordance with the guidelines of the "Data Privacy Framework" agreement between the EU and the USA. When you access our website, software establishes a connection to the servers of Facebook and some data is transmitted to Facebook servers located in the USA. Facebook Pixel also uses cookies in order to store information about the website user and in order to analyze use of the website by website users. According to Meta, Facebook will use the collected data in order to analyze use of website, compile reports about website activities as well as to provide other services associated with website use and use of the Internet in general. Furthermore, Meta may transfer this information to third parties, insofar as this is legally prescribed or in so far as third parties are contracted by Facebook to process the data. More detailed information about how Facebook handles user data can be found in their own data privacy policy at Facebook.
- You can prevent the collection of your user data on our website by Facebook Pixel by clicking on the following link. This will install an opt-out cookie that will prevent your data being collected whenever you visit our website in future: Deactivate Facebook Pixel.
Facebook Social Plugins
We use social plug-ins from the social network facebook.com subject to your expressed consent (Art. 6 par. 1 lit. a GDPR). These are operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”). The plug-ins may be in the form of interactive elements or content (e.g. videos, graphics or texts) and are recognizable by the Facebook logo (white “f” on a blue tile, the word “Like” or a “thumbs-up” symbol), or they are indicated by means of the additional descriptor “Facebook Social Plugin”. In order to see the appearance of the various social plug-ins, please visit: https://developers.facebook.com/docs/plugins/.
Meta is certified under the Data Privacy Framework, thereby guaranteeing that it will, in compliance with the adequacy clause of the EU commission as stipulated in Art. 45 GDPR, comply with European data privacy laws and maintain an appropriate level of data privacy. (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active).
When a user activates a function of this online offer which contains such a plug-in, the user’s device will establish a direct connection with the Meta servers. The content of the plug-in will be transmitted by Meta directly to the user’s device and thereby be integrated into the online offer. This may result in the processed data being used to create usage profiles of the user. That said, we have no influence whatsoever on the scope of data collected by Facebook with the aid of these plug-ins and are informing the user only to the extent of our personal knowledge.
By integrating plug-ins, Meta receives information that a given user has accessed a particular page of an online offer. If the user is logged into Facebook, Meta can associate the visit with the user’s Facebook account. If users interact with the plug-ins, for example by clicking on the Like button or submitting comments, the corresponding information is transmitted from your device directly to Facebook, where it is then stored. If a user is not a member of Facebook, there still exists a possibility that Meta will be aware of, and store the user’s IP address.
For details about the purpose and extent of data collection, as well as how that data is subsequently processed and used by Meta, along with your rights and settings options in order to protect your private sphere as a user, please refer to Meta’s own data privacy policies: https://www.facebook.com/about/privacy/.
Facebook Remarketing / Retargeting
Based upon the legal foundation of your expressed consent (Art. 6 par. 1 lit a GDPR), remarketing tags of social network Facebook from Meta Platforms, Inc., 1 Meta Way, Menlo Park, California 94025-1453, USA („Meta“), have been integrated into our pages. When you visit our webpages, remarketing tags establish a direct connection between your browser and the Meta servers. By means of this, Meta receives information that you have visited our website from your IP address. In this way, Meta can associate your visit to our webpages with your user account. We may use the information obtained in this way in order to display Facebook ads. We wish to point out that we, as providers of these webpages, have no knowledge of the content of data transmitted nor of the use to which Facebook puts the information. Further information may be found in Facebook’s own data privacy policy located at https://www.facebook.com/about/privacy/. Please click here if you wish to revoke your consent: https://www.facebook.com/ads/website_custom_audiences/
Based on the legal foundation of your expressed consent (Art. 6 par. 1 lit a GDPR), our online offer may contain functions and content from Instagram, a service provided by Meta Platforms, Inc., 1 Meta Way, Menlo Park, California 94025-1453, USA („Meta“). This may include, for example, content such as pictures, videos, texts and/or buttons by means of which the user can express like or dislike for certain content, and potentially subscribe to the authors of such content or our own contributions. Insofar as users are members of the platform Meta, Instagram may associate the aforementioned content and functions to their own profiles of users. Meta is certified under the Data Privacy Framework agreement, thereby guaranteeing that it will, in compliance with the adequacy clause of the EU commission as stipulated in Art. 45 GDPR, comply with European data privacy laws and maintain an appropriate level of data privacy. (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active).
Instagram’s own data privacy policy can be found at https://instagram.com/about/legal/privacy/.
X (formerly Twitter)
Within our online offer and on the legal basis of your expressed consent (Art. 6, par. 1 lit a GDPR), we may have integrated functions and content of the service X (formerly Twitter), provided by Twitter International Unlimited, One Cumberland Place, Fenian Street Dublin 2, D02 AX07, Irland („X“). This may include content such as pictures, videos, texts or buttons, by means of which the user can express their preferences with respect to content or the authors of content, or can subscribe to our own postings. Insofar as the user is a member of the X (formerly Twitter) platform, X may associate the aforementioned content and functions with the user’s own profile.
When X (formerly Twitter) is used, data are also transmitted to the USA, where the data-protection level is lower than in the European Union. X has declined to certify its own company under the Data Privacy Framework between the EU and the USA. Transmission of your personal details is therefore carried out on the basis of your consent to processing the data (Art. 49 (1) a DSGVO).
X (formerly Twitter) Conversion-Tracking
Within our online offer and on the legal basis of your expressed consent (Art. 6, par. 1 lit a GDPR), we utilize conversion tracking pixels from Twitter International Unlimited, One Cumberland Place, Fenian Street Dublin 2, D02 AX07, Irland („X“). By means of these, we are able to track users’ behaviors after they have viewed or clicked on X advertising. This allows us to compile data about the effectiveness of X advertising for statistical and market research purposes. This data is anonymized, which means we do not see the specific personally identifiable data of individual users. However, this data is stored and processed by X, about which we hereby inform you to the extent of our own knowledge. X may associate this data with your X (formerly Twitter) account and use it for its own advertising purposes in accordance with X’s own privacy policy https://twitter.com/en/privacy. This may enable Twitter as well as its partners to display advertising both on and outside of Twitter. Furthermore, a cookie will be stored on your computer to this end.
Special information about conversion tracking as well as data privacy settings to ensure advertising that is tailored to your preferences, can be found at https://support.twitter.com/articles/20171528#.
Your data privacy settings at Twitter can be changed within your account at http://twitter.com/account/settings.
Twitter is certified under the Privacy Shield agreement, thereby guaranteeing that it will, in compliance with the adequacy clause of the EU commission as stipulated in Art. 45 GDPR, comply with European data privacy laws and maintain an appropriate level of data privacy. (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).
YouTube
This website utilizes YouTube in order to display videos. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If you use YouTube, information about your use of this website may be transmitted to Google. If you open a webpage that is part of our Internet presence and which contains a YouTube video, your browser will establish a direct connection with the servers of Google. The video will then be transmitted directly from Google to your browser and integrated into the webpage. As a consequence, we have no influence on the scope of data collected by Google in this way. Our current state of knowledge indicates that Google collects at least the following data:
- Date and time of day of your visit to the webpage in question,
- Internet address or URL of the webpage you have accessed,
- IP address,
- Selected video and any quality-settings you have applied.
We have no influence on how data is further processed or used by Google and can therefore accept no responsibility for the aforementioned.
The purpose and extent of data collection, as well as how that data is processed and used by Google, and your associated rights and settings options in order to protect your personal privacy, can be found in Google’s own data privacy policy (https://policies.google.com/privacy?hl=en).
Google LLC is an active participant in the Data Privacy Framework agreement (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active), thereby guaranteeing that it will, in compliance with the adequacy clause of the EU commission as stipulated in Art. 45 GDPR, comply with European data privacy laws and maintain an appropriate level of data privacy.
Contacting us via WhatsApp
You have the option of using your smartphone to contact us on WhatsApp. Any communications are end-to-end encrypted, though it is possible that WhatsApp will use other information (metadata generated by the communication) for its own purposes. This is part of the WhatsApp conditions of use to which you expressed your consent when creating your WhatsApp account. Further information can be found in the WhatsApp data privacy policy.
When processing your data, data will also be transmitted to countries outside of the European Union, in particular the USA. As WhatsApp's parent company Meta Platforms Inc. is certified to ensure an adequate level of data protection (Data Privacy Framework between the EU and the USA: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active), no additional authorization is required for this data transfer due to a decision by the EU Commission.
The processing of data on the part of TSG occurs upon receipt of your request based on the legal foundation of taking those steps which are necessary prior to entering into a contract (Art. 6 par. 1 b GDPR) or based on the legitimate interest of TSG (Art. 6 par. 1 f GDPR). The data will be deleted as soon as it is no longer required for such processing purposes. Due to business constraints, deletion can only occur at specific points in time. Until such a point in time, processing will be restricted, in other words the data will not be used for other purposes until it is deleted. (§4 par. 2 DSG)
Contacting us via Facebook Messenger
You have the option of contacting us via Facebook Messenger. Please note that such communications are not automatically end-to-end encrypted and that, based on the information we have available to us, Facebook will analyze the transmitted content and use it for its own purposes, including in order to display advertising on Facebook. By creating a Facebook account, you have expressed your consent to such processing. Further information can be found in the Facebook data privacy policy.
When processing your data, data will also be transmitted to countries outside of the European Union, in particular the USA. Since Facebook is certified by its parent company Meta Platforms Inc. to ensure an adequate level of data protection (Data Privacy Framework between the EU and the USA: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active), no additional authorization is required for this data transfer due to a decision by the EU Commission.
The processing of data on the part of TSG occurs upon receipt of your request based on the legal foundation of taking those steps which are necessary prior to entering into a contract (Art. 6 par. 1 b GDPR) or based on the legitimate interest of TSG (Art. 6 par. 1 f GDPR). The data will be deleted as soon as it is no longer required for such processing purposes. Due to business constraints, deletion can only occur at specific points in time. Until such a point in time, processing will be restricted, in other words the data will not be used for other purposes until it is deleted. (§4 par. 2 DSG).
Share Buttons
Many pages of our website use buttons intended for the sharing of content by means of social media platforms Facebook, Google Plus, Linkedin, Pinterest, Tumblr, X (formerly Twitter) and XING. With respect to the protection of our website visitors’ personally identifiable data, these buttons are ideally designed, since the script (computer program) behind the buttons neither compiles nor processes personally identifiable data. Precise information (in German) about button functionality is provided by Heise Verlag, which is the publisher of IT magazine c’t and the developer of the buttons. Website visitors wishing to share our site and who click on the buttons are immediately redirected to the “share” pages of the respective social media platforms. Only there are the scripts necessary to share content downloaded to your computer. At that point, the terms of business and data privacy policies already agreed upon between the website visitor and the social media platform in question shall apply. Detailed information about this can be found on the respective websites of Facebook, Linkedin, Pinterest, X (formerly Twitter), XING.
Trivago
Portions of this website integrate information for the purpose of tracking advertising campaigns on Trivago. Consequently, Trivago receives information about how and when you followed specific advertising campaigns. This information is only shared with Trivago subject to your consent (Art.6 par.1 lit a GDPR) as expressed in your Cookie Settings.
MyHotelshop
In order to optimize our online marketing strategies, we work together with MyHotelshop. When you visit our website, information is shared with MyHotelshop, with whom we then evaluate and measure the effectiveness of the aforementioned strategies. This information is only shared with MyHotelshop subject to your consent (Art.6 par.1 lit a GDPR) as expressed in your Cookie Settings.
Booking of accommodations and additional services
When you make a direct booking for hotels or additional services (e.g. guest cards) by means of our website, information about your booking will be shared with the hotel or service provider in question. This occurs on the legal basis of contract performance or taking pre-contractual measures (Art.6 par.1 lit a GDPR) required for performance of said contract.
Whistleblower system
We use a whistleblower system, which can be accessed at https://whistleblowersoftware.com/secure/TSG, for the confidential or anonymous reporting of potentially unlawful behaviour. Processing of your contact details or additional information on the reports submitted is confidential. The legal basis for the processing is a legal obligation stipulated by the Austrian Whistleblower Protection Act (HSchG) (Art. 6 (1) c GDPR). This also applies to the processing of special category data or sensitive data in accordance with Art. 9 (2) g GDPR.
You have the option of reporting anonymously, in which case no personal data about you will be processed.
If you decide to report confidentially, your name, optional telephone number and email address will be stored and reported to the internal reporting office, which will process your case confidentially and will not pass on your data within the company.
You have the option of reporting verbally by recording an audio file, which will be uploaded to our servers. You can activate voice distortion to ensure maximum anonymity.
You also have the option of uploading documents to be attached to the case. These documents may contain personal data.
Data on reports received will be stored for a period of five years from the last data transmission, unless longer storage is required following the initiation of investigation proceedings.
Information is passed on to legal advisors commissioned by us who are subject to professional secrecy and, if necessary, to authorities for the investigation and initiation of proceedings. Data is also passed on to technical service providers who support us in providing the whistleblowing system. However, these service providers may not use the data for their own purposes and are bound by additional agreements to the strict provisions of the General Data Protection Regulation and the associated high security standards.
For the processing of information in accordance with the Whistleblower Protection Act, the otherwise existing rights of data subjects are restricted by law. This applies in particular to the right of access, the right to rectification, the right to erasure, the right to information, the right to restriction of processing, the right to objection and the right to be notified of a personal data breach.
Your Rights
You have the right to receive information about the personally identifiable data which has been collected about you, to have this data deleted as well as restrict the processing thereof. Insofar as the legal foundation for the processing of your personally identifiable data is based on your consent or in a contract which has been entered into with you, you have the right to have your data provided to you or your agent in a customary form. You have the right to revoke your consent to the processing of your personally identifiable data, insofar as your consent has been granted. The legality of the processing of your personally identifiable data until such point as your consent may have been revoked shall in no way be affected by the revocation. You have the right to object to the processing of your personally identifiable data for the purposes of direct advertising. Should you indeed object, your personally identifiable data will no longer be processed for direct advertising purposes. Furthermore, you have the right to submit a complaint to the competent governmental oversight office.
Please note that the rights mentioned here are restricted by law when processing information using the whistleblower reporting system.