Data protection provisions

What data are processed? What sources does this data come from?

We process and store all personal data that you submit to us within the context of e-mail enquiries in order to carry out the contact you requested as well to further maintain customer relationships.
Among other things these include; registration for the newsletter, the ordering of brochures, the ordering of vouchers, booking enquiries, competitions and contact requests.

Newsletter
The newsletters of Donau Niederösterreich Tourismus GmbH, which appear several times a year, are a free service to customers and partners. All subscribers sign up voluntarily by means of a double-opt procedure in order to receive the newsletter.There is absolutely no transfer of personal data without the consent of the user. There is the possibility to unsubscribe at all times. This can either be done directly in the newsletter or by e-mail at office@donau.com .

Ordering a brochure
When ordering the brochure, you agree that your contact details (name, address, e-mail and telephone number) will be stored electronically and will continue to be used by Donau Niederösterreich Tourismus GmbH in order to send information of interest (brochures, etc.). This will not incur any obligations or costs on your part. This agreement can be revoked at any time by calling 0043 2713 / 30060-0 or by e-mail at urlaub@donau.com .

Personal data includes: Name, address, contact details (e-mail, phone), country

This data will be stored with us until we receive your written request for deletion.
Additional personal data will only be collected if you voluntarily provide information, as part of an enquiry or registration or to conclude a contract or through the settings of your browser. If we disclose data to external service providers, technical and organisational measures will be taken to ensure that the disclosure is in accordance with the legal provisions of data protection law. Data processing takes place on the basis of the legal provisions of the Austrian Data Protection Act and the GDPR.

For what purposes is the data processed? On what legal basis is this processing based?

Your personal data will be exclusively processed in accordance with the data protection regulations: For the fulfilment of contractual obligations and if necessary, to fulfil pre-contractual measures (art. 6 para. 1b GDPR)

The processing of your personal data is necessary in order to be able to fulfil your enquiries and orders in specific cases:

• Transmission of information materials (brochures, maps, image folders, etc.)
• Transmission of ordered vouchers (for holiday packages)
• Communication with winners and the sending of prizes within the scope of competitions
• Transmission of data to hosts/service providers for processing non-binding enquiries

Within the scope of your consent (art. 6 para. 1a GDPR) If you have given us consent to the processing of your personal data, these will only be processed in accordance with the purposes and within the scope agreed upon in the present consent declaration. Any consent given by you may be revoked at any time with immediate effect. Until your revocation, the legality of the processing carried out on the basis of your consent remains unaffected. For example, you can unsubscribe from our free newsletter at any time. This can either be done directly in the newsletter or by e-mail at office@donau.com .

Who receives your data? Who is your data transmitted to outside of Donau Niederösterreich Tourismus GmbH?

Within Donau Niederösterreich Tourismus GmbH, offices and/or employees receive access to your personal data which/who require these data to fulfil the pre-contractual measures or the contractual obligations.

Non-binding offers and accommodation enquiries can be made via the website of Donau Niederösterreich Tourismus GmbH. The contact details given to us (name, address, e-mail address and telephone number) as well as the travel-specific data (arrival/departure date, number of persons, number of children and age of the children) are transmitted to the respective host/provider for the purpose of processing the non-binding enquiry.

In addition, processors who have been commissioned by us (especially IT/back office service providers and printers) will receive your personal information, if they need this to fulfil the respective task. All processors are contractually obliged to only process your personal data within the context of providing services and to treat them confidentially.

The use of personal data for web shops
All necessary data are stored for the purpose of purchasing process and executing the contract. The data required for the contract, such as name, address and other personal data related to the client are forwarded to third parties. The credit card number required for the booking is transmitted to the payment service provider, Datatrans AG Kreuzbühlstrasse 26, CH-8008 Zurich, where it is stored for password-protected recall. This regulation applies to the procurement as well as the sale.

Except for the processors mentioned above, your data will not be disclosed to third parties, unless there is a legal obligation to do so.

How long will your data be stored and processed for?

We store and process your personal data for the period that the customer relationship (including the use for direct marketing purposes) is maintained and/or until the revocation of the corresponding consent. In addition, during the storage period, the legally stipulated retention periods for accounting purposes must be adhered to, e.g.: seven-year retention period for accounting documents and records.

What data protection rights do you have as a data subject?

As a data subject, you have the following rights at all times:
• Information, correction, deletion or a restriction concerning the processing of your stored data (following clear identification by means of a valid identification document).
• Opposition to the processing and use of data for direct marketing purposes.
• Data portability in accordance with the requirements of data protection law.

Right to confirmation
As the person affected, you have the right to ask us to confirm whether you process relevant personal data (following clear identification by means of a valid identification document). You can contact us at any time at datenschutz@donau.com .

Right to information
As the data subject, you have the right to receive free information about the personal data stored about you and a copy of this information at any time (following clear identification by means of a valid identification document). You can contact us at any time at datenschutz@donau.com .

Your right to information comprises the following information:
• the purposes of processing,
• the categories of personal data processed by us,
• the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed,
• if possible, the planned duration for which your personal data will be stored or, if this is not possible, the criteria for determining that duration,
• the existence of your right to correction or deletion of personal data, the right to restrict our processing as the responsible party and your right to object to such processing
• the existence of a right of appeal to the Austrian Data Protection Authority as the supervisory authority
• insofar as your personal data is not collected from you as the data subject: All available information concerning the origin of this data

Within the scope of operating our website, we commission software service providers and agencies that are able to gain access to your personal data in the course of their work. These service providers and agencies have committed themselves to comply with the applicable data protection regulations. For further information about our service providers, please contact datenschutz@donau.com .

Furthermore, as the data subject, you have the right to know whether your personal data has been transferred to a third country or to an international organisation. If this is the case, you as the data subject have the right to obtain information about the appropriate guarantees in connection with the transfer.

Right to correction
As the person affected, you have the right to ask us to immediately correct incorrect personal data concerning you (following clear identification by means of a valid identification document). You can contact us at any time at datenschutz@donau.com .

Right of deletion (right to be forgotten)
As a data subject, you have the right to ask us to delete the personal data concerning you immediately if one of the following reasons applies and the processing is not required (following clear identification by means of a valid identification document):
• Your personal data has been collected (or otherwise processed) for purposes which are no longer necessary.
• As the data subject, you object to the processing in accordance with art. 6 para. 1a GDPR or art. 9 para. 2a GDPR and there is no other legal basis for the processing,
• As the data subject, you object to the processing in accordance with art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you as the person concerned object to the processing in accordance with art. 21 para. 2 GDPR.
• Your personal data have been processed unlawfully.
• The deletion of your personal data is required to fulfil a legal obligation under EU law or the law of the Republic of Austria, which we, as the responsible party, are subject to.

If one of the above reasons applies and you, as the data subject, whose personal data are stored by Donau Niederösterreich Tourismus GmbH, wish to have the data deleted, you can always contact us at datenschutz@donau.com .

Right to restrict the processing
As the person affected by the processing of personal data, you have the right to ask that we, as the responsible party (following clear identification by means of a valid identification document), restrict processing, if one of the following conditions is met:
• The accuracy of your personal data is contested by you as the data subject, for a period of time that allows us, as the responsible party, to verify the accuracy of your personal information.
• Processing is unlawful and you, the data subject, refuse to delete your personal information and instead request that your personal data be restricted.
• We, as the responsible party, no longer need your personal information for processing purposes, but you, the data subject, need it to assert, exercise or defend your rights.
• You, as the data subject, have objected to the processing in accordance with art. 21 para. 1 GDPR and it is not yet clear whether the legitimate reasons of the responsible party outweigh those of the data subject.

If one of the above reasons applies and you, as the data subject, whose personal data are stored by Donau Niederösterreich Tourismus GmbH, wish to restrict the processing of this data, you can contact us at any time at datenschutz@donau.com .

Right to data portability
As the person affected by the processing of personal data, you have the right to receive the personal data relating to you, which you provided to us as the responsible party, in a structured, conventional and machine-readable format. You also have the right to transmit this data to another party responsible without hindrance by us, if the processing is based on the consent in accordance with art. 6 para. 1 a GDPR or art. 9 para. 2 a GDPR or on a contract in accordance with art. 6 para. 1 b GDPR and the processing takes place by automated means, provided that the processing is not necessary for the performance of a task in the public interest or in the exercise of public authority which has been delegated to the party responsible.

Furthermore, as the data subject, when exercising your right of data portability in accordance with art. 20 para. 1 GDPR, you have the right to have your personal data transmitted directly by us as the responsible party to another responsible party, provided that this is technically feasible and insofar as this does not affect the rights and freedoms of others.

In order to assert the right to data portability, you can always contact us at datenschutz@donau.com .

Right of objection
As the data subject, you have the right, at any time, to object to the processing of personal data concerning you, based on your particular situation, which takes place on the basis of art. 6 para. 1e or f GDPR. You can contact us at any time at datenschutz@donau.com .

Insofar as we process your personal data in order to operate direct mail, you as the person affected have the right to object to the processing of personal data at any time for the purpose of such advertising.

Right of appeal
You can address your complaints to the Austrian Data Protection Authority at any time: www.dsb.gv.at 

Are you obliged to provide data?

Your personal data are required in order to carry out the order you want (e.g.: Bookings, ordering of information material) as well as to fulfil the resulting contract and/or the pre-contractual measures. Unfortunately, if you do not want to provide us with the data, we cannot carry out the order.

In any case, you are not obliged to provide consent to the processing of data that is not relevant to the performance of the contract. For example, you do not have to give consent to receive the newsletter when entering a competition. This consent is optional.

Use of Google Maps

Donau Niederösterreich Tourismus GmbH uses Google Maps on its website, especially for the presentation of POIs (points of interests) on an interactive map. Google Maps is operated by Google Inc. By using these websites, you consent to the collection, processing and use of the data collected and entered by you by Google, its agents or third parties. See the link below for information about the data which is transferred when using Google Maps: https://policies.google.com/privacy?hl=de . In addition to the IP address, this includes, among other things, data such as: the GPS data of a smartphone which is used or the search behaviour.

A summary of social plug-ins and channels

Donau Niederösterreich Tourismus GmbH cooperates with various providers of social networks. Within the scope of this collaboration, your browser will automatically contact the selected service provider when using the respective service (e.g. Facebook). For example, your IP address, cookies and other information will be transmitted to the respective service provider if you have previously visited its website. This data transfer only occurs when you interact with these social networks.

Our website integrates the share buttons of the following social networks:
Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ('Facebook'),
Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA,
Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, YouTube, operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA,
Instagram operated by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA and
Google Plus operated by the social network Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The share buttons can be identified by the respective logo.

All share buttons are set up in compliance with data protection laws. A direct connection between your browser and the server of the operator of the respective social network is only (and only then) established when you click on the respective 'share button' on our website. According to the operators of the aforementioned social networks, no personal or company-related data is collected from the social networks without a click on the respective share button. Such data, including the IP address, is only collected and processed by logged in members. If you do not wish to assign the visit to our website to your respective social network user account, please log out of the user account of the respective social network.

We would like to point out at this point, that as a provider of the website, we are not aware of the content of the transmitted data and its use by the social networks. For further information about data usage by social media networks, see the privacy statements of these social networks.

The individual social media channels in detail:

Use of Facebook plug-ins
This website uses social plug-ins for the social network facebook.com which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ('Facebook'). These are recognisable by one of the Facebook logos (white 'f' on a blue tile or a 'thumbs up' symbol) or the additional text 'Facebook Social Plugin'.
When you access one of our websites with such a plug-in, a connection is made to the Facebook servers and the plug-in is displayed on the website through a notification on your browser. This will communicate which of our websites you have visited to the Facebook server. If you are logged in as a member of Facebook, Facebook assigns this information to your personal Facebook user account. When using the plug-in functions (e.g. by clicking the 'Like' button or submitting a comment) this information will also be assigned to your Facebook account. This can only be prevented by logging out before using the plugin.

Further information on the data collected and used by Facebook, your rights regarding this and options for protecting your privacy can be found in Facebook's data protection policy: http://www.facebook.com/policy.php  .

It is also possible to block Facebook social plug-ins with add-ons for your browser.

Twitter
This website uses the buttons of the Twitter service. These buttons are provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. They are identifiable by terms such as 'Twitter' or 'follow', combined with a stylised blue bird. With the help of the buttons it is possible to share a post or a page of this website on Twitter or to follow the provider on Twitter.

When you visit one of our websites that contains a button like this, your browser makes a direct connection to the Twitter servers. The content of the Twitter buttons is transmitted by Twitter directly to your browser. We therefore have no control over the scope of the data that Twitter collects using this plugin. To the best of our knowledge, only the IP address of the user is transmitted when the button is used, but not used for purposes other than displaying the button.

Further information can be found in the privacy policy of Twitter at http://twitter.com/privacy  .

Instagram
On our website, we use the features of the social networking site Instagram, provided by Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Using the features for embedding Instagram content (embed function) we can display images and videos. By calling up pages that use such functions, data (IP address, browser data, date and time, cookies) are transmitted to Instagram, stored and evaluated. If you have an Instagram account and you're signed in, that information will be associated with your personal account and the data stored in it. The privacy policy which explains what information Instagram collects and how it uses it can be found at https://help.instagram.com/155833707900388 .

YouTube
Our website uses the YouTube button of the social network YouTube, which is operated by YouTube LLC, with its main office at 901 Cherry Avenue, San Bruno, CA 94066, USA ('YouTube').
When you visit a web page on our online presence that contains a button like this, your browser establishes a direct connection to YouTube's servers. The content of the 'YouTube' button will be sent by YouTube directly to your browser and incorporated into the website.
Therefore, we have no control over the scope of the data YouTube collects from the button, but we assume that your IP address will be recorded. For the purpose and scope of the data collection and the further processing and use of the data by YouTube, as well as your rights relating to this and settings options for protecting your privacy, please refer to YouTube's data protection policy concerning the 'YouTube' button.
If you are a YouTube member and you do not want YouTube to collect data about you via our website and link it to your member data stored by YouTube, you must log out of YouTube before visiting our website.

Cookies, Google Analytics, Google reCaptcha and Google Fonts

In conjunction with your access to this website, Donau Niederösterreich Tourismus GmbH stores information about your access (date, time, page viewed). These data are only for statistical purposes and will only be evaluated in an anonymous form.

Cookies
Cookies are very small files that are written by a website on the visitor's computer. They cannot be used to read other data on the computer. Websites use cookies in order to restore past user preferences and understand the history of visitor enquiries.

Donau Niederösterreich Tourismus GmbH uses cookies in order to better tailor the website presence to the needs of our customers and to structure the content of our websites in the best possible way. The information is also used to further enhance the navigation structure of the website and to make it more user-friendly.

Additional cookies may be set by various other providers whose additional services are offered on our websites. We have no influence with regard to these providers and we do not use their cookies for our own purposes.

All cookies are accepted by any Internet browser by default. However, you can instruct your browser not to accept cookies or to automatically delete them after each Internet session. Please refer to the corresponding instructions on the support pages of your browser provider.

AdServer
Donau Niederösterreich Tourismus GmbH uses an AdServer on the websites to promote topics and products in the form of banners or skyscrapers. The AdServer is located directly on the server at www.donau.com . Photos are also stored directly in the AdServer and not loaded externally. As such, the external transmission data is ruled out.

Lower Austria Event Database
Furthermore, in the navigation point 'Find events' on the website we process event and contact data from publicly accessible sources, including photos and, if applicable, moving images which are made available by registered users in the event calendar. This is done for the purpose of publicity and information. This processing is carried out for the duration of the event in question and in order to protect the legitimate interests of the party responsible 'Niederösterreich Werbung GmbH' as well as those third parties (clubs and institutions) who have published the event in the Lower Austria event calendar.

Data imports from third party systems imx.platform, Outdooractive and TOMAS-Daten, tour data and data concerning the availability of free rooms and the prices of the following system providers: Outdooractive GmbH, Bayerhamerstraße 47, A-5020 Salzburg
infomax websolutions GmbH, Kirchplatz 8, D-83224 Grassau
my.IRS GmbH & TBox AG, Dornierstraße 4, D-82178 Puchheim
The transmitted data, including photos, are imported directly onto the server of www.donau.com  and are not reloaded from the third party server. As such, no data trail is created on the visitor's browser.

Google Analytics
Google Analytics is used on this website, provided you have given your consent. Donau Niederösterreich Tourismus GmbH uses Google Analytics to analyse the use of its website. The data obtained from this is used to optimise the website and advertising measures and to compile reports on website activities. The reports provided by Google Analytics are used to analyse the performance of our website and the success of our marketing campaigns. Further information about Google Analytics can be found online or at www.google.com/analytics. For more information about terms of use and privacy, please visit https://policies.google.com/?hl=en-GB.

Google Analytics is a web analytics service provided by Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google processes the data on website use on our behalf and is contractually bound to take measures to ensure the confidentiality of the data processed.

During your visit to the website, the data recorded includes:

• The pages you access, i.e. your “click path”
• Your behaviour on the pages (for example clicks, scrolling behaviour and dwell time)
• Your approximate location (country and city)
• Your IP address (in abbreviated form, so that no clear assignment is possible)
• Technical information such as browser, internet provider, end device and screen resolution
• Source of your visit (i.e. the website or advertising medium via which you came to our website)
• The referrer URL (the website/advertising medium via which you came to this website)

This data is transferred to a Google server in Europe and stored there.

Recipient
The recipient of the data is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) as the processor. Donau Niederösterreich Tourismus GmbH has concluded a contract with Google for this purpose. Google LLC, based in California, USA, and, where applicable, US authorities can access the data stored by Google.

Transfer to third countries
A transfer of data to the USA cannot be excluded.

Storage duration
Google Analytics stores cookies in your web browser for 14 months from your last visit. These cookies contain a randomly generated user ID that can be used to recognise you on future visits to the website.

The recorded data is stored together with the randomly generated User ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form for an unlimited period.

Legal basis and right of withdrawal
The legal basis for this data processing is your consent, Article 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by viewing the cookie settings and changing your selection there.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.

Google Analytics (with anonymisation function)
We have implemented the IP address anonymisation of Google Analytics on this website. This feature has been developed by Google to enable this website to comply with applicable privacy provisions and recommendations of local data protection authorities when they prohibit storage of the full IP address. The anonymisation and/or masking of the IP takes place as soon as the IP addresses arrive in the Google Analytics data collection network and before the data is stored or processed. Further information about IP anonymisation can be found at https://support.google.com/analytics/answer/2763052?hl=de 

Google reCaptcha
In order to protect your orders via the internet form, this website uses the reCAPTCHA service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ('Google'). The query is used to distinguish whether the entry is made by a human or as a form of misuse, by automated, mechanical processing. The query includes the sending of the IP address and any other data required by Google for the reCAPTCHA service, to Google. Your entry will be transmitted to Google and used there for this purpose. By using reCaptcha, you agree that the recognition you provide will be used to digitise old works. However, if IP anonymisation is activated on this website, your IP address will be truncated by Google beforehand within the member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP-address be transferred to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website in order to evaluate your use of this service. The IP address sent by your browser as part of reCaptcha will not be merged with other data provided by Google. This data is subject to the deviating privacy policies of Google. For further information about Google's privacy policy, please visit: https://www.google.com/intl/de/policies/privacy/ .

Google Fonts
External fonts, Google Fonts, are used on this website. Google Fonts is a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). However, we have integrated the external fonts locally, i.e. on our web server. This means that there is no connection to the Google servers and thus no data transfer to the USA.

YouTube
This website integrates YouTube components. YouTube is an Internet video portal that allows video publishers to freely upload video clips and enables other users to freely view them, rate them and make comments. YouTube allows the publication of all types of videos, so that both complete film and television broadcasts are available via the Internet portal, as well as music videos, trailers and user-made videos.

The operating company of YouTube is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

As a result of visiting one of the pages of this website, which is operated by the controller and incorporates a YouTube component (YouTube video), the Internet browser on the data subject's IT system will automatically cause the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information about YouTube can be found at https://www.youtube.com/yt/about/de/ .
Within the scope of this technical process, YouTube and Google are notified of the specific subpage of our website visited by the person concerned.

If the person affected is logged in to YouTube at the same time, YouTube recognises which specific subpage of our website the data subject visits by requesting a subpage containing a YouTube video. This information is collected by YouTube and Google and associated with the respective YouTube account of the data subject.

Via the YouTube component, YouTube and Google will always receive information that the person affected has visited our website if the person affected is simultaneously logged into YouTube at the same time as accessing our website; this happens regardless of whether the person clicks on a YouTube video or not. If the data subject does not want transmission of this information to YouTube and Google he/she can prevent it by logging out of their YouTube account before accessing our website.

The data protection provisions published by YouTube, which can be retrieved at https://www.google.de/intl/de/policies/privacy/ provide information about the collection, processing and usage of personal data by YouTube and Google.