Privacy Policy
This privacy policy serves to inform you as a user of our website and services about our policies concerning the processing of personal data, as well as the scope, purpose, duration and legal basis of the processing carried out by us directly or in cooperation with partners. It will also list the third-party components used by us, e.g. for provision, optimization purposes and to improve the quality of our website and services, wherever data is potentially passed on to third parties or processed by third parties through the use of external components.
In order to protect your data in the best way possible, wo process personal data, hereinafter also referred to simply as “data”, only in the course of providing our services and optimizing our website, as well as the associated services and content.
NOTE: This Policy is a translation of our german Privacy policy. In the event of any discrepancy or inconsistency between the English and German versions, the German version shall prevail.
Definition: Processing
Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the „GDPR“), „processing“ refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.
The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience which may result in said third parties also processing data they collect and control.
Our privacy policy is structured as follows:
- Information about us as the controller
- Rights of users and data subjects
- Information on data processing
- Further information on data processing
- Data processors
- Social Media, Messenger and Chat-Platforms
Information about us as controllers of your data
The party responsible for this website (the „controller“) for purposes of data protection law is:
Schifffahrt am Wolfgangsee GmbH
Monika Ratz
Brunnleitweg 32
5340 St. Gilgen
Austria
The controller’s data protection officer is:
Monika Ratz
E-Mail-Address: office@schifffahrt-am-wolfgangsee.at
Phone: +43 664 55 47 431
Website: https://www.schifffahrt-am-wolfgangsee.at
The rights of users and data subjects
With regard to the data processing described in more detail below, users and data subjects have the following rights:
Conditions for consent (Art. 7 Abs 3 DSGVO)
You have the right to withdraw your consent to processing of your personal data at any time with effect for the future.
Right to access (Art. 15 DSGVO)
You have the right to receive information about the personal data stored about you by us as well as a copy of this information.
Right to rectification (Art. 16 DSGVO)
You have the right to have inaccurate and/or incomplete personal data concerning you rectified and/or completed.
Right to erasure (Art. 17 DSGVO)
You have the right to request deletion of your personal data from our systems.
However, your data can not be deleted, if:
- the data is required for an ongoing contract,
- legal retention periods or conflicting interests prevent the deletion. In this case,
- processing may be blocked for other purposes.
Right to restriction of processing (Art. 18 DSGVO)
You have the right to request the restriction of processing of your data if one of the following conditions is met:
- You have disputed the accuracy of the personal data. Restriction may be requested for the period during which your claim is verified.
- Processing of your data is not necessary, but you prefer and request the restriction of use of your personal data rather than its deletion.
- We no longer need your personal data for the purposes of processing, but require it for the assertion, exercise, or defense of legal claims.
- You have objected to the processing pursuant to Article 21 para. 1 DSGVO and your objection is still being reviewed by us.
Right to data portability (Art. 20 DSGVO)
You have the right to receive your own personal data, which you provided to us, in a structured, common, machine-readable form or, if necessary, to have this data transferred to third parties.
You have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO or on a contract pursuant to Art. 6 para. 1 lit. b DSGVO and processing is carried out with automated procedures, unless processing is necessary for tasks carried out in the public interest or in the exercise of official authority vested in the controller.
Pursuant to Article 20(1) of the GDPR, you also have the right to have your personal data transferred directly from one controller to another, where technically feasible, and where this does not adversely affect the rights and freedoms of other individuals.
Right to object (Art 21. DSGVO)
You have the right to object at any time to the processing of your personal data in accordance with Article 6 para. 1 lit. e or f DSGVO.
In the event of an objection, we will no longer process your personal, unless:
- We can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.
- The processing serves the assertion, exercise or defense of legal claims.
You have the right to object at any time to the processing of personal data for the purpose of advertising.
Right to lodge a complaint with a supervisory authority (Art. 77 DSGVO)
You have the right to lodge a complaint with the competent data protection supervisory authority at any time.
Information about data processing
Purpose and extent of the processing of personal data
As a matter of principle, we store personal data only insofar as this is necessary for providing our services and related activities.
The legal basis for this is our legitimate interest in data processing according to Art. 6 para. 1 lit. f DSGVO.
Legal basis for the processing of personal data
Article 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) is the legal basis for obtaining the consent from the data subject to process personal data.
For necessary processing of personal data as part of the fulfillment of a contract, as well as for pre-contractual measures to which the data subject is a party, Art. 6 para. 1 lit. b DSGVO serves as the legal basis.
Where processing of personal data is necessary for the fulfillment of legal obligations to which we are subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis.
If vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 para. 1 lit. d DSGVO serves as the legal basis.
If the protection of the legitimate interest of us or a third party for processing personal data outweighs the interests, fundamental rights and freedoms of the data subject, Art. 6 para. 1 lit. f DSGVO serves as the legal basis.
For transfer of personal data to communication service providers, collection agencies, legal representatives or the competent court, Art. 6 para. 1 lit. f DSGVO serves as the legal basis.
For the temporary storage of data, Art. 6 para. 1 lit. f DSGVO serves as the legal basis.
Storage duration and automatic deletion
Personal data will be deleted or anonymized by us o as soon as the purpose of the storage no longer applies.
Where data processing serves the fulfillment of a contract, this is generally the case when the contract has been concluded and all contractual obligations have been mutually fulfilled.
There may still be a need to store personal data in order to comply with legal regulations and obligations. Likewise, storage beyond this is possible if there is a legitimate interest according to Art. 6 para. 1 lit. f DSGVO.
Data that is required to fulfill obligations under corporate and tax law in connection with the contract will be deleted or anonymized at the end of the seventh calendar year after the end of the contractual relationship, unless there are further legal obligations that require longer storage.
Backup copies in backup systems are also deleted.
Data will also be anonymized or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data due to a current contract, outstanding claims or legal obligations.
Right to object, cancellation and revocation
You may declare an objection to the evaluation of your personal data or a request deletion of said data at any time by e-mail to us.
However, if data processing is required as part of fulfilling an ongoing contract or in the context of pre-contractual measures and for the provision of our services, data deletion is not possible and may be denied. The Right to object subsequently does not apply in this case.
Further notes on data processing
Server data
To ensure a secure and stable Internet presence, data is transmitted to us or to our web space/hosting provider by your Internet browser when you use our website and services. This transmission includes the type and version of your Internet browser, the operating system, the website from which you switched to our site (referrer URL), which page(s) of our website you visit, the date and time of access and the IP address of the Internet connection that accesses our website.
Data collected in this way is temporarily stored in log files but is not connected to any other data about you.
The legal basis for processing this data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in improving the stability, security and function of our website and services.
All data collected in this manner is automatically deleted by us or by the web space / hosting provider if no further storage is required in accordance with Art. 6 para. 1 lit. f GDPR unless it is necessary to analyze and resolve an incident or technical issue. In this case the data may be exempt from deletion in whole or in part until the work has been completed.
Note on data protection outside the EU, especially the USA
In some cases, it may be necessary to work with companies based outside the EU when providing our services. This may result in the transfer of information and data outside the EU.
To facilitate transfer of personal data between the EU and USA, the EU-US Data Privacy Framework has been formalized
Adequacy decision for the EU-US Data Privacy Framework | European Commission (europa.eu)
US companies to which personal data is transferred must complete a self-certification and commit to comply with the principles and requirements of the agreement, such as purpose limitation, data and retention period minimization and data security standards and precautions for disclosure to third parties. As part of this certification, these US companies must be registered in the Data Privacy Framework List ( https://www.dataprivacyframework.gov/s/participant-search) at the US Department of Commerce.
US companies certified in this way fulfill the requirements of the EU data protection directives and can subsequently be treated according to the same standards as EU based companies.
In addition, US based companies still have the option of using so-called Standard Contractual Clauses (SCCs) to complement the agreements.
For companies based in countries that have not formalized data privacy agreements with the EU, Standard Contractual Clauses are the only option to ensure data privacy.
Standard Contractual Clauses are templates provided by the EU Commission and are intended to ensure that your data is handled in compliance with European data protection standards even if they are transferred to third countries and stored there. Through these clauses, companies commit to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed outside the EU.
The EU decision on the standard contractual clauses can be found here
EUR-Lex – 32021D0914 – DE – EUR-Lex (europa.eu)
https://eur-lex.europa.eu/eli/dec_impl/2021/914/
Note: Standard contractual clauses are agreements under private law and therefore have no direct impact on potential data access of legal authorities outside the EU.
To ensure data privacy we therefore rely on partners from the EU and certified US companies wherever possible.
Cookie Manager
Cookie banners allow us to obtain your consent for the use of cookies on the website that are not technically required.
When the website is called up, a cookie is stored on the user’s device, which saves your settings and selection pertaining to which cookies you chose to accept. This allows us to save your selection for future visits to our website.
This cookie is required (see Essential cookies) in order to obtain the user’s legally compliant consent.
You can prevent cookies from being installed by adjusting the settings on your internet browser. Cookies can also be deleted at any time via the browser settings.
Cookies
Cookies are small files containing letters and numbers that are stored on your device via the browser.
Essential cookies
Essential cookies are required for running our website and services. These cookies do not collect any personal information about you or your browsing behavior. Essential cookies are set automatically. If they are deleted manually, this can lead to limited functionality on our website and services.
An example of an essential cookie is the cookie of the cookie banner, in which your selection pertaining to which cookies you accepted is saved. Without this cookie, the cookie manager cannot record whether or which cookies you have accepted and subsequently cannot fulfill its function.
Functional/Session cookies
These cookies collect and process certain information about you, for example location data such as your IP address, data about your browser or browser version and preferences you have selected.
Processing this data serves the purpose of optimizing our website and services and making them more secure. The use of these cookies also serves to improve user-friendliness, as it allows the user’s preferences, such as the selected language and information, such as shopping cart contents, to be saved and it enables functions such displaying maps and videos.
Analytics/Performance cookies
Among other things, these cookies are used to record which pages a user has accessed on our website. They can also be used to record whether a user has clicked on links on the site, e.g. to access partner services, or to track whether a newsletter has been opened.
These cookies do not collect any personal information that could be used for identification. They are completely anonymized and are used exclusively for statistical evaluation and analysis.
Third-party/Targeting cookies
Third-party cookies are cookies placed via our website by partner companies we work with. These cookies have various functions, from analyzing the performance of our website to collecting statistical data and advertising purposes.
Disabling cookies
By default, browsers accept cookies automatically. When you access our website or services, the cookie banner will provide you with information about the types of cookies we employ along with the option to select which cookies you wish to accept or reject before they are set. Your selection will then be saved for future reference.
You can of course change your cookie settings at any time. You may also restrict or completely prevent the setting of cookies via your browser settings.
Please note that refusing or subsequently deleting cookies from your system (including essential cookies) may result in our services not being fully available or stopping to work properly. This also applies if your browser is set to refuse all cookies.
Contact
We offer users the option to contact us via contact form and e-mail. If you do so we need you to provide certain data to us.
If you contact us, the data you provide will exclusively be used to process your request and will be deleted as soon as the request has been fully processed, unless statutory retention obligations have arisen, e.g. due to subsequent contract processing.
Legal basis for processing of this data is Art. 6 para. 1 lit. b GDPR.
If you do not provide any, insufficient or incorrect data, we may not be able to answer your request or only answer your request to a limited extent.
Please note: When using the contact form, the information you enter is transmitted via our webspace-provider and thus processed by this company.
Data Processors
The companies listed below serve as Data processors.
Data processors are companies that provide services for us and in this capacity may process personal data collected in connection with our services.
In this context, data is only passed on to data processors within the scope and for the purpose of providing our services.
| Data Processor | Headquarters | Data processing location | Function |
| Microsoft* | United States | EU-Region & USA | Microsoft365 |
| world4you | Austria | Austria | Webspace-Hoster |
* Complies with the requirements of the EU-US Data Privacy Framework Participant Search (dataprivacyframework.gov).
Google Fonts
We use locally integrated and loaded Google Fonts. This type of integration does not require a connection to Google. Therefor no data is transmitted to Google systems.
Microsoft 365 Business / Enterprise
We use the Microsoft 365 Business / Enterprise products, including SharePoint and OneDrive cloud storage, to store and process data securely and efficiently.
Microsoft 365 Business / Enterprise is a product of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, hereinafter referred to as “Microsoft”.
Data processed by us using Microsoft 365 products may be stored on Microsoft’s servers. This includes, but is not limited to, documents, emails, and other electronic files. Microsoft uses extensive security measures to protect your data, including encryption technologies and advanced authentication procedures.
Our use of Microsoft 365 services may result in data being processed by Microsoft. As part of its own “EU Data Boundary for the Microsoft Cloud” initiative, Microsoft has committed to storing and processing data of EU citizens exclusively in the EU and states that it will not transfer data from EU-customers to the USA, for example.
Microsoft is certified according to the Data Privacy Framework and assures to handle data of EU citizens according to the EU guidelines Participant Search Participant Search (dataprivacyframework.gov).
For further details please visit
https://privacy.microsoft.com/de-de/privacystatement
https://www.microsoft.com/de-de/trust-center/privacy/gdpr-overview
Social Networks, Messenger & Chat-Platforms
Social Networks
We use social networks and platforms and link to corresponding profiles on our website via direct links or graphics. Users are only redirected to social networks if the corresponding link is clicked.
Legal basis is Art. 6 para. 1 lit. f GDPR, the legitimate interest to improving the user experience and quality of our website.
If a user clicks the link to one of our social media profiles, information about the user is collected by the corresponding social network. This primarily includes basic routing data such as IP address and time of access.
If the user has their own account with the social network and is logged in, the social network may collect further data and assign it to the user’s account on the social network. The same applies to every interaction that a user carries out on the platform, such as “sharing”, “commenting”, “liking”, etc.
Which data is collected is determined by the social network and can be influenced more precisely via the user account with the network. In order to minimize data collection by the social network, it is of course also possible to log out of the corresponding account or profile before clicking on the link.
Here you can find the privacy policies of the social networks we use:
Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Irland.
Link: https://www.facebook.com/privacy/policy
Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Irland.
Link: : https://privacycenter.instagram.com/policy/
TikTok
TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Irland.
Link: https://www.tiktok.com/legal/page/eea/privacy-policy/en
Social Network Profiles
We also maintain our own profiles on social networks in order to promote our company, our products and services and to offer customers, partners and interested parties another means of contact.
Both we and the operator of the social network are responsible for data protection in this case.
The legal basis for data processing by us is Art. 6 para. 1 lit. f GDPR, our legitimate interest in advertising our products or services, as well as the evaluation to improve communication with our customers, partners and interested parties. In addition, the legal basis may also be the user’s consent to the social network in accordance with Art. 6 para. 1 lit. a GDPR. The user can revoke consent at any time for the future in accordance with Art. 7 para. 3 GDPR.
We maintain profiles on the following social networks:
We maintain a profile on the platform Facebook.
Facebook is operated by Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland, from here on simply referred to as “Facebook”.
Facebook provides a description of the shared responsibility policy, which can be found here
https://www.facebook.com/legal/terms/page_controller_addendum
When you visit our profile on Facebook, Facebook processes your data (e.g. IP address) and may place cookies on your device. If you restrict the use of cookies, this may result in functional restrictions on the site or with Facebooks services.
If you have your own account on Facebook and are logged in at the time of contacting us, Facebook may collect additional data and assign your activity to your account.
We have neither insight into nor access to the data collected by Facebook and cannot rule out the possibility that user data may be processed by Facebook outside the European Union, in particular by Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.
A contact form is available for questions about Facebook data protection
https://www.facebook.com/help/contact/540977946302970
You can find the link to Facebook’s privacy policy here
https://www.facebook.com/privacy/policy
If you contact us via Facebook, we will use the personal data you provide to process your request. We will delete this data once the request has been fully processed and completed, provided that there are no statutory retention obligations or upright contracts that prevent deletion.
We maintain a profile on the platform Instagram.
Instagram is operated by Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland, from here on simply referred to as “Instagram”.
Instagram provides a description of the shared responsibility policy, which can be found here
https://www.facebook.com/legal/terms/page_controller_addendum
When you visit our profile on Instagram, Instagram processes your data (e.g. IP address) and may place cookies on your device. If you restrict the use of cookies, this may result in functional restrictions on the site or with Instagrams services.
If you have your own account on Instagram and are logged in at the time of contacting us, Instagram may collect additional data and assign your activity to your account.
We have neither insight into nor access to the data collected by Instagram and cannot rule out the possibility that user data may be processed by Instagram outside the European Union, in particular by Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.
A contact form is available for questions about Instagram data protection
https://www.facebook.com/help/contact/540977946302970
You can find the link to Instagram’s privacy policy here
https://help.instagram.com/519522125107875
If you contact us via Instagram, we will use the personal data you provide to process your request. We will delete this data once the request has been fully processed and completed, provided that there are no statutory retention obligations or upright contracts that prevent deletion.
TikTok
We maintain a profile on the platform TikTok.
TikTok is a service of Beijing Bytedance Technology Ltd. TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, is responsible for the EU region.
When you visit our profile on TikTok, TikTok processes data from your access (e.g. IP address) and may place cookies on your device. If you restrict the use of cookies, this may result in functional restrictions on the site or with TikTok services.
If you have your own TikTok account and are logged in at the time you contact us, TikTok may collect additional data and assign it to your account.
We have neither insight into nor access to the data collected by TikTok and cannot rule out the possibility that user data may be processed by TikTok outside the European Union.
You can find the link to TikTok’s privacy policy here
https://www.tiktok.com/legal/privacy-policy-eea?lang=en and https://ads.tiktok.com/i18n/official/policy/controller-to-controller.
If you contact us via TikTok, we will use the personal data you provide to process your request. This data will be deleted by us when the request has been fully processed and completed, provided that there are no statutory retention obligations or upright contracts that prevent deletion.
Messenger & Chat-Platforms
We also provide options for users to contact us via messenger and chat platforms.
By communicating with us via one of these platforms, both we and the platform receive the user’s mobile phone number and the information that the user has contacted us. Depending on the platform other data may also be collected.
Messenger and chat platforms are used exclusively as a means to facilitate initial contact for users with us.
To this end we use the following services:
Kakao Talk
Kakao Talk is part of Kakao Corporation located at 242 Cheomdan-ro, Jeju-si, Jeju-do (Youngpyung-dong).
We have neither insight into nor access to the data collected by Kakao Talk and cannot rule out the possibility that user data may be processed by Kakao Talk outside the European Union.
You can find the link to Kakao Talk’s privacy policy here (kakao.com)
https://www.kakao.com/policy/privacy?type=p&lang=en
Line
Line Corporation is located at Yotsuya Office, Yotsuya Tower 23rd FL., 1-6-1 Yotsuya, Shinjuku-ku, Tokyo, 160-0004.
We have neither insight into nor access to the data collected by Line and cannot rule out the possibility that user data may be processed by Line outside the European Union.
You can find the link to Line’s privacy policy here
https://line.me/en/terms/policy/
WeChat is a service of Tencent. For customers from the EU, Switzerland and the UK, WeChat is operated by Tencent International Service Europe B.V., Buitenveldertselaan 1-5, 1082 VA, Amsterdam, Netherlands.
We have neither insight into nor access to the data collected by WeChat and cannot rule out the possibility that user data may be processed by WeChat outside the European Union.
You can find the link to WeChat’s privacy policy here
https://www.wechat.com/de/privacy_policy.html
WhatsApp is a service of WhatsApp Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland, from here on simply referred to as WhatsApp.
We have neither insight into nor access to the data collected by WhatsApp and cannot rule out the possibility that user data may be processed by WhatsApp outside the European Union, in particular by Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.
You can find the link to WhatsApp’s privacy policy here
https://www.whatsapp.com/legal/#privacy-policy.
