Privacy policy

Personal data (also referred to just as „data“ below) will only be processed by us to the extent necessary and for the purpose of providing our services as well as a functional and user-friendly website, including its contents, and the services offered there.

Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the „GDPR“), „processing“ refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.

The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience which may result in said third parties also processing data they collect and control.
Our privacy policy is structured as follows:

1 Information about us as controllers of your data

2 The rights of users and data subjects

3 Information about data processing

1 Information about us as controllers of your data

The party responsible for this website (the „controller“) for purposes of data protection law is:

Schifffahrt am Wolfgangsee GmbH
Monika Ratz
Brunnleitweg 32,
5340 St. Gilgen,
Österreich

The controller’s data protection officer is:
Monika Ratz
E-Mail-Address: office@schifffahrt-am-wolfgangsee.at
Phone: +43 664 55 47 431

Legal Notice: https://www.schifffahrt-am-wolfgangsee.at/impressum/

2 The rights of users and data subjects

With regard to the data processing described in more detail below, users and data subjects have the following rights:

2.1 Right to access (Art. 15 DSGVO)

You have the right to receive information about the personal data stored about you by us as well as a copy of this information.

2.2 Right to rectification (Art 16 DSGVO)

You have the right to have inaccurate and/or incomplete personal data concerning you rectified and/or completed.

2.3 Right to erasure (Art 17 DSGVO)

You have the right to request deletion of your personal data from our systems.
However, your data can not be deleted, if:
– the data is required for an ongoing contract;
– legal retention periods or conflicting interests prevent the deletion. In this case, processing may be blocked for other purposes.

2.4 Right to restriction of processing (Art 18 DSGVO)

You have the right to request the restriction of processing of your data if one of the following conditions is met:
– You have disputed the accuracy of the personal data. Restriction may be requested for the period during which your claim is verified.
– Processing of your data is not necessary, but you prefer and request the restriction of use of your personal data rather than it’s deletion.
– We no longer need your personal data for the purposes of processing, but require it for the assertion, exercise, or defense of legal claims.
– You have objected to the processing pursuant to Article 21 (1) DSGVO and your objection is still being reviewed by us.

2.5 Right to data portability (Art. 20 DSGVO)

You have the right to receive your own personal data, which you provided to us, in a structured, common, machine-readable form or, if necessary, to have this data transferred to third parties.
You have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6(1)(a) DSGVO or Art. 9(2)(a) DSGVO or on a contract pursuant to Art. 6(1)(b) DSGVO and processing is carried out with automated procedures, unless processing is necessary for tasks carried out in the public interest or in the exercise of official authority vested in the controller.
Pursuant to Article 20(1) of the GDPR, you also have the right to have your personal data transferred directly from one controller to another, where technically feasible, and where this does not adversely affect the rights and freedoms of other individuals.

2.6 Right to object (Art 21 DSGVO)

You have the right to object at any time to the processing of your personal data in accordance with Article 6(1)(e) or (f) DSGVO.

In the event of an objection we will no longer process your personal, unless:
– We can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.
– The processing serves the assertion, exercise or defense of legal claims.
You have the right to object at any time to the processing of personal data for the purpose of advertising.

2.7 Conditions for consent (Art 7 Abs 3 DSGVO)

You have the right to withdraw your consent to processing of your personal data at any time with effect for the future.

2.8 Right to lodge a complaint with a supervisory authority (Art. 77 DSGVO)

You have the right to lodge a complaint with the competent data protection supervisory authority at any time.

3 Information about data processing

3.1 Purpose and extent of the processing of personal data

As a matter of principle, we store personal data only insofar as this is necessary for providing our services and related activities.
The legal basis for this is our legitimate interest in data processing according to Art. 6 (1) lit. f DSGVO.

3.2 Legal basis for the processing of personal data

Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) is the legal basis for obtaining the consent from the data subject to process personal data.
For necessary processing of personal data as part of the fulfillment of a contract, as well as for pre-contractual measures to which the data subject is a party, Art. 6 (1) lit. b DSGVO serves as the legal basis.

Where processing of personal data is necessary for the fulfillment of legal obligations to which we are subject, Art. 6 (1) lit. c DSGVO serves as the legal basis.
If vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) (d) DSGVO serves as the legal basis.

If the protection of the legitimate interest of us or a third party for processing personal data outweighs the interests, fundamental rights and freedoms of the data subject, Art. 6 (1) lit. f DSGVO serves as the legal basis.

For transfer of personal data to communication service providers, collection agencies, legal representatives or the competent court, Art. 6 para. 1 lit. f DSGVO serves as the legal basis.
For the temporary storage of data, Art. 6 para. 1 lit. f DSGVO serves as the legal basis.

3.3 Storage duration and automatic deletion

Personal data will be deleted or anonymized by us o as soon as the purpose of the storage no longer applies.
Where data processing serves the fulfillment of a contract, this is generally the case when the contract has been concluded and all contractual obligations have been mutually fulfilled.
There may still be a need to store personal data in order to comply with legal regulations and obligations. Likewise, storage beyond this is possible if there is a legitimate interest according to Art. 6 Para. 1 lit. f DSGVO.
Data that is required to fulfill obligations under corporate and tax law in connection with the contract will be deleted or anonymized at the end of the seventh calendar year after the end of the contractual relationship, unless there are further legal obligations that require longer storage.

Backup copies in backup systems are also deleted.
Data will also be anonymized or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data due to a current contract, outstanding claims or legal obligations.

3.4 Right to object, cancellation and revocation

You may declare an objection to the evaluation of your personal data or a request deletion of said data at any time by e-mail to us.
However, if data processing is required as part of fulfilling an ongoing contract or in the context of pre-contractual measures and for the provision of our services, data deletion is not possible and may be denied. The Right to object subsequently does not apply in this case.

Data Processors

The companies listed below serve as Data processors.
Data processors are companies that provide services for us and in this capacity may process personal data collected in connection with our services.
In this context, data is only passed on to data processors within the scope and for the purpose of providing our services.

Data Processor	Headquarters	Data processing location	Function
World4You	Austria	Austria	Webspace-Provider
Microsoft	United States	EU-Region	Microsoft365

5 Further notes on data processing

5.1 Server data

For technical reasons, the following data sent by your internet browser to us or to our webspace-provider will be collected, especially to ensure a secure and stable website: These server log files record the type and version of your browser, operating system, the website from which you came (referrer URL), the webpages on our site visited, the date and time of your visit, as well as the IP address from which you visited our site.
The data thus collected will be temporarily stored, but not in association with any other of your data.
The basis for this storage is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website.
The data will be deleted by us or our webspace-provider automatically, unless continued storage is necessary based on Art. 6 Para. 1 lit. f) GDPR or for evidentiary purposes, in which case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.

5.2 Note on data protection outside the EU, especially the USA

According to the European Court of Justice, the U.S. currently does not offer an adequate level of data protection. However, standard contractual clauses have been formulated which can be used.
Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data is handled in compliance with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, companies commit to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed outside the EU.
The EU decision on the standard contractual clauses can be found here:
EUR-Lex – 32021D0914 – DE – EUR-Lex (europa.eu)

Please note: Standard Contractual Clauses are private law agreements and therefore have no direct impact on potential access requests by US authorities.

6 Cookie Manager

To obtain consent for the use of technically unnecessary cookies on the website, the provider uses a cookie manager.
When the website is called up, a cookie with the settings information is stored on the end device of the user so that the request for consent does not have to be made on a subsequent visit.
The cookie is required to obtain legally compliant user consent.
You can prevent cookies from being installed by adjusting the settings on your internet browser.

7 Cookies

7.1 Session cookies

We use cookies on our website. Cookies are small text files or other storage technologies stored on your computer by your browser. These cookies process certain specific information about you, such as your browser, location data, or IP address.
This processing makes our website more user-friendly, efficient, and secure, allowing us, for example, to display our website in different languages or to offer a shopping cart function.
The legal basis for such processing is Art. 6 Para. 1 lit. b) GDPR, insofar as these cookies are used to collect data to initiate or process contractual relationships.
If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Art. 6 Para. 1 lit. f) GDPR.
When you close your browser, these session cookies are deleted.

7.2 Third-party cookies

If necessary, our website may also use cookies from companies with whom we cooperate for the purpose of advertising, analyzing, or improving the features of our website.
Please refer to the following information for details, in particular for the legal basis and purpose of such third-party collection and processing of data collected through cookies.

7.3 Disabling cookies

You can refuse the use of cookies by changing the settings on your browser. Likewise, you can use the browser to delete cookies that have already been stored. However, the steps and measures required vary, depending on the browser you use. If you have any questions, please use the help function or consult the documentation for your browser or contact its maker for support. Browser settings cannot prevent so-called flash cookies from being set. Instead, you will need to change the setting of your Flash player. The steps and measures required for this also depend on the Flash player you are using. If you have any questions, please use the help function or consult the documentation for your Flash player or contact its maker for support.
If you prevent or restrict the installation of cookies, not all of the functions on our site may be fully usable.

8 Google Fonts

We use locally integrated and loaded Google Fonts. This type of integration does not require a connection to Google. Therefor no data is transmitted to Google systems.

9 Contact

If you contact us via email or the contact form, the data you provide will be used for the purpose of processing your request. We must have this data in order to process and answer your inquiry; otherwise, we will not be able to answer it in full or at all.
The legal basis for this data processing is Art. 6 Para. 1 lit. b) GDPR.
Your data will be deleted once we have fully answered your inquiry and there is no further legal obligation to store your data, such as if an order or contract resulted therefrom.
Please note: When using the contact form, the information you enter is transmitted via our webspace-provider and thus processed by this company.

10 Social Networks and Platforms

We use social networks and platforms and include links to the corresponding profiles and pages on our website.
The legal basis for this is Art. 6 para. 1 lit. f DSGVO. The legitimate interest of the provider is to improve the quality of service of the website.
The integration of the plugins takes place via a links. Only by clicking on the corresponding graphic or text-link, the user is forwarded to the service of the respective social network.
After the customer has been redirected, information about the user is collected by the respective network such as IP address, date, time and page visited. If the user is logged into a user account on the respective network during this time, the network operator may be able to assign the collected information of the specific visit to the personal account of the user. If the user interacts with the service via a “Share” button or similar features of the respective network, this information can be stored in the user’s personal account and may be published by the network. If the user wants to prevent the collected information from being directly assigned to his user account, the user must log out before clicking on the link. In addition, it is possible to configure the respective user account accordingly.

You may find the privacy policies of the social networks we use here:

Facebook

Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Instagram

Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

TikTok

TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Irland.
Privacy Policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en

11 Social Network Profiles

Facebook

To advertise our products and services as well as to communicate with interested parties or customers, we have a presence on the Facebook platform.
On this social media platform, we are jointly responsible with Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
The data protection officer of Facebook can be reached via this contact form:
https://www.facebook.com/help/contact/540977946302970

Joint responsibility is defined in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, which sets out the reciprocal obligations, is available at the following link:
https://www.facebook.com/legal/terms/page_controller_addendum

The legal basis for the processing of the resulting and subsequently disclosed personal data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis, communication, sales, and promotion of our products and services.
The legal basis may also be your consent per Art. 6 para. 1 lit. a GDPR granted to the platform operator. Per Art. 7 para. 3 GDPR, you may revoke this consent with the platform operator at any time with future effect.
When accessing our online presence on the Facebook platform, Meta Platforms Ireland Limited as the operator of the platform in the EU will process your data (e.g. personal information, IP address, etc.).
This data of the user is used for statistical information on the use of our company presence on Facebook. Meta Platforms Ireland Limited uses this data for market research and advertising purposes as well as for the creation of user profiles. Based on these profiles, Facebook Ireland Ltd. can provide advertising both within and outside of Facebook based on your interests. If you are logged into Facebook at the time you access our site, Facebook Ireland Ltd. will also link this data to your user account.

If you contact us via Facebook, the personal data you provide at that time will be used to process the request. We will delete this data once we have completely responded to your query, unless there are legal obligations to retain the data, such as for subsequent fulfillment of contracts.
Meta Platforms Ireland Limited might also set cookies when processing your data.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Cookies that have already been saved can be deleted at any time. The instructions to do this depend on the browser and system being used. For Flash cookies, the processing cannot be prevented by the settings in your browser, but instead by making the appropriate settings in your Flash player. If you prevent or restrict the installation of cookies, not all of the functions of Facebook may be fully usable.
Details on the processing activities, their suppression, and the deletion of the data processed by Facebook can be found in its privacy policy:
https://www.facebook.com/privacy/policy

Please note: It cannot be excluded that the processing Meta Platforms Ireland Limited will also take place in the United States by Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025.

Instagram
To advertise our products and services as well as to communicate with interested parties or customers, we have a presence on the Instagram platform.
On this social media platform, we are jointly responsible with Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
The data protection officer of Instagram can be reached via this contact form:
https://www.facebook.com/help/contact/540977946302970

The legal basis for the processing of the resulting and subsequently disclosed personal data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis, communication, sales, and promotion of our products and services.
The legal basis may also be your consent per Art. 6 para. 1 lit. a GDPR granted to the platform operator. Per Art. 7 para. 3 GDPR, you may revoke this consent with the platform operator at any time with future effect.
When accessing our online presence on the Instagram platform, Meta Platforms Ireland Limited as the operator of the platform in the EU will process your data (e.g. personal information, IP address, etc.).
This data of the user is used for statistical information on the use of our company presence on Instagram. Meta Platforms Ireland Limited uses this data for market research and advertising purposes as well as for the creation of user profiles. Based on these profiles, Meta Platforms Ireland Limited can provide advertising both within and outside of Instagram based on your interests.

If you are logged into Instagram at the time you access our site, Meta Platforms Ireland Limited will also link this data to your user account.
If you contact us via Instagram, the personal data your provide at that time will be used to process the request. We will delete this data once we have completely responded to your query, unless there are legal obligations to retain the data, such as for subsequent fulfillment of contracts.
Meta Platforms Ireland Limited might also set cookies when processing your data.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Cookies that have already been saved can be deleted at any time. The instructions to do this depend on the browser and system being used. For Flash cookies, the processing cannot be prevented by the settings in your browser, but instead by making the appropriate settings in your Flash player. If you prevent or restrict the installation of cookies, not all of the functions of Instagram may be fully usable.
Details on the processing activities, their suppression, and the deletion of the data processed by Instagram can be found in its privacy policy:
https://help.instagram.com/519522125107875

Please note: It cannot be excluded that the processing by Meta Platforms Ireland Limited will also take place in the United States by Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025.

TikTok
We maintain an online presence on TikTok to present our company and our services and to communicate with customers/prospects. Pinterest is a service of Beijing Bytedance Technology Ltd. For the European region, the Irish company TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, is responsible.
We would like to point out that this might cause user data to be processed outside the European Union. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to TikTok.
The TikTok privacy policy can be found here:
https://www.tiktok.com/legal/privacy-policy-eea?lang=de and https://ads.tiktok.com/i18n/official/policy/controller-to-controller.

12 Messenger & Chat-Platforms

We also use messenger and chat-platforms to provide additional contact-options for users.
When the user communicates with us via one of these platforms, both we and the platform receive the user’s mobile phone number as well as the information that the user has contacted the provider.
Messenger and chat platforms are used exclusively as a means to facilitate initial contact for users with us.
We use the following platforms:

WhatsApp
WhatsApp is a service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, hereinafter WhatsApp, a subsidiary of Facebook.
The aforementioned data is also forwarded by WhatsApp to servers of Facebook in the USA and processed by WhatsApp and Facebook in accordance with the WhatsApp Privacy Policy, which also includes processing for their own purposes, such as improving the WhatsApp service.

We would like to point out that this might cause user data to be processed outside the European Union, particularly in the United States. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to WhatsApp.
More information about the purpose and scope of the data collection and the further processing of these data by WhatsApp and Facebook as well as related rights and setting options for protecting privacy are contained in privacy guidelines from WhatsApp:
https://faq.whatsapp.com/general/about-standard-contractual-clauses and https://www.whatsapp.com/legal/#privacy-policy.

WeChat
WeChat is operated for customers from the EU area, Switzerland and the UK by Tencent International Service Europe B.V., at Buitenveldertselaan 1-5, 1082 VA, Amsterdam, the Netherlands.
The aforementioned data processed by WeChat in accordance with the WeChat Privacy Policy, which also includes processing for their own purposes, such as improving the WeChat service.
We would like to point out that this might cause user data to be processed outside the European Union. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to WeChat.
More information about the purpose and scope of the data collection and the further processing of these data by WeChat as well as related rights and setting options for protecting privacy are contained in privacy guidelines from WeChat:
https://www.wechat.com/de/privacy_policy.html

Kakao Talk
Kakao Talk is part of Kakao Corporation, located at 242 Cheomdan-ro, Jeju-si, Jeju-do (Youngpyung-dong).
The aforementioned data processed by Kakao Talk in accordance with the Kakao Talk Privacy Policy, which also includes processing for their own purposes, such as improving the Kakao Talk service.
We would like to point out that this might cause user data to be processed outside the European Union. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to Kakao Talk.

More information about the purpose and scope of the data collection and the further processing of these data by Kakao Talk as well as related rights and setting options for protecting privacy are contained in privacy guidelines from Kakao Talk:
Privacy Policy (kakao.com)

Line
Line Corporation is located at Yotsuya Office, Yotsuya Tower 23rd FL., 1-6-1 Yotsuya, Shinjuku-ku, Tokyo, 160-0004.
The aforementioned data processed by Line in accordance with the Line Privacy Policy, which also includes processing for their own purposes, such as improving the Line service.
We would like to point out that this might cause user data to be processed outside the European Union. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to Line.

More information about the purpose and scope of the data collection and the further processing of these data by Line as well as related rights and setting options for protecting privacy are contained in privacy guidelines from Line:
LINE Privacy Policy

This Data protection statement is partially based on the model provided by Anwaltskanzlei Weiß & Partner.