Data protection information according to Art. 13 and 14 GDPR
1. General
The protection of your personal data is of particular importance to us. We therefore only process your data in a lawful manner on the basis of the statutory provisions (in particular GDPR, DSG 2018, TKG 2021). In this data protection information we inform you about the most important aspects of data processing – type, scope and purposes of the collection and use of personal data – in the context of using our website and in the context of other services provided by our company.
1.1. Person responsible for the processing of your data
The controller (as defined in Art. 4 Z 7 GDPR) for the processing of your personal data (personal data as defined in Art. 4 Z 1 GDPR) is:
Nationalpark Oö Kalkalpen GmbH
Nationalpark Allee 1
A-4591 Molln
Tel. +43 75 84 / 39 51
E-Mail: office@kalkalpen.at
Contact person for data protection coordinator:
We take the protection of personal data seriously and have created an internal office for data protection coordination. Any person concerned can contact our data protection coordinator directly at any time with any questions or suggestions regarding data protection.
Data protection coordinator: Ms. Isabell Mühlberger, email: edv@kalkalpen.at .
1.2. Purposes, data categories and legal bases for the processing of personal data
purposes of processing
The purposes of processing your personal data generally arise from our mandate to manage, support and protect the Kalkalpen National Park: making our online offerings available, processing customer enquiries/orders/bookings (participation in national park experiences, educational programs and research projects), accounting, communication with business partners and customers. Detailed information on the purposes of processing and, if applicable, further processing for other compatible purposes as well as the categories of data processed can be found in the detailed descriptions of the individual data processing processes.
General data categories
- Personal master data (e.g. name, date of birth and age, address)
- Contact details (e.g. email address, telephone number, fax number)
- communication data (time and content of communication)
- Order or booking data (e.g. goods ordered or services commissioned and invoice data such as service period, method of payment, invoice date, tax identification number …)
- payment data (e.g. account number, credit card details)
- Contract data (contents of contracts of any kind)
- Web usage data (e.g. server data, log files and cookies)
- identification numbers (e.g. vehicle registration numbers for driving permits)
- video surveillance images (wildlife cameras only)
Special categories of data (“sensitive data”) pursuant to Art. 9 GDPR
- We generally do not process sensitive data.
legal basis for processing
There is basically no obligation to provide the data for the data processing described in this data protection declaration. Failure to provide this data will simply mean that we cannot offer these services. The legal basis for the processing of your personal data that is necessary to fulfill a contract with you or an order you place with us is Art. 6 (1) lit. b GDPR. If the processing of personal data is necessary to fulfill a legal obligation on our part (accounting obligation, bookkeeping obligation or other statutory documentation obligations), Art. 6 (1) lit. c GDPR serves as the legal basis. If the data is processed in your own vital interest, the legal basis for the data processing is Art. 6 (1) lit. d GDPR. If we process your data to carry out a task assigned to us in the public interest (“sovereign action”), e.g. within the framework of the nature watch (Upper Austrian Nature and Landscape Protection Act), the legal basis is Art. 6 (1) lit. e GDPR. If processing is necessary to protect a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh our interests, Art. 6 (1) lit. f GDPR (“legitimate interest”) serves as the legal basis for processing. In this case, we will also inform you of our legitimate interests. Unless we have another legal basis as explained above for processing personal data, we will ask you for consent to data processing, for which we rely on Art. 6 (1) lit. a GDPR in these cases or, in the case of processing sensitive data, on Art. 9 (2) lit. a GDPR as the legal basis. You can revoke this consent at any time free of charge without affecting the legality of the processing carried out on the basis of the consent until the revocation.
1.3. Data transfer to processors and third parties
We process your personal data with the support of contract processors who support us in providing our services. These contract processors are obliged to strictly protect your personal data through a corresponding agreement with us within the meaning of Art. 28 GDPR and are not permitted to process your personal data for any purpose other than to provide our services. You can find out which contract processors these are in the detailed descriptions of the individual data processing processes.
Your personal data will be passed on to companies other than our contract processors, such as typical business service providers such as banks, tax consultants or auditors. Personal data will only be transferred to state institutions and authorities within the framework of mandatory national legal provisions.
Depending on your order (e.g. bookings and enquiries), your personal data will only be transmitted to the extent necessary, if necessary, to hotel partners or other tourism service providers who are required to fulfil your order. The personal data transmitted varies depending on the service.
1.4. Transfers to third countries
We generally process your personal data in the EU. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs as part of the use of services from our processors or third parties, this will only take place if the requirements of Art. 44 ff. GDPR for the transfer to third countries are met: i.e. on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to that of the EU or in compliance with officially recognized contractual obligations, the so-called “EU standard contractual clauses”. If we rely on the EU standard contractual clauses as the legal basis for the transfer of your personal data, we will also check the admissibility of this data transfer as part of a comprehensive risk assessment. If we come to a negative result, we will not transfer this data to a third country without your express consent in accordance with Art. 49 (1) lit. a GDPR.
1.5. Data deletion and storage period
We will delete your personal data as soon as the purpose for which we collected it no longer applies. Data may also be stored if we process the data for a purpose compatible with the original purpose. It may also be stored if this is required by laws, regulations or other provisions to which our company is subject.
1.6. Data sources
We collect your personal data exclusively from you and do not use any other data sources.
1.7. Profiling
We do not use any automated decision-making or profiling processes that have a legal effect on you or significantly affect you in a similar way. However, with your consent, we will use your usage data to get to know your interests better and thus show you information that is of interest to you or to make you tailored offers or to show you corresponding information on third-party websites or social media platforms.
1.8. Protection of your data protection rights
In accordance with the GDPR, you generally have the right to information, correction, deletion and restriction of the processing of personal data. If the legal basis for the processing of your personal data is your consent or a contract concluded with you, you also have the right to data portability. You have the right to revoke any consent you may have given to the processing of your personal data. This does not affect the legality of the processing of your personal data up to the time of revocation. You have the right to object to the processing of your personal data for the purpose of direct advertising. In the event of an objection, your personal data will no longer be processed for the purpose of direct advertising. A detailed explanation of these rights can be found here in Chapter III.
right to complain
If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been violated in any way, you can complain to the responsible supervisory authority. In Austria, this is the Data Protection Authority (Barichgasse 40-42, A-1030 Vienna, email: dsb@dsb.gv.at ).
2. Visiting our website
In this section we inform you how we process your personal data when you visit our website.
2.1. Presentation of the website
server data
For technical reasons, on the basis of the legal basis of Section 165 (3) S 3 TKG 2021 (required for the operation of our website), the following data, which your Internet browser transmits to us or to our web space provider, is recorded (so-called “server log files”):
- browser type and version
- Operating system and device type used (e.g. desktop / mobile)
- website from which you visit us (referrer URL)
- website you visit
- date and time of your access
- your Internet Protocol address (IP address)
This data, which is anonymous to us, is stored separately from any personal data you may have provided for 7 days and therefore does not allow us to draw any conclusions about a specific person. It is evaluated for statistical purposes in order to be able to optimize our website and our offers.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” or by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data that you send to us cannot be read by third parties.
technical service providers
We create and edit the content of our website with the help of the following service providers, whom we have obliged through a corresponding agreement within the meaning of Art. 28 GDPR to process your data exclusively within the scope of our order:
Technical conception:
- Own design with open source software from WordPress (Web: https://wordpress.com/de/ ). Further information on data protection at: https://automattic.com/de/privacy/
Web hosting:
- World4You Internet Services GmbH (Wolfgang-Pauli-Straße 2, BT3, A-4020 Linz); Further information on data protection at:
https://www.world4you.com/unternehmen/datenschutzerklaerung
2.2. Cookies
Cookie Banner – Cookies on our website – Consent Management System
Cookies are small data sets that are used to store information when or about visiting websites and are stored on the website visitor’s computer. We only use cookies on our website that are absolutely necessary for the proper operation of our website (e.g. shopping cart or session cookies). The legal basis for these cookies is our legitimate interest in accordance with Art. 6 (1) lit. f GDPR in conjunction with Section 165 (3) S 3 TKG 2021.
Since we do not set any unnecessary cookies on our website or use other analysis and tracking tools that would require your consent, you will not find a cookie banner on our website.
Changing the cookie settings in your web browser
You can specify how the web browser you use handles cookies, i.e. which cookies are accepted or rejected, in the settings of your web browser. You can also delete cookies already stored on your computer/device at any time. Where exactly these settings are located depends on the respective web browser. Detailed information can be found using the help function of the respective web browser.
In addition, you have the option of generally objecting to cookies and similar tracking technologies using the services listed below by setting your individual preferences – which technologies for usage and interest-based advertising you want to allow:
- European Interactive Digital Advertising Alliance (EDAA): https://www.youronlinechoices.com/de/praferenzmanagement/
- Network Advertising Initiative (NAI):
https://optout.networkadvertising.org/?c=1#!%2F
2.3. Communication with us
Contact by email
On our website we offer you the opportunity to contact us by email. In this case, the information you provide will be processed for the purpose of processing your contact on the basis of the legal basis of contract fulfillment in accordance with Art. 6 (1) lit. b GDPR. There is no legal or contractual obligation to provide this personal data. Failure to provide it simply means that you will not be able to submit your request and we will not be able to process it. Data will only be passed on to third parties if this is stated on the website or in this data protection declaration or if it is necessary to fulfill the contract or if legal regulations require it. We only store your data for as long as it is necessary to process your inquiries or for any further questions.
2.4. Web analysis – Statistical analyses of our website
We currently do not use any tools to analyze visitor behavior on our website.
2.5. Web marketing
We currently do not use any tracking or web marketing tools on our website.
2.6. Integration of additional services and content from third parties
We currently do not integrate any third-party content or functions into our website that would require the providers of this content or functions to perceive the IP address of the users (website visitors).
3. Other data processing in business and customer contact
Further detailed information about other data processing processes outside of our website can be found in our data protection information on our website www.kalkalpen.at under point “3. Other data processing in business and customer contact” at: https://www.kalkalpen.at/datenschutz
Current version of the data protection information dated December 11, 2024