DECLARATION ON THE OBLIGATION TO PROVIDE INFORMATION (PRIVACY POLICITY)

Data pro­tec­tion dec­la­ra­tion and con­sent to the use of data by XENIOS Management GmbH

Data pro­tec­tion is a mat­ter of trust and your trust is impor­tant to us at XENIOS Management GmbH. The pro­tec­tion of your per­sonal data is of par­tic­u­lar con­cern to us. We there­fore process your data exclu­sively on the basis of the legal reg­u­la­tions (DSGVO, TKG 2003). In this data pro­tec­tion infor­ma­tion we inform you about the most impor­tant aspects of data pro­cess­ing.

Responsible body

XENIOS Management GmbH
Getreidemarkt 14
1010 Vienna
Phone: +43 (0) 1 890 666 1
E‑mail: datenschutz.langenlois@loisium.com or datenschutz.steiermark@loisium.com

  1. Basics

This data pro­tec­tion dec­la­ra­tion applies to all per­sons who use the ser­vices of (com­pany name XENIOS Management GmbH, here­inafter XENIOS). We hereby inform you about the type, scope and pur­pose of the col­lec­tion and use of your per­sonal data by our com­pany. We respect your pri­vacy and strive to pre­cisely com­ply with the legal require­ments for the pro­cess­ing of your per­sonal data (EU Regulation No. 679/2016 (DSGVO), DSG 2000, DSG 2018 and TKG 2003). All your per­sonal data will be processed on this basis.

Responsible for data pro­cess­ing is Mustafa Özdemir (XENIOS Management GmbH, man­ag­ing part­ner, mustafa.oezdemir@loisium.com).

You can reach our data pro­tec­tion coor­di­na­tors at: datenschutz.langenlois@loisium.com or datenschutz.steiermark@loisium.com

With the use of our ser­vices and the grant­ing of con­sents within the mean­ing of this dec­la­ra­tion, you con­firm that you have reached the age of 14 and are in a posi­tion to grant an admis­si­ble con­sent, or that an effec­tive con­sent of your legal guardian or your admin­is­tra­tor already exists.

  1. Information accord­ing to Art 13 GDPR

Your per­sonal data, in par­tic­u­lar

- your mas­ter data (sur­name, first name, address, e‑mail address, tele­phone and fax num­ber, date of birth, cus­tomer num­ber) as well as lan­guage and vehi­cle reg­is­tra­tion num­ber,

- the data in travel doc­u­ments (pass­port num­ber, pass­port data, date of birth, issu­ing author­ity, dura­tion, nation­al­ity) and ID cards (iden­tity card, dri­ving licence etc. includ­ing issu­ing author­ity and dura­tion), the data on the method of pay­ment and in con­nec­tion with pay­ments, in par­tic­u­lar with EC cards, credit cards and bank cards,

- the length of stay requested by you and the des­ti­na­tions, hotels, con­tact per­sons, con­di­tions, spe­cial ser­vices, health data, fre­quent flyer num­ber, per­sonal pref­er­ences you pro­vide us with, and

- spe­cial cat­e­gories of data such as health data and data on spe­cial needs and marriage/​partnership,

are required for the smooth pro­vi­sion of our ser­vices. This includes in par­tic­u­lar book­ings of trips, tourist guides, gas­tron­omy, rental vehi­cles, trans­fers, reg­istry pro­cess­ing, insur­ance, events, tours, accred­i­ta­tions, vouch­ers includ­ing cus­tomer cre­ation, invoic­ing and their ver­i­fi­ca­tion (B2B, B2C, FIT), ticket book­ings.

This data is stored, processed and, if nec­es­sary, for­warded to third par­ties with whom we work to pro­vide the most effec­tive and best pos­si­ble ser­vice to our cus­tomers. In some cases, data may be trans­ferred to proces­sors in third coun­tries.

The dura­tion of the stor­age is deter­mined by the dura­tion of our busi­ness rela­tion­ship, the con­sents granted by you, as well as by the legal stor­age oblig­a­tions and legal oblig­a­tions applic­a­ble to us. We empha­size that in the case of a reg­u­lar coop­er­a­tion for our best pos­si­ble cus­tomer ser­vice we are anx­ious to know your already trans­mit­ted cus­tomer wishes so well that we can sat­isfy you con­stantly and per­ma­nently.

  1. Our web pres­ences

When you visit our web­site, your access data is auto­mat­i­cally col­lected and stored. These access data may include in par­tic­u­lar the page accessed, the files viewed, the date and time of the call, the IP address of the user, data of the com­puter mak­ing the call, in par­tic­u­lar the browser and the oper­at­ing sys­tem, as well as the data vol­ume and the mes­sage of the suc­cess­ful call. These access data are used by us for inter­nal sta­tis­ti­cal pur­poses in order to guar­an­tee the secu­rity of our offer and to opti­mize the offer. In case of sus­pi­cion of an ille­gal action, the access data is eval­u­ated to pre­serve evi­dence.

By enter­ing your per­sonal data in one of our con­tact forms, you agree to the trans­mis­sion to and stor­age and pro­cess­ing by us for the dura­tion of the sup­port of this spe­cific inquiry. This applies in par­tic­u­lar to your inquiries via con­tact form, chat and e‑mails that you send us. We need this data to process your request and in these cases we also store your IP address for the pur­pose of pre­serv­ing evi­dence. The data is stored as long as this is nec­es­sary for the sup­port of any sup­ple­men­tary or sub­se­quent ques­tions by you or us.

If you cre­ate a web account with us, we pro­vide you with your con­tract data online. You keep your access data safe and ensure that no unau­tho­rized per­sons access your account. We do not assume any lia­bil­ity for unau­tho­rized access, which — even if only par­tially — can be attrib­uted to mis­con­duct on your part.

Your account data is only trans­mit­ted via an encrypted Internet con­nec­tion (https). We assume no lia­bil­ity for the loss of data or access by third par­ties to your data if we have observed the secu­rity mea­sures required by the state of the art.

The legal basis for this data pro­cess­ing is your con­sent, our pre-con­trac­tual and con­trac­tual oblig­a­tions towards you, our legit­i­mate inter­ests and legal oblig­a­tions of all kinds and § 96 TKG.

Server log files
The provider of the pages auto­mat­i­cally col­lects and stores infor­ma­tion in so-called server log files, which your browser auto­mat­i­cally trans­mits to us.These are:

- browser type and browser ver­sion

- oper­at­ing sys­tem used

- refer­rer URL

- host name of the access­ing com­puter

- time of the server request

These data can­not be assigned to spe­cific per­sons. We reserve the right to check these data sub­se­quently if we become aware of con­crete indi­ca­tions of an ille­gal use.

  1. cook­ies and track­ing ser­vices

We use cook­ies, which are small text ele­ments used to store infor­ma­tion in web browsers. Cookies are rec­og­nized the next time you visit our web­site and make a sig­nif­i­cant con­tri­bu­tion to accel­er­at­ing load­ing processes and mak­ing the use of our offers com­fort­able for you. Your infor­ma­tion rec­og­nized and stored by cook­ies serves your recog­ni­tion, but also the analy­sis of your user behav­iour. They are stored on the server of the respec­tive provider who, as a proces­sor, has under­taken to us to com­ply with the applic­a­ble data pro­tec­tion stan­dards.

After you have vis­ited our web­site, cook­ies are stored on your ter­mi­nal device, unless you refuse this from the out­set or you do not actively delete cook­ies. The active deac­ti­va­tion of cook­ies can impair the func­tion­al­ity of our web­sites for you. You can also pre­vent the stor­age of cook­ies by set­ting your browser soft­ware accord­ingly. However, we would like to point out that in this case you may not be able to use all the func­tions of our web­site.

Our web­site uses the fol­low­ing types of cook­ies, the scope and func­tion­al­ity of which are explained below:

- Transient cook­ies
Transient cook­ies are auto­mat­i­cally deleted when you close your browser. This includes in par­tic­u­lar the ses­sion cook­ies. These store a so-called ses­sion ID, with which dif­fer­ent requests of your browser can be assigned to the com­mon ses­sion. This will allow your com­puter to be rec­og­nized when you return to our web­site. Session cook­ies are deleted when you log out or close your browser.

- Persistent cook­ies
Persistent cook­ies are auto­mat­i­cally deleted after a spec­i­fied period, which may vary depend­ing on the cookie. You can delete cook­ies at any time in the secu­rity set­tings of your browser.

You can con­fig­ure your browser set­tings accord­ing to your wishes and, for exam­ple, refuse the accep­tance of third party cook­ies or all cook­ies. Please note that you may not be able to use all func­tions of this web­site.

You can also pre­vent the data gen­er­ated by the cookie and relat­ing to your use of the web­site (includ­ing your IP address) from being for­warded to Google and the pro­cess­ing of this data by Google by down­load­ing and installing the browser plug-in avail­able on the google.com web­site. However, the plug-in is only avail­able for cer­tain browser pro­grams.

We also use third party con­tent on our web­site to make our web­site as infor­ma­tive and con­ve­nient as pos­si­ble for you. These include, for exam­ple, Google Maps, RSS feeds or YouTube. These third party providers receive your IP address for tech­ni­cal rea­sons. We have no influ­ence on the use of this data by the third party provider. In this regard we refer to the data pro­tec­tion dec­la­ra­tions of the respec­tive providers.

Customize cookie set­tings

  1. Web analy­sis

Our web­site uses func­tions of the web analy­sis ser­vice Google Analytics. Google Analytics is a ser­vice of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses "cook­ies", which enable Google to analyse the use of our web­site. The infor­ma­tion col­lected by the cook­ies about the use of our web­site (includ­ing your anonymised IP address) is gen­er­ally trans­mit­ted to a Google server in the USA and stored there. We would like to point out that Google Analytics has been extended on our web­sites in order to guar­an­tee anony­mous col­lec­tion of IP addresses (so-called IP mask­ing). Your IP address is only recorded by Google in a short­ened form, which guar­an­tees anonymi­sa­tion and does not allow any con­clu­sions to be drawn about your iden­tity. In the case of IP anonymi­sa­tion on our web­sites, your IP address will pre­vi­ously be reduced by Google within mem­ber states of the European Union or in other sig­na­tory states to the Agreement on the European Economic Area. Only in excep­tional cases will the full IP address be trans­mit­ted to a Google server in the USA and short­ened there. Google also respects the pri­vacy pro­vi­sions of the U.S. Safe Harbor Agreement and is reg­is­tered with the U.S. Department of Commerce's Safe Harbor Program. Google will use this infor­ma­tion to eval­u­ate your use of our web­site, to com­pile reports on web­site activ­i­ties for us and to pro­vide us with fur­ther ser­vices asso­ci­ated with the use of web­sites and the Internet. The IP address trans­mit­ted by your browser in the con­text of Google Analytics is not merged with other Google data. A trans­fer of this data by Google to third par­ties only takes place due to legal reg­u­la­tions or within the scope of order data pro­cess­ing.

The rela­tion­ship with the web ana­lyt­ics provider is based on "Privacy Shield". Data pro­cess­ing is car­ried out on the basis of the legal pro­vi­sions of § 96 Paragraph 3 TKG and Art 6 Paragraph 1 lit a (con­sent) and/​or f (legit­i­mate inter­est) of the GDPR.

5.2 Transfer to third par­ties / oblig­a­tions of order proces­sors

We may share your per­sonal data with third par­ties

- within the group, tak­ing into account the per­mis­si­ble uses,

- to con­trac­tors (e.g. for our elec­tronic adver­tis­ing in the form of newslet­ters or e‑commerce cam­paigns) and, to third par­ties who must be con­sulted in order to pro­vide the ser­vices you require, all of whom have com­mit­ted them­selves to com­ply with the applic­a­ble data pro­tec­tion stan­dards,

is trans­mit­ted. If com­pli­ance with European data pro­tec­tion stan­dards is not pos­si­ble — for exam­ple because stan­dard con­trac­tual clauses, deci­sions on appro­pri­ate­ness or cer­ti­fi­ca­tions are not guar­an­teed in a spe­cific case — we clar­ify you in good time and also obtain the nec­es­sary con­sents from you.

By using this web­site, you con­sent to the pro­cess­ing of data about you by Google and the man­ner of data pro­cess­ing described above as well as the named pur­pose. You may refuse the use of cook­ies by select­ing the appro­pri­ate set­tings on your browser, how­ever please note that if you do this you may not be able to use the full func­tion­al­ity of our web­site.

5.3 Objection to data col­lec­tion

You can pre­vent Google Analytics from col­lect­ing your data by click­ing on the fol­low­ing link. An opt-out cookie is set which pre­vents the col­lec­tion of your data on future vis­its to this web­site: Disable Google Analytics You can find more infor­ma­tion on how Google Analytics han­dles user data in Google's pri­vacy pol­icy — here.

  1. Newsletter

You have the pos­si­bil­ity to sub­scribe to our newslet­ter via our web­site and on the reg­is­tra­tion form. For this we need your e‑mail address and your dec­la­ra­tion that you agree to receive the newslet­ter. In order to pro­vide you with tar­geted infor­ma­tion, we also col­lect and process vol­un­tar­ily pro­vided infor­ma­tion such as areas of inter­est, birth­day and post­code [.…]. {With dou­ble opt-in:} As soon as you have reg­is­tered for the newslet­ter, we will send you a con­fir­ma­tion e‑mail with a link to con­firm your reg­is­tra­tion. You can can­cel your sub­scrip­tion to the newslet­ter at any time. Please send your can­cel­la­tion to the fol­low­ing e‑mail address: [news@loisium.com]. We will imme­di­ately delete your data in con­nec­tion with send­ing the newslet­ter.

  1. Facebook plu­g­ins (like but­ton)

Our pages include plu­g­ins from the social net­work Facebook, provider Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA. You can rec­og­nize the Facebook plu­g­ins by the Facebook logo or the "Like" but­ton on our page. An overview of the Facebook plu­g­ins can be found here: https://developers.facebook.com/docs/plugins/. When you visit our pages, the plu­gin estab­lishes a direct con­nec­tion between your browser and the Facebook server. Facebook receives the infor­ma­tion that you have vis­ited our site with your IP address. If you click the Facebook "Like-Button" while logged into your Facebook account, you can link the con­tents of our pages on your Facebook pro­file. This allows Facebook to asso­ciate the visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowl­edge of the con­tent of the data trans­mit­ted or of their use by Facebook. For more infor­ma­tion, please see Facebook's Privacy Policy at https://de.facebook.com/policy.php. If you do not want Facebook to asso­ciate your visit to our pages with your Facebook account, please log out of your Facebook account.

  1. Facebook remar­ket­ing

This web­site uses the remar­ket­ing func­tion "Custom Audiences" of Facebook Inc. "("Facebook"). This func­tion is used to present inter­est-based adver­tise­ments ("Facebook ads") to vis­i­tors to this web­site when they visit the social net­work Facebook. For this pur­pose, Facebook's remar­ket­ing tag has been imple­mented on this web­site. This tag estab­lishes a direct con­nec­tion to the Facebook servers when you visit the web­site. This infor­ma­tion is trans­mit­ted to the Facebook server that you have vis­ited this web­site and Facebook assigns this infor­ma­tion to your per­sonal Facebook user account. For more infor­ma­tion about Facebook's col­lec­tion and use of the data and your rights and choices about pro­tect­ing your pri­vacy, please see Facebook's pri­vacy pol­icy at https://www.facebook.com/about/privacy/. Alternatively, you can deac­ti­vate the remar­ket­ing func­tion "Custom Audiences" at https://www.facebook.com/settings/?tab=ads. You must be logged in to Facebook to do this.

  1. Instagram

Our pages include func­tions of the Instagram ser­vice. These func­tions are pro­vided by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the con­tents of our pages to your Instagram pro­file by click­ing the Instagram but­ton. This allows Instagram to asso­ciate the visit to our pages with your user account. We would like to point out that, as the provider of these pages, we are not aware of the con­tent of the data trans­mit­ted or how Instagram uses it. For more infor­ma­tion, please see Instagram's pri­vacy pol­icy: https://instagram.com/about/legal/privacy/

  1. YouTube

Our web­site uses plu­g­ins from Google's YouTube site. This web­site is oper­ated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. If you visit one of our pages equipped with a YouTubePlugin, a con­nec­tion to the YouTube servers is estab­lished. The Youtube server will be informed which of our pages you have vis­ited. If you are logged into your YouTube account, you allow YouTube to asso­ciate your surf­ing behav­ior directly with your per­sonal pro­file. You can pre­vent this by log­ging out of your YouTube account. Further infor­ma­tion on how user data is han­dled can be found in YouTube's pri­vacy pol­icy at: https://www.google.de/intl/de/policies/privacy

  1. Hotjar Privacy Policy

We use Hotjar of Limited (Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta) on this web­site to sta­tis­ti­cally eval­u­ate vis­i­tor data. Hotjar is a ser­vice that analy­ses the behav­iour and feed­back of users on web­sites using a com­bi­na­tion of analy­sis and feed­back tools. Hotjar-based web­sites have inte­grated a track­ing code on their web­sites, which is trans­mit­ted to our servers in Ireland (EU). This track­ing code con­tacts Hotjar's servers and sends a script to the com­puter or device that you use to access the Hotjar-based web­site. The script col­lects cer­tain data relat­ing to the user's inter­ac­tion with the cor­re­spond­ing web­site. This data is then sent to the Hotjar servers for pro­cess­ing.

For more details on the pri­vacy pol­icy and how Hotjar col­lects infor­ma­tion, please visit https://www.hotjar.com/legal/policies/privacy.

Deactivation of Hotjar If you do not want Hotjar to col­lect your data, you can acti­vate the Hotjar Opt Out. There you have the pos­si­bil­ity to deac­ti­vate or reac­ti­vate the col­lec­tion of data by Hotjar by a sim­ple click on the red deac­ti­vate Hotjar but­ton. Attention: The dele­tion of cook­ies, the use of the incognito/​private mode of your browser, or the use of another browser leads to data being col­lected again.

  1. Comment func­tion on this web­site

For the com­ment func­tion on this page, in addi­tion to your com­ment, infor­ma­tion about the time the com­ment was cre­ated, your e‑mail address and, if you do not post anony­mously, your cho­sen user name will be saved.

Saving the IP address
Our com­ment func­tion stores the IP addresses of users who write com­ments. In order to be able to take action against the author in case of infringe­ments such as insults or pro­pa­ganda, we store the author's IP address.

  1. LiveChat

http://www.livechatinc.com/privacy-policy/
Data Collected:
Anonymous (Analytics, Browser Information, Cookie Data , Hardware/​Software Type, Serving Domains)
Pseudonymous (IP Address (EU PII))
Data Sharing:
Data is not shared with 3rd par­ties.
Data Retention:
Undisclosed

  1. SSL-Encryption

This site uses SSL encryp­tion for secu­rity rea­sons and to pro­tect the trans­mis­sion of con­fi­den­tial con­tent, such as requests you send to us as a site oper­a­tor. You can rec­og­nize an encrypted con­nec­tion by the fact that the address line of the browser changes from "http://" to "https://" and by the lock sym­bol in your browser line. If SSL encryp­tion is acti­vated, the data you trans­mit to us can­not be read by third par­ties.

  1. Contact

You have the fol­low­ing rights towards us with regard to per­sonal data con­cern­ing you:

- right to infor­ma­tion

- the right to rec­ti­fi­ca­tion or dele­tion (unless we are legally obliged to retain such data)

- right to lim­i­ta­tion of pro­cess­in­gright of oppo­si­tion to the pro­cess­ing

- right to data trans­fer­abil­ity

You also have the right to com­plain to the fol­low­ing com­pe­tent super­vi­sory author­ity about our pro­cess­ing of your per­sonal data: Austrian Data Protection Authority (DSB), Wickenburggasse 8 – 10, 1080 Vienna.

  1. Contradiction

Advertising mails The use of con­tact data pub­lished within the scope of the imprint oblig­a­tion to send unso­licited adver­tis­ing and infor­ma­tion mate­r­ial is hereby pro­hib­ited. The oper­a­tors of these pages expressly reserve the right to take legal action in the event of unso­licited adver­tis­ing infor­ma­tion, such as spam e‑mails.

You can reach us under the fol­low­ing con­tact details:
XENIOS Management GmbH

E‑mail: datenschutz.langenlois@loisium.com or datenschutz.steiermark@loisium.com

Status: May 2020