PRIVACY POLICY of XENIOS Management GmbH

Data pro­tec­tion is a mat­ter of trust and your trust is of utmost impor­tance to us at XENIOS Management GmbH. The pro­tec­tion of your per­sonal data is of par­tic­u­lar con­cern to us.

This pri­vacy pol­icy will inform you about the nature, scope and pur­pose of the col­lec­tion and use of per­sonal data of (a) users of our ser­vices ("Customer"), (b) web­site users and (c) newslet­ter sub­scribers car­ried out by our com­pany and will pro­vide you with infor­ma­tion about your rights with respect to the col­lec­tion and pro­cess­ing of per­sonal data. Any pro­cess­ing of data will only be car­ried out in accor­dance with the rel­e­vant legal pro­vi­sions, in par­tic­u­lar the General Data Protection Regulation ("GDPR"), the Data Protection Act ("DPA", i.e. the Austrian Datenschutzgesetz, the DSG) and the Telecommunications Act of 2021 ("TKG"), as amended from time to time. In this data pro­tec­tion infor­ma­tion, we will inform you about the most impor­tant aspects of data pro­cess­ing in accor­dance with Articles 13 and 14 of the GDPR.

  1. Controller of the pro­cess­ing and con­tact details

The con­troller for all pro­cess­ing activ­i­ties and your con­tact per­son for all ques­tions relat­ing to the pro­cess­ing of your per­sonal data is the

XENIOS Management GmbH
Getreidemarkt 14/​Top 27
1010 Vienna
Phone no.: +43 (0) 1 890 666 1
E‑mail: dataprivacy@loisium.com ("respon­si­ble per­son")

If you have any ques­tions about data pro­tec­tion or about exer­cis­ing your rights in rela­tion to your per­sonal data processed by us, please con­tact our data pro­tec­tion coor­di­na­tors at dataprivacy@loisium.com.

  1. What data do we process and where do we get this data from

a) If you are our cus­tomer

 The pro­cess­ing of per­sonal data is nec­es­sary within the frame­work of the ini­ti­a­tion and pro­cess­ing of the con­trac­tual rela­tion­ship as well as for the man­age­ment of our cus­tomer rela­tion­ship.

Within the frame­work of the ini­ti­a­tion and pro­cess­ing of the con­trac­tual rela­tion­ship as well as for the effi­cient sup­port of our cus­tomers, we col­lect, gen­er­ate and store the per­sonal data of our cus­tomers exclu­sively to the extent that is nec­es­sary to be able to ful­fil our legal and con­trac­tual oblig­a­tions. This includes in par­tic­u­lar the per­sonal data that we specif­i­cally col­lect from you or that are gen­er­ated by us in the course of the con­trac­tual rela­tion­ship:

  • Your mas­ter data (sur­name, first name, address, e‑mail address, tele­phone and fax num­ber, date of birth, cus­tomer num­ber) as well as lan­guage and vehi­cle reg­is­tra­tion num­ber and licence plate,
  • the data in travel doc­u­ments (pass­port num­ber, pass­port data, date of birth, issu­ing author­ity, term, nation­al­ity) and iden­tity cards (iden­tity card, dri­ving licence, etc. includ­ing issu­ing author­ity and term), the data on pay­ment type and in con­nec­tion with pay­ments, in par­tic­u­lar with EC cards, credit cards and bank cards,
  • the length of stay you have requested as well as des­ti­na­tions, hotels, con­tacts, con­di­tions, spe­cial ser­vices, fre­quent flyer num­ber, per­sonal pref­er­ences related to the stay that you make known to us.

b) If you are a web­site user

Each time the web­site is called up, our sys­tem col­lects data and infor­ma­tion from the com­puter sys­tem of the call­ing com­puter. The fol­low­ing data is col­lected:

  • Information about the browser type and ver­sion used
  • Operating sys­tem of the user
  • Internet ser­vice provider of the user
  • IP address of the user
  • Date and time of access
  • Amount of data and the mes­sage of the suc­cess­ful call

The provider of the pages auto­mat­i­cally col­lects and stores infor­ma­tion in so-called server log files, which your browser auto­mat­i­cally trans­mits to us.
These include the fol­low­ing:

  • Browser type and ver­sion
  • Operating sys­tem used
  • Referrer URL
  • Host name of the access­ing com­puter
  • Time of the server request

The log files do not con­tain IP addresses or other data that allow an assign­ment to a user. The data is also stored in the log files of our sys­tem. Not affected by this are the IP addresses of the user or other data that enable the data to be assigned to a user. Any stor­age of this data together with other per­sonal data of the user shall not take place.

If you con­tact us via our con­tact form, we process the fol­low­ing data:

  • The con­tent of the request and your con­tact details con­tained therein
  • IP address

For more infor­ma­tion on cook­ies and web ana­lyt­ics, please see point 6 of this Data Protection Declaration.

c) If you are a newslet­ter sub­scriber

If you reg­is­ter for the free newslet­ter on our web­site, your per­sonal data will be processed. This includes title, first name, last name, email address, time of retrieval, IP address, browser type and oper­at­ing sys­tem.

  1. How and for what pur­pose do we process your per­sonal data

 

a) If you are our cus­tomer

If you are our cus­tomer, we process your per­sonal data

  • for the ful­fil­ment of our (pre-)contractual oblig­a­tions (point (b) of Article 6(1) of the GDPR) such as book­ings of travel, guides, gas­tron­omy, rental vehi­cles, trans­fers, reg­is­tra­tion pro­cess­ing, insur­ances, events, tours, accred­i­ta­tions, vouch­ers includ­ing cus­tomer cre­ation, billing and their ver­i­fi­ca­tion (B2B, B2C, FIT), ticket book­ings, as well as for your reg­is­tra­tion and later login in your web account;
  • for the ful­fil­ment of legal oblig­a­tions (point (c)of Article 6 (1) of the GDPR) such as our legal oblig­a­tions accord­ing to Section 165 (3) of the Austrian TKG, i.e. the Telecommunications Act , in the con­text of assert­ing, exer­cis­ing and/​or defend­ing legal claims as well as for pro­vid­ing infor­ma­tion to law enforce­ment author­i­ties and courts in case of neces­sity.
  • On the basis of the legit­i­mate inter­ests pur­sued by our com­pany, unless your inter­ests in con­fi­den­tial­ity out­weigh our inter­ests in pro­cess­ing this data (point (f) of Article 6(1) of the GDPR). Our legit­i­mate inter­ests include, for exam­ple, the fol­low­ing:
    • rapid and effi­cient cus­tomer com­mu­ni­ca­tion
    • A proper legal enforce­ment and fol­low-up of pro­ceed­ings

You can object to the pro­cess­ing of your per­sonal data at any time by stat­ing your rea­sons in accor­dance with Article 21 of the GDPR.

b) If you are a web­site user

If you are a user of the web­site, we will process your per­sonal data

  • based on your con­sent (pur­suant to point (a) of Article 6 (1) of the GDPR, Section 165 (3) of the Austrian Telecommunications Act, the TKG): Further infor­ma­tion on cook­ies and web analy­sis can be found in point 6.
  • for the imple­men­ta­tion of pre-con­trac­tual mea­sures that take place at your request (pur­suant to point (b) of Article 6 (1) of the GDPR) if you con­tact us via our con­tact forms, by chat, by e‑mail or by tele­phone to obtain infor­ma­tion about our prod­ucts;
  • for the ful­fil­ment of legal oblig­a­tions (in accor­dance with point (c)of Article 6 (1) of the GDPR, point (f) of Article 9 (2) of the GDPR) as well as for the pro­vi­sion of infor­ma­tion to law enforce­ment author­i­ties and courts in case of neces­sity.
  • where nec­es­sary, to pro­tect our legit­i­mate inter­ests, unless your inter­ests in con­fi­den­tial­ity out­weigh our inter­ests in pro­cess­ing this data (in accor­dance with point (f) of Article 6 (1) of the GDPR). Our legit­i­mate inter­ests include the fol­low­ing
    • to ensure the secu­rity of the oper­a­tion of the web­site, to pre­vent and ward off attacks on the tech­ni­cal infra­struc­ture of our web­site and to pre­vent and detect mis­use of our web­site
    • to ensure the improve­ment and eval­u­a­tion of our web pres­ence to analyse user behav­iour and to improve our offers
    • com­mu­ni­ca­tion with you via our con­tact form, pro­vided that the com­mu­ni­ca­tion does not serve the pur­pose of car­ry­ing out pre-con­trac­tual mea­sures
    • Increase the user-friend­li­ness of the web­site

You can object to the pro­cess­ing of your per­sonal data at any time by stat­ing your rea­sons in accor­dance with Article 21 of the GDPR.

c) If you are a newslet­ter sub­scriber

If you sub­scribe to our newslet­ter, we will process your per­sonal data based on your con­sent (point (a) of Article 6 (1) of the GDPR). Your data will be processed for the pur­pose of deliv­er­ing the newslet­ter pro­vided by us.

We use a dou­ble opt-in pro­ce­dure which allows to reg­is­ter for our newslet­ter. After your reg­is­tra­tion, we will send you an e‑mail in which you explic­itly con­firm that you would like to receive our newslet­ter and agree to the asso­ci­ated pro­cess­ing of your data. Only after sub­mit­ting this con­fir­ma­tion, your reg­is­tra­tion for the newslet­ter will be com­pleted.

You can unsub­scribe from the newslet­ter at any time. Please send your unsub­scrip­tion to the fol­low­ing e‑mail address: [news@loisium.com]. We will then imme­di­ately delete your data col­lected and processed by our com­pany in con­nec­tion with the newslet­ter dis­patch.

d) No auto­mated deci­sion mak­ing or pro­fil­ing

The data we process is not processed for auto­mated deci­sion-mak­ing, nor do we carry out so-called "pro­fil­ing".

  1. To whom we for­ward and dis­close your data

Your per­sonal data will be stored and processed by us and, if nec­es­sary, for­warded to third par­ties.

a) If you are our cus­tomer

  • To our coop­er­a­tion part­ners for the pur­pose of con­tract pro­cess­ing, such as the book­ing tools of the exter­nal oper­a­tors used by us:

„Opera/​Oracle Austria GmbH“, Donau-City-Straße 7, DC Tower, 36. "Opera/​Oracle Austria GmbH", Donau-City-Straße 7, DC Tower, 36th floor, 1220 Vienna, Austria and "Amadeus Hospitality/​Travelclick" Via Augusta, 117, 08006 Barcelona, Spain for han­dling the room reser­va­tions;

"Zenchef", Société Zenchef, 63 avenue de vil­liers, 75017 Paris for han­dling table reser­va­tions;

  • Your credit card data and ATM card data for the pro­cess­ing of pay­ment trans­ac­tions to the cor­re­spond­ing bank­ing insti­tu­tion;
  • Your credit card and debit card details to the pay­ment ser­vice oper­a­tor Planet Merchant Services SAS (PLANET) to process the pay­ment on site and via our web­site; the pay­ment ser­vice provider is Planet Merchant Services SAS (PLANET), located at 1 Terrasse Bellini, Puteaux, 92919 Paris La Défense Cedex, France. When you pay with Planet Merchant Services SAS (PLANET), Planet Merchant Services SAS (PLANET) will col­lect var­i­ous per­sonal data from you. For fur­ther details, please refer to the Planet Merchant Services SAS (PLANET) pri­vacy
  • We process the sale and redemp­tion of vouch­ers via INCERT, provider of the ser­vice is INCERT eTourismus GmbH & Co KG with its reg­is­tered office in Wirtschaftspark Lederfabrik, Leonfeldnerstraße 328, A‑4040 Linz, Austria. Details can be found in INCERT's pri­vacy pol­icy.
  • Collection agency for debt col­lec­tion (abroad there­fore only inso­far as the debt must be col­lected abroad);
  • Insurance on the occa­sion of the con­clu­sion of an insured event con­cern­ing the delivery/​service or the occur­rence of the insured event:

WIENER STÄDTISCHE Versicherung AG Vienna Insurance Group, Vienna 1, Schottenring 30, A‑1010 Vienna, P.O. 80 as well as

AXA France IARD — 313, Terrasses de l'Arche — 92727 Nanterre Cedex;

  • within the Group, tak­ing into account the per­mis­si­ble uses;
  • Other con­trac­tual or busi­ness part­ners who par­tic­i­pate or are to par­tic­i­pate in the deliv­ery or ser­vice;
  • Provider (IT ser­vice provider), such as "Into-IT GmbH" Hernalser Hauptstrasse 196/1, 1170 Vienna, Austria;
  • Courts, law enforce­ment author­i­ties and other insti­tu­tions;
  • Legal rep­re­sen­ta­tives or lawyers and third par­ties involved in legal ser­vices;
  • Tax advi­sors and audi­tors.

b) If you are a web­site user

  • provider (IT ser­vice provider) for the oper­a­tion of our web­site, includ­ing host­ing, and for rea­sons of ensur­ing the secu­rity of our IT sys­tems:

"Into-IT GmbH" Hernalser Hauptstrasse 196/1, 1170 Vienna, Austria;

  • Courts, law enforce­ment author­i­ties and other insti­tu­tions;
  • Legal rep­re­sen­ta­tives or lawyers and third par­ties involved in legal ser­vices.

c) If you are a newslet­ter sub­scriber

  • Provider (IT ser­vice provider), whereby the newslet­ter is sent via our ser­vice provider "Amadeus Hospitality/​Travelclick”, a com­pany with reg­is­tered office in Via Augusta, 117, 08006 Barcelona, Spain;
  • Courts, law enforce­ment author­i­ties and other insti­tu­tions;
  • Legal rep­re­sen­ta­tives or lawyers and third par­ties involved in legal ser­vices.

If the recip­i­ents of your per­sonal data men­tioned above are located out­side the EEA and the coun­try in ques­tion has also not been deter­mined to have an ade­quate level of data pro­tec­tion by deci­sion of the EU Commission, we will ensure that the trans­fer is made on the basis of stan­dard con­trac­tual clauses (cur­rently Commission Implementing Decision (EU) 2021/914) or oth­er­wise in accor­dance with Articles 46, 47 or 49 of the GDPR.

In addi­tion, proces­sors com­mis­sioned by us receive your data in order to be able to per­form their respec­tive ser­vices (e.g. "Amadeus Hospitality" based in Via Augusta, 117, 08006 Barcelona, Spain when reg­is­ter­ing for the newslet­ter: the e‑mail is sent via "Travelclick"). All proces­sors are con­trac­tu­ally obliged to treat your data con­fi­den­tially and to process it only within the scope of our com­mis­sion­ing and in accor­dance with our spec­i­fi­ca­tions.

 

  1. How long do we process and store your data

 

We gen­er­ally store and process your per­sonal data as long as this is deemed nec­es­sary for the ful­fil­ment of the pur­pose of pro­cess­ing. In detail, this will include the fol­low­ing aspects:

 

a) If you are our cus­tomer

As a mat­ter of prin­ci­ple, we will only store your per­sonal data for as long as we need them for the pro­cess­ing of the con­tract, i.e. mostly until the end of the busi­ness rela­tion­ship. We are obliged to store data rel­e­vant under tax law accord­ing to Section 132 of the Austrian Federal Fiscal Code (i.e. BAO, the Bundesabgabenordnung) and busi­ness let­ters accord­ing to Section 212 of the Austrian Commercial Code, i.e. the UGB, for a period of at least seven years. In addi­tion, the data will be kept as long as spe­cific claims are asserted against us. If we have rea­son­able sus­pi­cion of abu­sive behav­iour and for­ward the data to the com­pe­tent pub­lic author­i­ties, this data will be kept on a sep­a­rate data car­rier and deleted after the legal pro­ceed­ings have ended.

b) If you are a web­site user

The stor­age period of cook­ies ends within six to 24 months cal­cu­lated from the end of the activ­ity that led to the cookie set­ting (i.e. usu­ally the visit to a web­site). The spe­cific stor­age period varies depend­ing on the cookie or the tool used. The con­sent given with regard to cook­ies can be revoked at any time with effect for the future via the link ["Cookie set­tings"]. This pre­vents the set­ting of cook­ies in the future.

 

Data that you trans­mit to us via con­tact form, chat, e‑mail or tele­phone is stored for a period of at least seven years in accor­dance with the statu­tory reten­tion and doc­u­men­ta­tion oblig­a­tions pur­suant to Section 132 of the Austrian Federal Fiscal Code (i.e. BAO, the Bundesabgabenordnung) and Section 212 of the Austrian Commercial Code, i.e. the UGB. If there is no busi­ness rela­tion­ship entered into, how­ever, we will store them for a max­i­mum of 3 years.

 

c) If you are a newslet­ter sub­scriber

We will delete your data after hav­ing received your revo­ca­tion of con­sent.

If you have any ques­tions regard­ing the spe­cific reten­tion period of your per­sonal data, please do not hes­i­tate to con­tact us at the address given above or by e‑mail to dataprivacy@loisium.com.

  1. Cookies and web analy­sis

a) Cookies

Our web­site uses cook­ies. These are small text files that are tem­porar­ily stored on your end device with the help of the browser or that your browser saves. They do not cause any dam­age, but make the use of the web­site more user-friendly. "Session cook­ies" store infor­ma­tion used dur­ing your cur­rent browser ses­sion. These cook­ies are auto­mat­i­cally deleted when you close your browser. "Persistent cook­ies", on the other hand, are not deleted when you close your browser, but remain stored on your com­puter and allow us to recog­nise your browser the next time you visit.

In the course of your use of the web­site, we there­fore col­lect and process the fol­low­ing data: IP address and lan­guage set­ting. We col­lect this data auto­mat­i­cally with cook­ies pro­vided by third-party providers on the basis of your con­sent in accor­dance with point (a) of Article 6 (1) of the GDPR (or in con­nec­tion with Section 165 (3) of the Austrian TKG in the case of per­sis­tent cook­ies, which are stored on your ter­mi­nal device).

You can also revoke the stor­age of indi­vid­ual cook­ies (via con­fig­u­ra­tion in the cookie ban­ner) as well as the stor­age and use via browser con­fig­u­ra­tion at a later time. "Technically nec­es­sary cook­ies", which are manda­tory for the struc­ture and func­tion­ing of the web­site, can­not be deac­ti­vated.

We use the fol­low­ing tech­ni­cally nec­es­sary cook­ies:

bor­labs-cookie: This per­ma­nent first-party cookie is set by the Consent Tool and is used to record the user's con­sent for the cook­ies in the "Advertising" cat­e­gory. The cookie has a nor­mal life­time of 11 months so that return­ing vis­i­tors to the web­site can remem­ber their pref­er­ences. It does not con­tain any infor­ma­tion that can iden­tify the web­site vis­i­tor.

wp-wpm­l_cur­ren­t_lan­guage: This func­tional ses­sion cookie stores web­site lan­guage pref­er­ences and is deleted at the end of the ses­sion.

We also use third-party con­tent on our web­site to make our inter­net pres­ence as infor­ma­tive and con­ve­nient as pos­si­ble for you. This includes, for exam­ple, Google Maps, RSS feeds or YouTube. These third-party providers receive your IP address for tech­ni­cal rea­sons ("third-party cook­ies"). We have no influ­ence on the use of this data by the third-party provider. In this regard, we refer to the data pro­tec­tion dec­la­ra­tions of the respec­tive providers.

b) Web analy­sis Google Analytics

Our web­site uses func­tions of the web ana­lyt­ics ser­vice Google Analytics. Google Analytics is a ser­vice pro­vided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses "cook­ies", which allow Google to analyse the use of our web­site. The infor­ma­tion col­lected by the cook­ies about the use of our web­sites (includ­ing your anonymised ip address) is usu­ally trans­ferred to a Google server located in the USA and stored there. We would like to point out that Google Analytics has been extended on our web­sites to ensure anonymised col­lec­tion of IP addresses (so-called IP mask­ing). Your ip address is only recorded by Google in short­ened form, which ensures anonymi­sa­tion and does not allow any con­clu­sions to be drawn about your iden­tity. With IP anonymi­sa­tion on our web­sites, your IP address is short­ened before­hand by Google within mem­ber states of the European Union or in other con­tract­ing states of the Agreement on the European Economic Area. Only in excep­tional cases will the full IP address be trans­mit­ted to a Google server in the USA and short­ened there. Google also observes the data pro­tec­tion pro­vi­sions of the "US Safe Harbor" agree­ment and is reg­is­tered with the "Safe Harbor" pro­gramme of the US Department of Commerce. Google will use this infor­ma­tion for the pur­pose of eval­u­at­ing your use of our web­site, com­pil­ing reports on web­site activ­ity for web­site oper­a­tors and pro­vid­ing other ser­vices relat­ing to web­site activ­ity and inter­net usage. The IP address trans­mit­ted by your browser as part of Google Analytics will not be merged with other Google data. A trans­fer of this data by Google to third par­ties only takes place due to legal reg­u­la­tions or within the frame­work of com­mis­sioned data pro­cess­ing.

The data pro­cess­ing is based on your con­sent pur­suant to Section 165 (3) of the Austrian Telecommunications Act, the TKG, as well as point (a) of Article 6 (1) of the GDPR.

We use the fol­low­ing cook­ies and pixel track­ers for this pur­pose:

_​ga: this Google Analytics cookie is used to dis­tin­guish vis­i­tors when col­lect­ing infor­ma­tion about page vis­its. This cookie helps us to iden­tify and improve the web­site area. In prin­ci­ple, these "per­ma­nent cook­ies" are stored for a period of 14 months. The stor­age period is jus­ti­fied by the inter­est in being able to carry out sta­tis­ti­cal annual com­par­isons with regard to web analy­sis.

_​gcl_​au: this per­ma­nent third party cookie allows us to store a gen­er­ated user ID for track­ing Google Ads adver­tise­ments and is deleted after a period of three months.

You can revoke your con­sent at any time with effect for the future by call­ing up the link ["Cookie set­tings"] and chang­ing your selec­tion there. The law­ful­ness of the pro­cess­ing car­ried out on the basis of the con­sent given by you until the revo­ca­tion remains unaf­fected thereby.

You can also pre­vent the stor­age of cook­ies from the out­set by con­fig­ur­ing your browser soft­ware accord­ingly. However, if you con­fig­ure your browser to reject all cook­ies, this may restrict func­tion­al­i­ties on this and other web­sites. You can also pre­vent the col­lec­tion of data gen­er­ated by the cookie and related to your use of the web­site (includ­ing your IP address) by Google and the pro­cess­ing of this data by Google by select­ing the appro­pri­ate set­tings on your browser and

  1. refus­ing to give your con­sent to the set­ting of the cookie or
  2. down­load and install the browser add-on to dis­able Google Analytics  by click­ing HERE.

For more infor­ma­tion on Google Analytics' terms of use and Google's pri­vacy pol­icy, please visit https://marketingplatform.google.com/about/analytics/terms/en/ and https://policies.google.com/?hl=en.

c) Google Tag Manager

We use Google Tag Manager to recog­nise your user behav­iour. The Google Tag Manager is a solu­tion with which mar­keters can man­age web­site tags via an inter­face. The tool is used to steer extended script and event han­dling. Google Tag Manager does not access this data. If a deac­ti­va­tion has been made at domain or cookie level, this remains in place for all track­ing tags imple­mented with Google Tag Manager.

The data pro­cess­ing is based on your con­sent pur­suant to Section 165 (3) of the Austrian Telecommunications Act, i.e. the TKG, as well as point (a) of Article 6(1) of the GDPR.

You can find more detailed infor­ma­tion here.

 

d) Google Ads

This web­site also uses Google Conversion Tracking. Google Ads sets a cookie on your com­puter if you have accessed our web­site via a Google ad. These cook­ies lose their valid­ity after 30 days and are not used for per­sonal iden­ti­fi­ca­tion. If the user vis­its cer­tain pages of the Ads client's web­site and the cookie has not yet expired, Google and the client can recog­nise that the user clicked on the ad and was redi­rected to this page. Each Ads client receives a dif­fer­ent cookie. Cookies can there­fore not be tracked across Ads clients' web­sites. The infor­ma­tion col­lected using the con­ver­sion cookie is used to cre­ate con­ver­sion sta­tis­tics for Ads clients who have opted in to con­ver­sion track­ing. Ads clients learn the total num­ber of users who clicked on their ad and were redi­rected to a page tagged with a con­ver­sion track­ing tag. However, they do not receive any infor­ma­tion that per­son­ally iden­ti­fies users. If you do not wish to par­tic­i­pate in the track­ing pro­ce­dure, you can also refuse the set­ting of a cookie required for this — for exam­ple, via a browser set­ting that gen­er­ally deac­ti­vates the auto­matic set­ting of cook­ies. You can also deac­ti­vate cook­ies for con­ver­sion track­ing by set­ting your browser in such a way that cook­ies from the domain "www.googleadservices.com" are blocked. Further infor­ma­tion on Google’s pri­vacy pol­icy can be found here.

When you use SSL search, Google's encrypted search fea­ture, the search terms are usu­ally not sent as part of the URL in the refer­ring URL. However, there are some excep­tions to this, for exam­ple if you are using cer­tain less com­mon browsers. For more infor­ma­tion on SSL-search, please click also here. Search queries or infor­ma­tion in the refer­ral URL could also be viewed through Google Analytics or an appli­ca­tion pro­gram­ming inter­face (API). In addi­tion, adver­tis­ers may receive infor­ma­tion about the exact search terms that trig­gered a click on an ad.  https://policies.google.com/faq?hl=de“.

The data pro­cess­ing is based on your con­sent pur­suant to Section 165 (3) of the Austrian Telecommunications Act, the TKG, as well as point (a) of Article 6 (1) of the GDPR.

 

e) Google Remarketing

We use the Google Remarketing ser­vice, an adver­tis­ing analy­sis tool, on our web­site. With Google Remarketing, adver­tise­ments can be dis­played for users who have already vis­ited our web­site in the past. Within the Google adver­tis­ing net­work, this enables adver­tise­ments to be dis­played on our site that are tai­lored to the users’ inter­ests. Google Remarketing uses cook­ies for this eval­u­a­tion.

The ser­vice provider is the American com­pany Google Inc. For the European area, the com­pany Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is respon­si­ble for the pro­vi­sion of all Google ser­vices.

You can find out more about the data processed through the use of Google Remarketing in the Privacy Policy at https://policies.google.com/privacy?hl=de.

The data pro­cess­ing is based on your con­sent pur­suant to Section 165 (3) of the Austrian Telecommunications Act, the TKG, as well as point (a) of Article 6 (1) of the GDPR.

f) Facebook (Meta) Remarketing / Pixel

This web­site uses the "Custom Audiences" remar­ket­ing func­tion of Facebook Inc ("Facebook"). This func­tion is used to present inter­est-based adver­tise­ments ("Facebook Ads") to vis­i­tors of this web­site when they visit the social net­work Facebook. For this pur­pose, the Facebook remar­ket­ing tag has been imple­mented on this web­site. Via this tag, a direct con­nec­tion to the Facebook servers is estab­lished when vis­it­ing the web­site. In doing so, data infor­ma­tion is trans­mit­ted to the Facebook server that you have vis­ited this web­site and Facebook will assign this infor­ma­tion to your per­sonal Facebook user account. For more infor­ma­tion on the col­lec­tion and use of data by Facebook, as well as your rights in this regard and options for pro­tect­ing your pri­vacy, please refer to Facebook's pri­vacy pol­icy at https://www.facebook.com/about/privacy/. Alternatively, you can deac­ti­vate the "Custom Audiences" remar­ket­ing func­tion at  https://www.facebook.com/settings/?tab=ads . To do this, you must be logged in to Facebook.

The data pro­cess­ing is based on your con­sent pur­suant to Section 165 (3) of the Austrian Telecommunications Act, i.e. the TKG, as well as in accor­dance with point (a) of Article 6 (1) of the GDPR.

We use the fol­low­ing cook­ies for the pur­poses of tar­get group adver­tis­ing:

_​fbp un fbq_​external_​id: this first party cookie is set and used by us to dis­play our (per­son­alised) adver­tise­ments to social media users on third-party sites who have already vis­ited our web­site. This cookie will be stored in their browser for a period of 90 days.

Shared respon­si­bil­ity:

Together with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta), we are jointly respon­si­ble for the col­lec­tion and trans­fer of data as part of this process. This applies to:

  • the cre­ation and opti­mi­sa­tion of indi­vid­u­alised or suit­able adver­tise­ments, as well as
  • for the deliv­ery of com­mer­cial and trans­ac­tional mes­sages;

The fol­low­ing pro­cess­ing oper­a­tions are there­fore not cov­ered by joint pro­cess­ing:

  • Processing that takes place after col­lec­tion and trans­mis­sion: Sole respon­si­bil­ity of Meta.
  • The pro­duc­tion of reports and analy­ses in aggre­gated and anonymised form: Order pro­cess­ing with Meta.

For joint respon­si­bil­ity, we have con­cluded a cor­re­spond­ing agree­ment with Facebook, which can be accessed here: https://www.facebook.com/legal/controller_addendum. This sets out the respec­tive respon­si­bil­i­ties for ful­fill­ing the oblig­a­tion under the GDPR with regard to shared respon­si­bil­ity.

The con­tact details of Facebook and the Facebook data pro­tec­tion offi­cer can be found here: https://www.facebook.com/about/privacy .

Meta is pri­mar­ily respon­si­ble for the exer­cise of data sub­jects' rights (see point 4. of the list).

Further infor­ma­tion on how Meta processes per­sonal data, includ­ing its legal basis and fur­ther infor­ma­tion on data sub­ject rights can be found here: https://www.facebook.com/about/privacy. We trans­fer the data within the scope of shared respon­si­bil­ity on the basis of our legit­i­mate inter­ests pur­suant to point (f) of Article 6 (1) of the GDPR.

Information on the data secu­rity con­di­tions can be found here. https://www.facebook.com/legal/terms/data_security_terms and on pro­cess­ing based on stan­dard con­trac­tual clauses can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.

g) Instagram

Functions of the Instagram ser­vice are inte­grated on our pages. These func­tions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the con­tent of our pages to your Instagram pro­file by click­ing on the Instagram but­ton. This allows Instagram to asso­ciate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowl­edge of the con­tent of the trans­mit­ted data or its use by Instagram. For more infor­ma­tion, please see the Instagram pri­vacy pol­icy: https://instagram.com/about/legal/privacy/

h) Hotjar

We use Hotjar by Limited (Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta) on this web­site to sta­tis­ti­cally analyse vis­i­tor data. Hotjar is a ser­vice that analy­ses user behav­iour and feed­back on web­sites through a com­bi­na­tion of ana­lyt­ics and feed­back tools. Hotjar-based web­sites have a track­ing code embed­ded on their web­sites which is trans­mit­ted to our servers located in Ireland (EU). This track­ing code con­tacts Hotjar's servers and sends a script to the com­puter or device you use to access the Hotjar-based web­site. The script col­lects cer­tain data relat­ing to the user's inter­ac­tion with the rel­e­vant web­site. This data is then sent to Hotjar's servers for pro­cess­ing.

More details about the pri­vacy pol­icy and what data is col­lected by Hotjar and in what way can be found at https://www.hotjar.com/legal/policies/privacy.

_​hjSessionUser_​: this per­sis­tent third party cookie is set the first time a user views a page using the Hotjar script and is deleted after a period of one year. It is used to store the Hotjar user ID that is unique to that page in the browser.

Deactivating Hotjar: If you do not want Hotjar to col­lect your data, you can acti­vate the Hotjar Opt Out. There you have the option to deac­ti­vate or reac­ti­vate the col­lec­tion of data by Hotjar by sim­ply click­ing on the red deac­ti­vate Hotjar but­ton. Attention: Deleting cook­ies, using the incognito/​private mode of your browser, or using a dif­fer­ent browser will result in data being col­lected again.

i) Cloudflare

We use the Content Delivery Network (CDN) of Website Cloudflare of Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA) to improve the secu­rity and deliv­ery speed of our web­site. To imple­ment this, Cloudflare uses cook­ies and processes vis­i­tor data.

Cloudflare offers web opti­mi­sa­tion and secu­rity ser­vices. These include a reverse proxy, a pass-through secu­rity ser­vice and a con­tent dis­tri­b­u­tion net­work. Cloudflare col­lects infor­ma­tion from web­site vis­i­tors. This infor­ma­tion includes, but is not lim­ited to, IP addresses, sys­tem con­fig­u­ra­tion infor­ma­tion and other infor­ma­tion about traf­fic to and from the web­site. Cloudflare col­lects and uses log data to oper­ate, main­tain and improve its ser­vices in accor­dance with cus­tomer agree­ments. For exam­ple, log data may help Cloudflare detect new threats, iden­tify mali­cious third par­ties and pro­vide more robust secu­rity pro­tec­tion to this web­site.

Cookies used by Cloudflare:

_​_​cfduid: used to iden­tify indi­vid­ual vis­i­tors behind a shared IP address and apply secu­rity set­tings to each indi­vid­ual vis­i­tor. The cookie is deleted after one year.

This cookie is absolutely nec­es­sary for the Cloudflare secu­rity func­tions and can­not be deac­ti­vated.

j) Live chat

Our web­site uses the Live Chat mod­ule (http://www.livechatinc.com/privacy-policy/). You can use Live Chat like a con­tact form to chat with our employ­ees in almost real time. When you start the chat, the fol­low­ing per­sonal data is col­lected:

  • Date and time of the call
  • Call dura­tion
  • Location data
  • Browser type/​version
  • Anonymised IP address (last octet is deleted)
  • Operating sys­tem used
  • URL of the pre­vi­ously vis­ited web­site
  • Contents of the trans­mit­ted chats
  • First name, last name (if indi­cated)
  • E‑mail address (if spec­i­fied)

The data pro­cess­ing is based on your con­sent pur­suant to Section 165 (3) of the Austrian Telecommunications Act, the TKG, as well as point (a) of Article 6 (1) of the GDPR. This con­sent is obtained prior to the set­ting of cook­ies and the trans­mis­sion of the afore­men­tioned data. The pro­cess­ing serves to be able to offer our cus­tomers even bet­ter ser­vice and sup­port. You have the right to revoke your con­sent at any time. You can delete the cook­ies at any time via the set­tings in your browser. The law­ful­ness of the pro­cess­ing until the point in time of your revo­ca­tion shall not be affected thereby. The chat logs as a part of cor­po­rate com­mu­ni­ca­tion are stored for three years.

If the recip­i­ents of your per­sonal data men­tioned above are located out­side the EEA and the coun­try in ques­tion has also not been deter­mined to have an ade­quate level of data pro­tec­tion by deci­sion of the EU Commission, we will ensure that the trans­fer is made on the basis of stan­dard con­trac­tual clauses (cur­rently Commission Implementing Decision (EU) 2021/914) or oth­er­wise in accor­dance with Articles 46, 47 or 49 of the GDPR.

Customize Cookie set­tings

  1. Data sub­jects' rights

As a data sub­ject of our data pro­cess­ing, you have the fol­low­ing rights. To assert your rights, you can reach us at the fol­low­ing con­tact details, among oth­ers:

XENIOS Management GmbH

Getreidemarkt 14/​Top 27
1010 Vienna
E‑mail: dataprivacy@loisium.com

a) Right to rec­ti­fi­ca­tion and right to restric­tion of pro­cess­ing

You may request that inac­cu­rate or incom­plete data be cor­rected or com­pleted. You also have the right to request a restric­tion of the pro­cess­ing of data that may only be processed with your con­sent or for the asser­tion, exer­cise or defence of legal claims or for the pro­tec­tion of the rights of another nat­ural or legal per­son or for rea­sons of impor­tant pub­lic inter­est, for exam­ple if the accu­racy of the data is dis­puted. 

b) Right to data porta­bil­ity

You may request that a copy of the data, inso­far as it has been made avail­able to us, be sent to you — or, inso­far as this is tech­ni­cally fea­si­ble, to a third party that can be deter­mined — in a struc­tured, com­mon and machine-read­able for­mat.

c) Right to era­sure

You can request the dele­tion of your data, for exam­ple if it is not processed in accor­dance with the data pro­tec­tion reg­u­la­tions.

d) Right to object

You have the right to object to the pro­cess­ing of per­sonal data at any time, stat­ing your rea­sons. In this case, we will no longer process the per­sonal data relat­ing to you unless we can demon­strate com­pelling legit­i­mate grounds for the pro­cess­ing which over­ride your inter­ests, or the pro­cess­ing serves the pur­pose of assert­ing, exer­cis­ing or defend­ing legal claims.

e) Right to revoke a dec­la­ra­tion of con­sent

If you have given us your con­sent to process your data, you can revoke your dec­la­ra­tion of con­sent at any time, infor­mally and with­out stat­ing any rea­sons. The revo­ca­tion of con­sent does not affect the law­ful­ness of the pro­cess­ing car­ried out on the basis of the con­sent until the revo­ca­tion.

f) Supervisory author­ity

If you believe that the pro­cess­ing of your data is tak­ing place unlaw­fully or that your rights under data pro­tec­tion law have been vio­lated in any other way, you have the right to lodge a com­plaint with the com­pe­tent super­vi­sory author­ity. In Austria, the com­pe­tent author­ity is the Austrian Data Protection Authority, Barichgasse 40 – 42, 1030 Vienna.

Furthermore, you have the right to bring an action before the com­pe­tent regional court pur­suant to Section 29 (2) of the Data Protection Act and to take any other legal reme­dies, such as assert­ing claims for dam­ages in the event of unlaw­ful pro­cess­ing.

  1. Adaptation of the pri­vacy pol­icy

We reserve the right to adapt this data pro­tec­tion state­ment at any time in com­pli­ance with the applic­a­ble data pro­tec­tion reg­u­la­tions. Users are requested to inform them­selves reg­u­larly about the con­tent of the data pro­tec­tion state­ment.

Status: March 2023