1. General information
The protection of your personal data is of special importance to us. Therefore, we exclusively process your data on the basis of the statutory provisions (GDPR (General Data Protection Regulation), DSG 2018 (Austrian Data Protection Act), TKG 2003 (Austrian Telecommunications Act 2003)), in particular exclusively in a lawful manner pursuant to Art 6 GDPR. In this data protection information we will inform you about the most important aspects of the data processing – type, scope and purposes of the collection and use of personal data – in conjunction with the use of our website and in conjunction with the use of our offers in our ski area.
1.1. The legal bases for the processing of personal data
Art. 6 (1) lit a EU General Data Protection Regulation (GDPR) serves as the legal basis if we obtain the consent of the data subject for processing activities regarding personal data. Art. 6 (1) lit b GDPR serves as the legal basis when processing personal data which is necessary to fulfil a contract of which the contractual party is the data subject. This shall also apply to processing activities which are necessary in order to carry out pre-contractual measures. Art. 6 (1) lit c GDPR serves as the legal basis if the processing of personal data is necessary to fulfil a legal obligation which our company has to comply with. If the processing is necessary in order to safeguard a legitimate interest of our company or a third party, and if the interests, basic rights and basic freedoms of the data subject do not outweigh the interest named first, then Art. 6 (1) lit f GDPR serves as the legal basis for the processing. The legal basis is Art. 6 (1) lit d GDPR if the data are processed in the interest of the data subject.
1.2. Data erasure and storage duration
The personal data of the data subject will be erased or blocked as soon as the purpose of the storage ceases to apply. Storage can additionally be carried out if this was envisaged by the European or national legislator in regulations under Union law, other laws or regulations, which our company has to comply with. Data will also be blocked or erased when a storage deadline stipulated by the stated standards expires, unless it is necessary to continue to store the data for the conclusion of a contract or to fulfil a contract.
1.3. Safeguarding of your data protection rights
Pursuant to GDPR you are fundamentally entitled to the rights to information, rectification, erasure, limitation, data portability, revocation and objection.
We as the data controller responsible for the processing of your personal data are accordingly available under the following contact data:
GLETSCHERBAHNEN KAPRUN AG
T: +43 (0)6547/8700
Data protection officer:
We take the protection of personal data seriously and have therefore voluntarily appointed an external data protection officer. Our data protection officer is MMag. Martin Zeppezauer, Thurnbichlweg 50, A-6353 Going am Wilden Kaiser (www.zepedes.com). You can contact our data protection officer under the email address email@example.com.
Right to lodge a complaint:
If you believe that the processing of your data breaches data protection law or your claims under data protection law have been violated in any other manner you can lodge a complaint at the supervisory authority. In Austria this is the data protection authority. (Wickenburggasse 8, 1080 Vienna, email firstname.lastname@example.org).
1.4. Data processor, recipients
We process your personal data with the support of data processors, who support us with providing the services. These data processors are obligated to strict protection of your personal data and may not process your personal data for any other purpose than for the provision of our services. In order to find out which data processors it concerns please refer to the detailed descriptions of the individual data processing processes.
A forwarding of your personal data to other companies than our data processors will only be carried out to typical economic service providers such as e.g. banks, tax advisers, auditors, etc.
1.5. Transmissions to third countries
If we process data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)) or this takes place in conjunction with the use of services of third parties or the disclosure respectively the transmission of data to third parties, this will only be carried out if it occurs in order to fulfil our (pre-)contractual obligations, on the basis of your consent, owing to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permission we only process or have the data processed in a third country with the existence of the special prerequisites of Art. 44 ff. GDPR. i.e. the processing is carried out e.g. on the basis of special guarantees, such as the officially recognised determination of a level of data protection that corresponds with that of the EU or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").
Your data (at last case-by-case) are also transmitted to the USA by some of our website services (Google Tag Manager, Google+ Platform, Google Analytics, Google Maps, Google ReCAPTCHA, Google Dynamic Remarketing, Google Double Click, Google Ads Audiences, Facebook-Pixel as well as Facebook Custom Audiences). Authorities or secret services in the USA can access your data without you having any legal possibilities to object to this. The ECJ has therefore determined that there is no sufficient level of data protection within the meaning of Art 45ff GDPR for data transfers from the EU to the USA. For this reason, the legal basis for the use of these services is your explicit consent pursuant to Art. 49 Para. 1 lit. a GDPR in conjunction with Art. 6 Para. 1 lit. a GDPR. We offer you the possibility to make a decision in this respect with the settings on our cookie banner when accessing our website for the first time.
2. Visit to our website
2.1. Presentation of the website
For technical reasons among others the following data, which your Internet browser transmits to us or to our web space provider, are recorded (so-called server log files):
- browser type and version
- used operating system
- website from which you are visiting us (referrer URL)
- website, which you are visiting
- date and time of your access
- your Internet Protocol (IP) address
These anonymous data will be stored separately from your possibly entered personal data and therefore do not allow any conclusions to be drawn about a certain person. They are evaluated for statistical purposes in order to be able to optimise our internet presence and our offers.
SSL or TLS encryption:
For security reasons and to protect the transfer of confidential contents, such as for example orders or requests, which you send to us as the operator of the site, this site uses an SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If the SSL or TLS encryption is activated, the data which you transmit to us cannot be read by third parties.
2.2. Communication with us
Contact form and email:
Enquiries regarding accommodation:
2.3. Online shop
Sale of ski passes and day tickets:
The sale of ski passes and day tickets on our website is carried out by the online booking platform Starjack (SJack GmbH, Am Bühel 6, 6830 Rankweil) as the data controller under data protection law. You can obtain further information relating to the handling of your personal data under: https://starjack.at/data-privacy. Gletscherbahnen Kaprun AG does not assume any liability for the entire online order process of the tickets via the Starjack-Gateway and all thus associated concerns relating to data protection law.
Sale of season tickets
For orders of season tickets and annual passes in our online shop we will require a form of address, first and last name, address, email address, the date of birth and a portrait photo. Your login information, technical backgrounds of your browser and your orders will be stored in line with the tax law and company law regulations applicable for us. The payment transaction is carried out through third party providers (SIX Payments, PayPal, instant bank transfer etc.). We refer to the respective General Business Terms and Conditions and data protection information. For the creation of season tickets the personal data are transferred to the system of our data processor, the Skidata company (SKIDATA Austria GmbH, Hochthronstraße 1-7, 5083 Grödig / Salzburg). Further information relating to the data protection of Skidata is available under https://www.skidata.com/en/data-privacy/
Sale of vouchers and merchandise articles:
The sale of vouchers and merchandise products in our online shop is carried out through a system of our data processor the Incert company (Incert eTourismus GmbH & Co KG, Lederfabrik Linz, Leonfeldnerstraße 328, A-4040 Linz). It enables the automated sale of vouchers by means of "print@home" as well as the individual personalisation of vouchers with dedications, designs and barcodes.
The following details are required for processing orders: Form of address, first and last name, address, email address. Your order information is stored in line with the tax law and company law regulations applicable for us. The payment transaction is carried out through third party providers (SIX Payments, PayPal, instant bank transfer etc.). We refer to the respective General Business Terms and Conditions and data protection information.
2.4. Email newsletter
By ticking the checkbox you agree to the processing of the personal data entered by you for the purpose of information about our current offers by means of an email newsletter by us until the consent is revoked. There is no legal or contractual obligation to provide the personal data. The failure to grant consent will merely have the consequence that you will not receive any email newsletter. You have the right to revoke your consent at all times by a written notification or by clicking on the unsubscribe link in the email newsletter without affecting the lawfulness of the processing carried out owing to the consent until the revocation. After revocation your personal data required for sending the email newsletter will be erased by us without delay. We use the services of our data processor the CleverReach company (CleverReach GmbH & Co. KG //CRASH Building, Schafjückenweg 2, 26180 Rastede, Germany) for sending our email newsletter. Further information relating to the data protection of CleverReach is available under: https://www.cleverreach.com/en/privacy-policy/
2.5. Job applications
The contact data and application documents transmitted to Gletscherbahnen Kaprun AG over the course of a job application via the job portal of our website are exclusively processed internally by us for the purpose of selecting suitable candidates for an employment relationship. The personal data transmitted hereby will be stored by us pursuant to the statutory provisions for a max. of 6 months, in the event of the explicit consent of the applicant, to keep the documents as evidence, for a max. of 2 years.
2.6. Integration of services and contents of third parties
It may occur that contents of third parties, such as for example YouTube videos, map material from Google-Maps, RSS-Feeds or graphics from other websites are integrated within this online offer. This always presumes that the provider of these contents (hereinafter referred to as "Third Party Provider") perceives the IP address of the users. As without the IP address, they could not send the contents to the browser of the respective user. The IP address is therefore necessary for the presentation of these contents. Gletscherbahnen Kaprun AG makes an effort to only use such content whose respective provider merely uses the IP address to deliver the contents. However, Gletscherbahnen Kaprun AG has no influence if the Third-Party Provider stores the IP address e.g. for statistical purposes. Insofar as this is known Gletscherbahnen Kaprun AG will inform the users hereof.
You can find more information regarding cookies on WIKIPEDIA.
Change of the cookie settings:
The user can stipulate how the web browser deals with cookies and which cookies are allowed or rejected in the settings of the web browser. Where these settings are precisely located depends on the respective web browser. Detailed information in this respect can be called via the help function of the respective web browser.
Cookies on our website
Our website uses the following providers:
- Google: Google Tag Manager, Google+ Platform, Google Analytics, Google Maps, Google ReCAPTCHA, Google Dynamic Remarketing, Google Double Click and Google Ads Audiences. Serves to store user data in connection with website statistics, marketing and optimisation.
- Facebook: Serves to store user data in connection with the Facebook Pixel, Facebook Custom Audiences and Facebook Connect. You can find further information at Facebook Developer as well as at the Facebook Cookie Notes.
- Hotjar: Serves to store user data in connection with Hotjar. You can find further information in the Hotjar Cookie Information.
2.8. Server log files
For the purpose of monitoring the technical function and for improving the operational security of the web server on the basis of the prevailing legitimate interest of the data controller (technical security measures) this website processes the following personal data in a server log file:
- IP address
- Site from which the file was requested (so-called referrer URL)
- Name of the file
- Date and time of the request (so-called "time stamp")
- Transferred data volume
- Access status (file transferred, file not found, etc.)
- Description of the type of used web browser, abbreviated "browser"; e.g. Mozilla Firefox, Google Chrome, Microsoft Internet Explorer, Microsoft Edge, Apple Safari, Opera, etc.)
These data are only stored person-related temporarily for the duration of seven days. After this time the log files will be deleted.
2.9. Google Analytics
This website uses Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") on the legal basis of the prevailing legitimate interest (analysis of the website use). We have concluded an agreement for this purpose with Google for contract data processing.
This website uses the function "Activation of the IP anonymisation". This way, your IP address is first abbreviated by Google within member states of the European Union or in other contracting states of the Treaty on the European Economic Area. The full IP address is only transferred to a server of Google in the USA and abbreviated there in exceptional cases.
According to information from Google, Google will use the collected data in order to evaluate the use of the website, to compile reports on the website activities and to provide further services associated with the website use and the internet use.
Google will, if applicable, also transfer this information to third parties if this is stipulated by law or if third parties process these data by order of Google.
2.10. Google Analytics Remarketing
Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Through this function it is possible to link the advertising target groups created using Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. This way, interest-related, personalised advertising messages, which were adjusted to suit you depending on your previous usage and surfing behaviour on a terminal device (e.g. mobile phone), can also be displayed on another of your terminal devices (e.g. tablet or PC).
If you have granted a corresponding consent, Google will link your web and app browser history with your Google account for this purpose. This way, the same personalised advertising messages can be placed on each device on which you sign in with your Google account.
In order to support this function Google Analytics records Google-authenticated IDs of the users, which are temporarily linked with our Google Analytics data in order to define and create target groups for the cross-device advertisements.
You can permanently object to the cross-device remarketing / targeting by deactivating personalised advertising in your Google account; follow this link in order to do this.
The summary of the entered data in your Google account is exclusively carried out on the basis of your consent, which you can submit to Google or revoke (Art. 6 Para. 1 lit. a GDPR).
Deactivate Google Analytics:
- You can generally prevent the recording of your user data on our website by setting "Do Not Track" in your web browser. Our website takes the "Do Not Track" signal into consideration, which your web browser then sends to all websites.
- You can generally prevent the recording of your user data by Google Analytics on all websites by downloading and installing the browser plugin available under the following link: Get Google Analytics Opt-out Browser Add-on.
- You can only prevent the recording of your user data by Google Analytics on this website by clicking on the following link. An opt-out cookie is set that prevents the recording of your data on future visits to this website: Deactivate Google Analytics.
2.11. Google Maps
This website uses the product Google Maps of Google Inc. By using Google Maps on this website, you declare that you agree to the collection, processing and use of the automatically collected data by Google Inc, its representatives as well as third parties.
2.12. Google ReCAPTCHA
In order to protect your orders by internet form this website uses the reCAPTCHA service of Google Inc. (Google). The query serves to distinguish whether the input is carried out by a person or improperly by automated, mechanical processing. The query includes the sending of the IP address and, if applicable, further data required by Google for the reCAPTCHA service to Google. For this purpose, your input is transmitted to Google and is further used there. Through the use of reCaptcha, you declare that you agree that the recognition provided by you will flow into the digitalisation of old works. In the event of the activation of IP anonymisation on this website, your IP address will however first be abbreviated by Google within member states of the European Union or in other contracting states of the Treaty on the European Economic Area. The full IP address is only transferred to a server of Google in the USA and abbreviated there in exceptional cases. By order of the operator of this website, Google will use this information in order to evaluate your use of this service. The IP address transmitted by your browser within the scope of reCaptcha will not be aggregated with other data of Google. The deviating data protection provisions of the Google company apply to these data. You can find further information relating to the privacy policies of Google under: https://www.google.com/intl/de/policies/privacy/.
2.13. Facebook Pixel
This website uses Facebook Pixel, a web analysis service of Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook") on the legal basis of the prevailing legitimate interest (analysis of the website use). The data are partly transferred to the USA. The transmission of the data to the USA is carried out on the basis of your consent pursuant to Art. 6 (1) lit a GDPR.
According to information from Facebook, Facebook will use the collected data in order to evaluate the use of the website, to compile reports on the website activities and to provide further services associated with the website use and the internet use.
Facebook will, if applicable, also transfer this information to third parties if this is stipulated by law or if third parties process these data by order of Facebook.
Deactivate Facebook Pixel:
- You can generally prevent the recording of your user data on our website by setting "Do Not Track" in your web browser. Our website takes the "Do Not Track" signal into consideration, which your web browser then sends to all websites.
- You can only prevent the recording of your user data by Facebook Pixel on this website by clicking on the following link. An opt-out cookie is set that prevents the recording of your data on future visits to this website: Deactivate Facebook Pixel.
2.14. Web Fonts
The use of Web Fonts is carried out in the interest of a standard and attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f. GDPR.
For improved user experience on this website we use Hotjar, a feedback and analysis service of Hotjar Ltd. ("Hotjar"), Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe. The following information is collected with regard to the terminal device and browser of the end user:
- IP address of the terminal device in an anonymised form
- Screen resolution of the terminal device
- Type of terminal device (individual terminal devices - identification characteristics) operating system and browser type
- geographical location (only country)
- language preferred with the display of the Hotjar-based website
- mouse events (movements, position and clicks)
- keyboard inputs
- log data
Our servers record information automatically based on random samples, which is collected from Hotjar-based websites. The following fall under these data:
- referring domain
- visited pages
- geographical location (only country)
- language preferred with the display of the website
- date and time when the pages of the website were accessed
The processing of your personal data is carried out on the basis of your consent pursuant to Art. 6 (1) lit a GDPR. Further information relating to the data protection of Hotjar can be found under https://www.hotjar.com/legal/policies/privacy/ as well as further information relating to the cookies used by Hotjar under Hotjar cookie information.
By visiting the opt-out-site of Hotjar and by clicking on "deactivate Hotjar" you can reject the collection of your data by Hotjar when visiting this website at all times.
3. Visit to our ski area
We will explain the processing of your personal data when using the facilities of our ski area below.
3.1. Skipass control "Photocompare"
It is pointed out that owing to our legitimate interest pursuant to Art. 6 (1) lit f GDPR for the purpose of access control (lift tickets are not transferable pursuant to our General Business Terms and Conditions!) a reference photo of the lift ticket holder is taken when going through a turnstile fitted with a camera for the first time. This reference photo will be compared by the lift staff with those photos which are taken each time a turnstile fitted with a camera is passed through once again. The reference photo will be deleted immediately after expiry of the validity of the lift ticket, the other photos at the latest 30 minutes after a turnstile is respectively passed through. It is pointed out that there is also the possibility to acquire lift tickets which are configured technically so that no photo is taken when passing through the turnstile, however random checks by the lift staff must be expected in this case.
- Photocompare is not used with all lift facilities of the ski area, but only at several special points of entry (e.g. at the valley station).
- All data in connection with Photocompare are stored encrypted. No sound recordings are made.
- Evaluation process:
The Photocompare turnstile facilities at the points of entry are fitted with card readers and cameras. When passing the turnstile, the lift ticket is read and a photo is created automatically. This photo is compared with the respective reference photo of the lift ticket holder for correspondence. This check is carried out by the employee (lift employee) of the client nearest to the turnstile situated in a closed room by personal perception on the screen. An automation-supported image data comparison is not carried out as this would be inadmissible.
If there is a match, there is no cause for the problem. If the human eye, i.e., the employee in the area of the ski lift facility, has doubts about the correspondence of the photo that was just created with the reference photo, they have the possibility to trigger a suspicious case and therefore to prevent the automatic deletion of the image data. It is ensured that as long as no cause has been triggered, all control photos of the points of entry are automatically deleted within a few minutes (however a maximum of 30 minutes after the photo was taken). If in an event a suspicion does not become more concrete, the photo will be deleted immediately. The reference photo taken within the scope of the ski lift ticket purchase will be deleted immediately after the end of the period of validity of the lift ticket.
The client stores entrance times and locations of the lift tickets exclusively for settlement purposes with other ski areas. By means of the (image) data from the Photocompare system no movement profiles of the lift ticket users are created whatsoever.
Besides Photocompare there is also the possibility to purchase a lift ticket which can be configured technically so that no photo is taken when passing through the turnstile. The reference photo is created at the ticket office and is located on the lift ticket, not in the Photocompare system. In this case controls by the lift staff are to be expected.
We offer several photopoints at the Kitzsteinhorn and Maiskogel, which you can use to create photos. When using one of the photopoints a current photo will be taken based on your consent pursuant to Art. 6 (1) lit a GDPR and will be published online or on a screen at the ticket office. The photos will be deleted automatically and completely after 72 hours. You can have the photos you have taken deleted free of charge by a revocation of your consent at any time. Simply contact us for this purpose under email@example.com or by telephone at +43 (0)6547/8621.
Via our website you can contact the external service Skiline for inspection on your personal vertical metre profile. Owing to your consent pursuant to Art. 6 (1) lit a GDPR, Skiline receives information for the creation of the vertical metre profile relating to your lift entries at the Kitzsteinhorn and Maiskogel as well as your ticket number and can calculate the vertical metres and kilometres of piste covered from this information. Otherwise Gletscherbahnen Kaprun AG does not forward any personal data. When calling the Skiline service via our website you leave our web presence, and we can consequently not assume any further liability. Further information of the data controller Skiline under data protection law for the Skiline service can be found under https://www.skiline.cc/declarationOfConsent
3.4. Guest surveys
Explanation relating to data protection within the scope of the SAMON Kitzsteinhorn guest survey, conducted by Manova GmbH: The personal data, which are made available by you, are processed by order of Gletscherbahnen Kaprun AG, Kitzsteinhornplatz 1a, A-5710 Kaprun. The data are exclusively collected for the purpose of conducting the SAMON Kitzsteinhorn guest survey and will not be forwarded to third parties. Your data will be erased as soon as the survey has been completed and will be stored as a maximum for the duration of one year. You can additionally revoke your consent at all times by sending an email with the subject "Revocation Kitzsteinhorn guest survey" to firstname.lastname@example.org. Your data will subsequently be erased immediately.
The SAMON Kitzsteinhorn guest survey is conducted by Gletscherbahnen Kaprun AG. The processing of the collected data is fully carried out by the company MANOVA GmbH in this case as the data processor. We have concluded an agreement with the data processor for the processing according to Art. 28 GDPR.
The results of the survey will be made available to the data controllers, i.e. Gletscherbahnen Kaprun and, if applicable, other partners of the client in a completely anonymous form. The conclusion about the data subject is not possible based on these data. The collected data will be exclusively evaluated for the statistical survey of the guest satisfaction, the holiday behaviour as well as similar questions of tourist research.
You repeatedly have the possibility to participate in competitions of the Kitzsteinhorn. Within the scope of these actions personal data (email address, name, address) will also be collected and processed for the purpose of settlement. The personal data collected within the scope of such a competition will exclusively be used for the processing of the action (in the event of a competition for example for determination of the winners, notification of the winners and the sending of the prize). After termination of the action the data of the participants will be erased. The use of your data collected over the course of the competition for the receipt of newsletters will only take place if you have explicitly consented to this.
3.6. WLAN (WiFi)
The WLAN made available by Gletscherbahnen Kaprun AG can be used free of charge after a confirmation of the General Business Terms and Conditions. The WLAN also serves to provide information about events, attractions and regional information, which is adjusted depending on the area you are in. In order to improve the convenience of the WLAN use, we furthermore store a clear ID of the used device and the access node for recognition and therefore no longer necessary new acceptance of the General Business Terms and Conditions. Furthermore, users of the WLAN can voluntarily register for surveys regarding customer satisfaction and also win prizes hereby. Further information in this respect.
Photos and videos which are made over the course of an event of Gletscherbahnen Kaprun AG can be published on our website or our social media channels (Facebook, Instagram, Youtube). Should you not agree to a photo or shooting published in such a manner, you can contact us at all times and revoke the publication by email to email@example.com.
3.8. Skiing accidents – reports
The mountain railways reserve the right to invoice the operation of the piste rescue service. The information of the injured persons or the parties involved in the accident and witnesses (name, sex, address, telephone number, date of birth, accommodation, holiday location, ski pass number, course of accident, type of injury, place of accident, time of accident, transport from scene/salvage, type of sports/sports equipment, costs, piste & weather conditions, details of witnesses) will be processed by us for the purpose of the necessary medical care of the injured persons owing to the interest of the data subject pursuant to Art. 6 (1) lit d GDPR and owing to our legitimate interest pursuant to Art. 6 (1) lit f GDPR for the creation of the invoice and for possible legal claims. In the event of collisions these data will also be forwarded to the local police station owing to our legal obligation pursuant to Art. 6 (1) lit d GDPR.
3.9. Group information
For the receipt of special discounts e.g. bus groups, children & youth groups as well as groups of school children it is necessary for the fulfilment of the contract pursuant to Art. 6 (1) lit b GDPR to submit a list of participants, incl. the dates of birth upon purchase. Address data of the respective group leaders and the organisation/school will be used owing to our legitimate interest pursuant to Art. 6 (1) lit f GDPR for marketing purposes until an objection is filed.
3.10. Table Reservations Gastronomy
We are pleased to accept table reservations in our gastronomy. The legal basis for this is the fulfilment of a contract pursuant to Art. 6 (1) lit b GDPR. For this purpose, we will require a last name as well as a telephone number. These data will be destroyed directly after your visit to our gastronomy.
3.11. CURRENT NEWS: COVID-19 registration obligation in our gastronomy businesses
Owing to the current legal obligation we must enter the guest data (first name, last name, telephone number, date and time of the visit). This is carried out by QR-Code registration or a data entry sheet in a paper form. We exclusively process these data for the fast contact person tracking in the event of a COVID-19 suspicion. The processing of your aforementioned personal data is carried out accordingly pursuant to Art. 6 Para. 1 lit c and lit d GDPR on the basis of our legal obligation pursuant to Section 2 Z 1 and 2 of Salzburg Governor's Ordinance of 16 October 2020, with which additional measures are stipulated for combatting the spreading of COVID-19. The failure to provide the data has the consequence that we may not serve you any food and drinks in our gastronomy business. We will erase these data after 28 days and will exclusively forward these data to health authorities in accordance with Section 5 Para. 3 Austrian Epidemic Law [Epidemiegesetz] and Section 10 Para. 2 DSG (legal bases within the meaning of Art 9 Para. 2 lit i GDPR) upon request.