Privacy Policy

Lech-Zürs Tourismus GmbH attaches great importance to the privacy of each individual customer. The processing of personal data therefore always takes place within the framework of the applicable data protection regulations, in particular those of the Basic Data Protection Ordinance (DSGVO), the Austrian Data Protection Act (DSG) and the Telecommunications Act (TKG 2003). All employees of Lech-Zürs Tourismus GmbH are obliged to observe data secrecy in accordance with § 6 DSG.

3.1 Types and categories of data

We collect and use your data only to the extent necessary to provide a functioning website and our content and services. This means we process only the data that you give us through information disclosed as a user of the website, and/or as a customer or prospect (during a survey or registration or to enter into a contract, for example).

The following data types can be the object of data processing by us or a service we use:

• Basic data (e.g. name, title, and address)
• Content data (e.g. text entries, photographs, videos).
• Contact details (e.g. e-mail, telephone numbers).
• Data connected with an inquiry
• Meta/communication data (e.g. device information, IP addresses)
• Usage data (e.g. websites visited, interest in content, access times)
• Contract data (e.g. subject of contract, term, customer category)

We also process the aforementioned data types of the following categories of data subjects:

• Customers
• Prospects
• Users (e.g. website visitors, users of online services)
• Business and contractual partners
• Communication partners
• Participants in sweepstakes and competitions

3.2 2.1. Scope of processing

We process your data for the following purposes:

• To provide our website
• To improve and develop our website
• To render contractual performances (contract formation) and for customer services
• To process inquiries
• To identify, prevent, and investigate attacks on our website
• To create user profiles (profiles with user-specific information)
• To measure reach (such as access statistics and identifying returning visitors)

3.3 Legal basis

Legal basis for data processing is:

• Your consent: Insofar as we obtain your consent for the processing, Art. 6 para. 1 lit a GDPR serves as the legal basis.
• Contract fulfilment and/or pre-contractual requests (Art. 6 para. 1 lit b. GDPR). We need your data to process your inquiry to your full satisfaction or establish contact with you.
• To fulfil a statutory obligation of our company (pursuant to Art. 6 para. 1 lit c GDPR) by forwarding your data to authorities such as the tax office, the health insurance provider, or other public agencies.
• To protect a legitimate interest of our company (pursuant to Art. 6 para. 1 lit f GDPR). This includes marketing and promotional activities in general. As a prospect or customer of our services, we wish to inform you in a targeted, up-to-date manner about news and offers pertaining to our services and activities. We subject these activities to a weighing of interests, and no impairments of your fundamental rights and freedoms are to be expected.

3.4 Data deletion and storage duration

We will keep your data only as long as necessary to achieve the aforementioned purposes.

In any case, we store your data as long as statutory retention obligations exist or any legal claims for whose assertion or defense the data are needed have not yet become time-barred.

5.1 Scope of processing

We process your data so we can make our website available to you. For that purpose, we process your IP address, which is necessary to transmit the content and function of our website to your browser or end device.

To provide our website securely and efficiently, we use the services of a web hosting provider from whose servers (or from the servers they manage) the online services can be called up. For these purposes, we can use infrastructure and platform services, computing capacity, storage space, and database services, as well as security services and technical maintenance services.

Log files

Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer (“server log files”). The server logfiles can be used for security purposes, such as avoiding an overload of the servers (especially in the case of abusive attacks known as “DDoS attacks”) and ensuring the capacity utilization of the servers and your stability.

The following data will be collected:

• Information about the browser type and the version used
• Your operating system
• Your Internet service provider
• Your IP address
• Date and time of access
• Websites from which your system accesses our website
• Websites that are retrieved from your system via our website.

Plug-Ins

Within our online services, we integrate functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may, for example, be graphics, videos or city maps (hereinafter uniformly referred to as “Content”).

The integration always presupposes that the third-party providers of this content process the IP address of the user, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of these contents or functions. We strive to use only those contents, whose respective offerers use the IP address only for the distribution of the contents. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visit times and other information about the use of our website, as well as may be linked to such information from other sources.

We use the following services, among others:

• Social Guide of Vorarlberg Tourismus GmbH, Poststr. 11, 6850 Dornbirn (https://www.vorarlberg.travel/). This is a plug-in that shows you various social media posts of third parties with reference to the region.
• Issuu, Schwedter Str. 36A, 10434 Berlin, Germany; Parent company: Issuu Inc, 131 Lytton Ave, Palo Alto, CA 94301, USA (https://issuu.com/de). Issuu is a plug-in that allows content to be embedded in the website and allows websites to be given an interactive design. You can find Issuu’s privacy policy in the following URL: https://issuu.com/legal/privacy.
• Pinterest Pin-it and Plug-In, Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (https://www.pinterest.com). This can include content such as images, videos, texts, or buttons with which users can share content of this online service within Pinterest. The privacy policy can be found in the following URL: https://about.pinterest.com/de/privacy-policy.
• Leaflet/OpenStreetMap, of OpenStreetMap Foundation (OSMF) (https://www.openstreetmap.de). We incorporate the map “Leaflet” and the service “OpenStreetMap”, which are offered by the OpenStreetMap Foundation (OSMF) based on the Open Data Commons Open Database License (ODbL). OpenStreetMap uses your data exclusively to illustrate the map functions and cache the selected settings. Those data can include your IP address and location data, although they will not be collected without your consent (normally as part of the settings of your mobile device). You can find the privacy policy under the following URL: https://www.fossgis.de/datenschutzerkl%C3%A4rung/.
• reCAPTCHA, of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, (https://www.google.com/recaptcha/). We integrate the “reCAPTCHA” function to be able to recognise whether entries (e.g. in online forms) are made by humans and not by automatically operating machines (so-called “bots”). The data processed may include IP addresses, information on operating systems, devices or browsers used, language settings, location, mouse movements, keystrokes, time spent on websites, previously visited websites, interactions with ReCaptcha on other websites, possibly cookies and results of manual recognition processes (e.g. answering questions asked or selecting objects in images). The use of reCAPTCHA is based on our legitimate interest to protect our online services from abusive automated crawling and spam You can find the privacy policy under the following URL: https://policies.google.com/privacy.

5.2. Legal basis

The use of the aforementioned services and plug-ins is based on Art. 6 para. 1 lit f GDPR. We have a legitimate interest in displaying our website and online services as reliably as possible. If consent was requested, the processing will be based on Art. 6 para. 1 lit a GDPR.

5.3. Duration of storage / Objection and removal options

Your data are deleted as soon as they are no longer required for the purpose of their collection. In the case of the collection of data for the purpose of providing the website, this is the case when the session in question has ended. If the data is stored in log files, this is the case after 30 days. The data will not be stored beyond that. In this case, your IP addresses are deleted.

The collection of data in order to provide the website and the storage of data in log files is mandatory for the operation of the website. There is therefore no possibility for you as the user to object.

7.1. Scope of processing

Web analysis (also “reach measurement”) is used to evaluate the visitor traffic on our website and may include the behaviour, interests or demographic information of users, such as age or gender, as pseudonymous values. With the help of web analysis we can e.g. recognize, at which time our online services or their functions or contents are most frequently used or requested for repeatedly, as well as which areas require optimization. We can also see which areas need optimizing. This helps us constantly improve our website and make it more user-friendly.

In addition to web analysis, we can also use test procedures, e.g. to test and optimize different versions of our online services or their components.

Unless otherwise stated below, profiles, i.e. data aggregated for a usage process, can be created for these purposes and information can be stored in a browser or in a terminal device and read from it. The information collected includes, in particular, websites visited and elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If you have agreed to the collection of your location data from us or from the providers of the services we use, location data may also be processed.

You IP address is also stored. However, we use any existing IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect you. In general, within the framework of web analysis, A/B testing and optimisation, no user data (such as e-mail addresses or names) is stored, but pseudonyms. This means that we, as well as the providers of the software used, do not know your actual identity, but only the information stored in your profile for the purposes of the respective processes.

We use the following analysis tools:

• Facebook Pixel and Custom Audiences, of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; parent group: Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (https://www.facebook.com). With the help of the Facebook pixel (or equivalent functions, to transfer Event-Data or Contact Information via interfaces or other software in apps), Facebook is on the one hand able to determine the visitors of our online services as a target group for the presentation of ads (so-called “Facebook ads”). Accordingly, we use Facebook pixels to display Facebook ads placed by us only to Facebook users and within the services of partners cooperating with Facebook (so-called “audience network” https://www.facebook.com/audiencenetwork/) who have shown an interest in our online services or who have certain characteristics (e.g. interests in certain topics or products that are determined on the basis of the websites visited) that we transmit to Facebook (so-called “custom audiences”). With the help of Facebook pixels, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not appear annoying. The Facebook pixel also enables us to track the effectiveness of Facebook ads for statistical and market research purposes by showing whether users were referred to our website after clicking on a Facebook ad (known as “conversion tracking”) You can find Facebook’s privacy policy under the following URL: https://www.facebook.com/about/privacy.
• Google Tag Manager, of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (https://marketingplatform.google.com). Google Tag Manager is a solution with which we can manage so-called website tags via an interface (and thus, for example, integrate Google Analytics and other Google marketing services into our online offer). The tag manager itself (which implements the tags) does not process any personal data of the users or store cookies. Google learns merely the IP address of the user, which is necessary to execute the Google Tag Manager. You can find Google’s privacy policy in the following URL: https://policies.google.com/privacy. And here you can find the agreement on commissioned data processing (https://business.safety.google/intl/en/adsprocessorterms/), the Standard Contract Clauses (https://business.safety.google/adsprocessorterms/sccs/p2p-intra-group/) and additional information on data protection (https://business.safety.google/intl/en/adsservices/).
• Mouseflow, Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark. We use Mouseflow to analyze our websites and their visitors (heatmaps and click tracking). To that end, cookies can be used and user profiles can be formed. As part of that process, a log of the mouse movements and clicks is created with the intent to randomly play back individual website visits and deduce potential improvements for the website. Without your separately granted approval, the data collected with Mouseflow will not be used to identify you personally or merged with personal data about the bearer of the pseudonym. You can find the privacy policy under the following URL: https://mouseflow.com/legal/visitor/, and the option to object (opt-out) under: https://mouseflow.de/opt-out/.
• Google Analytics, of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This is a tool for measuring reach and for web analysis. You can find the reference to the privacy policy and to the option to object (opt-out) in the above statements on the Google Tag Manager.
• Matomo (with cookies), InnoCraft, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand (https://matomo.org/). Matomo is open-source software used for web analysis and to measure reach. When Matomo is used, cookies are generated and stored on the user’s end device. The user’s data collected while Matomo is being used will be processed only by us and will not be shared with third parties. You can find Matomo’s privacy policy in the following URL: https://matomo.org/privacy-policy/?footer. The software runs exclusively on our website’s servers. And the user’s data will be stored only at that location. The data will not be passed on to third parties.
• Quantserve from Quantcast, Maximilianstr. 35a, 80539 Munich, Germany; Parent company: Quantcast, 795 Folsom Street, San Francisco, Ca 94107, USA (https://www.quantcast.com/home/). Quantserve is a marketing and analysis tool that places cookies to obtain information on our website pertaining to the website visitors. You can find the privacy policy under the following URL: https://www.quantcast.com/privacy/.

7.2. Legal basis

The legal basis for processing your data is always your consent pursuant to Art. 6 para. 1 lit a GDPR.

7.3. Duration of storage / Objection and removal options

The data are deleted as soon as it is no longer needed for our recording purposes. The options for objection (opt-out) are listed with the respective service above.

The storage period for the remaining cookies is contained in the cookie overview[Insert link to “Cookie Overview”].