Skip to main navigation Skip to main content Skip to page footer
main logo main logo

Privacy policy

As the controller under data protection law, we—the
Tarifverbund Lungau Katschberg Obertauern
Seekarstraße 2, A-5562 Obertauern
Tel.: +43 (0) 6456 7554
Fax: +43 (0) 6456 7554 22
info@lungo.at

Contacting Us

If you contact us via the contact form on the website, by email or by phone, we store the data you provide (salutation, name, email address, subject, your message, as well as any technical transmission data) for the purpose of processing your enquiry. The processing of your data is based on our overriding legitimate interests (Art. 6(1)(f) GDPR) and for taking steps prior to entering into a contract and for contract performance (Art. 6(1)(b) GDPR). Without your personal data we cannot process your enquiry.

The data collected in this context will be deleted once the purpose for which it was processed no longer applies, but no later than six months thereafter. This is the case when it can be inferred from the circumstances that the matter in question has been conclusively clarified, unless there is a further reason for storage arising from a contractual relationship (Art. 6(1)(b) GDPR), legal obligations (Art. 6(1)(c) GDPR) or our overriding legitimate interests (Art. 6(1)(f) GDPR).
We collect the personal data required to fulfil this processing purpose exclusively from you. No data is transferred to third parties for this purpose.

Data Processing upon Conclusion of a Contract

For the conclusion, performance or termination of a contract with you, we process the following personal data:

  • Master data (salutation, name, date of birth/year of birth, address)

  • Contact data (email address, phone number where applicable)

  • Information about orders

  • Payment data

Without the personal data you provide when ordering or contacting us, we cannot conclude a contract with you. We therefore process this data for the performance of contractual obligations and to take steps prior to entering into a contract pursuant to Art. 6(1)(b) GDPR. We are also entitled—where necessary for collection purposes or to enforce our claims arising from the contractual relationship—to transmit master data and personal data provided to us by the customer, in particular name, date of birth, address, information on payment default and outstanding balance, to lawyers and collection agencies. Personal data is stored for as long as necessary to fulfil the purpose of processing and, where a corresponding statutory obligation exists, or where open legal claims exist arising from a legal relationship relating to the data that require longer storage.

To comply with corporate, VAT and tax retention obligations, your data will be stored for seven years. Beyond this period, your data will be stored as long as is necessary to enforce legal claims.

You have the option to purchase ski tickets and value vouchers via our online shop. We process the data you provide in order to fulfil your order and for contract performance pursuant to Art. 6(1)(b) GDPR. To place orders in the online shop, a customer account must be created in the webshop. To provide this service, we process the personal data you provide during registration (first and last name, date of birth, address and your email address). You can delete your customer account at any time. Further information about our online offering, the tariff regulations and data protection is available via our LUNGO webshop (https://obertauern.skiperformance.com/).

Newsletter

If you have provided us with your email address when purchasing goods or using our services, we reserve the right to regularly send you offers by email for goods or services similar to those already purchased. Processing is based on our legitimate interest in personalised direct advertising pursuant to Art. 6(1)(f) GDPR in conjunction with § 174 TKG 2021. If you initially expressly objected to the use of your email address for this purpose, we will not send emails. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by notifying us, or by using the unsubscribe link contained in the newsletter. Upon receipt of your objection, the use of your email address for advertising purposes will be discontinued without delay.

You may also subscribe to our free newsletter. For this we require your email address and your consent to receive the newsletter (Art. 6(1)(a) GDPR). Once you have signed up, we will send a confirmation email with a link to confirm your subscription. Your subscription is only active after this confirmation. This prevents unwanted newsletter sign-ups. We store your IP address and the time of registration and confirmation. The purpose is to document your registration and, if necessary, to clarify potential misuse of your personal data. You can withdraw your consent to receive the newsletter at any time by email to info@lungo.at or via the unsubscribe link in the footer of the newsletter.

Processor for newsletter dispatch: We use Microsoft 365 (Exchange Online) for sending newsletters.

Access Control via “Photocompare”

For the purpose of access control and to prevent misuse of lift tickets as well as to ensure compliance with tariff conditions, a reference photo of the lift ticket holder is taken when passing through a turnstile equipped with a camera for the first time on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR. This reference photo is compared by lift staff with the photos taken upon each subsequent passage through a camera-equipped turnstile. No automated image data matching takes place. The reference photo is deleted immediately after the lift ticket expires; the other photos (control photos) are deleted no later than 30 minutes after each passage through a turnstile. Only in individual cases (if our employee has doubts regarding the match between the control photo and the reference photo) is the automatic deletion of the control photo prevented. To clarify criminal offences or enforce civil claims, we are—where necessary to enforce our claims (Art. 6(1)(f) GDPR, Art. 10 GDPR in conjunction with § 149 Austrian Criminal Code “obtaining services by fraud”)—entitled to transmit your master data and information relating to the incident to security authorities, courts, insurers and lawyers. If the suspicion of unlawful use of the ski ticket is not substantiated, the control photo is deleted immediately.

In connection with access control via Photocompare, we also process your name, address, date of birth and the number and type of ski pass. All data is stored in encrypted form. In addition, solely for settlement purposes with other lift operators, we process the times and locations of access of the lift ticket pursuant to Art. 6(1)(b) GDPR. For this purpose, the data is stored for three years.

No movement profiles of lift ticket users are created from the (image) data of the Photocompare system. No audio recordings are made.
Please note that our lift tickets are non-transferable.
Photocompare is not used at all lift facilities in the ski area but only at certain designated entry points.
We also point out that it is possible to purchase lift tickets that are technically configured so that no photo is taken when passing through the turnstile; in this case, random checks by lift staff must be expected.

Processor: We use SKIDATA AG, Untersbergstraße 40, 5083 Grödig/Salzburg, as a processor.

Wi-Fi

We do not operate Wi-Fi in the ski area. If Wi-Fi is offered in the Obertauern ski area, responsibility (including GDPR handling) lies with the respective Wi-Fi operator.

Applications

We process the personal data you provide to conduct the application process pursuant to Art. 6(1)(b) GDPR (initiation or performance of contractual relationships) or to fulfil our legal obligations (Art. 6(1)(c) GDPR). We may retain your applicant data in our records if you have given your explicit consent. If you have not consented to retention, we delete your personal data seven months after receipt of your application. Without your personal data, we cannot process your application.

Data Collection When Visiting Our Website

To improve the operation of our websites, we use “cookies”. Cookies are small text files that can be stored on your computer when you visit a website. Cookies are generally used to provide users with additional functions on a website. Cookies cannot access, read or change any other data on your computer.

Website Functionality

When you visit our website, we collect the personal data that your browser transmits to our servers and that is technically necessary to display the website and ensure its stability and security. This supports traceability of errors and sustainable error correction. It also helps prevent and remedy unlawful use of website content and improves website quality. The IP address is evaluated only in the event of attacks on our network infrastructure. The data is deleted automatically as soon as it is no longer needed for our logging purposes, but no later than after 30 days. Processing is carried out pursuant to Art. 6(1)(f) GDPR in conjunction with § 165(3) TKG 2021.

The following data is collected:

  • IP address of the requesting computer

  • Date and time of access

  • Name and URL of the retrieved data

  • Amount of data transferred

  • Notification whether the retrieval was successful

  • Identification data of the browser and operating system used

  • Website from which access occurs

  • Name of your internet service provider

Google Analytics

We use Google Analytics, a web analytics service of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. On our behalf, Google uses the information collected to evaluate your use of the website, to compile reports on website activity and to provide other services related to website and internet usage to the website operator. This is also used to display personalised advertising on other websites, selected via real-time bidding.

For this purpose, Google processes—via the cookies mentioned above—information about use of the website, in particular browser type and version, operating system used, previously visited website, IP address of the computer, date/time and geographical region of the server request.

We use Google Analytics with active IP anonymisation only. This means IP addresses are further processed only in shortened form in order to exclude direct personal reference. According to Google, the IP address transmitted by your browser is not merged with other Google data. Together with the other processed information, the data is also used for the selection of personalised advertising with real-time bidding and remarketing/retargeting.

By using Google Analytics, your data may be transferred to a third country (USA). An adequacy decision (Trans-Atlantic Data Privacy Framework) currently exists for data transfers. However, we cannot exclude access to your data by US authorities for control and monitoring purposes. We point out that you may have no effective legal remedies or enforceable rights in proceedings against US authorities.

Processing and disclosure to Google occurs only with your consent (Art. 6(1)(a) GDPR in conjunction with § 165(3) TKG 2021), which you expressly give via the cookie settings (“opt-in”). You can withdraw this consent at any time; withdrawal does not affect the lawfulness of processing carried out before withdrawal. We retain data on website usage for 14 months.

Further information on data use by Google and settings/opt-out options can be found in Google’s privacy information at http://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/. You can also prevent the collection of data generated by the cookie and related to your use of the website (incl. your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available at: tools.google.com/dlpage/gaoptout

Meta Pixel

We use the “Meta Pixel” service provided by the social network “Meta” (Meta Platforms Technologies Ireland Limited, Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) for analysis and optimisation of our online offering.

We point out that Meta may transfer your data to the USA. An adequacy decision (Trans-Atlantic Data Privacy Framework) currently exists. However, we cannot exclude access to your data by US authorities for control and monitoring purposes. We point out that you may have no effective legal remedies or enforceable rights in proceedings against US authorities.

Processing occurs only with your consent (Art. 6(1)(a) GDPR in conjunction with § 165(3) TKG 2021), which you expressly give via the cookie settings (“opt-in”). You can withdraw this consent at any time; withdrawal does not affect the lawfulness of processing up to that point.

Meta Pixel enables us to display our advertising on Meta only to audiences that have an interest in it or in related topics. We can also statistically track the success of our ads on Meta. Actions you take are stored in cookies; Meta matches this data with your Meta account data to provide you with Meta ads tailored to your interests. You can prevent linking with your Meta account by logging out of your Meta account before taking actions. We cannot view the data collected by Meta.

Social Media (Facebook and Instagram)

We operate our own pages on Facebook and Instagram and are jointly responsible for data processing with Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (CJEU 05/06/2018, C-210/16). The relevant agreement is available at https://www.facebook.com/legal/terms/page_controller_addendum.

The Obertauern Facebook and Instagram fan pages are operated to represent the ski lift company and to provide information on summer and winter operations, projects and events. Personal data of users is processed in this context. This includes profile names, posted content when users actively participate (posting, commenting, liking, etc.), responses to messages and comments, and participation in competitions.

In addition, page operators can access anonymised statistical data regarding users of these pages via Meta Insights. These statistics are generated and provided by Facebook. We have no influence on creation or presentation, cannot disable this function, and cannot prevent the generation and processing of data.

For a selectable period and for the categories “fans”, “subscribers”, “people reached” and “interacting people”, Meta provides the following data for our fan pages: total page views, subscribers, people reached, “likes”, number of active members, most active contributing members, number of new members, name and profile information of members, number of posts and other interactions, page activities, video views, post reach, comments, popular days and times of interactions, number of membership requests, most popular posts, distribution of members by gender and age as well as by country and place.

These data are collected using cookies that each contain a unique user code active for two years and that Meta stores on the hard drive of visitors to the fan page or on another data carrier. The user code, which can be linked to the login data of users registered with Meta, is collected and processed when the fan pages are accessed.

We use this information to make our posts and activities on our fan pages more attractive for users and to document marketing activities.

Operation of the fan pages and the associated processing of personal data held by Meta is based on the consent given by the respective user to Meta (Art. 6(1)(a) GDPR).

We point out that Meta may transfer your data to the USA. An adequacy decision currently exists. However, we cannot exclude access by US authorities for control and monitoring purposes. You may have no effective legal remedies or enforceable rights in proceedings against US authorities.

Further information on data processing can be found in Facebook’s privacy policy at https://www.facebook.com/about/privacy/.

Skiline

Our website links to the external provider Skiline. If you register for this service and give your consent under Art. 6(1)(a) GDPR, the Skiline provider receives information about your lift entries in our ski areas and your card number and can calculate vertical metres and piste kilometres. For Skiline and all related processing, Alturos Destinations GmbH (Lakeside B03, 9020 Klagenfurt) is solely responsible under data protection law. Further information on the Skiline service: https://www.skiline.cc/privacy_policy/de
When registering for Skiline you can also consent to receive our newsletter. Further information can be found under “Newsletter” in this privacy policy.

ISKI Tracker

Our website links to the external provider ISKI Tracker. If you register for this service and give your consent under Art. 6(1)(a) GDPR, the ISKI Tracker provider receives information about your lift entries in our ski areas and your card number. ISKI Tracker is a service for recording and analysing your ski days (ski diary) and can, for example, calculate your vertical metres and piste kilometres. For ISKI Tracker and all related processing, intermaps AG (Untere Paulistrasse 6b, CH-8834 Schindellegi, Switzerland) is solely responsible under data protection law. Further information on the ISKI Tracker service: https://iski.cc/de/privacy-iski.html

Data Subject Rights

You have the right at any time to obtain information, rectification, erasure or restriction of processing of your stored data, the right to object to processing, and the right to data portability under the conditions of data protection law (Art. 15–22 GDPR).

You have the right to lodge a complaint with the Austrian Data Protection Authority (dsb@dsb.gv.at) if you believe that your personal data is not being processed lawfully.

If you have further questions about the processing of your data, you can contact us directly by email at info@lungo.at or by post.

Receipt Printout

Further information on the Photocompare access system and data protection can be found at:
https://www.lungo.at/skipass/tarifbestimmungen-lungo

icc.at