Privacy policy

The controller (within the meaning of Art. 4(7) GDPR) for the processing of your personal data (personal data within the meaning of Art. 4(1) GDPR) is

Planai-Hochwurzen-Bahnen Gesellschaft m.b.H.

Coburgstrasse 52

8970 Schladming

Styria - Austria

Telephone: +43 3687 22042

Data protection officer

Planai is not required to appoint a data protection officer, we refer in this regard to Article 37, paragraph 1 of the EU GDPR. Of course, Planai is aware of its responsibility in handling personal data and takes all necessary measures and regulations to meet this responsibility. Planai has set itself the task of continuously implementing, reviewing and improving the defined data protection measures. Rights of data subjects Every data subject whose personal data is processed by Planai has the opportunity to invoke and assert their own data subject rights at any time. To exercise your data subject rights, you can write to datenschutz@planai.at at any time.

Purpose of data processing

Planai processes personal data of employees, partners, customers and suppliers for the purpose of performing its business activities and fulfilling the associated legal and contractual requirements.

Collection of customer data

In the course of purchasing a ticket in the online store or at our cash desks, we collect and process - depending on the respective product - first name, surname, address, telephone number, e-mail address, date of birth and photo for the purpose of carrying out the booking and payment process.

Access control

Please note that for the purpose of access control, a reference photo of the lift pass holder is taken when passing through a turnstile equipped with a camera for the first time. This reference photo is compared by the lift staff with the photos that are taken each time a turnstile equipped with a camera is passed through. The reference photo is deleted immediately after the lift ticket expires, the other photos are deleted no later than 30 minutes after the respective turnstile has been passed through. Please note that it is also possible to purchase lift tickets that are technically configured in such a way that no photo is taken when passing through the turnstile, although random checks by lift staff must be expected.

Photo points & webcams

There are several photo points throughout the ski areas which you can use to take photos. When you use this photo point, a current photo is taken and published online. You can have the photos you have taken deleted at any time. Simply contact us at datenschutz@planai.at.

Skiline

You can access the external service Skiline via the website to view your personal altitude profile. Skiline receives the turnstiles you have passed through and your map number to create the altitude profile. No personal data is therefore passed on. When you access the Skiline service via our website, you leave our website and we cannot accept any further liability.

Principles of processing personal data

The processing of personal data is based on strict principles that consider the protection and security of data and the rights of the data subjects to be of the utmost importance.

Lawfulness & transparency

Data processing is carried out in a lawful manner, in good faith. The data subject is informed about the planned processing and handling of the data when the data is collected. Data subjects are informed of at least the following points:

• Controller of the data processing
• Purpose of the data processing
• Legal basis of the processing

You will find brief information on the processing of the data collected from you at all our checkouts.

Purpose limitation

The data is collected and processed for specified, clear and legitimate purposes. The data is not processed in a way that is incompatible with these purposes.

Data minimization

Only data that is absolutely necessary for the stated purposes is collected and processed. If it is possible to achieve the purpose and the effort is reasonable, only anonymized data will be processed.

Storage limitation and deletion

Personal data is deleted as soon as the purpose for which it was originally collected no longer applies and statutory retention periods do not prevent deletion.

If there are legitimate interests in this data in individual cases, it will continue to be stored until the legitimate interest has been legally clarified.

Data security

Data secrecy applies to personal data. The data must be handled confidentially and is protected by appropriate organizational and technical measures against unauthorized access, unlawful manipulation or disclosure as well as loss and destruction.

Factual accuracy

Personal data must be kept accurate, complete and up to date. Appropriate measures are taken to correct outdated, incorrect or incomplete data.

Commitment to data secrecy

All employees of Planai and the employees of the operating companies are contractually obliged to maintain confidentiality and are regularly instructed and trained in the secure handling of personal and other critical data.

Data security

Protecting the confidentiality, availability and integrity of data is an essential task of Planai. This applies equally to trade secrets, customer data, personal data and other critical information. To this end, technical and organizational security measures are established and continuously improved in accordance with the state of the art and internationally recognized best practices and security standards.

Information

Data subjects can request information at any time about which personal data about them is being processed and the purposes of this processing.

Rectification

Data subjects have the right to request the immediate rectification of inaccurate personal data concerning them.

Restriction

Data subjects have the right to restriction of processing if the accuracy of the data concerning them is disputed, the processing is unlawful, the data is no longer required for processing or the data subjects have objected to the processing.

Revocation

Data subjects have the right to object at any time to the processing of personal data concerning them.

Portability

Data subjects have the right to receive the personal data concerning them, which they have provided to Planai, in a structured, commonly used and machine-readable format. They also have the right to request the transfer of this data to another controller, where technically feasible. Portability only applies to personal data that is processed by automated means.

Erasure - right to be forgotten

The data subject has the right to request the immediate erasure of personal data concerning them if the legal basis for the processing of the data is missing or no longer applies, the data processing is objected to, the data processing is unlawful and no statutory retention periods make erasure impossible. Data security is also a high priority with regard to the rights of data subjects, which is why the assertion of data subject rights is only possible after the data subject has been identified beyond doubt. You also have the right to lodge a complaint with the data protection authority at any time.

Server data

For technical reasons, the following data, which your Internet browser transmits to us or to our web space provider, is collected on the legal basis of § 165 (3) S 3 TKG 2021 (required for the operation of our website) (so-called "server log files")

• Browser type and version
• Operating system and device type used (e.g. desktop / mobile)
• Website from which you visit us (referrer URL)
• Website that you visit
• Date and time of your access
• Your internet protocol address (IP address)

This data, which is anonymous for us, is stored separately from any personal data you may have provided for 7 days and therefore does not allow us to draw any conclusions about a specific person. They are evaluated for statistical purposes in order to optimize our website and our offers.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" or by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Technical service providers

We create and edit the content of our website with the help of the following service providers, which we have obliged to do so by a corresponding agreement within the meaning of Art. 28 GDPR. Art. 28 GDPR to process your data exclusively within the scope of our order:

Technical conception:

• Web agency - www.valantic.com (Valantic CX Austria GmbH, Gusswerk Halle 6, Söllheimerstraße 16, A-5020 Salzburg); Further information on data protection at: https://www.valantic.com/at/datenschutzhinweis/

Webhosting:

• Hetzner Online GmbH (Industriestr. 25, D-91710 Gunzenhausen). Further information on data protection can be found at: https://www.hetzner.com/de/legal/privacy-policy/

Cookie Banner - Cookies on our website

Our website uses cookies that help us to make our website more user-friendly and efficient for you, to carry out statistical analyses of the use of our website or to display content that may be of interest to you on other websites. Cookies are small data records that are used to store information during or about visits to websites and are stored on the website visitor's computer. The legal basis for cookies that are absolutely necessary for the proper operation of our website (e.g. shopping cart cookie) is § 165 (3) S 3 TKG 2021. Cookies that are not necessary for the function of our website (e.g. analysis or marketing cookies) are deactivated and are only activated by your consent in accordance with Art. 6 (1) lit. a GDPR in our cookie banner ("Accept"). You can activate or deactivate individual cookies or cookie groups by clicking on "Settings". If you restrict the use of cookies on our website, you may no longer be able to use all the functions of our website to their full extent. You can find detailed information about the cookies used on our website in our cookie banner.

Changing the cookie settings in your web browser

You can specify how the web browser you are using handles cookies, i.e. which cookies are allowed or rejected, in your web browser settings. You can also delete cookies already stored on your computer/device yourself at any time. Where exactly these settings are located depends on the respective web browser. Detailed information on this can be accessed via the help function of the respective web browser.

It is also possible to generally object to cookies and similar tracking technologies via the services listed below by setting your individual preferences - which technologies you wish to allow for usage and interest-based advertising:

• European Interactive Digital Advertising Alliance (EDAA): https://www.youronlinechoices.com/de/praferenzmanagement/
• Network Advertising Initiative (NAI): https://optout.networkadvertising.org/?c=1#!%2F

IP address

When you visit our website, information is automatically stored on the web server. This includes the browser used, the operating system used, which page brought you to our website, the IP address, the time of access and other information. From Planai's point of view, this data is pseudonymized and cannot be assigned to a specific person without additional data sources. Planai does not evaluate this data as long as there is no illegal use of the website.

Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Adobe Fonts

Provider: Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland, parent company: Adobe Inc (USA)

Purpose: Integration of fonts, performance measurement

Category: Statistics

Recipient: EU, USA

Processed data: IP address, user data

Data subjects: Users

Technology: JavaScript call

Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TNo9AAG&status=Active

Website: https://www.adobe.com/

Further information: https://www.adobe.com/de/privacy.html https://www.adobe.com/privacy/policies/adobe-fonts.html

Our website uses so-called web fonts provided by Adobe for the uniform display of fonts.

When you visit our website, your browser loads the required fonts directly from Adobe in order to display them correctly on your device. In doing so, your browser establishes a connection to Adobe's servers in the USA. This gives Adobe knowledge that our website has been accessed via your IP address. According to Adobe, no cookies are used to provide the fonts.

In addition to a user's IP address, each font request also transmits additional information to Adobe in order to determine the popularity of fonts.

Google Ads

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC (USA)

Purpose: Personalized advertising, conversion tracking, remarketing, measuring the success of campaigns

Category: Marketing

Recipient: EU, USA

Processed data: IP address, details of the website visit, user data

Data subjects: Users

Technology: JavaScript call, cookies

Legal basis: Consent, certification according to EU-US Data Privacy Framework,

Website: https://www.google.com

Further information:

https://policies.google.com/privacy

https://safety.google/intl/de/principles/

https://business.safety.google/privacy/

https://business.safety.google/adsprocessorterms/

Here you can find out exactly where Google data centers are located: https://www.google.com/about/datacenters/inside/locations/

This website uses the Google Ads service for the purpose of advertising our products and services. Google Ads is Google's in-house online advertising system.

It is important for us to know whether an interested visitor ultimately becomes our customer. To be able to measure this, there is the so-called "conversion tracking". We also want to be able to address visitors to our website again in a targeted manner. We achieve this through so-called "remarketing (retargeting)".

Google Ads is used for both "conversion tracking" and "remarketing", i.e. we can recognize what happened after you clicked on one of our ads. For this service to work, cookies are used and visitors are sometimes added to remarketing lists so that they are only shown certain advertising campaigns.

Our aim is to use Google Ads to target our website to those visitors who are actually interested in what we have to offer. The data from "conversion tracking" enables us to measure the benefit of individual advertising measures and optimize our website for our visitors. Conversion can be measured through the use of cookies.

We can also track whether they have found their way to our website via a Google Ads campaign. In cooperation with an analysis tool such as Google Analytics, the measurement of the success of campaigns can be further refined. The data is processed by Google. We only receive a report with statistical evaluations. For example, we know the number of users who have clicked on our ad and we can determine which campaign has been well received.

We have no influence on how Google uses the data. However, according to information from Google, the data is stored in encrypted form on secure servers in the USA and elsewhere.

Google Fonts

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company Google LLC (USA), https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

Purpose: Integration of fonts

Category: Statistics

Recipient: EU, USA (possible)

Processed data: IP address, language settings, screen resolution, version and name of the browser

Data subjects: Website visitors

Technology: JavaScript call

Legal basis: Consent, Data Privacy Framework

Website: www.google.com

Further information: https://developers.google.com/fonts/faq https://policies.google.com/privacy https://www.google.com/about/datacenters/inside/locations/

Our website uses so-called web fonts provided by Google for the uniform display of fonts.

To display web fonts from Google, the browser you are using must connect to Google's servers. This informs Google that our website has been accessed via your IP address. Google also stores the IP address of the browser of the end device of the visitor to our website. If your browser does not support web fonts, a standard font will be used by your device.

Each Google Font request automatically transmits information such as language settings, screen resolution, version and browser name to Google servers in addition to the IP address. Google can use the collected usage data to determine the popularity of fonts. Google publishes the results on internal analysis pages (e.g. Google Analytics).

With Google Fonts, we can use fonts on our own website and do not have to upload them to our server. Google Fonts is an important component in keeping the quality of our website high. All Google fonts are automatically optimized for the web, which saves data volume and is a great advantage, especially when using mobile devices. When you visit us, the low file size ensures a fast loading time. Furthermore, Google Fonts are secure web fonts and support all common browsers.

Google stores requests for CSS assets on its servers for one day. This enables us to use the fonts with the help of a Google stylesheet. The font files are stored by Google for one year. To delete data prematurely, you must contact Google support ( https://support.google.com ).

Google Marketing Platform / Google Ad Manager

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC (USA)

Purpose: Personalized advertising, conversion tracking, remarketing, measuring the success of campaigns

Category: Marketing

Recipient: EU, USA

Processed data: IP address, details of the website visit, user data

Data subjects: Users

Technology: JavaScript call, cookies

Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

Website: https://www.google.com

Further information:

https://policies.google.com/privacy

https://safety.google/intl/de/principles/

https://business.safety.google/adsprocessorterms/

Here you can find out exactly where Google data centers are located: https://www.google.com/about/datacenters/inside/locations/

The Google Ads service is used on this website for the purpose of advertising our products and services. Google Ads is Google's in-house online advertising system.

It is important for us to know whether an interested visitor ultimately becomes our customer. Conversion tracking is used to measure this. We also want to be able to address visitors to our website again in a targeted manner. We achieve this through so-called remarketing (retargeting).

Google Ads is used for both conversion tracking and remarketing, i.e. we can recognize what happened after you clicked on one of our ads. For this service to work, cookies are used and visitors are sometimes added to remarketing lists so that they are only shown certain advertising campaigns.

This is done by means of a pseudonymous identification number (pID), which is assigned to the user's browser. This pID enables the service to recognize which ads have already been displayed to a user and which have been viewed. The data is used to display advertisements across websites by enabling Google to identify the pages visited.

Our aim is to use Google Ads to target our website to those visitors who are actually interested in our offer. The data from conversion tracking enables us to measure the benefit of individual advertising measures and optimize our website for our visitors. Conversion can be measured through the use of cookies.

The information generated is transmitted by Google to a server in the USA for analysis and stored there. Google will only transfer the data to third parties on the basis of legal regulations or as part of order data processing. Under no circumstances will Google link a user's data with other data collected by Google.

Google Signals for Google Analytics

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC (USA)

Purpose: Additional function for Google Analytics, cross-device tracking

Category: Statistics

Recipient: EU, USA

Processed data: IP address, user data

Data subjects: Users

Technology: Additional function to Google Analytics

Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

Website: https://www.google.com

Further information:

Information on Google Analytics in this privacy policy

https://policies.google.com/privacy

https://safety.google/intl/de/principles/

https://business.safety.google/adsprocessorterms/

Here you can find out exactly where Google data centers are located:

https://www.google.com/about/datacenters/locations/

We have added Google Signals to existing Google Analytics functions on our website. Google Signals is a cross-device tracking of users that is integrated into Google Analytics.

By activating Google Signals for Google Analytics, data is processed and assigned to your Google account. This allows Google to recognize, for example, if you have viewed products on our website via your smartphone and only purchased them later via another device, e.g. via your computer. Google Signals makes it possible to carry out cross-device campaigns.

By activating Google Signals for Google Analytics, user data such as location, search history and other data about the use of our website is collected. This gives us better information about interests and demographic characteristics. This information helps us to form specific target groups of users in Google Analytics in order to better respond to individual wishes and interests.

Personalization by Google Signals is only possible if a user is logged into their Google account and allows personalized advertising and if a user has given their consent to the use of Google Analytics on our website.

The data protection information on the use of Google Analytics can also be found here in this privacy policy.

Google Tag Manager

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC (USA)

Purpose: Management of tools and plugins

Category: Technically required

Recipient: EU, USA

Data processed: IP address

Data subjects: Users

Technology: JavaScript call

Legal basis: Legitimate interest, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

Website: https://www.google.com

Further information:

https://policies.google.com/privacy

https://safety.google/intl/de/principles/

https://business.safety.google/adsprocessorterms/

Here you can find out exactly where Google data centers are located: https://www.google.com/about/datacenters/locations/

The Google Tag Manager service is used on our website.

The Tag Manager is a service with which we can manage website tags via an interface. This allows us to add code snippets such as tracking codes or conversion pixels to websites without interfering with the source code. The Tag Manager only forwards the data, but neither collects nor stores it. The Tag Manager itself is a cookie-less domain and does not process any personal data, as it is used purely to manage other services in our online offering.

When the Google Tag Manager is started, the browser establishes a connection to Google's servers. These are mainly located in the USA. As a result, Google becomes aware that our website has been accessed via a user's IP address.

The Tag Manager ensures the resolution of other tags, which in turn may collect data. However, the Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags that are implemented with the Tag Manager.

Hotjar

Provider: Hotjar Ltd, Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta, e-mail: support@hotjar.com

Purpose: Analysis of user behavior, improvement of user-friendliness

Category: Statistics

Recipient: EU

Processed data: User behaviour, clicks, mouse movements, scrolling behaviour, IP address (anonymized), device information, browser information, location (country only), preferred language, pages visited

Data subjects: Website visitors

Technology: Cookies (details in the cookie list), JavaScript, local storage

Legal basis: Consent (purpose)

Website: https:www.hotjar.com

Further information:

https://www.hotjar.com/de/legal/policies/privacy/

https://www.hotjar.com/de/legal/policies/terms-of-service/

https://www.hotjar.com/de/legal/support/dpa/

https://www.hotjar.com/legal/policies/acceptable-use/

https://www.hotjar.com/de/engage-tester-terms/

We use the Hotjar service on our website to analyze user behavior and improve the user-friendliness of our website. Hotjar is a tool that combines various analysis techniques to create a comprehensive picture of user behavior.

The tool collects data about users' interactions with our website, including mouse movements, clicks, scrolling behavior and form interactions. This data is visualized in the form of heat maps, session recordings and conversion funnels. Hotjar uses JavaScript and cookies to collect this information.

All relevant information about the cookies, including name, purpose of use and storage duration, is included in our detailed list of cookies used.

Hotjar anonymizes IP addresses and does not store any personally identifiable information. The tool also collects device information, browser type, operating system, preferred language and approximate location (country level only).

In addition, Hotjar offers features such as feedback surveys and user polls that can be embedded directly on the website to collect qualitative feedback.

The storage period of the data varies depending on the function and setting. By default, data is stored for 365 days, but can be deleted earlier if desired. After the storage period has expired or if the Hotjar account is deleted, the data is automatically deleted.

Additional details can be found in the linked further information. We recommend that you check these links regularly for changes, as Hotjar may update its data protection practices. Additional information on the rights of data subjects and the relevant contact details can be found in the general section of this privacy policy.

Meta Pixel

Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, e-mail: privacy@facebook.com

Parent company: Meta Platforms, Inc, 1601 Willow Road, Menlo Park, CA 94025, USA

Purpose: Web analysis, tracking (conversion)

Category: Marketing

Recipient: EU, USA

Processed data: Visitor data (e.g. IP address, location data), behavioral data (e.g. clicks, duration of visit, conversion data), device data (e.g. browser type, operating system), e-commerce data (e.g. order ID, product information)

Data subjects: Website visitors

Technology: JavaScript, cookies (details in the cookie list), tracking pixels

Legal basis: Consent (purpose)

Certifications: EU-U.S. Data Privacy Framework, Swiss-U.S. Data Privacy Framework, UK Extension to the EU-U.S. Data Privacy Framework

Website: https:www.facebook.com/business/tools/meta-pixel

Further information:

https://www.facebook.com/privacy/policy/

https://www.facebook.com/legal/terms

Our website uses the Meta Pixel service of the social network Facebook for the analysis, optimization and economic operation of our online offer.

With the help of meta pixels, it is possible for Meta to determine the visitors to our website as a target group for the display of personalized ads. Accordingly, we use meta pixels to display the advertisements placed by us only to those users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Meta (so-called "custom audiences"). With the help of meta pixels, we also want to ensure that our meta ads correspond to the potential interest of users and are not annoying. With the help of meta pixels, we can also track the effectiveness of the meta ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a meta ad (so-called "conversion").

The actions of users are stored in one or more cookies. These cookies make it possible to match meta user data (such as IP address, user ID) with the data of a Facebook account. The data collected is anonymous and not visible to us and can only be used in the context of advertisements. Users can prevent the link to their Facebook account by logging out before taking any action.

To set which types of ads are displayed within Facebook, users can go to the page set up by Meta and follow the instructions on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads

The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

Additional details can be found in the linked further information. It is recommended that you check these links regularly for changes, as Meta may update its functions and privacy policy. Further information on rights and contact details can be found in the general section of this privacy policy.

Vimeo

Provider: Vimeo Inc, 555 West 18th Street New York, New York 10011, USA

Purpose: Integration of video content

Category: External media

Recipient: USA

Processed data: IP address, details of the website visit

Data subjects: Website visitors

Technology: JavaScript call, cookies

Legal basis: Consent

Website: https://www.vimeo.com

Further information: https://vimeo.com/privacy (in English)

ATTENTION: In the context of this service, data transfer to the USA takes place or cannot be ruled out. We would like to point out that on July 10, 2023, the European Commission issued an adequacy decision pursuant to Art 45 (1) GDPR on the EU-US data protection framework (Data Privacy Framework). Accordingly, organizations or companies (as data importers) in the USA that are registered in a public list as part of the self-certification option of the Data Privacy Framework offer an adequate level of protection for data transfers. You can find out whether the specific provider of this service is already certified here: https://www.dataprivacyframework.gov/s/participant-search

Videos from the Vimeo platform are integrated on our website.

When you access the web pages of our online offering that contain a Vimeo plugin, a connection to the Vimeo servers is established and the plugin is displayed. This transmits your IP address to the Vimeo server, as well as information about which of our web pages you have visited. If you are logged in to Vimeo as a member, Vimeo assigns this information to your personal user account. When you use the plugin, e.g. by clicking the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website.

If you want to prevent the transmission and storage of data about you and your behavior on our website by Vimeo, you must log out of Vimeo before you visit our site.

Retargeting

Placement of interest-based advertising with the help of "retargeting" This website uses so-called "retargeting tags". A "retargeting tag" is a JavaScript element that is placed in the source code of the website. If a user visits a page on this website that contains a "retargeting tag", an online advertising provider (e.g. Google) places a cookie on the user's computer and assigns it to the corresponding retargeting target group lists. This cookie is then used to place retargeting campaigns ("interest-based advertising") on other websites. Studies have shown that the display of interest-based advertising is more interesting for Internet users than advertising that is not directly related to interests or previously visited websites.

Setting and deactivation options

Third-party providers, including Google, use these cookies to place ads based on a user's previous visits to our website. No personal data is stored in the process. Users of this website can deactivate the use of cookies by Google by accessing the "Google Ads Preferences" page. Users can also deactivate the use of cookies by third-party providers by visiting the deactivation page of the "Network Advertising Initiative" and making the appropriate settings there.

Google ad preferences: http://www.google.com/ads/preferences/?hl=de

Settings and opt-out options for the "Network Advertising Initiative": http://www.networkadvertising.org/managing/opt_out.asp

YouTube

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC (USA)

Purpose: Integration of video content, collection of statistical data

Category: Statistics

Recipient: EU, USA

Processed data: IP address, details of the website visit, user data

Data subjects: Users

Technology: JavaScript call, cookies, device fingerprinting, local storage

Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

Website: https://www.youtube.com

Further information: https://www.youtube.com/intl/ALL_at/howyoutubeworks/user-settings/privacy/

https://policies.google.com/privacy

https://safety.google/intl/de/principles/

https://support.google.com/youtube/answer/10364219?hl=de

We use the YouTube service on our website to embed external videos.

We have activated the extended data protection mode on YouTube. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch a video. However, the transfer of data to YouTube partners is not excluded by the extended data protection mode.

As soon as a YouTube video is started on our website, a connection to the YouTube servers is established. This tells YouTube which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. This can be prevented by logging out of your account.

Furthermore, YouTube can store various cookies on your end device after starting a video or use comparable technologies (e.g. device fingerprinting). YouTube also uses local storage on your device. In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts.

Contact form

On the Planai websites, you have the option of sending your inquiries to the Planai via the contact form. As part of this contact request, personal data (e-mail address, name, address) is also collected and processed for the purpose of processing.

Applicants

The contact details and application documents submitted in the course of an application are processed electronically by us for the purpose of selecting suitable candidates for an employment relationship. In the event of a rejection, the application documents will only be kept on file if you consent to this.

We process your personal master data, contract and payment data as well as communication data (IP address and server log files) for the purpose of providing contractual services as well as their payment and execution in the context of online purchases, bookings and brochure orders on the basis of the legal bases of Art. 6 (1) lit. b GDPR (contract fulfillment) and Art. 6 (1) lit. c GDPR (legal obligation for invoicing and archiving).

We store this data as long as the purpose requires it, legal regulations provide for this (retention period of invoices according to § 132 BAO for 7 years; voucher orders until the expiry of the redemption period for 30 years) or we need this data on the legal basis of Art. 6 (1) lit. f GDPR (legitimate interest) to defend against possible liability claims. If you cancel the order process, we store the data for 14 days to clarify possible problems during the order process.

There is no legal or contractual obligation to provide personal data. The only consequence of not providing this data is that we will not be able to process your bookings/orders.

INCERT voucher system and merchandising articles

We use the system of the company INCERT eTourismus GmbH & Co KG (Leonfeldner Strasse 328, A-4040 Linz) as our processor to process orders for vacation vouchers and merchandising articles. It enables the automated sale of vouchers via "print@home" as well as the individual personalization of vouchers with dedications, designs and barcodes. The following information is required to process orders: Title, first and last name, address, e-mail address. This data is processed for the purpose of providing contractual services or for the fulfillment of pre-contractual services on the legal basis of Art. 6 (1) lit. b GDPR. We have concluded a corresponding agreement with INCERT as a processor in accordance with Art. 28 GDPR, which ensures that your data is processed exclusively within the scope of our order. Further information on INCERT's data protection can be found at: https://www.incert.at/datenschutz/.

If you agree to receive the newsletter, we will use the data you provide, such as your name, e-mail address and other contact details, to keep you regularly informed about news from the ski region, the companies and current offers. If you no longer wish to receive the newsletter, you can unsubscribe at any time. To do so, you can use the unsubscribe link contained in every e-mail or send an e-mail to web@planai.at.

In addition to our website, we maintain online presences within social networks and platforms (Facebook, Twitter, Pinterest, Instagram, LinkedIn, TikTok, FlickR and YouTube) in order to communicate with the customers and business partners active there and to be able to inform them about our services on these networks. Further data protection information can be found when you access our content on these platforms.

From time to time you have the opportunity to take part in Planai competitions. Personal data (e-mail address, name, address) is also collected and processed for the purpose of processing these promotions. The personal data collected in the context of such a competition will be used exclusively for the processing of the promotion (in the case of a competition, for example, for determining the winner, notifying the winner and sending the prize). After the end of the promotion, but after 3 months at the latest, the participants' data will be deleted. Your data collected in the course of the competition will only be used to send you newsletters if you have explicitly consented to this.