Data Privacy Statement - Websites

For data processing operations on the respective website, the following natural/legal persons as well as corporations (hereinafter also referred to as "operators") are mentioned, whereby these can partly act as "joint controllers" within the meaning of Art. 26, GDPR:

Ötztal Tourismus (chief controller)
Achweg 5
6450 Sölden
+43 (0) 57200 0
Data protection officer: Mr. Roland Grüner, dsb@oetztal.com

Ötztal Tourismus Incoming GmbH
Achweg 5
6450 Sölden
+43 (0) 57200 0

Ötztal Tourismus Sportstätten und Veranstaltungs GmbH
Achweg 5
6450 Sölden
+43 (0) 57200 0

„Bergbahnen Sölden“, consisting of Ötztaler Gletscherbahn Gesellschaft m.b.H. & Co KG. Sölden-Tirol (Companies' register number FN 21369a), Schilifte Gampe, Ötztaler Gletscherbahn KG (Companies' Register no. FN 19665w) as well as Skiliftgesellschaft Sölden-Hochsölden GmbH (Companies' Register no. FN 37680m)
Dorfstraße 115
6450 Sölden
+43 (0) 5254 508 0

„Bergbahnen Obergurgl-Hochgurgl“, consisting of Liftgesellschaft Obergurgl Gesellschaft m.b.H., Hochgurgler Lift-Gesellschaft m.b.H. & Co. KG, TOP EXPRESS Seilbahnen Gurgl GmbH & Co. KG
Gurglerstraße 93
6456 Obergurgl
+43 (0) 5256 6260

Skiregion Hochoetz Erschließungs GmbH
Angerweg 13
6433 Oetz
+43 (0) 5252 6385

Freizeit Arena GmbH
Achweg 5
6450 Sölden
+43 (0) 5254 2514

Ötztal Tourismus Congress GmbH
Achweg 5
6450 Sölden
+43 (0) 57200 150

Regarding the individual websites, the control is the following:

Website: www.oetztal.com, www.oetztaler-radmarathon.com, www.vent.at, www.laengenfeld.com, www.umhausen.com, www.oetz.com, www.sautens.com, www.haiming.at, www.gaysnowhappening.com

Controller: Ötztal Tourismus

Website: incoming.oetztal.com
Controller: Ötztal Tourismus – Incoming GmbH in joint control with Ötztal Tourismus.

Description of the joint control:
The website infrastructure (hosting, maintenance, etc.) is provided by Ötztal Tourismus which will also set the necessary technical and organizational measures to ensure the required data security.

The contents of the websites are provided and maintained by both controllers.

Personal data entered/provided by you will be transmitted to Ötztal Tourismus and/or Ötztal Tourismus - Incoming GmbH, depending on the individual request, booking, application (etc.), and processed there.

With regard to newsletter marketing, the infrastructure is also partly provided or, respectively, maintained by Ötztal Tourimus and the data of the data subjects are transmitted to Ötztal Tourismus Incoming GmbH as well as to Ötztal Tourismus for newsletter registrations. This is done in each case on the basis of the consent of the data subjects and/or for proportionate direct advertising by the joint controllers (Art. 6 (1) lit. a and lit. f GDPR).

Both controllers have access to the server log files.

All data subject rights (see below) are - as far as data processing operations are subject to this Data Privacy Statement - carried out by Ötztal Tourismus. Please contact us by e-mail: dsb@oetztal.com

The information of data subjects concerned according to Art. 13 and 14 GDPR is provided in particular by means of this Data Privacy Statement by Ötztal Tourismus; In addition, Ötztal Tourismus - Incoming GmbH will also inform you separately about their own data processing operations (see Data Privacy Statement - Ötztal Tourismus Incoming GmbH);

Subsequent obligations according to the GDPR have to be observed independently by both controllers: The examination of the necessity as well as the possible implementation of the data protection impact assessment; Compliance with the principles of data processing; Providing processing registers; Cooperation with supervisory authorities; Mandatory notification of data breaches; Possible appointment of a data protection officer.

Website: bikerepublic.soelden.com
Controllers: Ötztal Tourismus Sportstätten und Veranstaltungs GmbH in joint control with Ötztal Tourismus

Description of joint control:
The website infrastructure (hosting, maintenance, etc.) is provided by Ötztal Tourismus which will also set the necessary technical and organizational measures to ensure the required data security.

The contents of the websites are provided and maintained by both controllers.

Personal data entered/provided by you will be transmitted to Ötztal Tourismus and/or Ötztal Tourismus - Sportstätten und Veranstaltungs GmbH, depending on the individual request, booking, application (etc.), and processed there.

With regard to newsletter marketing, the infrastructure is also partly provided or, respectively, maintained by Ötztal Tourimus and the data of the data subjects are transmitted to Ötztal Tourismus Sportstätten und Veranstaltungs GmbH as well as to Ötztal Tourismus for newsletter registrations. This is done in each case on the basis of the consent of the data subjects and/or for proportionate direct advertising by the joint controllers (Art. 6 (1) lit. a and lit. f GDPR).

Both controllers have access to the server log files.

All data subject rights (see below) are - as far as data processing operations are subject to this Data Privacy Statement - carried out by Ötztal Tourismus. Please contact us by e-mail: dsb@oetztal.com

The information of users concerned according to Art. 13 and 14 GDPR is provided in particular by means of this Data Privacy Statement by Ötztal Tourismus; In addition, Ötztal Tourismus Sportstätten und Veranstaltungs GmbH will also inform you separately about their own data processing operations (see Data Privacy Statement - Ötztal Tourismus Sportstätten und Veranstaltungs GmbH);

Subsequent obligations according to the GDPR have to be observed independently by both controllers: The examination of the necessity as well as the possible implementation of the data protection impact assessment; Compliance with the principles of data processing; Providing processing registers; Cooperation with supervisory authorities; Mandatory notification of data breaches; Possible appointment of a data protection officer.

Website: www.soelden.com, 007elements.soelden.com
Controllers: "Bergbahnen Sölden" in joint control with Ötztal Tourismus

Description of joint control:
The website infrastructure (hosting, maintenance, etc.) is provided by Ötztal Tourismus which will also set the necessary technical and organizational measures to ensure the required data security.

The contents of the websites are provided and maintained by both controllers.

Personal data entered/provided by you will be transmitted to Ötztal Tourismus and/or Bergbahnen Sölden, depending on the individual request, booking, application (etc.), and processed there.

With regard to the webshop infrastructure (lift ticket/voucher shop) as well as the newsletter marketing, the infrastructure is also partly provided and maintained by Ötztal Tourismus or, respectively, the data of the data subjects are transmitted to Bergbahnen Sölden as well as to Ötztal Tourismus for orders or newsletter registrations. This is done in each case for the fulfilment of the contract in connection with the provision of the shop, for the provision of services,
on the basis of the consent of the data subjects and/or for proportionate direct advertising by the joint controllers (Art 6 (1) lit. a, lit. b and lit. f GDPR). Both controllers have access to the server log files.

All data subject rights (see below) are - as far as data processing operations are subject to this Data Privacy Statement - carried out by Ötztal Tourismus. Please contact us by e-mail: dsb@oetztal.com

The information of data subjects concerned according to Art. 13 and 14 GDPR is provided in particular by means of this Data Privacy Statement by Ötztal Tourismus; In addition, Bergbahnen Sölden will also inform you separately about their own data processing operations (see Data Privacy Statement - Bergbahnen Sölden)

Subsequent obligations according to the GDPR have to be observed independently by both controllers: The examination of the necessity as well as the possible implementation of the data protection impact assessment; Compliance with the principles of data processing; Providing processing registers; Cooperation with supervisory authorities; Mandatory notification of data breaches; Possible appointment of a data protection officer.

Website: www.freizeit-soelden.com
Controllers: Freizeit Arena GmbH in joint control with Ötztal Tourismus

Description of joint control:
The website infrastructure (hosting, maintenance, etc.) is provided by Ötztal Tourismus which will also set the necessary technical and organizational measures to ensure the required data security.

The contents of the websites are provided and maintained by both controllers.

Personal data entered/provided by you will be transmitted to Ötztal Tourismus and/or Freizeit Arena GmbH, depending on the individual request, booking, application (etc.), and processed there.

Both controllers have access to the server log files.

All data subject rights (see below) are - as far as data processing operations are subject to this Data Privacy Statement - carried out by Ötztal Tourismus. Please contact us by e-mail:  dsb@oetztal.com

The information of data subjects concerned according to Art. 13 and 14 GDPR is provided in particular by means of this Data Privacy Statement by Ötztal Tourismus; In addition, Freizeit Arena GmbH will also inform you separately about their own data processing operations (see Data Privacy Statement - Freizeit Arena GmbH).

Subsequent obligations according to the GDPR have to be observed independently by both controllers: The examination of the necessity as well as the possible implementation of the data protection impact assessment; Compliance with the principles of data processing; Providing processing registers; Cooperation with supervisory authorities; Mandatory notification of data breaches; Possible appointment of a data protection officer.

Website: www.gurgl.com
Controllers: "Bergbahnen Obergurgl-Hochgurgl“ in joint control with Ötztal Tourismus

Description of joint control:
The website infrastructure (hosting, maintenance, etc.) is provided by Ötztal Tourismus which will also set the necessary technical and organizational measures to ensure the required data security.

The contents of the websites are provided and maintained by both controllers.

Personal data entered/provided by you will be transmitted to Ötztal Tourismus and/or Bergbahnen Obergurgl-Hochgurgl, depending on the individual request, booking, application (etc.), and processed there.

With regard to the webshop infrastructure (lift ticket/voucher shop) as well as the newsletter marketing, the infrastructure is also partly provided or, respectively, maintained by Ötztal Tourismus and the data of the data subjects are transmitted to Bergbahnen Obergurgl-Hochgurgl as well as to Ötztal Tourismus in case of orders or newsletter registrations. This is done in each case for the fulfilment of the contract in connection with the provision of the shop, for the provision of services, on the basis of the consent of the data subjects and/or for proportionate direct advertising by the joint controllers (Art 6 (1) lit. a, lit. b and lit. f GDPR). Both controllers have access to the server log files.

All data subject rights (see below) are - as far as data processing operations are subject to this Data Privacy Statement - carried out by Ötztal Tourismus. Please contact us by e-mail:  dsb@oetztal.com

The information of data subjects concerned according to Art. 13 and 14 GDPR is provided in particular by means of this Data Privacy Statement by Ötztal Tourismus; In addition, Bergbahnen Obergurgl-Hochgurgl will also inform you separately about their own data processing operations (see Data Privacy Statement - Bergbahnen Obergurgl-Hochgurgl).

Subsequent obligations according to the GDPR have to be observed independently by both controllers: The examination of the necessity as well as the possible implementation of the data protection impact assessment; Compliance with the principles of data processing; Providing processing registers; Cooperation with supervisory authorities; Mandatory notification of data breaches; Possible appointment of a data protection officer.

Website: www.oetz.com
Controller: Schiregion Hochoetz Erschließungs GmbH in joint control with Ötztal Tourismus

Description of joint control:
The website infrastructure (hosting, maintenance, etc.) is provided by Ötztal Tourismus which will also set the necessary technical and organizational measures to ensure the required data security.

The contents of the websites are provided and maintained by both controllers.

Personal data entered/provided by you will be transmitted to Ötztal Tourismus and/or Schiregion Hochoetz Erschließungs GmbH, depending on the individual request, booking, application (etc.), and processed there.

With regard to the webshop infrastructure (lift ticket/voucher shop) and the newsletter marketing, the infrastructure is also partly provided or, respectively, maintained by Ötztal Tourismus and the data of the data subjects are transmitted to Schiregion Hochoetz Erschließungs GmbH as well as to Ötztal Tourismus in the case of orders or newsletter registrations. This is done in each case for the fulfilment of the contract in connection with the provision of the shop, for the provision of services, on the basis of the consent of the data subjects and/or for proportionate direct advertising by the joint controllers (Art 6 (1) lit. a, lit. b and lit. f GDPR).

Both controllers have access to the server log files.

All data subject rights (see below) are - as far as data processing operations are subject to this Data Privacy Statement - carried out by Ötztal Tourismus. Please contact us by e-mail: dsb@oetztal.com

The information of data subjects concerned according to Art. 13 and 14 GDPR is provided in particular by means of this Data Privacy Statement by Ötztal Tourismus; In addition, Schiregion Hochoetz Erschließungs GmbH will also inform you separately about their own data processing operations (see Data Privacy Statement - Hochoetz).

Subsequent obligations according to the GDPR have to be observed independently by both controllers: The examination of the necessity as well as the possible implementation of the data protection impact assessment; Compliance with the principles of data processing; Providing processing registers; Cooperation with supervisory authorities; Mandatory notification of data breaches; Possible appointment of a data protection officer.

Depending on which website/subpage the data subject visits or on which website/subpage he/she enters personal data and transmits it to the operators, the above-mentioned entities (indicated exclusively in the respective line) are in each case controllers with regard to the processing of the personal data.

Website: www.gurgl-carat.com
Controller: Ötztal Tourismus Congress GmbH in joint control with Ötztal Tourismus.

Description of joint control:
The website infrastructure (hosting, maintenance, etc.) is provided by Ötztal Tourismus which will also set the necessary technical and organizational measures to ensure the required data security.

The contents of the websites are provided and maintained by both controllers.

Personal data entered/provided by you will be transmitted to Ötztal Tourismus and/or Ötztal Tourismus Congress GmbH, depending on the individual request, booking, application (etc.), and processed there.

With regard to the newsletter marketing, the infrastructure is also partly provided or, respectively, maintained by Ötztal Tourismus and the data of the data subjects are transmitted to Ötztal Tourismus Congress GmbH as well as to Ötztal Tourismus for newsletter registrations. This is done in each case on the basis of the consent of the data subjects and/or for proportionate direct advertising by the joint controllers (Art 6 (1) lit. a and lit. f GDPR).

Both controllers have access to the server log files.

All data subject rights (see below) are - as far as data processing operations are subject to this Data Privacy Statement - carried out by Ötztal Tourismus. Please contact us by e-mail: dsb@oetztal.com

The information of data subjects concerned according to Art. 13 and 14 GDPR is provided in particular by means of this Data Privacy Statement by Ötztal Tourismus; In addition, Ötztal Tourismus - Incoming GmbH will also inform you separately about their own data processing operations (see Data Privacy Statement - Ötztal Tourismus Incoming GmbH).

Subsequent obligations according to the GDPR have to be observed independently by both controllers: The examination of the necessity as well as the possible implementation of the data protection impact assessment; Compliance with the principles of data processing; Providing processing registers; Cooperation with supervisory authorities; Mandatory notification of data breaches; Possible appointment of a data protection officer.

This is the single point of contact according to Art. 26 GDPR for your data protection concerns within the scope of this data privacy statement:

Ötztal Tourismus
Achweg 5
6450 Sölden
+43 (0) 57200 0
Data protection officer: Mr. Roland Grüner, dsb@oetztal.com

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the currently valid data protection regulations as well as this data privacy statement. Personal data (e.g. name, e-mail address, telephone number, etc.) will only be processed by the controllers if there is a sufficient legal basis and for the purposes stated in the data privacy statement or individually.

The operator saves the following data every time a user accesses this website: website accessed, file requested, exact date/time, amount of data transferred, notification of successful retrieval, browser type/version, operating system, previously visited page and IP address.

Data collected serve to ensure a trouble-free operation of our website, further improvement of our offer, statistical evaluations as well as protection against and documentation of cyber-attacks etc. The website operator reserves the right to check the server log files at a later time in case there is any evidence of illegal use.

These data processing operations take place on the basis of a predominantly legitimate interest (Art. 6 (1) lit. f GDPR) of the website operators. The purpose of data processing is to provide the website efficiently and safely, and to avert current or potential threats. The IP address of the user will be deleted 1 month after the last visit to the respective website.

Additionally, also cookies are used when visiting our websites (see 14. Cookies).

The operators of the websites set up proper technical and organizational measures to ensure the security of your personal data. For this purpose, the website operators use SSL encryption - among other measures. All data that you will transmit to these websites - in the course of inquiries or logins - cannot be read by third parties thanks to SSL encryption. You recognize such encrypted connections due to the URL prefix "https://" in the page link of your browser's address bar. Unencrypted pages are identified by "http://". However, we would like to point out that data transmission via the Internet (e.g. in the case of communication by e-mail) can always have security gaps. A complete protection of your transmitted data against unauthorized access by third parties is not possible.

When contacting the operator via our inquiry/contact form as well as when ordering free brochures, the following user information is processed in order to manage the request as well as to answer any follow-up questions that might arise: salutation, first and last name, e-mail address, telephone number, street, postal code, country. In addition, other specified data concerning the request (e.g. period of stay, type of accommodation) is processed as well. All collected personal data will be deleted by the operator within 12 months after completion of the request's processing.

If you voluntarily provide us with "sensitive" data (special categories of personal data within the meaning of Art. 9 GDPR) (e.g. existing allergies or your religious confession), this will only be done on the basis of your explicit consent to data processing for the purpose of handling your request. This consent can be revoked at any time by sending a message to Ötztal Tourismus (dsb@oetztal.com).

Personal data disclosed by the user will only be processed by the operator to the extent actually required for the processing of the current request and/or the provision of the requested service. According to Art. 6 (1) lit. b GDPR, these data processing operations are necessary to fulfill the contract or, respectively, to carry out pre-contractual measures.

In the course of this data processing operation, the operator also partially forwards personal data collected to the processor (see 15. Processors). If there is a legal or regulatory obligation, data will also be transmitted to public authorities (Art. 6 (1) lit. c GDPR).

When ordering in the lift ticket/voucher shop, your entered data (in particular first name, surname, address, e-mail address) will be transmitted to the joint controllers in the sense of the joint control stated above and processed by them. This is done in each case for the fulfilment of the contract in connection with the provision of the shop, for the provision of services as well as for proportionate direct advertising by the joint controllers (Art. 6 (1) lit. b, lit. f GDPR).

In the course of this data processing operation, the operator also partially forwards the collected personal data to processors (see 15. Processors). In the event of a legal or regulatory obligation, the data will also be transferred to public authorities (Art 6 (1) lit. c GDPR).

No registration is required for the use of this website and the use of the services offered. However, by registering through a user account you will enjoy access to additional contents and services as well as to your personal user profile. One of the advantages of this registration is that you don't have to enter your personal data each time you make a booking. Your personal user profile provides a detailed overview of completed and active orders/bookings. You have the option to terminate the registration at any time or by e-mail to dsb@oetztal.com.

In the course of your registration personal data - first name, last name as well as e-mail address - is collected and processed. This data is required for the provision of the additional contents in accordance with Art. 6 (1) lit. b GDPR for the fulfillment of the contract or the data processing is in the legitimate interest of the controllers (Art. 6 (1) lit. f GDPR [appropriate profiling and direct marketing]). The data is stored for the duration of the registration and for a maximum of one month after the registration before it is e deleted. The storage of data beyond the existence of such a registration serves to prosecute legal violations and thus lies in the legitimate interest of the controllers (Art. 6 (1) lit. f GDPR).

The user accounts are operated centrally by Ötztal Tourismus. Data is collected either directly by Ötztal Tourismus or - within the framework of joint control - by the respective website operators.

In the course of your registration and also thereafter you can make use of other services which also result in further data processing operations (e.g. with regard to your telephone number, your address, your date of birth, your payment details, your interests). This data is necessary for the provision of the services offered in accordance with Art 6 (1) lit. b GDPR (for the performance of the contract) or the processing of this data is in the legitimate interest of the operator (Art 6 (1) lit. f GDPR). The legitimate interest of the operator results in particular from its interest in an efficient (targeted and also more favourable) advertising of services, products, competitions or offers. In some cases, profiling within the meaning of the GDPR also takes place here (see 12. Profiling).

In the course of this data processing operation, the operator also partially forwards personal data collected to the processor (see 15. Processors). If there is a legal or regulatory obligation, data will also be transmitted to public authorities (Art. 6 (1) lit. c GDPR).

When participating in prize games organized by the websites, the following personal data will be collected: salutation, first and last name, e-mail address, address, telephone number, country, date of birth.

This data is processed by the respective operators for the administration and processing of the prize game (in particular for the assignment of prize game participation requests as well as for the determination and notification of winners). They are stored for the duration of the prize game and - for processing any profit and damage claims that might arise - for a maximum of 40 months thereafter before they are deleted.

In the event of a winning prize, the participant agrees that he/she will be named and published as the. This consent to data processing and publication may be revoked by the participant in the prize game at any time prior to notification of the prize by contacting the respective controller and thereby the participation in the price game can be terminated. The prize game can be carried out only on the basis of the appropriate marketing communication of the price game and the winner; For this reason, the participant in the prize game accepts the appropriate data processing operations and publication of his data, which are also mainly in the interest of Ötztal Tourismus.

In the course of this data processing operation, the operator also partially forwards personal data collected to the processors (see 15. Processors). If there is a legal or regulatory obligation, data will also be transmitted to public authorities (Art. 6 (1) lit. c GDPR). If required or helpful for the delivery or order processing, personal data will also partly be forwarded to third party service providers (e.g. delivery services).

On the basis of a separate consent to be granted, a marketing-related processing of personal data provided can take place as well. In this case the participant receives our newsletter and direct marketing measures can take place (see 09. Newsletter as well as 10. Direct Marketing). You may revoke your consent to the processing of your data or, respectively, disallow the processing of your data for this purpose at any time by sending an e-mail to dsb@oetztal.com.

If a user subscribes to the newsletter of the operator, personal data of the user or wishes to receive other types of mails ("campaigns") personal data of the user, namely salutation, first and last name as well as e-mail address is collected and processed. Afterwards, the user regularly (in any case personalized [see 12. Profiling]) e-mails or other messages (e.g. "push") tailored to his preferences, containing information and offers of the operator (hereinafter "newsletter"). In general, the administration of newsletter marketing is carried out centrally by Ötztal Tourismus as part of joint information processing (see above).

Subscribing to the newsletter - as well as subscribing to other types of mailings ("campaigns") - requires the consent of the user pursuant to Art 6 (1) lit. a GDPR that his/her data may be used for the regular sending of the newsletter or, respectively, the other types of mailings.

The registration uses the double opt-in procedure - unless the identity of the data subject is ensured in another way. After logging in, the user will receive a confirmation and authorization e-mail to the e-mail address provided, with the respective request to click on the link contained therein. This ensures that only the authorized user of the given e-mail address can sign up for the newsletter. If you register for the newsletter online, we will store the IP address of the computer system used at the moment of registration by the data subject as well as the exact date and time of registration. This procedure is necessary to document your consent and thus fulfil the obligations of the controller under data protection law.

Our newsletters use a standard tracking system. Using an embedded tracking pixel, we can detect if and when an e-mail was opened by the user and which links in the e-mail were accessed. This information is evaluated by our experts in order to optimize the delivery of newsletters and to better adapt the content of future newsletters to your favourite interests. This personal data will not be disclosed to third parties.

The user can unsubscribe from the newsletter or the other types of mails ("campaigns") at any time. At the end of each newsletter or other type of mail, there is a link that the user can use to unsubscribe from the respective mailing (revocation of consent to data processing in relation to the respective mail sent). Alternatively, the user can also send a corresponding e-mail to newsletter@reply.oetztal.com, newsletter@reply.soelden.com, newsletter@reply.gurgl.com. The revocation of consent to data processing in relation to the general newsletter does not remove any additional consent given to data processing in connection with other types of mails ("campaigns"); the same applies vice versa. In order to revoke consent in relation to all newsletters/ types of mails, the user can send an email to dsb@oetztal.com.

In the course of this data processing operation, the operator also partially forwards personal data collected to the processors (see 15. Processors).

In addition to sending out newsletters on the basis of a corresponding consent, the operator reserves the right within the meaning of sec. 107 (3) of the Telecommunications Act (TKG) and Art. 6 (1) lit. f GDPR (legitimate interest in proportionate use of direct marketing) to process data of its customers in connection with the sending of offers and information regarding services and offers of the operator by post or by e-mail for own advertising purposes: salutation, first and last name, e-mail address, telephone number, address, country, transaction data (purchased products/services plus data).

In this sense, customers (persons who have received goods or services from the operators within the last 27 months, unless they are included in the "Robinson list" referred to in sec. 7 (2) of the E-Commerce Act and unless they have objected when the data was collected) receive direct advertising for the operators' own similar products or services (for example, after completing a booking or after departure). The user then receives - if necessary personalized (see 12. Profiling) - e-mails or other messages (e.g. "push") with information and offers from the operator geared to his needs.

You can revoke the processing of your personal data for this purpose at any time, either when entering your data or by sending an e-mail afterwards to dsb@oetztal.com.

In the course of temporary actions (e.g. guest surveys) personal data is processed by the operator. Participation in these actions is voluntary, therefore the visitor can decide independently whether he wants to disclose personal data or not. Personal data (such as name, e-mail address, telephone number), demographic data (e.g. postal code, age group) or other data may be affected here.

Data is used to provide the requested service to the website visitors. Personal data collected is used on the basis of our legitimate interest (Art. 6 (1) lit. f GDPR) in order to further improve both our website and our services. As far as possible by taking into account also the respective processing purpose, anonymous or pseudonymized data processing takes place. In this context you have the right to object to the processing of your personal data for reasons that arise from your particular situation; Please contact us by sending an e-mail to dsb@oetztal.com.

By giving consent to the setting of personalization cookies, the user also consents to the automated processing and aggregation of the personal data collected/entered in order to evaluate certain personal aspects of the user (in particular leisure and travel interests). Here, a "segmentation" is only carried out based on the interests derived from the evaluation of the sub-pages visited and actions carried out; an analysis of the age group, the purchasing power, the gender of the user or the demographics or, respectively, data processing aimed at this does not take place. The operator does not make any decisions based on the existing profiling data that has legal effects on the user.

The user thereby gives his consent to appropriate profiling (Art. 6 (1) lit. a GDPR). Users can revoke their consent to the setting of cookies at any time by making the appropriate setting in the cookie manager as well as their consent to appropriate profiling under data protection law at any time by sending an e-mail to dsb@oetztal.com.

In the association area of Ötztal Tourismus, it is possible to connect to the internet with mobile devices via WLAN hotspots at a large number of locations. After establishing a connection to the WLAN hotspots provided by the operators for the first time, the user must enter his e-mail address to use the connection to the Internet and agree to the terms of use of the processor LOOP21 Mobile Net GmbH (Hirschstettner Straße 19, 1220 Vienna, Austria). By sending this form, the e-mail address will be transmitted to LOOP21 Mobile Net GmbH - exclusively for verification purposes and to prevent misuse - and LOOP21 Mobile Net GmbH will subsequently grant the user 30 minutes of free Internet access. The processing of the e-mail address as well as any other user and usage data (MAC address, websites visited, etc.) is necessary for the provision of the services offered pursuant to Art 6 (1) lit. b GDPR (for the performance of the contract) or the processing of this data is in the legitimate interest of the operator or, respectibely, processor (Art 6 (1) lit. f GDPR; abuse control, documentation in relation to any claims for damages). Any further processing of the data provided (e.g. for marketing purposes) does not take place in this context.

If the user would also like to use the internet access via the WLAN hotspots of the operators (after expiry of the free usage period), the registration with a user account (see 07. User accounts [Ötztal Inside]) as well as the consent to receive newsletters (see 09. Newsletter) is required vis-à-vis the operators. In this respect, the consent (Art 6 (1) lit. a GDPR) to the data processing for the creation of a user profile and for the sending of marketing newsletters constitutes the legal basis for the processing of personal data as well as the consideration for the provision of internet access via the WLAN hotspots. Alternatively, users also have, Inter alia, the option of using roaming services (which may be subject to a charge) with their telecom providers. After completion of the double opt-in procedure to register with a user account and to register for the newsletter, unlimited internet access is activated. You can revoke your consent to the processing of your data for these purposes at any time by sending an e-mail to dsb@oetztal.com.

14.1. General Information on Cookies and other Technologies

Our websites use (store) Cookies. Cookies are pieces of information (text files) that are stored by a website on the user's end device. Information can be written to these text files, which can be read out again at a later time. The purpose of cookies is to store information and allow access to it at a later time. Cookies cannot be used to read other data on the user's end device. In particular, websites use cookies to restore their previous user preferences, track the history of user inquiries or analyze user behavior and to increase the efficiency and relevance of advertising measures.

Our websites store on the one hand "session cookies", which are deleted again after leaving the website, and on the other hand "permanent cookies", which remain stored on the end device until they are active or automatically deleted.

The use of the website is also possible without cookies. The user can either manage the storage of cookies on our website via the cookie manager (in doing so, "necessary cookies" cannot be rejected) or deactivate the storage of cookies in his browser, restrict it to certain websites or set his browser so that he is notified before a cookie is stored. The user can delete the cookies at any time from his end device's hard disk by adapting the data protection functions of his browser. In this case - especially if "necessary" cookies are also prevented - the functionality and usability of the website may be restricted.

In some cases, also other technologies, in particular tracking pixels, are used instead of or in addition to cookies. Tracking pixels are small graphics embedded in the website or newsletter that are automatically loaded when a website or newsletter is opened and enable the tracking of user behaviour. The loading of a tracking pixel can be interpreted in a web analysis tool as a page view or email opening and thus enables improved reporting to increase the efficiency and relevance of advertising measures. Where "cookies" are referred to in the following, this also includes the use of other technologies, in particular tracking pixels (see the description of the service in each case).

14.2 Categories of Cookies

Necessary:
These cookies are absolutely necessary for the operation of the site and enable, for example, security-relevant functionalities. In addition, this type of cookie is used, for example, to save the settings you have made for cookies.

Statistics:
In order to further improve our offer and our website, we collect anonymized data for statistics and analyses. With the help of these cookies, we can, for example, determine the number of visitors and the effect of certain pages of our website and optimize our contents.

Comfort:
We use these cookies to make it easier for you to use the site. For example, you can conveniently return to a previous accommodation search when you visit our website again.

Personalization:
These cookies are used to show you personalised content that matches your interests. This allows us to present you with offers that are particularly relevant to you and your planned trip.

14.3 Legal Basis for the Use of Cookies and other Technologies

The storage of "necessary cookies" is based on the Telecommunications Act and on the operator's legitimate interest (Art. 6 (1) lit. f GDPR) in a trouble-free and optimized presentation of the website.

Otherwise (for statistics cookies, comfort cookies and personalization cookies), cookies are only stored with the express consent of the user (Art 6 (1) lit. a GDPR) via the cookie manager. Users can thus individually consent to the storage of cookies for the duration of the respective session or until active or automatic deletion. Users can revoke their consent to the setting of cookies at any time by making the appropriate setting in the cookie manager.

In some cases, cookies also support the processing of personal data or profiling:

By giving their consent to the setting of statistical cookies, users agree to the analysis of website usage to optimize the user experience, to the evaluation of advertising measures carried out, as well as to the analysis of aggregated data on the use of the website. The users thereby give their consent to the data processing operations respectively described in more detail in the cookie manager or in this data protection agreement (Art. 6 (1) lit. a GDPR). Users can revoke their consent to the setting of cookies at any time by making the appropriate setting in the cookie manager as well as you can revoke your consent under data protection law at any time sending an e-mail to dsb@oetztal.com.

By giving their consent to the setting of comfort cookies, users agree to the recording and other processing of usage and booking data. Users thereby give their consent to the data processing operations respectively described in more detail in the Cookie Manager or in this data protection agreement (Art. 6 (1) lit. a GDPR). Users can revoke their consent to the setting of cookies at any time by making the appropriate setting in the cookie manager as well as you can revoke your consent under data protection law at any time by sending an e-mail to dsb@oetztal.com.

By giving their consent to the setting of personalization cookies, users also consent to the automated processing and merging of the personal data collected/entered in order to evaluate certain personal aspects of the user (in particular leisure and travel interests) (see 12. Profiling) and, based on this, to enable interest-based advertising of the operators' offers to the user. Users thereby give their consent to appropriate profiling (Art. 6 (1) lit. a GDPR), whereby the operator does not make any decisions based on this that have legal effects vis-à-vis the users. Users can revoke their consent to the setting of cookies at any time by making the appropriate settings in the cookie manager as well as revoke their consent to appropriate profiling under data protection law at any time by sending an e-mail to dsb@oetztal.com.

The setting of a variety of third-party cookies can also be edited via the links below: https://www.aboutads.info/choices/ or https://www.youronlinechoices.com/uk/your-ad-choices.

14.4 Web Analytics and Advertising Tools

Google Services
This website uses the web analytics service Google Analytics, the advertising service Google Ads (remarketing and conversion tracking), Google Tag Manager, Google Optimize, Google Campain Manager (Floodlight conversions) as well as the Google Ad Manager of the Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. ("Google") or, respectively, the Google Irland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Unless the user has given his active consent to the use of cookies and other technologies via the cookie manager, necessary cookies are only set or, respectively, services are only used within the framework of the operator's legitimate interest in analyzing and optimizing the websites and services and in increasing the efficiency and relevance of advertising measures (Art. 6 (1) lit. f GDPR) and the so-called "consent mode" is used, which means that no personal data of the user is processed. The services Google Analytics (in consent mode), Google Ads (in consent mode) and Google Campaign Manager (in consent mode), Google Tag Manager (tool for controlling the integrated tracking codes), Google Ad Manager (without cookies) as well as Google Optimize (A/B testing) are then used.

When consent is given to the storage of statistical cookies, the Google Analytics service stores cookies on the user's end device. The information then generated about your use of the website is generally transmitted to a server of Google Irland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) and processed. Please note that this website uses Google Analytics with the extension "_anonymizeIp()" and that IP addresses are therefore only processed in abbreviated form in order to exclude the possibility of direct personal references. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website usage and internet usage to the website operator. The IP address transmitted within the scope of Google Analytics will not be merged with other data from Google. The access data and any personal data of users processed in this context will be deleted after 50 months at the latest. Users can prevent the collection of the data generated by the cookie and related to their use of the website (including their IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en. More information on the terms of use and data protection regarding Google Analytics can be found at http://www.google.com/analytics/terms/de.html.

When consent is given to the storage of personalization cookies, the Google Ads (remarketing and conversion tracking), Google Campain Manager (floodlight conversions) as well as Google Ad Manager services use cookies and similar technologies which improve campaign performance reports for the operators (conversion tracking) and which enable third-party providers (incl. Google) to analyse the user's previous usage behaviour and to base the placement of advertisements on this. For this purpose, cookies are stored on the user's end device and used to serve ads based on a user's previous visits to this website when the user later visits another website. The user is identified by means of cookies. With the help of the cookies, user behaviour when visiting the website can be analysed and then used for targeted product recommendations and interest-based advertising. If the user does not wish to receive interest-based advertising, he or she can deactivate the use of personalization cookies with the cookie manager or deactivate personalised advertising in his or her own Google account and adjust advertisements in the Google Display Network by visiting the deactivation page for DoubleClick. Alternatively, the user can deactivate the use of cookies by third-party providers (https://adssettings.google.com/anonymous). More information on the terms of use and data protection regarding Google services can be found at https://www.google.com/policies/technologies/ads/.

If and to the extent that data is transferred to Google (USA), this is based on the use of standard data protection clauses pursuant to Art. 46 (2) lit. c GDPR, which we have concluded directly or Google Ireland Limited has concluded with Google. These standard data protection clauses oblige Google to process the data in such a way that a level of data protection comparable to that in the EU is guaranteed.

Web analysis service of intelliAd Media GmbH
When consent is given to the storage of statistics cookies, the service of intelliAd Media GmbH, Sendlinger Str. 7, 80331 Munich, Germany, stores cookies on the user's end device. We use the intelliAd Media GmbH web analytics service with bid management for demand-oriented design as well as for optimisation of the web pages. By default, only anonymized usage data is processed and stored in aggregated form as well as usage profiles are created from this data, which, however, cannot be assigned to a specific person. You can prevent the setting of cookies via the cookie manager or object to the processing of your usage data via the intelliAd opt-out function (for more information, see https://www.intelliad.de).

TikTok
When consent is given to the use of personalization cookies, the "TikTok pixel" provided by and for which TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok") is responsible is used or, respectively, activated on our websites as well as cookies are stored on the user's terminal device. With the help of the TikTok pixel, it is possible for TikTok to determine the visitors to the website as a target group for the display of advertisements. Accordingly, we use the TikTok pixel to display the TikTok ads placed by us only to those TikTok users who have also shown an interest in our online offering or who exhibit certain characteristics that we transmit to TikTok. The TikTok pixel also allows us to statistically analyze the TikTok ads served. Data processing by TikTok is carried out in accordance with TikTok's Data Use Policy. For more information and details about the TikTok pixel and how it works, please visit the TikTok help section: https://www.tiktok.com/legal/privacy-policy?lang=de.

If and to the extent that data is transferred to group companies of TikTok outside the EEA (in particular in the USA or China), this is based on the use of standard data protection clauses pursuant to Art. 46 (2) lit. c GDPR, which we have concluded directly or which TikTok Technology Limited has concluded with the respective company. These standard data protection clauses oblige the respective company to process the data in such a way that a level of data protection comparable to the EU is guaranteed (see for example https://ads.tiktok.com/i18n/official/policy/controller-to-controller).

Teads
When consent is given to the storage of personalization cookies, cookies are stored on the user's terminal device by the "Teads" service of Teads Deutschland GmbH, Poststraße 6, 20354 Hamburg, in order to be able to display personalized advertising contents to the user. Teads collects the source of the device, the browser type, approximate location information, the website visited, the user's interactions with advertisements, as well as the user's IP address, the last octet of which is deleted for anonymization. This data is used across devices to filter ad delivery by, among other things, user interests and location, and to prevent a user from being shown the same ad again. For the advertisers' internal business analysis, the data is statistically analyzed. Teads does not collect or process information that allows to directly identify a specific person. This data processing is based on your consent according to Art. 6 (1) lit. a GDPR, which can be revoked at any time by sending a message to Ötztal Tourismus (dsb@oetztal.com).

You can object to tracking for the display of interest-based advertising by Teads at any time; to do so, click on the opt-out link provided in the Teads privacy policy at https://www.teads.com/privacy-policy/. Here you can also obtain further information on Teads' data protection. The opt-out is only valid for the particular device you are using and also loses its validity when you delete your cookies.

Criteo
When consent is given to the storage of personalization cookies, cookies are stored on the user's terminal device by the "Criteo" service of Criteo SA, 32 Rue Blanche, 75009 Paris, France, in order to generate and evaluate information about the surfing behavior of website visitors in pseudonymized form. Criteo uses an algorithm to analyze the surfing behavior and can then display targeted product recommendations as personalized advertising banners on other websites (so-called publishers). In no case can the collected data be used to personally identify the visitor of this website. It will not be used in any other way or passed on to third parties. The data is stored for up to 13 months and then automatically deleted.

Further information on Criteo's data protection can be found here: https://www.criteo.com/de/privacy.

This data processing is based on your consent pursuant to Art. 6 (1) lit. a GDPR, which can be revoked at any time. To do so, you must click the "Deactivate Criteo services" button in Criteo's data policy statement: https://www.criteo.com/de/privacy/.

Plista
When consent is given to the storage of personalization cookies, cookies are stored on the user's terminal device by the "Plista" service of plista GmbH, Torstraße 33-35, 10119 Berlin, Germany, in order to be able to display (presumably) interest-based advertising contents to the user. For this purpose, Plista compares the interests of users of the websites with each other and recommends the favorites of similar users in each case. For this purpose, it is necessary for Plista to evaluate the interests and distinguish individual website visitors from each other without knowing their identity. For this purpose, Plista compares the reading behavior (including clicks, visits, date) of different visitors with each other. This only happens on pages on which Plista is activated. Recommendations are generally made anonymously - i.e. ratings and click data are used in the algorithm, while it is not possible for third parties to see or read the data basis. In order for Plista to be able to deliver the relevant recommendations to the website visitor, which fall within his/her area of interest, Plista combines this rating and click data into a usage profile and evaluates it. To provide this service, Plista requires anonymous data. Anonymous usage data provides information about the website views, clicks of a website visitor and his/her reading behavior without any personal reference. When collecting anonymous data, it is in no way possible to draw a conclusion about your identity. All data is collected anonymously and protected by Plista's terms of use and privacy policy.

You can find more information about plista's data protection here: https://www.plista.com/de/about/privacy/.

This data processing is based on your consent pursuant to Art. 6 (1) lit. a GDPR, which can be revoked at any time. To do so, you must click on the "Opt Out" field (8. Opt-Out/Right of Revocation) in Plista's data privacy statement, available at: https://www.plista.com/de/about/privacy/.

Emarsys
When consent is given to the storage of personalization cookies, cookies are stored on the user's terminal device by the "Emarsys" service of Emarsys eMarketing Services AG ("Emarsys"), Märzstraße 1, 1150 Vienna, Austria, in order to be able to send subscribers to our newsletter (presumably) newsletter contents tailored to their interests. This requires the processing of data on accommodations or other products and topics that you have viewed on our websites, as well as information about your computer, your browsing history and the time of the website visit. This data is processed exclusively anonymously or, respectively, pseudonymously. If you enter your e-mail address, the data will be merged with the data from the newsletter tool Emarsys in order to create newsletters and advertising that are suitable and interesting for you. The cookies are deleted after 1 year. Session cookies are already deleted at the end of the session. These data processing operations are based on sec. 96 (3) of the Telecommunications Act (TKG), your consent (Art. 6 (1) lit. a GDPR) and our overriding legitimate interest (Art. 6 (1) lit. f GDPR) in interest-based direct marketing. Users can prevent the setting of cookies via the cookie manager as well as unsubscribe from the newsletter at any time (see 09. Newsletter).

LinkedIn Insight-Tag
When consent is given to the storage of personalization cookies, cookies are stored on the user's terminal device by the LinkedIn Insight-Tag service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"), in order to use analysis and conversion tracking technology. This enables more relevant, (presumably) interest-based advertising contents to be displayed to users. Furthermore, the operators of LinkedIn receive aggregated and anonymous reports of ad activities and information about how users interact with the websites. For this purpose, LinkedIn uses a Javascript code (Insight tag), which in turn places a cookie in your web browser or uses a pixel.

Via the LinkedIn Insight tag, data about the use of our website is collected, including URL, referrer URL, IP address, device and browser properties, timestamps and page views. The data collected via the LinkedIn Insight tag by LinkedIn is encrypted and anonymized within 7 days. The anonymized data is deleted within 90 days. LinkedIn does not share any personal data with website operators, but only provides aggregated reports on website audience and display performance.

If and to the extent that data is transferred to LinkedIn group companies outside the EEA (in particular in the USA), this is based on the use of standard data protection clauses pursuant to Art. 46 (2) lit. c GDPR, which we directly or LinkedIn Ireland Unlimited Company have concluded with the respective company. These standard data protection clauses oblige the respective company to process the data in such a way that a level of data protection comparable to the EU is guaranteed (see for example https://de.linkedin.com/legal/l/dpa?).

This data processing is based on your consent pursuant to Art. 6 (1) lit. a GDPR, which can be revoked at any time. To do this, you can make appropriate cookie settings in the cookie manager or in your browser, or you can set an opt-out at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Facebook Pixel, Custom Audiences and Conversion API
When consent is given to the use of personalization cookies, the Facebook Pixel provided and for which "Facebook" is responsible (company name Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) as well as the services "Custom Audiences" and "Conversion API" are used or, respectively, activated on our websites as well as cookies are stored on the user's terminal device. With the help of the Facebook Pixel, it is possible for Facebook, on the one hand, to determine the visitors to our online offer as a target group for the display of ads. Accordingly, we use the Facebook pixel to display the advertisements placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products, which are determined on the basis of the websites visited), which we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion"). The Facebook pixel is integrated directly by Facebook when you visit our websites and can store cookies on your device. If you subsequently log in to Facebook or visit Facebook while logged in, the visit to our online offering will be noted in your profile. The data collected about you is anonymous for us, so it does not offer us any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can (also) be used by Facebook for its own market research and advertising purposes. If we should transmit data to Facebook for matching purposes, this data is encrypted locally in on the browser and only then sent to Facebook via a secure https connection. This is done solely for the purpose of creating a comparison with the data encrypted in the same way by Facebook. The processing of the data by Facebook takes place within the framework of Facebook's data usage policy (see https://www.facebook.com/policy.php). Specific information and details about the Facebook pixel and how it works can be found in Facebook's help section (https://www.facebook.com/business/help/651294705016616). You can object to the collection by the Facebook Pixel and use of your data to display Facebook ads. To set which types of advertisements are displayed to you within Facebook, you can go to the page set up by Facebook and change the instructions for the settings of usage-based advertising there (https://www.facebook.com/settings?tab=ads). The settings are made independently of the platform, i.e. they are adopted for all devices, such as desktop computers or mobile devices.

This data processing is based on your consent pursuant to Art. 6 (1) lit. a GDPR, which can be revoked at any time. To do this, you can make the appropriate cookie settings in the cookie manager or in your browser, and also select the opt-out options listed above.

If and to the extent that data is transferred to Facebook group companies outside the EEA (in particular in the USA), this is based on the use of standard data protection clauses pursuant to Art. 46 (2) lit. c GDPR, which we have concluded directly or which Facebook Ireland Ltd has concluded with the respective company. These standard data protection clauses oblige the respective company to process the data in such a way that a level of data protection comparable to that in the EU is guaranteed (see for example https://www.facebook.com/legal/EU_data_transfer_addenDum).

TheTradeDesk
When consent is given to the use of personalization cookies, the pixel provided and for which we are responsible by "TheTradeDesk" (The UK Trade Desk Ltd, 10th Floor, 1 Bartholomew Close London EC1A 7BL United Kingdom) and the retargeting services (retargeting on the Internet) are used or, respectively, activated on our websites as well as cookies are stored on the user's terminal device. This allows users to be shown more relevant, (presumably) interest-based advertising contents. Banner ads, video ads, and image/text combinations (= native advertising) are used on all online platforms and media. Data is collected about the use of our website, IP address, device and browser characteristics, interests, advertising ID, location (based on the ID). The data collected by TheTradeDesk is kept encrypted and pseudonymized by TheTradeDesk for up to 18 months and then anonymized or deleted.

This data processing is based on your consent pursuant to Art. 6 (1) lit. a GDPR, which can be revoked at any time. To do so, you can make appropriate cookie settings in the cookie manager or in your browser, as well as furthermore by opting out via the following link: http://www.adsrvr.org.

If and to the extent that data is transferred to group companies of TheTradeDesk outside the EEA (in particular in the USA), this is based on the use of standard data protection clauses pursuant to Art. 46 (2) lit. c GDPR, which we have concluded directly or which The UK Trade Desk Ltd has concluded with the respective company. These standard data protection clauses oblige the respective company to process the data in such a way that a level of data protection comparable to the EU is guaranteed.

Pinterest Tag
When consent is given to the storage of personalization cookies, the "Pinterest" service of Pinterest Europe Limited (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) stores cookies on the user's terminal device and processes certain data regarding the surfing behavior (e.g. products viewed, website visited) or the user (operating system used, time/date of access) in order to use analysis and conversion tracking technology. This allows users to be shown more relevant, (presumably) interest-based advertising contents. The collected data is stored by Pinterest and can be assigned to a possible user profile on Pinterest and used for advertising purposes. For more information, please visit https://policy.pinterest.com/de/privacy-policy.

This data processing is based on your consent pursuant to Art. 6 (1) lit. a GDPR, which can be revoked at any time. To do so, you can make appropriate cookie settings in the cookie manager or in your browser, as well as furthermore by opting out via the link below: https://www.adup-tech.com/oba

Axel Springer Teaser Ad GmbH
When consent is given to the storage of personalization cookies, the "AdUp" service of Axel Springer Teaser Ad GmbH (Axel-Springer-Strasse 65, 10969 Berlin, Germany) stores cookies on the user's terminal device and processes certain data regarding the user's surfing behavior (e.g. website previously visited) or the user (cookie ID, advertising ID) in order to use analysis and conversion tracking technology. This enables more relevant, (presumably) interest-based advertising contents to be displayed to users. For more information, please visit https://www.adup-tech.com/datenschutz/.

This data processing is based on your consent pursuant to Art. 6 (1) lit. a GDPR, which can be revoked at any time. To do so, you can make the appropriate cookie settings in the cookie manager or in your browser, as well as use the "Do Not Track" function in your browser.

14.5 Embedded Contents

YouTube
Our website uses the Youtube embedding function to display and play videos from the provider "Youtube" (Google Irland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). The extended data protection mode is used here, which, according to the provider, only initiates the storage of user information when the video(s) is/are played. In addition, the operators strive to prevent the setting of cookies by "YouTube" as far as possible. Further information on data protection at "YouTube" can be found in the provider's data privacy statement at: https://policies.google.com/privacy?hl=de.

Streamchartz
On this website the service Streamchartz ("Social Walls") of Channel Media GmbH (Viktor-Keldorfer-Straße 1, 5020 Salzburg, Austria) is embedded as a service. No cookies or tracking pixels are set by Streamchartz. More information about the data privacy statement at Streamchartz: https://streamchartz.com/s/de/datenschutzerklaerung/.

In the course of data processing, the operator also partly forwards personal data collected to the following processors within the European Union. In order to safeguard your data protection rights, a contract was stipulated with every single processor in accordance to Art. 28 GDPR:

• Emarsys Interactive Services GmbH, Stralauer Platz 34, 10243 Berlin, Germany
• Feratel Media Technologies AG, Maria-Theresien-Straße 8, 6020 Innsbruck
• Incert eTourismus GmbH & Co KG, Leonfeldner Straße 328, 4040 Linz
• Accenture GmbH, Schottenring 16, 1010 Vienna
• Datatrans AG, Kreuzbühlstrasse 26, CH-8008 Zurich, Switzerland
• Ingenico Payment Services GmbH, Daniel-Goldbach-Str. 17-19, 40880 Ratingen, Germany
• Eventjet Austria, Datascroll Eventsupport GmbH, Eggerthgasse 9, 1060 Vienna
• eMarketer, Lehner Au 171, 6444 Längenfeld
• intelliAD GmbH, Sendlinger Strasse 7, 80331 Munich, Germany
• Team Tourismusmarketing GmbH, Kaulbach Strasse 4, 80539 Munich, Germany
• Jais Dominik, Außerweg 182, 6145 Navis, Austria
• internex GmbH, Lagerstraße 15, 3950 Gmünd, Austria
• SKIDATA Austria GmbH, Hochthronstraße 1-7, 5083 Grödig / Salzburg, Austria
• PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main, Germany
• Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland
• Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. („Google“) or, respectively, the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
• LOOP21 Mobile Net GmbH, Hirschstettner Straße 19, 1220 Vienna, Austria

Personal data will only be transmitted in accordance with currently applicable laws and on a lawful basis, as well as with the utmost confidentiality and data security.

As part of the joint processing of personal data related to the operation of our websites and the implementation of marketing measures, an exchange of data between the above-mentioned controller takes place.

Case-related personal data is transmitted to the following categories of recipients:

• Offices, authorities (including customs, interest groups)
• Banks
• IT service providers
• Business partners, distribution partners, suppliers
• Debt collection, lawyers, courts, accountants
• Customers
• Leasing companies
• Member businesses of Ötztal Tourismus
• Travel service providers (hotels etc.)
• Insurance companies (on occasion only)

If the lawfulness for a specific data processing is based on the consent of the user, it can be revoked at any time (also partially) by sending an e-mail to dsb@oetztal.com. This may affect the functionality of the contents offered on this website or make the further use of our services impossible.

Furthermore, the user has a right to information about personal data concerning him/her, data portability, correction or deletion of personal data as well as limitation or opposition to the processing of his/her personal data. The user can exercise these rights by sending a written request including an appropriate proof of identity (photo ID) to Ötztal Tourismus, Achweg 5, 6450 Sölden, Austria dsb@oetztal.com.

If you fear any breach of privacy rules by the operator, we politely ask you contact us. You also have a right to send an official complaint to the Austrian Data Protection Authority (Barichgasse 40-42, 1080 Vienna, dsb@dsb.gv.at, www.dsb.gv.at).

The use of published contact data (for example as part of the mandatory imprint) for sending unsolicited advertising and information material is hereby rejected. The operators of the websites expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, for example by distributing spam e-mails.

Ötztal Tourism is a partner of the WIFI programme "Talents for Tourism", which aims to inspire and train career changers for work in tourism. Interested parties can thereby acquire a state-recognised vocational qualification (e.g. to work in service, in the kitchen or at reception) within 18 months.

In order to participate in this programme, interested parties have the opportunity to voluntarily provide their contact details on the platforms of Ötztal Tourismus. Participation in this programme requires the consent of the interested parties pursuant to Art 6 para 1 lit a of the GDPR that their personal data may be processed as follows:

Ötztal Tourismus will process the following personal data of the interested parties: First name, last name, e-mail, telephone number, desired training occupation, desired training company (multiple selection possible). This data will then be forwarded to the member businesses participating in this programme (catering, hotel and leisure businesses in the association area of Ötztal Tourismus) or, if applicable, only to the specified member businesses as potential future employers or, respectively, the personal data will be disclosed to these member businesses. The participating member businesses act as independent data controllers within the meaning of the GDPR. In this way, the participating member businesses can contact the interested parties in order to enable possible employment/training of the interested parties. In the course of this data processing, Ötztal Tourismus sometimes also forwards the collected personal data to processors (see 15. Processors). In the event of a legal or regulatory obligation, the data will also be transferred to public authorities (Art 6 para 1 lit c GDPR).

Ötztal Tourismus collects this data directly from the data subjects. The data will only be processed by Ötztal Tourismus to the extent that this is actually necessary for the participation of the interested parties in the "Talents for Tourism" programme. The processing of the data is based on your consent (Art 6 para 1 lit a GDPR, Art 9 para 2 lit a GDPR). You can revoke your consent at any time vis-à-vis Ötztal Tourismus (dsb@oetztal.com), but this will mean that no further "placement activities" can then take place within the framework of the "Talents for Tourism" programme. The legality of the data processing carried out on the basis of the consent until the revocation is not affected by the revocation. Otherwise, the personal data collected will be deleted within 12 months after the interested parties have entered it.

Changes to this Privacy Policy

We reserve the right to change this Privacy Policy without prior notice. We therefore recommend that you read this statement at regular intervals.

Sölden, 13.04.2022