Privacy Policy

<!-- BEGINNING OF PAGE CONTROLLER: Shop_Page_Support - ACTION: privacy - VIEW: shop/pages/account_support_page -->
<div class="account-content container xs-white-fill xs-py2 md-pt0 lg-mb4">
	<div class="grid">
		<div id="account_support_content" class="left-column gc xs-gc12 md-gc--auto js_account_support_content">
			<div class="account-content-wrapper">
				<div class="support-page">
	<h1 class="page-title">Privacy Policy</h1>
	<div id="tabs-block" class="tab-group--no-padding tab-group tab-group--buttons js-zostrap-tabs xs-mb4">
		<ul class="tabs">
			<li class="tab"><a href="#tab_short">Privacy summary</a></li>
			<li class="tab"><a href="#tab_long">Privacy Extended</a></li>
		</ul>
		<div id="tab_short">
			<div class="">
				Dear customer,<p></p><p>We collect your personal data because of the following reasons:<br>The ski pass is personal and we have to be able to check if it is the correct person using the ski pass. Seasonal ski passes and daily passes are different for different age groups.<br><br>In case of refunds or issue of new RFID cards,  we  will have to be able to identify the correct ski pass holder. And we want you as a customer to have full control with your personal data. <br><br>As an online customer you may go to <b>
<a href="/shop/en/store#/shop/en/account">MY ACCOUNT</a>&nbsp;</b>and manage your personal data:<br></p><p></p><ul><li>You may update your personal information, both your customer account and members of your  team. </li><li>You may download a  copy of your information</li><li>You may delete your customer profile and members of your team.</li><li>You may change your opinion about getting offers.</li></ul>We as a ski resort will manage your personal data in a safe and responsible way. And we will not sell or transfer your personal data to a third party without your consent.<br><br>We will use your personal data  in relation to the purposes for which they were collected or otherwise processed. This will help us to fulfil our commitment  towards you as a customer. We will also use the data to improve our services to you as a consumer and also for analyses and statistical purposes.<br><br>We may also use your information to send you  advantageous notifications by email to renew your Ski pass or Season pass.  At any given time you may decline this by entering <b style=""><a href="/shop/en/store#/shop/en/account">MY ACCOUNT</a> </b>and change your settings.<p style=""></p><p style="">Payment data will be processed for purposes pursuant to directive 2015/2366 (EU) and subsequent changes to payment services in the European internal market (so-called PSD2).<br></p><p style="">Do you have questions regarding processed personal data? <br> <br>Then please contact our employee responsible for data protection: <br><br>Mag. Niko Vavrousek<br>Phone +43 59 221 <br>eMail:<a href="mailto:datenschutz@snow-space.com">&nbsp;datenschutz@snow-space.com</a>  <br> <br>If we do not comply with our data protection duty in due time, please contact your complaint to: <br>Austrian Data Protection <br> <br>Barichgasse 40-42   <br>1030 Wien <br>Phone: +43 1 52 152-0 <br>eMail: dsb@dsb.gv.at<br> <br><br></p><p style="text-decoration-line: underline;"></p>			</div>
		</div>
		<div id="tab_long">
			<div class="">
				<p><b><span style="font-size: 18px;">Privacy Policy and Information According to Art. 13 and 14 GDPR<br></span></b><br><b>1.	 General</b><br>The protection of your personal data is of particular concern to us. We therefore process your data exclusively in a lawful manner on the basis of the statutory provisions (especially GDPR, DSG 2018, TKG 2021). In this privacy policy, we inform you about the most important aspects of data processing – type, scope and purposes of the collection and use of personal data – in the context of the use of our website and in the context of other services of our company.<br>Only the German version of our privacy policy is legally binding text. The English translation serves as a legally non-binding information. Deviations of the English text or how it could be understood do not affect the exclusive legal validity of the German text and its meaning.<br><br><u>1.1.	Responsibility for the Processing of your Data </u><br>The responsible person (“controller” within the meaning of Art. 4 no. 7 GDPR) of the processing of your personal data (“personal data” within the meaning of Art. 4 no. 1 GDPR) is:<br>Snow Space Salzburg Bergbahnen AG<br>Markt 59<br>A-5602 Wagrain<br>Tel. +43 59 221<br>E-Mail: datenschutz@snow-space.com <br><br><u>1.2.	Purposes, Categories of Data and Lawfulness of the Processing of Personal Data</u><br><i>Purposes of the processing of personal data</i><br>The purposes of processing your personal data generally result from our business activities as a cable car company: making our online offers available, processing customer inquiries, ordering / purchasing mountain railway tickets, accounting, communication with business partners and customers. Detailed information on the purposes of processing and, if necessary, further processing for other compatible purposes as well as the processed data categories can be found in the detailed descriptions of the individual data processing processes.<br><i>General categories of data</i><br>•	Personal master data (e.g., name, date of birth and age, address)<br>•	Contact details (e.g., email address, telephone number, fax number)<br>•	Communication data (time and content of communication)<br>•	Order or booking data (e.g., ordered goods or commissioned services and invoice data such as service period, payment method, invoice date, tax identification number ...)<br>•	Payment details (e.g., account number, credit card details)<br>•	Contract data (content of contracts of any kind)<br>•	Web usage data (e.g., server data, log files and cookies)<br>•	Identification numbers (e.g., identity card number, vehicle registration number ...)<br>•	Geodata (e.g., Skidata data and Photocompare) <br>•	Video surveillance images<br><i>Processing of special categories of personal data according to Art. 9 GDPR </i><br>•	Health data (in case of accidents or in connection with slope rescue service)<br><i>Lawfulness of the processing of personal data</i><br>There is basically no obligation to provide the data for the data processing described in this data protection declaration. Failure to provide this data simply means that we cannot offer these services. The legal basis for the processing of your personal data, which is necessary for the fulfilment of a contract with you or an order from you to us, is Art. 6 (1) lit. b GDPR. Insofar as the processing of personal data is necessary on our part to fulfil a legal obligation (accounting obligation, bookkeeping obligation or other legal documentation obligations), Art. 6 (1) lit. c GDPR serves as the legal basis. If the processing of the data takes place in your own vital interest, the legal basis for the data processing is Art. 6 (1) lit. d GDPR. If we process your data to carry out the task assigned to us in the public interest (“sovereign action”), the legal basis is Art. 6 (1) lit. e GDPR. If processing is necessary to safeguard a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh our interests, Art. 6 (1) lit. f GDPR (“legitimate interest”) serves as the legal basis for processing. In this case, we will also inform you about our legitimate interests. Unless we have any other legal basis explained above for the processing of personal data, we will ask for your consent to data processing, whereby in these cases we refer to Art. 6 (1) lit. a GDPR or in the case of the processing of special categories of data based on Art. 9 (2) lit. a GDPR as the legal basis. You can revoke this consent at any time free of charge without affecting the legality of the processing carried out on the basis of the consent until the revocation.<br><br><u>1.3.	Transfers of Personal Data to Data Processors and Third Parties</u><br>We process your personal data with the support of data processors who support us in providing our services. These data processors are through a corresponding agreement within the meaning of Art. 28 GDPR with us obliged to strictly protect your personal data and may not process your personal data for any purpose other than to provide our services. You can find out which data processors are involved in the detailed descriptions of the individual data processing processes.<br>Your personal data will be passed on to companies other than our data processors to typical economic service providers such as banks, tax consultants or auditors. Transfer of personal data to state institutions and authorities only takes place within the framework of mandatory national legal provisions.<br>When using the mountain railway tickets purchased from / used at us, your personal data (usage data) will be passed on to other mountain railway companies with which we are in a joint ski ticket network or to higher-level billing organizations only to the extent necessary. This is necessary for the settlement of ticket revenues between us and our mountain railway partners.<br><u><br>1.4.	Transfers of Personal Data to Third Countries or International Organisations</u><br>In principle, we process your personal data in the EU. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if we use the services of our data processors or third parties, this will only take place if the requirements of Art. 44 ff. GDPR are available for the transfer to third countries: i.e. on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU or in compliance with officially recognized contractual obligations, the so-called "EU standard contractual clauses". If we rely on the EU standard contractual clauses as the legal basis for the transmission of your personal data, we will also check the admissibility of this data transmission as part of a comprehensive risk assessment. If we come to a negative result, we will not transfer these data without your explicit consent in accordance with Art. 49 (1) lit. a GDPR to a third country.<br>Data transfer to the USA<br>Through the services integrated in this website, Braze, Google Tag Manager, Google Analytics, Google Ads Conversion Tracking, Google Optimize, Google Remarketing, The Trade Desk, Google Maps, Google ReCAPTCHA, Font Awesome, Facebook Pixel and YouTube, your data will (at least in some cases) also be transferred to the USA. Authorities or secret services in the USA can access your data without giving you legal recourse. The ECJ has therefore determined that there is no sufficient level of data protection in the sense of Art. 44 to 50 GDPR for data transfers from the EU to the USA. For this reason, the legal basis for the use of this service is your express consent pursuant to Art. 49 (1) lit. a GDPR.<br><br><u>1.5.	Data Erasure and Period of Data Storage</u><br>Your personal data will be deleted by us as soon as the purpose for which we collected your data no longer applies. Storage can also take place if we process the data for a purpose that is compatible with the original purpose. It can also take place if this is provided for by laws, ordinances or other provisions to which our company is subject.<br><br><u>1.6.	Data Sources</u><br>In principle, we collect your personal data directly from you. We also receive personal data from some of our partners. Information on this can be found in the respective detailed information in this data protection information.<br><br><u>1.7.	Profiling</u><br>We do not use any automated decision-making or profiling processes that have a legal effect on you or that significantly affect you in a similar manner. With your consent, however, we will use your usage data to get to know your interests better and thus to be able to display information of interest to you or to be able to make you tailor-made offers or to be able to display corresponding information to you on third-party websites or social media platforms.<br><br><u>1.8.	Safeguarding your Data Protection Rights</u><br>In principle, you have the right to information, correction, deletion and restriction of the processing of personal data in accordance with the GDPR. If the legal basis for the processing of your personal data is your consent or a contract concluded with you, you also have the right to data portability. You have the right to revoke any consent you may have given to the processing of your personal data. The lawfulness of the processing of your personal data up to the time of revocation is not affected by this. You have the right to object to the processing of your personal data for the purpose of direct marketing. In the event of an objection, your personal data will no longer be processed for the purpose of direct marketing. A detailed explanation of these rights can be found here in Chapter III.<br>Right of complaint<br>If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can complain to the competent supervisory authority. In Austria, this is the data protection authority (Wickenburggasse 8, 1080 Vienna, email: dsb@dsb.gv.at).<br></p><p><br><b>2.	Visiting our Website</b><br>In this section we inform you how we process your personal data when you visit our website.<br><u>2.1.	Presentation of the Website</u><br><i>Server data</i><br>For technical reasons, based on the legal basis of § 165 (3) S 3 TKG 2021 (required for the operation of our website), the following data, which your internet browser transmits to us or to our web space provider, will be processed (so-called "server log files"):<br>•	Browser type and version<br>•	Operating system and device type used (e.g., desktop / mobile)<br>•	Website from which you are visiting us (referrer URL)<br>•	Website you visit<br>•	Date and time of your access<br>•	Your internet protocol address (IP address)<br>This data, which is anonymous to us, is stored separately from any personal data you may have provided and therefore does not allow us to draw any conclusions about a specific person. They are evaluated for statistical purposes in order to be able to optimize our website and our offers.<br><i>SSL or TLS encryption</i><br>For security reasons and to protect the transmission of confidential content, such as B. Orders or inquiries that you send to us as the website operator, an SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” or by the lock symbol in your browser line. If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.<br>Technical service providers<br>We create and edit the content of our website with the help of the following service provider. With this service provider we have concluded a corresponding agreement according to Art. 28 GDPR to process your data exclusively to the extent of our order:<br><i>Technical Conception:</i><br>•	Webagentur - elements.at New Media Solutions GmbH (Gusswerk Halle 6, Söllheimerstraße 16, A-5020 Salzburg); Weitere Informationen entnehmen Sie der Datenschutzerklärung von elements.at: https://www.elements.at/de/datenschutzhinweise <br><i>Webhosting:</i><br>•	PlusServer GmbH (Venloer Straße 47, D-50672 Köln); Weitere Informationen entnehmen Sie der Datenschutzerklärung von PlusServer: https://www.plusserver.com/datenschutzerklaerung <br><br><u>2.2.	Cookies</u><br>Cookie Banner - Cookies on our website<br>Our website uses cookies, which help us to make our website more user-friendly and efficient for you, to carry out statistical analyses of the use of our website and also to show you content that is of interest to you on other websites. Cookies are small text files that are used to store information when visiting websites and are stored on the website visitor's computer. The legal basis for cookies, which are absolutely necessary for the proper operation of our website (e.g., shopping cart cookie), is § 165 (3) S 3 TKG 2021. Cookies that are not necessary for the function of our website (e.g., analysis or marketing cookies) are deactivated and will only be activated by your consent in accordance with Art 6 (1) lit. a GDPR in our cookie banner ("Accept"). By clicking on "Settings" you can activate or deactivate individual cookies or cookie groups. If you restrict the use of cookies on our website, you may no longer be able to use all functions of our website to their full extent. You can find detailed information about the cookies used on our website in our cookie banner.<br>Data transfer to the USA<br>Through the services integrated in this website, Braze, Google Tag Manager, Google Analytics, Google Ads Conversion Tracking, Google Optimize, Google Remarketing, The Trade Desk, Google Maps, Google ReCAPTCHA, Font Awesome, Facebook Pixel and YouTube, your data will (at least in some cases) also be transferred to the USA. Authorities or secret services in the USA can access your data without giving you legal recourse. The ECJ has therefore determined that there is no sufficient level of data protection in the sense of Art. 44 to 50 GDPR for data transfers from the EU to the USA. For this reason, the legal basis for the use of this service is your express consent pursuant to Art. 49 (1) lit. a GDPR.<br>Change the cookie settings in your web browser<br>How the web browser you are using handles cookies, e.g., which cookies are allowed or rejected, can be determined in the settings of your web browser. You can delete cookies already stored on your computer / device yourself at any time. Where exactly these settings are located depends on the respective web browser. Detailed information on this can be called up using the help function of the respective web browser.<br>In addition, it is possible to generally object to cookies and similar tracking technologies using the services listed below by setting your individual preferences - which technologies you want to allow for usage and interest-based advertising:<br>•	European Interactive Digital Advertising Alliance (EDAA): https://www.youronlinechoices.com/uk/your-ad-choices <br>•	Network Advertising Initiative (NAI):<br>https://optout.networkadvertising.org/?c=1#!%2F <br><br><u>2.3.	Communication with us</u><br><i>Contact form and email</i><br>On our website, we offer you the option of contacting us by email and / or using a contact form. In this case, the information you provide will be processed for the purpose of processing your contact based on the legal basis of contract fulfilment in accordance with Art. 6 (1) lit. b GDPR. There is no legal or contractual obligation to provide this personal data. Failure to provide it simply means that you do not submit your request and we cannot process it. The data will only be passed on to third parties if this is stated on the website or in this data protection declaration or is necessary for the fulfilment of the contract or if this is required by statutory provisions. We only save your data for as long as is expedient for processing your inquiries or for any queries you may have.<br><br><u>2.4.	Online Shop (s) / Booking Portal (s)</u><br>For the purpose of providing contractual services as well as their payment and execution in the context of online purchases, bookings and prospectus orders, we process your personal master data, contract and payment data and communication data (IP address and server log files) on the basis of the legal bases of Art. 6 (1) lit. b GDPR (fulfilment of the contract) as well as Art. 6 (1) lit. c GDPR (legal obligation for invoicing and archiving).<br>We store this data as long as the purpose requires it, statutory provisions provide for this (retention period of invoices according to § 132 BAO for 7 years; voucher orders until the expiry of the redemption period for 30 years) or we store this data on the basis of the legal basis of Art. 6 (1) lit. f GDPR (legitimate interest) to defend against possible liability claims. If you cancel the order process, we will save the data to clarify possible problems during the order process for 14 days.<br>There is no legal or contractual obligation to provide personal data. Failure to provide them simply means that we cannot process your bookings / orders.<br><br><i>Skiperformance Skitickets and Vouchers</i><br>To process the order of season tickets, multi-day and day tickets as well as vouchers in our online shop, we use the system of the service provider Skiperformance AS (Pocket Valley, Lommedalsveien 230, 1353 Bærums Verk, Norway). For orders in our online shop, we need salutation, first and last name, address, e-mail address, date of birth, and if applicable a portrait photo as well as information about the desired tickets.The processing takes place for the purpose of providing contractual services or for the fulfilment of pre-contractual services on the legal basis of Art. 6 (1) lit. b GDPR (ordering mountain railway tickets and vouchers) and Art. 6 (1) lit. c GDPR (legally required retention periods of accounting documents).  There is no legal obligation on your part to provide this data. Failure to provide the data only means that we will not be able to provide you with the desired mountain railway tickets via our online shop. The use of appropriate online booking software is based on the legal basis of our legitimate interest acc. Art. 6 (1) lit. f GDPR. Our legitimate interest lies in a fast, location-independent possibility to make our mountain railway tickets available to our customers. Since 20 July 2018, the GDPR has also been directly applicable in Norway as an EEA member state, which means that the same data protection standards apply to your data in Norway as in EU member states. We have concluded a corresponding agreement with skiperformance in accordance with Art. 28 GDPR as a processor, which ensures that your data is processed exclusively within the scope of our order. Further information on ski performance's data protection can be found at: https://www.skiperformance.com/.<br>Registration in the Skiperformance online shop<br>Optionally, for ordering as a "guest", people can also create a user account in the web shop in order to be able to access past orders. At the same time, the stored data is automatically used for new orders and users do not have to manually enter their data again. In order to provide these services, we process the personal data provided by you in the course of registration or also personal data you provide us at a later date. This includes the name, e-mail address, your date of birth, a password of your choice and your address. You can delete your user account at any time and we will delete all data that is not subject to a statutory retention obligation.<br><br><i>External payment service providers</i><br>To pay for the order processes / bookings, we use external payment service providers on the legal basis of Art. 6 (1) lit. b GDPR (fulfilment of the contract), via whose platforms you can make your payments. The payment data entered by you as part of the order (e.g., account numbers, credit card numbers including check digits, passwords / TANs, etc.) are processed exclusively by our payment service providers and are not visible to us. We only receive a confirmation of the payment made or information from our payment service providers that the payment could not be made. Further information on the data protection and terms and conditions of our payment service providers can be found at:<br>•	Adyen N.V. German Branch, Friedrichstraße 63, D-10117 Berlin<br>E-Mail: germany@adyen.com <br>https://www.adyen.com/de_DE/richtlinien-und-haftungsausschluss/privacy-policy <br>•	card complete Service Bank AG Lassallestraße 3, A-1020 Wien<br>E-Mail: office@cardcomplete.com <br>https://www.cardcomplete.com/datenschutz/ <br>•	Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Schweden<br>Tel. 0046 8-120 120 00<br>E-Mail: inkorg@klarna.se<br>https://www.klarna.com/at/datenschutz/ <br>•	PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg<br>E-Mail: kundenbetreuung@paypal.com <br>https://www.paypal.com/myaccount/privacy/privacyhub?locale.x=de_AT <br><br><u>2.5.	Email Newsletter</u><br><i>E-mail newsletter Braze</i><br>The legal basis for sending the newsletter is your consent acc. Art. 6 (1) lit. a GDPR. The registration for our newsletter takes place in the so-called double opt-in procedure. In this way, we ensure that no one can log in with other´s e-mail addresses (e.g. with your e-mail address). Your consent can be revoked at any time free of charge by clicking on the "unsubscribe link" at the end of each mailing. The legality of the data processing operations already carried out up to that point remains unaffected by the revocation. After unsubscribing from your e-mail address, we will store it for a period of 3 years on the basis of our legitimate interest (Art. 6 (1) lit. f GDPR) in order to proof your original consent if necessary. To send out our newsletter, we use "Braze", a service of Braze Inc. (330 W 34th St 18th floor, New York, NY 10001, USA). With the help of Braze we can analyze our newsletter campaigns. When you open an e-mail sent with Braze, a connection is established with Braze's servers. This allows us to determine whether a newsletter message has been opened and which links have been clicked on. In addition, technical information such as the time of retrieval, the IP address, browser type and operating system of the recipient are registered. This information is used exclusively for the statistical analysis of our newsletter. The purpose of these analyses is to better adapt future newsletters to the interests of the recipients. In addition, we use Braze to enable you to receive push messages via your browser when you visit our website on the basis of your consent. We have concluded a processor agreement with Braze within the meaning of Art. 28 GDPR on the basis of the current EU standard contractual clauses for data transfer to the USA (https://www.braze.com/company/legal/dpa) and carried out a comprehensive risk assessment. General data protection information from Braze can be found at: https://www.braze.com/company/legal/privacy/.<br><br><u>2.6.	Web Analysis - Statistical Analyses of our Website</u><br><i>Google Tag Manager</i><br>We use the service of the provider Google Ireland Limited ("Google") (Gordon House, Barrow Street, Dublin 4, Ireland) to be able to manage website tags via a common tool of Google.  The Google Tag Manager tool itself (which implements the tags) is a domain that does not set cookies and does not collect any other personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it will remain in place for all tracking tags   implemented with Google Tag Manager. Further information on Google's data protection   can be found at: https://policies.google.com/privacy?hl=en-GB.<br><i>Google Analytics</i><br>This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited ("Google") (Gordon House, Barrow Street, Dublin 4, Ireland). The legal basis for the use of this service is your consent in accordance with Art. 6 (1) lit a GDPR. Google Analytics uses cookies that are stored on the website visitor's computer and that enable an analysis of the use of our website by the site visitor. The information generated by the cookie about your use of our website is usually stored on European servers and only in exceptional cases transmitted to a Google server in the USA and stored there. We use Google Analytics with activated IP anonymization. This means that your IP address is usually shortened by Google within the European Union and only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the corresponding browser as part of Google Analytics will not be merged with other Google data. On our behalf, Google will use the resulting information to evaluate the use of the website in order to compile reports on website activity. The collection by Google Analytics can be prevented by the site visitor adjusting the cookie settings for this website. The collection and storage of the IP address and the data generated by cookies can also be objected to at any time with effect for the future. The corresponding browser plugin can be downloaded and installed under the following link:  https://tools.google.com/dlpage/gaoptout. Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy (https://policies.google.com/privacy) as well as in the settings for the presentation of advertisements by Google (https://adssettings.google.com/authenticated).<br><i>Google Ads Conversion Tracking</i><br>Our website uses the service "GoogleAds Conversion Tracking" of the provider Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland). When we place advertising ads on Google, we use so-called conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking (storage period 30 days). This is how we recognize that you clicked on one of our ads and were redirected to our website. However, we do not receive any personal information, but only learn the total number of users who clicked on one of our ads and were redirected to our page with a conversion tracking tag. We use Google Ads Conversion Tracking on the legal basis of your consent (settings via our cookie banner) in accordance with Art. 6 (1) lit. a GDPR. Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy (https://policies.google.com/privacy) as well as in the settings for the presentation of advertisements by Google (https://adssettings.google.com/authenticated).<br><i>Google Optimize</i><br>We use the functions of the analysis tool “Google Optimize” to improve the content of our website. The provider of this service is Google Ireland Limited ("Google") (Gordon House, Barrow Street, Dublin 4, Ireland). For this analysis of your surfing behavior, Google uses cookies. The analysis of your website usage supports us in continuously improving the content of our website. The information generated by the cookie about your use of our website is usually stored on European servers and only in exceptional cases transmitted to a Google server in the USA and stored there. We use Google Optimize with activated IP anonymization. This means that your IP address is usually shortened by Google within the European Union and only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google Optimize cookies are stored on the basis of your consent in accordance with Art. 6 (1) lit. a GDPR. The collection by Google Optimize can be prevented by the site visitor adjusting the cookie settings for this website. The collection and storage of the IP address and the data generated by cookies can also be objected to at any time with effect for the future. The corresponding browser plugin can be downloaded and installed under the following link: https://tools.google.com/dlpage/gaoptout. Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy (https://policies.google.com/privacy) as well as in the settings for the presentation of advertisements by Google (https://adssettings.google.com/authenticated).<br><br><u>2.7.	Webmarketing</u><br><i>Google Remarketing</i><br>On the legal basis of your consent pursuant to Art. 6 (1) lit. a GDPR, our website uses the functions of "Google Analytics Remarketing" in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland). This feature makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.g., mobile phone) can also be displayed on another of your devices (e.g., tablet or PC). If you have given your consent, Google will link your web and app browsing history to your Google Account for this purpose. In this way, the same personalized advertising messages can be displayed on every device on which you sign in with your Google Account. To support this feature, Google Analytics collects Google-authenticated user IDs, which are temporarily linked to our Google Analytics data to define and create audiences for cross-device advertising. You can permanently object to cross-device remarketing/targeting by deactivating personalized advertising in your Google Account; follow this link here:  https://www.google.com/settings/ads/onweb/. The summary of the collected data in your Google Account takes place exclusively on the basis of your consent, which you can give or revoke with Google (Art. 6 (1) lit. a GDPR). Further information on Google's data protection can be found at:  https://www.google.com/policies/privacy/.<br><i>The Trade Desk</i><br>Our website uses the functions of The Trade Desk Inc. (42 N Chestnut St., Ventura, CA 93001, USA) on the legal basis of your consent in accordance with Art. 6 (1) lit. a GDPR, to present you with advertisements that are relevant to you. The Trade Desk uses cookies to present these advertisements to you. For this purpose, The Trade Desk uses so-called re-targeting technologies, which make it possible to address visitors to our website through advertisements on the websites of our partners. For this purpose, information about the surfing behavior of website visitors is collected in anonymous form and cookies are set. You can prevent the storage of cookies by setting your browser or our cookie banner accordingly.    You can also prevent the collection of cookies by The Trade Desk by selecting the opt-outoption on The Trade Desk's website: https://www.adsrvr.org/. For more information on The Trade Desk's privacy policy, please visit:  https://www.thetradedesk.com/general/privacy-policy<br><i>Facebook-Pixel</i><br>In order to place target group-directed advertisements on Facebook and to be able to track the actions of users after they have seen or clicked on a Facebook advertisement, we use the Facebook pixel of Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).  This allows us to display and evaluate or optimize our Facebook advertisements on Facebook that is of interest to you on Facebook with the data collected anonymously for us (we do not see any personal data of individual users, but only the overall effect). According to their data protection information, Facebook links this data to the Facebook account of Facebook users and can thus display content that corresponds to their interests. For specific information about how the Facebook pixel works, see the Facebook Help Center at:  https://de-de.facebook.com/business/help/651294705016616. You can make settings regarding usage-based advertising on Facebook yourself in your Facebook account:  https://www.facebook.com/settings?tab=ads. Further information can be found in Facebook's privacy policy at:  https://www.facebook.com/privacy/explanation.<br><i>Pimcore Targeting</i><br>Our website uses the functions of the CMS (content management system) Pimcore for Pimcore targeting on the legal basis of your consent in accordance with Art. 6 (1) lit. a GDPR. The provider of this service is Pimcore GmbH (Söllheimer Straße 16, A-5020 Salzburg). By setting cookies on your device, these functions enable us to analyse your usage behaviour on our website and, based on this, to display certain content of our website to you preferentially. This allows us to provide you with interest-based, personalized content within our website and helps you find what you are looking for. We have concluded a corresponding agreement with the provider of the service in accordance with Art. 28 GDPR as a processor, which ensures that your data is processed exclusively within the scope of our order. Further information on the Pimcore CMS and its targeting functions can be found at: https://pimcore.com/de/plattform/cms/funktionen/grundlagen, as well as on data protection by Pimcore GmbH at: https://pimcore.com/en/about/privacy.<br><br><u>2.8.	Integration of other Third-Party Services and Content</u><br>We integrate content or functions of third parties within our website. This always presupposes that the providers of this content or functions perceive the IP address of the users. Without the IP address, they would not be able to send the content to the browser of the respective user. The IP address is therefore required for the presentation of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. However, we have no influence on whether the third-party providers store the IP address, e.g., for statistical purposes. The legal basis for the use of these services, insofar as they are necessary for the functioning of our website, is our legitimate interest in accordance with Art. 6 (1) lit. f GDPR, otherwise your consent according to Art. 6 (1) lit a GDPR. Information on the purpose and scope of the further processing and use of the data by the providers of the embedded services/content as well as further information within the meaning of the Art. 13 and 14 GDPR can be found under the information links listed below. The following services/content are embedded in our website:<br><i>Google Maps</i><br>Our website uses the Google Maps service of the provider Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland). This function makes it possible to display corresponding map material within our website. Your IP address as well as information about the browser version and language settings are transmitted to the servers of Google Ireland Ltd. According to Google's own information, the data is stored by Google for 1 year. There is a legitimate interest on our part within the meaning of the Art. 6 (1) lit. f GDPR for the use of Google Maps. Our legitimate interest lies in an appealing presentation of our online offer or the geographical presentation of the offers of our region. However, we only use Google Maps if you have given your consent. The legal basis for the processing of your data is therefore your consent in accordance with Art. 6 (1) lit. a GDPR. For more information about Google's privacy policy, please visit:  https://policies.google.com/privacy.<br><i>Google reCAPTCHA</i><br>To protect your orders via website form, this website uses the reCAPTCHA service of Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland). The query carried out in this way serves to distinguish whether the input is made by a human or abusively by automated, machine processing. By activating IP anonymization on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google ReCAPTCHA will not be merged with other Google data. In principle, there is a legitimate interest on our part within the meaning of the Art. 6 (1) lit. f GDPR for the use of Google ReCAPTCHA. Our legitimate interest lies in protecting our website from spam software. However, we only use Google ReCAPTCHA if you have given your consent. The legal basis for the processing of your data is therefore your consent in accordance with Art. 6 (1) lit. a GDPR. For more information about Google's privacy policy, please visit: https://policies.google.com/privacy.<br><i>Font Awesome</i><br>Our website uses the web fonts service of Fonticons, Inc. (710 Blackhorn Drive, Carl Junction, 64834 MO, USA) for the uniform display of fonts and icons. When you visit one of   our pages, your browser loads the required web fonts and icons from the servers of Fonticons, Inc. for the correct display of fonts and icons into your browser cache. Your IP address as well as information about the browser version and language settings are transmitted to the servers of Fonticons Inc. According to Foncticons´ own information, the data is stored by Fonticons for a few weeks. There is a legitimate interest on our part within the meaning of the Art. 6 (1) lit. f GDPR for the use of Font Awsome. Our legitimate interest lies in a uniform and visually appealing presentation of our website as well as faster loading times. However, we only use Font Awsome if you have given your consent. The legal basis for the processing of your data is therefore your consent in accordance with Art. 6 (1) lit. a GDPR. For more information on Font Awesome's privacy policy, please visit:  https://fontawesome.com/privacy. To prevent the execution of Java-Script codes in general, a Java Script blocker can be installed. Further information can be found at:  https://www.noscript.net  or  https://www.ghostery.com/.<br><i>Wordlift</i><br>Our website uses the WordLift plugin to analyse the content and to display metadata in the source code of  our  website for search engines on the basis of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR. Our legitimate interest lies in a better ranking of our website on various search engines. The WordLift plugin is a service of the provider WordLift s.r.l  (Via Giulia117, 00186 Rome, Italy). The application does not collect any personal data, the IP address of your browser is not stored by WordLift.  For more information on WordLift's privacy policy, please visit : https://wordlift.io/gdpr/. For information about WordLift data security, see:  https://docs.wordlift.io/en/latest/faq.html#is-wordlift-secure.<br><i>YouTube</i><br>We integrate videos from the platform "YouTube" of the provider Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland) in extended data protection mode. The implementation takes place on the legal basis of Art. 6 (1) lit. f GDPR, whereby our interest lies in the smooth integration of the videos and the thus appealing design of our website. However, we only use YouTube if you have given your consent. The legal basis for the processing of your data is therefore your consent in accordance with Art. 6 (1) lit. a GDPR, which you can revoke at any time for the future. When you visit a page in which we have embedded a YouTube video, a connection to the Google servers is established and the content is displayed on the website by notifying your browser. According to Google's information, in the extended data protection mode, your data (in particular which of our websites you have visited) as well as device-specific information including the IP address will only be transmitted to the YouTube server when you watch the video. In some cases, information is transmitted to the parent company Google Inc., based in the USA, to other Google companies and to external partners of Google, each of which may be located outside the European Union. By clicking on the video, you consent to this transmission. If you are logged in to Google at the same time, this information will be assigned to your Google member account. You can prevent this by logging out of your member account before visiting our website or by making individual settings in your Google account under the following link: https://adssettings.google.com/authenticated. Further information on YouTube's privacy policy can be found at:  https://www.google.com/policies/privacy/.<br><i>Userlike Live-Chat Tool</i><br>In order to provide you with direct contact and help on our website, we use the live chat tool "Userlike" from Userlike UG (Probsteigasse 44-46, D-50670 Cologne). When the Userlike widget is called up, a connection to the servers of Userlike is established, whereby your IP address as well as information on the content of the chat, browser type and browser version, operating system, date and time of the call, URL of the visited website) is transmitted to the server of Userlike (server location Germany). In order to chat with us via Userlike, no personal data must be provided by you. However, so-called session cookies are necessary to ensure the functionality of Userlike. The legal basis for the use of Userlike is your consent acc. Article 6 (1) lit.  a GDPR. We have concluded a processor agreement with Userlike UG within the meaning of Art. 28 GDPR in order to ensure that your data is only processed to the extent desired by us and permitted by you. Further information on Userlike's data privacy measures can be found at: https://www.userlike.com/en/data-privacy.<br><i>CloudFront</i><br>For a modern design and presentation of the content offered on different end devices, for the increase of security and for faster loading times, we use the Content Delivery Network (CDN) CloudFront of the provider Amazon Web Services EMEA SARL (AWS) (38 avenue John F. Kennedy, L-1855 Luxembourg) on our website. The CloudFront CDN provides duplicates of data from a website on various Amazon Web Services servers distributed worldwide in order to deliver them to website visitors in an optimized manner. This retrieval provides information about your use of our website (e.g., your IP address) to Amazon servers (also in other EU countries) and stored there. We use this service on the basis of our legitimate interest acc. Art. 6 (1) lit. f GDPR. Our legitimate interest lies in an appealing presentation of the content of our website, in increasing the security of our website and in our interest in being able to make this content available in the shortest possible loading times. You have the right to object to the processing. Whether the objection is successful must be determined in the context of a balancing of interests. AWS is a recipient of your personal data and acts as a processor for us. This corresponds to our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR not to operate a content delivery network ourselves. The processing of the data provided under this section is neither required by law nor by contract. The (full) functionality of the website is not guaranteed without the processing. Your personal data will be stored by AWS for as long as is necessary for the purposes described. To prevent Amazon CloudFront Java Script code from running in general, you can install a JavaScript blocker.  Further information on objection options and data protection of Amazon Web Services in general can be found at: https://aws.amazon.com/de/data-protection/.<br><i>Webcams (feratel)</i><br>For the current presentation of the weather in our region, we integrate webcams of feratel media technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck) into our website. The implementation takes place on the basis of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR, whereby our interest lies in information on the current weather in our region within our website. When you visit a page in which we have embedded webcams, a connection to the servers of the providers is established and the content is displayed on the website by notifying your browser. For this purpose, it is necessary that your IP address including some browser information (browser type, browser version, etc.) including information about when you accessed these pages is transmitted to the servers of the providers. Further information on the privacy policy of feratel media technologies AG can be found at: https://www.feratel.com/datenschutz.html.<br></p><p><br><b>3.	Other Data Processing in Business and Customer Contact</b><br>In this section we inform you about other data processing processes outside our website.<br><u>3.1.	Job Applications</u><br>The contact data and application documents transmitted to us in the course of a job application will be processed by us exclusively internally for the purpose of selecting suitable candidates for an employment relationship. There is no legal or contractual obligation to provide the personal data. Failure to do so will only result in you not submitting your request and we will not be able to process it. The personal data transmitted in this way will be stored by us in accordance with the statutory provisions for a maximum of 6 months, in the case of the explicit consent of the applicant to keep the documents in evidence, for a maximum of 2 years.<br><br><u>3.2.	Online Presence in Social-Media</u><br>In addition to our website, we maintain online presences within social networks and platforms (Facebook, Pinterest and YouTube) in order to communicate with customers and business partners and to connect to them via these networks to be able to inform about our services. Further data protection information can be found when you access our content on these platforms.<br><br><u>3.3.	Sweepstakes</u><br>Your personal data provided for participation in our competitions (e-mail address, name, address) will be used by us exclusively to identify a winner, inform him of the prize and send him prizes. Your data will not be passed on to third parties. The legal basis for the processing of your personal data is the fulfilment of the contract in accordance with Article 6 (1) lit. b GDPR. There is no legal or contractual obligation to provide the personal data. Failure to provide the data will only result in you not being able to participate in the competition. Your data will be stored for the duration of the competition and – for the processing of any prizes and claims for damages – for a maximum of 3 years thereafter and then deleted. By participating, you also agree that your name will be published on our website as well as on our public social media channels in the event of winning.<br><br><u>3.4.	Video Surveillance</u><br>For the purpose of protecting our employees and visitors, our property and for the purpose of preventing or clearing up behaviour that is relevant to criminal law, we have installed video surveillance in the cash desk area of our ski lift ticket offices as well as at the entry and exit points of our mountain railway facilities and marked it accordingly. These surveillance images are only evaluated in case of incident and, provided there is no suspicion, are stored for a maximum of 72 hours and are then automatically deleted. If necessary, the data will be stored for the duration of the process and if necessary tramsmitted to competent authorities, courts, insurance companies (exclusively for the settlement of insurance claims) as well as to our legal representation (lawyer). The legal basis for this data processing is our legitimate interest in the protection of our property in accordance with Art. 6 (1) lit. f GDPR and § 12 Abs 2 Z 4 DSG. There is no right to object to the processing of this data and no right to data portability.<br><br><u>3.5.	Customer and business partner databases</u><br><i>CRM-System von Salesforce</i><br>We use the CRM system of the provider Salesforce (Salesforce Germany GmbH, Erika-Mann-Str. 31, 80636 Munich) as a tool for maintaining B2B contacts (e.g., with tour operators, travel agencies, incentive agencies, incentive departments of companies) on the legal basis of our legitimate interest acc. Art. 6 (1) lit. f. GDPR. A transfer of these contacts (names, company name, address data, contact data and interests in holiday topics) to partners in our region (accommodation and other tourist service providers) takes place only at the request of the business partner on legal basis of the consent acc. Art. 6 (1) lit. a GDPR. You can revoke this consent at any time by sending us an e-mail free of charge. We have concluded a corresponding agreement with Salesforce in accordance with Art. 28 GDPR as a processor, which ensures that your data is processed exclusively within the scope of our order. For more information about Salesforce privacy, please visit: https://www.salesforce.com/de/company/privacy/.<br><br><u>3.6.	Ski Pass Control „Photocompare“</u><br>It is pointed out that due to our legitimate interest in accordance with Art. 6 (1) lit. f GDPR for the purpose of access control (lift tickets are not transferable according to our terms and conditions!), a reference photo of the lift ticket holder is taken when passing through a turnstile equipped with a camera for the first time. This reference photo is compared by the lift staff with those photos that are taken each time you pass through a turnstile equipped with a camera. An automation-supported image data comparison does not take place. The reference photo will be deleted immediately after expiry of the validity of the lift ticket, the other photos (control photos) no later than 30 minutes after passing through a turnstile. Only in the event of an incident (our employee has doubts about the correspondence of the control photo with the reference photo) the automatic deletion of the control photo is prevented. If the suspicion of unlawful use of the ski ticket is not substantiated, the control photo will be deleted immediately. <br>Photocompare is not used at all lifts of the ski resort, but only at some special entry points (e.g., at the valley stations). All data related to Photocompare is stored encrypted. There are no sound recordings. By means of the (image) data from the Photocompare system, no movement profiles of the lift ticket users are created.<br>It should be noted that it is also possible to purchase lift tickets, which are technically configured in such a way that no photo is taken when passing through the turnstile, but random checks by the lift staff must be expected.<br><br><u>3.7.	Photopoints</u><br>We offer several photopoints in our ski resort, which you can use to create pictures. With the use of one of the photopoints, a current recording is made on the basis of your consent in accordance with Art. 6 (1) lit. a GDPR and published online or on a screen at the cash desk. The photos will be deleted automatically and completely after 72 hours. You can have the photos you have taken deleted at any time free of charge by revoking your consent. Simply contact us by e-mail or telephone.<br>Some of the photo points are operated by Alturos Destinations GmbH (Skiline). These are not dealt with in this privacy policy and are not the responsibility of Snow Space Salzburg. Snow Space Salzburg can therefore assume no liability for the data protection regulations of the operator.<br><br><u>3.8.	Skiline</u><br>Via our website you can reach the external service "Skiline" to view your personal altitude profile. The provider of this service is Alturos Destinations GmbH (Lakeside B03, 9020 Klagenfurt, Austria; Phone: +43 463 249 445; E-mail: office@alturos.com). On the basis of your consent in accordance with Art. 6 (1) lit. a GDPR, Skiline receives information about your lift access in our ski resorts as well as your ticket number for the creation of the altitude meter profile and can calculate the altitude meters and kilometers of slopes driven. Otherwise, we will not pass on any personal data to Skiline. When you access the Skiline service via our website, you leave our website. All other data processing processes are the responsibility of Skiline. Further information from the person responsible for the Skiline service under data protection law can be found at: https://www.skiline.cc/privacy_policy/de.  Further information on the Skiline service can be found at: https://www.skiline.cc/home.<br>Newsletter and live marketing information to Skiline e-mail addresses<br>On the legal basis of your consent pursuant to Art. 6 (1) lit. a GDPR, which you give as part of your registration with Skiline, we will receive your e-mail address (including title, first name and last name) from Skiline for sending our newsletter to you. Your consent can be revoked at any time free of charge by clicking on the "unsubscribe link" at the end of each mailing. The legality of the data processing operations that have already taken place up to that point remains unaffected by the revocation. Further information about our newsletter can be found in this data protection information.<br>Also on the legal basis of your consent pursuant to Art. 6 (1) lit. a GDPR, which you give as part of your registration with Skiline, we will also use your e-mail address to send you up-to-date information by e-mail if we see that you are using your ski ticket registered with Skiline in our ski resort (e.g. if you pass through certain hubs of our mountain railway facilities with your ticket). These e-mail newsletters are sent out via Skiline's newsletter tool. You can revoke this consent at any time through your individual settings in your Skiline app. The legality of the data processing operations that have already taken place up to that point remains unaffected by the revocation. For more information, please look at: https://www.skiline.cc/privacy_policy/de.<br><br><u>3.9.	Skiing Accidents – Reports</u><br>We reserve the right to invoice the operation of piste rescue services. The information of the injured persons or the parties involved in the accident and witnesses (name, sex, address, telephone number, date of birth, accommodation, holiday location, ski pass number, course of accident, type of injury, place of accident, time of accident, transport from scene/salvage, type of sports/sports equipment, costs, piste &amp; weather conditions, details of witnesses) will be processed by us for the purpose of the necessary medical care of the injured persons owing to the interest of the data subject pursuant to Art. 6 (1) lit. d GDPR and owing to our legitimate interest pursuant to Art. 6 (1) lit. f GDPR for the creation of the invoice and for possible legal claims. In the event of collisions these data will also be forwarded to the local police station owing to our legal obligation pursuant to Art. 6 (1) lit. d GDPR.<br></p><p><br><i>Current version of the privacy policy of 02.09.2022<br></i><br></p>			</div>	
		</div>
	</div>
</div>
			</div>
		</div>
		<div class="right-column gc xs-hide lg-block lg-gc3">
			<h1 class="page-title">&nbsp;</h1>
			<div class="right-column-nav xs-gray-f0f0f0-fill">
							</div>
		</div>
	</div>
</div>

<script>
	$(document).ready(function(){
		App.switchHtmlClass("shop-page-support");
		$('#privacy').addClass('active');
		remove_configure_b2b_storage();
	});

	function refresh(data,id) {
		dataobj = JSON.parse(data);
		if (dataobj.status.state == 'OK')
		{
			switch(id){
				case 'dashboard':newshop.account
					App.getHtml('/en/ajax/winter/html/shop_widget_account/dashboard_widget',null,$('.js_account_support_content'), function(){});
					break;
				case 'manage_skicards':
					App.getHtml('/en/ajax/winter/html/shop_widget_card/card_list',null,$('.js_account_support_content'), function(){});
					break;
				case 'wallet_details':
					App.getHtml('/en/ajax/winter/html/shop_widget_wallet/wallet_details',null,$('.js_account_support_content'), function(){});
					break;
				case 'order_history':
					App.getHtml('/en/ajax/winter/html/shop_widget_order/order_history',null,$('.js_account_support_content'), function(){});
					break;
				case 'manage_team':
					App.getHtml('/en/ajax/winter/html/shop_widget_person/person_list',null,$('.js_account_support_content'), function(){});
					break;
			}
		}
	}

</script>


<!-- END OF PAGE CONTROLLER: Shop_Page_Support - ACTION: privacy - VIEW: shop/pages/account_support_page -->