Alpines_Wandern_LZTG_by_Daniel_Zangerl_WEB_ (59)

Privacy Policy

Privacy policy of Lech Zürs Tourismus GmbH on the use of your data.

Data Protection – Declaration on Duty to Inform (Data Protection Declaration)

We protect your privacy and your private data. We collect, process, and use your personal data (“data”) exclusively within the bounds of the provisions of the General Data Protection Regulation (GDPR) and applicable data protection regulations.

This privacy policy applies to all the processing operations of your data we perform, to our rendering of services, on our website, and within external online presences such as our social media presences (together the “online services”).


To make this text easier to read, we will use masculine pronouns throughout. This obviously refers to all genders equally.


What follows will inform you, in accordance with the regulations of the GDPR, about the type, scope, and purpose of the data collection and data use.

1. General information

Lech-Zürs Tourismus GmbH attaches great importance to the privacy of each individual customer. The processing of personal data therefore always takes place within the framework of the applicable data protection regulations, in particular those of the Basic Data Protection Ordinance (DSGVO), the Austrian Data Protection Act (DSG) and the Telecommunications Act (TKG 2003). All employees of Lech-Zürs Tourismus GmbH are obliged to observe data secrecy in accordance with § 6 DSG.

2. Contact Data

If you have questions or concerns about the processing of your data, please contact us:


Lech-Zürs Tourismus GmbH

Dorf 164

6764 Lech am Arlberg


Telephone: +43 5583 2161-0


3. General information on data processing

3.1 Types and categories of data

We collect and use your data only to the extent necessary to provide a functioning website and our content and services. This means we process only the data that you give us through information disclosed as a user of the website, and/or as a customer or prospect (during a survey or registration or to enter into a contract, for example).

The following data types can be the object of data processing by us or a service we use:

  • Basic data (e.g. name, title, and address)
  • Content data (e.g. text entries, photographs, videos).
  • Contact details (e.g. e-mail, telephone numbers).
  • Data connected with an inquiry
  • Meta/communication data (e.g. device information, IP addresses)
  • Usage data (e.g. websites visited, interest in content, access times)
  • Contract data (e.g. subject of contract, term, customer category)

We also process the aforementioned data types of the following categories of data subjects:

  • Customers
  • Prospects
  • Users (e.g. website visitors, users of online services)
  • Business and contractual partners
  • Communication partners
  • Participants in sweepstakes and competitions


3.2 2.1. Scope of processing

We process your data for the following purposes:

  • To provide our website
  • To improve and develop our website
  • To render contractual performances (contract formation) and for customer services
  • To process inquiries
  • To identify, prevent, and investigate attacks on our website
  • To create user profiles (profiles with user-specific information)
  • To measure reach (such as access statistics and identifying returning visitors)


3.3 Legal basis

Legal basis for data processing is:

  • Your consent: Insofar as we obtain your consent for the processing, Art. 6 para. 1 lit a GDPR serves as the legal basis.
  • Contract fulfilment and/or pre-contractual requests (Art. 6 para. 1 lit b. GDPR). We need your data to process your inquiry to your full satisfaction or establish contact with you.
  • To fulfil a statutory obligation of our company (pursuant to Art. 6 para. 1 lit c GDPR) by forwarding your data to authorities such as the tax office, the health insurance provider, or other public agencies.
  • To protect a legitimate interest of our company (pursuant to Art. 6 para. 1 lit f GDPR). This includes marketing and promotional activities in general. As a prospect or customer of our services, we wish to inform you in a targeted, up-to-date manner about news and offers pertaining to our services and activities. We subject these activities to a weighing of interests, and no impairments of your fundamental rights and freedoms are to be expected.


3.4 Data deletion and storage duration

We will keep your data only as long as necessary to achieve the aforementioned purposes.

In any case, we store your data as long as statutory retention obligations exist or any legal claims for whose assertion or defense the data are needed have not yet become time-barred.


4. Forwarding of Data / Data Processing in a third country

We will forward or transmit your data to third parties only if this is necessary to perform a contract or for billing purposes, or you as a user of our website and/or customer have provided your consent in advance in accordance with Art. 6 para. 1 lit a GDPR.

The recipients of these data might include (1) service providers commissioned for IT assignments or (2) providers of services and content embedded in a website. We comply with statutory requirements in such cases, particularly by entering into appropriate contracts or agreements with the recipients of your data in order to protect your data.


Data transfer into a third country (USA):

Many of the aforementioned recipients are located outside your country or process your data outside your country. Under certain circumstances, the level of data protection in other countries might not be equivalent to those of your country. However, we transmit your data only in countries whose level of data protection has been deemed adequate by the EU Commission, or we take measures to guarantee that all recipients have an adequate level of data protection. To that end, we enter into Standard Contract Clauses (EU 2021/914), for example. These are available on request (see contact data under section 1).


You can find additional information on the third-party providers we use in sections 4, 5, 6, and 7).

5. Provision of the Website, Log files and Plug-ins

5.1 Scope of processing

We process your data so we can make our website available to you. For that purpose, we process your IP address, which is necessary to transmit the content and function of our website to your browser or end device.

To provide our website securely and efficiently, we use the services of a web hosting provider from whose servers (or from the servers they manage) the online services can be called up. For these purposes, we can use infrastructure and platform services, computing capacity, storage space, and database services, as well as security services and technical maintenance services.


Log files

Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer (“server log files”). The server logfiles can be used for security purposes, such as avoiding an overload of the servers (especially in the case of abusive attacks known as “DDoS attacks”) and ensuring the capacity utilization of the servers and your stability.

The following data will be collected:

  • Information about the browser type and the version used
  • Your operating system
  • Your Internet service provider
  • Your IP address
  • Date and time of access
  • Websites from which your system accesses our website
  • Websites that are retrieved from your system via our website.


Within our online services, we integrate functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may, for example, be graphics, videos or city maps (hereinafter uniformly referred to as “Content”).

The integration always presupposes that the third-party providers of this content process the IP address of the user, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of these contents or functions. We strive to use only those contents, whose respective offerers use the IP address only for the distribution of the contents. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visit times and other information about the use of our website, as well as may be linked to such information from other sources.


We use the following services, among others:

  • Social Guide of Vorarlberg Tourismus GmbH, Poststr. 11, 6850 Dornbirn ( This is a plug-in that shows you various social media posts of third parties with reference to the region.
  • Issuu, Schwedter Str. 36A, 10434 Berlin, Germany; Parent company: Issuu Inc, 131 Lytton Ave, Palo Alto, CA 94301, USA ( Issuu is a plug-in that allows content to be embedded in the website and allows websites to be given an interactive design. You can find Issuu’s privacy policy in the following URL:
  • Pinterest Pin-it and Plug-In, Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA ( This can include content such as images, videos, texts, or buttons with which users can share content of this online service within Pinterest. The privacy policy can be found in the following URL:
  • Leaflet/OpenStreetMap, of OpenStreetMap Foundation (OSMF) ( We incorporate the map “Leaflet” and the service “OpenStreetMap”, which are offered by the OpenStreetMap Foundation (OSMF) based on the Open Data Commons Open Database License (ODbL). OpenStreetMap uses your data exclusively to illustrate the map functions and cache the selected settings. Those data can include your IP address and location data, although they will not be collected without your consent (normally as part of the settings of your mobile device). You can find the privacy policy under the following URL:
  • reCAPTCHA, of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, ( We integrate the “reCAPTCHA” function to be able to recognise whether entries (e.g. in online forms) are made by humans and not by automatically operating machines (so-called “bots”). The data processed may include IP addresses, information on operating systems, devices or browsers used, language settings, location, mouse movements, keystrokes, time spent on websites, previously visited websites, interactions with ReCaptcha on other websites, possibly cookies and results of manual recognition processes (e.g. answering questions asked or selecting objects in images). The use of reCAPTCHA is based on our legitimate interest to protect our online services from abusive automated crawling and spam You can find the privacy policy under the following URL:


5.2. Legal basis

The use of the aforementioned services and plug-ins is based on Art. 6 para. 1 lit f GDPR. We have a legitimate interest in displaying our website and online services as reliably as possible. If consent was requested, the processing will be based on Art. 6 para. 1 lit a GDPR.


5.3. Duration of storage / Objection and removal options

Your data are deleted as soon as they are no longer required for the purpose of their collection. In the case of the collection of data for the purpose of providing the website, this is the case when the session in question has ended. If the data is stored in log files, this is the case after 30 days. The data will not be stored beyond that. In this case, your IP addresses are deleted.

The collection of data in order to provide the website and the storage of data in log files is mandatory for the operation of the website. There is therefore no possibility for you as the user to object.

6. Cookies - Consent Management

6.1 Scope of processing

We use cookies on this website to offer you the optimal online experience. Cookies are small text files or other data records that store information on end devices and read information from the end devices. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the contents accessed or the functions used of an online offer. Cookies can also be used for various purposes, e.g. for purposes of functionality, security and convenience of online offers as well as the creation of analyses of visitor flows.

We use cookies in accordance with the statutory provisions. Therefore, we obtain prior consent from users, except when it is not required by law. In particular, consent is not required if the storage and reading of information, including cookies, is strictly necessary in order to provide the requested online service. The revocable consent will be clearly communicated to you and will contain the information on the respective cookie use.


The following distinction is made regarding the functions:

  • Technical (also: essential or strictly necessary) cookies
  • Marketing and analysis (also: non strictly necessary) cookies

With regard to the retention period, a distinction is drawn between the following types of cookies:

  • Temporary cookies (also known as “session cookies”): Temporary cookies are deleted at the latest after a user has left an online service and closed his or her browser.
  • Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved, or preferred content can be displayed directly when you visit a website again. Such cookies can also store the interests that are used to measure reach or for marketing purposes.

Processing Cookie Data on the Basis of Consent

We use a cookie management solution in which your consent to the use of cookies, or the procedures and providers mentioned in the cookie management solution, can be obtained, managed and revoked by you. The declaration of consent is stored so that it does not have to be retrieved again and the consent can be proven in accordance with the legal obligation. Storage can take place server-sided and/or in a cookie (so-called opt-in cookie or with the aid of comparable technologies) in order to be able to assign the consent to a user and/or his/her device. Subject to individual details of the providers of cookie management services, the following information applies: The duration of the storage of the consent can be up to two years. In this case, a pseudonymous user identifier is formed and stored with the date/time of consent, information on the scope of the consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and used end device.

To manage consent to cookies, we use the services of CookieHub, CookieHub ehf, Hafnargata 55, 230 Reykjanesbær, Island ( You can find the privacy policy under the following URL:

You can find an exact listing of all the cookies we use here [Insert link to “cookie overview”].


6.2. Legal basis

The legal basis for the processing of your data using technically necessary cookies is Art 6 Paragraph 1 lit f GDPR. If consent was requested (to use analysis cookies, for example), the processing will be based on Art. 6 para. 1 lit a GDPR.


6.3. Duration of storage / Objection and removal options

Cookies are stored on your computer and transmitted to our site. Therefore, you as a user have full control over the use of cookies.

Depending on whether the processing is based on consent or legal permission, you have the option at any time to revoke your consent or to object to the processing of your data using cookie technologies ( collectively referred to as “opt-out”). You can first explain your objection using the settings of your browser, e.g. by deactivating the use of cookies. An objection to the use of cookies for online marketing purposes can also be declared using a variety of services, especially in the case of tracking, via the websites and In addition, you can receive further objection notices in the context of the information on the service providers and cookies used.

If you deactivate cookies on our website, you might not be able to use all the functions of our online services to their full extent.


7. Web Analysis

7.1. Scope of processing

Web analysis (also “reach measurement”) is used to evaluate the visitor traffic on our website and may include the behaviour, interests or demographic information of users, such as age or gender, as pseudonymous values. With the help of web analysis we can e.g. recognize, at which time our online services or their functions or contents are most frequently used or requested for repeatedly, as well as which areas require optimization. We can also see which areas need optimizing. This helps us constantly improve our website and make it more user-friendly.

In addition to web analysis, we can also use test procedures, e.g. to test and optimize different versions of our online services or their components.

Unless otherwise stated below, profiles, i.e. data aggregated for a usage process, can be created for these purposes and information can be stored in a browser or in a terminal device and read from it. The information collected includes, in particular, websites visited and elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If you have agreed to the collection of your location data from us or from the providers of the services we use, location data may also be processed.

You IP address is also stored. However, we use any existing IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect you. In general, within the framework of web analysis, A/B testing and optimisation, no user data (such as e-mail addresses or names) is stored, but pseudonyms. This means that we, as well as the providers of the software used, do not know your actual identity, but only the information stored in your profile for the purposes of the respective processes.

We use the following analysis tools:

  • Facebook Pixel and Custom Audiences, of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; parent group: Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ( With the help of the Facebook pixel (or equivalent functions, to transfer Event-Data or Contact Information via interfaces or other software in apps), Facebook is on the one hand able to determine the visitors of our online services as a target group for the presentation of ads (so-called “Facebook ads”). Accordingly, we use Facebook pixels to display Facebook ads placed by us only to Facebook users and within the services of partners cooperating with Facebook (so-called “audience network” who have shown an interest in our online services or who have certain characteristics (e.g. interests in certain topics or products that are determined on the basis of the websites visited) that we transmit to Facebook (so-called “custom audiences”). With the help of Facebook pixels, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not appear annoying. The Facebook pixel also enables us to track the effectiveness of Facebook ads for statistical and market research purposes by showing whether users were referred to our website after clicking on a Facebook ad (known as “conversion tracking”) You can find Facebook’s privacy policy under the following URL:
  • Google Tag Manager, of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ( Google Tag Manager is a solution with which we can manage so-called website tags via an interface (and thus, for example, integrate Google Analytics and other Google marketing services into our online offer). The tag manager itself (which implements the tags) does not process any personal data of the users or store cookies. Google learns merely the IP address of the user, which is necessary to execute the Google Tag Manager. You can find Google’s privacy policy in the following URL: And here you can find the agreement on commissioned data processing (, the Standard Contract Clauses ( and additional information on data protection (
  • Mouseflow, Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark. We use Mouseflow to analyze our websites and their visitors (heatmaps and click tracking). To that end, cookies can be used and user profiles can be formed. As part of that process, a log of the mouse movements and clicks is created with the intent to randomly play back individual website visits and deduce potential improvements for the website. Without your separately granted approval, the data collected with Mouseflow will not be used to identify you personally or merged with personal data about the bearer of the pseudonym. You can find the privacy policy under the following URL:, and the option to object (opt-out) under:
  • Google Analytics, of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This is a tool for measuring reach and for web analysis. You can find the reference to the privacy policy and to the option to object (opt-out) in the above statements on the Google Tag Manager.
  • Matomo (with cookies), InnoCraft, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand ( Matomo is open-source software used for web analysis and to measure reach. When Matomo is used, cookies are generated and stored on the user’s end device. The user’s data collected while Matomo is being used will be processed only by us and will not be shared with third parties. You can find Matomo’s privacy policy in the following URL: The software runs exclusively on our website’s servers. And the user’s data will be stored only at that location. The data will not be passed on to third parties.
  • Quantserve from Quantcast, Maximilianstr. 35a, 80539 Munich, Germany; Parent company: Quantcast, 795 Folsom Street, San Francisco, Ca 94107, USA ( Quantserve is a marketing and analysis tool that places cookies to obtain information on our website pertaining to the website visitors. You can find the privacy policy under the following URL:

7.2. Legal basis

The legal basis for processing your data is always your consent pursuant to Art. 6 para. 1 lit a GDPR.


7.3. Duration of storage / Objection and removal options

The data are deleted as soon as it is no longer needed for our recording purposes. The options for objection (opt-out) are listed with the respective service above.

The storage period for the remaining cookies is contained in the cookie overview[Insert link to “Cookie Overview”].

8. Social Media

8.1. Scope of processing

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.


On our website, you’ll find links to the following social media platforms:

Instagram, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (;

Facebook, of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (;

LinkedIn, of LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland (;

Pinterest, of Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (; as well as

YouTube, of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (

We may view and process the following data you publish on the platforms:

  • Basic data (e.g. names, addresses)
  • Contact details (e.g. e-mail, telephone numbers).
  • Content data (e.g. text entries, photographs, videos).
  • Usage data (e.g. websites visited, interest in content, access times)
  • Meta/communication data (e.g. device information, IP addresses)

Furthermore, your data within social networks will normally be processed for market research and advertising purposes. This means, for example, user profiles can be created using your user behaviour and the resulting interests. The user profiles can then be used to show ads inside and outside the networks that presumably match your interests.


Cookies are normally stored on your computers for those purposes. Furthermore, data can be stored in the user profiles independently of the devices you used (especially if you are a member of the platform in question and are logged into it).


8.2. Legal basis

The legal basis for processing your data is our legitimate interests pursuant to Art. 6 para. 1 lit f GDPR.


8.3. Duration of storage / Objection and removal options

For a detailed presentation of the respective forms of processing, the storage period, and the options for objecting (opt-out), please see the privacy policy and information from the operator of the network in question.

You can find the standard contract clauses of META (Facebook and Instagram) under the following URL:


LinkedIn’s standard contract clauses are found in the following:;

9. Newsletter

9.1. Scope of processing

Our website gives you the opportunity to subscribe to a free newsletter. If you register for the newsletter, the data from the input mask will be transmitted to us. During the registration procedure, we will obtain your consent to the processing of the data and refer you to this privacy policy.

The registration to our newsletter takes place in general in a so-called Double-Opt-In procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that no one can register with external e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process. This includes storing the login and confirmation times as well as the IP address.

If you purchase goods or services on our internet sites and input your e-mail address to that end, we may subsequently use it to send a newsletter. In such a case, only direct advertising for our own similar goods or services is sent through the newsletter, and no additional consent is needed for this pursuant to § 174 para. 4 TKG [German Telecommunication Act].

We collect your e-mail address so we can send you our newsletter. Our newsletter will inform you about us, our services, and promotions and offers.


9.2. Legal basis

The legal basis for processing the data after you register for the newsletter is your consent pursuant to Art. 6 para. 1 lit a GDPR. If the newsletter is sent due to the purchase of goods or services, the legal basis is § 174 para. 3 TKG and Art. 6 para. 1 lit f GDPR.


9.3. Duration of storage / Objection and removal options

You may cancel your subscription to the newsletter at any time. For this purpose you will find a link in each newsletter. Accordingly, your e-mail address will be stored as long as your subscription to our newsletter is active.

10. Booking through Booking&more / booking inquiry

10.1. Scope of processing

Our website gives you the opportunity to a) book accommodations or b) send us an inquiry concerning accommodations by using the platform booking&more. As part of that process, the data to be entered into the input mask (name, address, e-mail address, telephone number, and possibly payment data) will be transmitted to the accommodations provider only if a booking is made. booking&more is a service of Feratel Media Technologies AG, Maria-Theresien-Str. 8, 6020 Innsbruck ( You can find Feratel’s privacy policy under the following URL: You can find booking&more’s privacy policy under the following link:


10.2. Legal basis

The legal basis for processing the data is the initiation or performance of a contract pursuant to Art. 6 para. 1 lit b GDPR.


10.3. Duration of storage / objection and removal options

The data will be stored until the contract has been completely performed or, if required under commercial or tax law, beyond that.

11. Ordering brochures

11.1. Scope of processing

On our website, you can order current brochures and catalogues to learn about Lech-Zürs and all its possibilities as a holiday resort. To do so, you must enter your contact and address data in the input mask provided for that purpose, and we will store that data. By disclosing those data, you allow us to send you the information and offers you selected.


11.2. Legal basis

The legal basis for processing the data is the initiation or performance of a contract pursuant to Art. 6 para. 1 lit b GDPR.


11.3. Duration of storage

Your data will be stored until your inquiry or order has been completed or as long as statutory retention obligations prescribe such storage.

12. Your rights

If your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis us as the controller:


Right to information

You have the right to obtain confirmation as to whether or not data concerning you are being processed, to obtain information about such data, and to obtain further information and a copy of the data in accordance with the statutory provisions.


Right to rectification

Pursuant to the statutory provisions, you have the right to request the completion of the data concerning you or the correction of incorrect data concerning you.


Right to erasure and restriction of the processing

Pursuant to the statutory provisions, you have the right to demand that data concerning you be erased without delay or, alternatively, to demand that the data processing be restricted in accordance with the statutory provisions.


Right to data portability

You have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, in accordance with the statutory provisions, or to have that data transmitted to another controller;


Right to object

You have the right, on grounds arising from your particular situation, to object at any time to the processing of your personal data which is based on Art 6 para 1 lit e or f GDPR, including profiling based on those provisions. Where your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such marketing, which includes profiling to the extent that it is related to such direct marketing.


Right to withdraw consent

You have the right to withdraw any consent you have granted (with effect for the future). Withdrawing consent will not affect the lawfulness of the processing already performed based on that consent.


Complaint to the supervisory authority

Without prejudice to any other judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, if you consider that the processing of personal data concerning you infringes the GDPR. For the purposes of the GDPR, the supervisory authority is the Datenschutzbehörde (data protection authority), Barichgasse 40 - 42, 1030 Vienna, Tel: +43/1-52 152-0, 

The data protection authority shall inform you on the progress and the outcome of the complaint including the possibility of a judicial remedy.

13. Amendments and updates

We ask you to reread the content of our privacy policy on a regular basis. We adjust the privacy policy whenever this is required by changes to the data processing operations we perform. We will inform you as soon as those changes require cooperative action on your part (such as providing consent) or another individual notification is necessary.



Lech, June 2023