Data Protection

The protection of your personal data is of particular importance to us. We therefore process your data exclusively in accordance with applicable legal provisions (GDPR, TKG 2021). In this Privacy Policy, we inform you about the most important aspects of data processing in connection with our website.

Data Controller:

Bodensee-Vorarlberg Tourismus GmbH
Hintere Achmühlerstraße 1c, 6850 Dornbirn, Austria
+43 (5572) 40797
office@bodensee-vorarlberg.com 
FN 319239w

No Data Protection Officer has been appointed.

This Privacy Policy applies only to this website. If you are redirected to other websites via links on our pages, please refer directly to those websites for information on how your data is handled. We process your personal data (e.g. title, name, address, email address, telephone number, credit card number) exclusively in accordance with the provisions of Austrian data protection law. The following provisions provide information on the nature, scope and purpose of the collection, processing and use of personal data.

The use of this website is generally possible without providing personal data.

Where personal data (such as name, address or email address) is collected on our website, this is, as far as possible, always done on a voluntary basis. Personal data will only be disclosed to third parties where this is necessary for the performance of a contract, where there is a legal obligation to do so, or where there is an appropriate legal basis under the GDPR.

Use of your personal data:

• For the purpose of contract performance and contract administration
• To provide and improve our services and support
• To contact you in accordance with your request
• To personalise the service and provide the content you have selected
• For data analysis
• For internal audits
• For the development of new products
• To identify usage trends
• To assess the effectiveness of our marketing activities

Please note that data transmission over the Internet (e.g. when communicating by email or via non-encrypted websites) may be subject to security vulnerabilities. Complete protection of data against access by third parties cannot be guaranteed.

Under the EU General Data Protection Regulation (GDPR), you, as a data subject, have extensive rights. These rights are intended to ensure greater transparency regarding your data. Your rights as a data subject include the right to access your personal data, to rectification, erasure, restriction of processing, objection to processing (direct marketing), data portability (where processing is based on a contractual relationship or consent), and the right to withdraw your consent at any time.

Data subjects may exercise all these rights by sending an email to office@bodenseevorarlberg.com, by contacting us personally (e.g. by telephone or in person), or by submitting a request by post.

 In addition, you have the right to lodge a complaint with the supervisory authority at any time regarding the processing of your personal data. The contact details of the competent supervisory authority are as follows:

Austrian Data Protection Authority
Barichgasse 40-42 
1030 Vienna
Telephone: +43 1 52 152-0 
Email: dsb@dsb.gv.at

The personal data of the data subject shall be erased or its processing restricted as soon as the purpose of storage no longer applies. Erasure or restriction of processing shall also take place where a statutory retention period expires or where the data subject requests erasure, provided that no statutory retention obligations or other legitimate grounds prevent such erasure.

Where the data is not erased because it is required for other legally permissible purposes, its processing shall be restricted. This means that the data is blocked and not processed for other purposes. This applies to data that must be retained for commercial or tax law reasons.

Retention is carried out in accordance with the statutory provisions in Austria.

In particular, data is retained for a period of seven years in accordance with Section 212 (1) of the Austrian Commercial Code (UGB) (books, inventories, opening balance sheets, annual financial statements including management reports, etc.) and in accordance with Section 132 (1) of the Austrian Federal Fiscal Code (BAO) (accounting records, supporting documents/invoices, accounts, business documents, and statements of income and expenditure, etc.).

In addition, data is retained for a period of ten years in relation to documents concerning electronically supplied services, telecommunications, radio and television services provided to non-business customers in EU Member States, for which the One-Stop Shop (OSS) scheme is applied. 

When contacting us (for example via a contact form or email), the following user data is stored for the purpose of processing your enquiry and in the event of follow-up questions: title, first name and surname, as well as email address, telephone number, street, postcode, country, and data relating to the enquiry (e.g. period of stay, type of accommodation, etc.).

The personal data collected in this way is stored by the controller for a period of 36 months following completion of the processing of the enquiry and will subsequently be erased.

The personal data provided by the user will only be processed and used to the extent necessary for handling the enquiry and/or providing the requested service. In the course of this data processing, the following processors (sub-processors) are involved:

• starmate solutions GmbH, Pfarrer-Weiß-Weg 16, 89077 Ulm, Germany – CRM tool
• Feratel Media Technologies AG, Maria-Theresien-Straße 8, 6020 Innsbruck, Austria – booking tool for offers and accommodation brokerage
• Asana, Inc, 633 Folsom Street, San Francisco, CA, USA – online forms for various enquiries

Data processing is carried out in accordance with Article 6(1)(b) GDPR for the performance of a contract or to take steps prior to entering into a contract.

If you book an offer via Bodensee-Vorarlberg Tourismus, we collect the data necessary to process the reservation. This includes, in particular, your name, telephone number, email address, the dates of your arrival and departure, your credit card details, your selected accommodation, and the type of room booked.

When you make a booking with Bodensee-Vorarlberg Tourismus, your booking data is transferred to the accommodation provider/service provider you have selected in order to facilitate your reservation. Apart from this, your data will generally not be disclosed to third parties (exceptions are set out below).

Under no circumstances will your contact details be sold or leased by Bodensee-Vorarlberg Tourismus.

Due to statutory provisions and corresponding judicial or administrative orders, we may in exceptional cases be required to disclose data to the competent authorities or courts. In such cases, disclosure will take place only within the scope of our legal obligations.

In the course of this data processing, the following processors (sub-processors) are involved:

• starmate solutions GmbH, Pfarrer-Weiß-Weg 16, 89077 Ulm, Germany – CRM tool
• Feratel Media Technologies AG, Maria-Theresien-Straße 8, 6020 Innsbruck, Austria – booking tool for offers and accommodation brokerage
• Datatrans, Kreuzbühlstraße 26, 8008 Zurich, Switzerland – processing of payment data for booking guarantee
• Stripe Payments Europe, Limited, One Wilton Park, Wilton Place, Dublin 2, D02 FX04, Ireland – electronic payment system
• Member businesses of Bodensee-Vorarlberg Tourismus, see: https://www.bodensee-vorarlberg.com/en/accommodation

 Data processing is carried out in accordance with Article 6(1)(b) GDPR for the performance of a contract or in order to take steps prior to entering into a contract.

All data entered by the user in the course of placing an order will be stored. This includes surname, first name, address, and email address.

Data that is strictly necessary for delivery or order processing will be disclosed to third-party service providers. As soon as the retention of your data is no longer necessary or legally required, such data will be erased.

In the course of this data processing, the following processors (sub-processors) are involved:

• starmate solutions GmbH, Pfarrer-Weiß-Weg 16, 89077 Ulm, Germany – CRM tool

Data processing is carried out in accordance with Article 6(1)(b) GDPR for the performance of a contract or in order to take steps prior to entering into a contract

Where we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or where this occurs in the context of the use of third-party services or the disclosure or transfer of data to third parties, this is carried out only where it is necessary for the performance of our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests. Subject to statutory or contractual authorisation, we process or arrange for the processing of data in a third country only where the special conditions set out in Articles 44 et seq. GDPR are met. This means that processing takes place, for example, on the basis of specific safeguards, such as the use of standard contractual clauses approved by the European Commission (“Standard Contractual Clauses”) or – where applicable – other appropriate safeguards within the meaning of Articles 44 et seq. GDPR.

We review any links to external websites on an editorial basis. Nevertheless, we accept no responsibility or liability for the content of external websites to which links are provided from this website or from any other online presence.

If you submit an application to us by email or post, the information you provide in your application documents, including your contact details, will be stored for the purpose of processing your application. This data will not be disclosed to third parties without your consent. Your data will be erased no later than six months after the position has been filled.

If you participate in a prize draw on our website, the data you provide in the form, including your contact details, will be stored for the purpose of conducting the prize draw. This data will not be disclosed to third parties without your consent. It will be stored for the duration of the prize draw and – for the purpose of handling any potential claims for winnings or damages – for a maximum period of 40 months thereafter and will subsequently be erased. 

Without your explicit consent or a legal basis, your personal data will not be disclosed to third parties beyond what is necessary for the performance of the contract. Once the contract has been performed, your data will be restricted from further processing. After expiry of the retention periods under tax and commercial law, the data will be erased, unless you have expressly consented to its further use. Your personal data required for the establishment, substantive arrangement or modification of the contractual relationship (contract data) will be used exclusively for the performance of the contract. 

A distinction is generally made between the following categories of cookies:

• strictly necessary cookies to ensure the basic functions of the website
• functional cookies to ensure the performance of the website
• statistical and marketing cookies to analyse user behaviour and improve the user experience

Some pages on our website use cookies. Cookies are small text files that are stored on your device. They do not cause any harm and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure.

Most of the cookies we use are so-called “session cookies”, which are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them.

Non-essential cookies are processed only on the basis of your consent in accordance with applicable data protection laws. You may withdraw your consent at any time via the settings in the cookie banner.

You can also configure your browser so that cookies are only accepted on a case-by-case basis or generally rejected. Please note that disabling cookies may limit the functionality of the website.

If you do not allow cookies, certain features and pages may not function as expected.

Web analytics (also referred to as “audience measurement”) is used to evaluate visitor traffic on our website and may include pseudonymised data on user behaviour, interests or demographic information (e.g. age or gender). Through analytics, we can determine, for example, when our online services, features or content are most frequently used or encourage repeated visits, and which areas require optimisation. In addition to web analytics, we may also use testing procedures (e.g. A/B testing) to test and optimise different versions of our website or its components.

Unless otherwise stated below, profiles (i.e. data aggregated for a specific usage process) may be created for these purposes, and information may be stored in and retrieved from a browser or device. The data collected includes, in particular, visited websites, interactions with content, and technical information such as the browser and operating system used, as well as usage times. Where users have consented to the collection of their location data, such data may also be processed by us or by the providers of the services we use.

Users’ IP addresses are also processed. However, we use an IP masking procedure (i.e. pseudonymisation by truncating the IP address) to protect users. In general, no directly identifiable personal data (such as names or email addresses) is stored in connection with web analytics, A/B testing or optimisation; instead, pseudonyms are used. This means that neither we nor the providers of the software used can identify users directly, but only the information stored in their respective profiles.

• Categories of data processed: usage data (e.g. visited websites, interest in content, access times); meta/communication data (e.g. device information, IP addresses)
• Data subjects: users (e.g. website visitors, users of online services)
• Purposes of processing: audience measurement (e.g. access statistics, recognition of returning users); creation of user profiles
• Security measures: IP masking (pseudonymisation of the IP address)
• Legal bases: consent (Article 6(1)(a) GDPR); legitimate interests (Article 6(1)(f) GDPR)

Additional Information on Matomo:

Matomo is a software used for web analytics and audience measurement. When using Matomo, cookies are created and stored on the user’s device.

The data collected through Matomo is processed exclusively by us and is not shared with third parties. Cookies are stored for a maximum period of 13 months:

https://matomo.org/faq/general/faq_146/

Data processing is based on consent (Article 6(1)(a) GDPR). Cookies are deleted after a maximum storage period of 13 months.

No collected and pseudonymised data is transferred to Matomo. Instead, such data is stored on our own server with a certified hosting provider in Germany (Hetzner).

The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This information includes: 

• Browser type and browser version
• Operating system in use
• Referrer URL
• Host name of the accessing computers
• Time of the server query
• IP address

This data cannot be attributed to specific individuals. This data is not combined with other data sources. We reserve the right to review this data retrospectively if we become aware of specific indications of unlawful use.

We use social plugins from Meta (e.g. Facebook), provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. The parent company is Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. The plugins are marked with the relevant Meta logo (e.g. the Facebook logo). An overview of Meta’s social plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins 

To enhance the protection of your data when visiting our website, these plugins are integrated into the page using a so-called “two-click solution”. This integration ensures that when you access a page on our website that contains such plugins, no connection to Meta’s servers is established initially. Only when you activate the plugins and thereby give your consent to data transmission will your browser establish a direct connection to Meta’s servers.

The content of the respective plugin is then transmitted directly from the relevant provider to your browser and integrated into the page. By integrating the plugins, Meta receives the information that your browser has accessed the corresponding page of our website, even if you do not have a user account or are not currently logged in. This information (including your IP address) may be transmitted to Meta servers, in particular in the USA, and stored there.

If you are logged into a Meta social network (e.g. Facebook), Meta can assign your visit to our website to your user account. If you interact with the plugins (e.g. click “Like”), the corresponding information is also transmitted directly to Meta and stored there.

For information about the purpose and scope of data collection and the further processing and use of data by the providers, as well as your rights and settings options to protect your privacy, please refer to the providers’ privacy policies:

Meta Privacy Policy:https://www.facebook.com/privacy/policy/

If you do not want Meta to associate the data collected via our website with your user account, you must log out before activating the plugins.

If you are logged into your YouTube account, YouTube may associate your visit to our website with your user account. You can prevent this by logging out of your YouTube account.

Further information on the handling of user data can be found in YouTube’s privacy policy at: https://policies.google.com/privacy?hl=en-GB

We use Google Ads to promote our website. In this context, we use conversion tracking provided by Google Ireland Limited.

When you access our website via a Google advertisement, a cookie is set only after you have given your prior consent. These cookies are used to analyse the effectiveness of our advertising and do not enable the direct identification of users.

Further information can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en-GB

Our website uses the remarketing function “Facebook Pixel” provided by Meta Platforms Ireland Ltd. This function is used to display interest-based advertisements to visitors via the social networks Facebook and Instagram.

The Facebook Pixel is activated only after you have given your prior consent. In this context, personal data (e.g. IP address and user behaviour) may be transmitted to Meta. An association with a personal user account takes place only if you are logged into a Meta service and have given the relevant consent.

Further information can be found at: https://www.facebook.com/about/privacy/

We use our newsletter to inform you about us and our offers. To receive our newsletter, you must provide your email address. Before the newsletter is sent, you must expressly confirm that we may activate the newsletter service for you as part of the so-called double opt-in procedure. You will then receive a confirmation and authorisation email asking you to click on the link contained in it to confirm that you wish to receive the newsletter. You can unsubscribe from the newsletter at any time by clicking the link provided in each newsletter. Your email address will be used exclusively by us and will not be disclosed to third parties.

When you subscribe to the newsletter, we store your IP address, the date of subscription, and any voluntarily provided information regarding your interests. This storage serves as proof in case a third party misuses your email address and subscribes to the newsletter without your knowledge.

To send our newsletters, we use the e-marketing suite (“EMS”) software provided by starmate solutions GmbH, Pfarrer-Weiß-Weg 16, 89077 Ulm, Germany.

The newsletters contain a web beacon (also known as a tracking pixel). This allows us to determine whether emails have been opened and whether links contained in the emails have been clicked. We use this information to improve our email service and to analyse which information is most frequently read or clicked. The information collected in this way is stored by starmate solutions GmbH on its servers in Germany.

You may withdraw your consent to the storage of your data, your email address, and its use for sending the newsletter at any time. To do so, simply send us an email at office@bodensee-vorarlberg.com or a letter to Bodensee-Vorarlberg Tourismus GmbH, Hintere Achmühlerstraße 1c, 6850 Dornbirn, Austria. You can also unsubscribe at any time via the unsubscribe link included in each newsletter or by using the “unsubscribe” button.

This website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as enquiries you send to us as the website operator. You can recognise an encrypted connection by the change in the browser’s address line from “http://” to “https://” and by the lock symbol in your browser bar.

If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

If you have any questions, please contact us at: office@bodenseevorarlberg.com

We use Hotjar to better understand the needs of our users and to optimise our offering and the user experience on this website. Hotjar is used only after you have given your prior consent. In this context, Hotjar may use cookies and other technologies to collect data on user behaviour and devices, in particular information about the browser used, screen size, device type and the approximate geographical location (country only).

The IP address is processed only in truncated and pseudonymised form. Direct identification of individual users does not take place.

Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually prohibited from selling this data.

Further information can be found in Hotjar’s privacy policy: https://www.hotjar.com/legal/policies/privacy/