Cookie Guide & Data Protection
- Legal basis
- Website owners and responsible for data processing
- Cookies and plugins
- AddThis plugins
- Facebook Connect
- Facebook Pixel
- Facebook Custom Audiences
- Google Analytics
- Google Tag Manager
- Google advertising network, remarketing and DoubleClick
- Sharing and embedding of social media elements
- Capturing anonymous data and information
- Contact form and electronic enquiries
- Catalogue and brochure request
- Other collection and processing of personal data
- Use of images (e.g. events)
- Your rights as data subject
- Newsletter subscription
1. Legal basis (General Data Protection Regulation and Austrian Data Protection Act 2018)
The General Data Protection Regulation (GDPR) is the foundation of data protection law in Europe. It protects the fundamental rights and freedoms of natural persons and, in particular, the processing of their personal data. Personal data is any information that relates to an identified or identifiable living individual.
2. Website owners and responsible for data processing
Steirische Tourismus GmbH
By visiting this website you are giving us consent to collect certain data. In return, we are committed to protecting your data in line with the latest technology.
Your details are not passed on to third parties for advertising purposes. Third parties only receive your personal data as stated within these listed regulations.
3. Cookies and plugins
Cookies are used to make steiermark.com more user-friendly and to customise its content for visitors. None of the cookies used on this site collect information through which you could personally be identified. Almost all websites use cookie technologies and they are essential for the use of steiermark.com.
We do, however, advise that without the placement of cookies parts of our website can only partially or not be used at all.
By accepting our cookies and plugins you are allowing the following:
4. AddThis plugins
You can find the AddThis data protection regulations at http://www.addthis.com/privacy/privacy-policy.
5. Facebook Connect
We offer you the opportunity to sign in to our services via Facebook Connect. An additional registration on steiermark.com is thus not possible. To sign in, you are redirected to Facebook, where you can use your existing credentials, connecting your Facebook profile with our services. Through this connection we automatically receive the following information from your public profile with Facebook Inc.:
- Full name
- Profile picture
- List of friends
Of this, we use your name and gender, e-mail address, date of birth, profile picture and list of friends to identify you.
Available Application Programming Interfaces (APIs) are used for our Facebook page, which may contain information from your public Facebook profile, including first name and surname, gender, country, place of residence and a link to your profile and picture. All posts, including likes and content that you display on your own Facebook page or add to others, can be collected, exported and used by Steirische Tourismus GmbH or one of its subcontractors for business purposes. You can request that your details are deleted by sending an e-mail to firstname.lastname@example.org or a letter to Steirische Tourismus GmbH, St.-Peter-Hauptstrasse 243, A-8042 Graz
6. Facebook Pixel
With your consent, we use the Facebook Pixel on our website, provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). This service allows us to track users as they interact with our site after having clicked on a Facebook ad. Through this we can evaluate the effectiveness of Facebook ads and optimise future advertising measures. The collected data is anonymous to us and does not give any indication of the user’s identity. The details are, however, saved and processed by Facebook, meaning that there is a connection to the user profile. Facebook can use the details for advertising purposes, in line with its data policy (facebook.com/about/privacy). The collected data enables Facebook and its partners to place ads on and outside of Facebook, and cookies can be saved on your device for this purpose. By using our website you are consenting to use of the Facebook Pixel.
You can reject the Facebook Pixel data capture and it being used to display Facebook advertisements within the Facebook ad settings: https://www.facebook.com/settings?tab=ads Alternatively, you can object via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com. Settings are not platform-dependent, so will cover all devices such as desktop computers and mobile phones.
7. Facebook Custom Audiences
This website uses Custom Audiences, a web analysis service by Facebook Ireland Limited ("Facebook"). Facebook Custom Audiences uses so-called tracking tools (e.g. pixel, SDKs and APIs), which are implemented on steiermark.com. These tools send details of user activity on steiermark.com ("event data") to a Facebook Inc. Server in the USA, where they are saved and used to create Custom Audiences of people who have visited our site ("Custom Audiences of steiermark.com").
Facebook does the following to enable this specific targeting and optimisation: The event data captured on steiermark.com is combined with that collected by other advertisers or means on Facebook to optimise ads. Facebook does not allow other advertisers or third parties to target a specific audience based on event data collected on steiermark.com alone.
- Visitors of steiermark.com can reject the capturing and use of their details for targeting purposes.
- There are platforms that inform users of their options in line with this (e.g. www.aboutads.info/choices or http://www.youronlinechoices.eu/)
8. Google Analytics
Google uses this information to evaluate your use of the website on our account, compile reports on website activity and provide site owners with further services relating to website and internet use.
We only use Google Analytics with active IP anonymisation. This means that Google shortens the IP address of website visitors from the European Union and its other contracting states. Only in exceptions is the full IP address transmitted to a Google server in the USA and shortened there.
To prevent the cookie-generated collection of website activity data and it being processing by Google, download and install the following browser add-on: tools.google.com/dlpage/gaoptout
We use the Google Analytics features to analyse website use, e.g. through anonymous reports and graphs on page views and visits, for remarketing, reports on impressions within the Google Display Network, integration of the DoubleClick Campaign Manager and Google Analytics reports by demographic traits and interests.
Google Analytics saves cookies in your web browser for the duration of two years since your last visit. These cookies contain a randomly generated User ID, which allows you to be recognised on future visits.
The collected data is stored with the randomly generated User ID, enabling the evaluation of pseudonym user profiles. These user-related details are automatically deleted after 14 months. All other data remains stored indefinitely.
9. Google Tag Manager
Google is certified within the EU-US Privacy Shield, and thus complies with the standards and regulations of the European data protection law. You will find further information here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Third-party provider details: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. For more information on data protection, visit the Google websites:
- Privacy statements: https://policies.google.com/privacy?hl=en&gl=en
- FAQ Google Tag Manager: https://support.google.com/tagmanager/?hl=en
10. Google advertising network, remarketing and DoubleClick
11. Sharing and embedding of social media elements
Share buttons for the social networks of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA, Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, YouTube by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, Instagram by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA and GooglePlus by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States are embedded on our website. We have also integrated a share button for the Steiermark Blog. The individual share buttons can be recognised by their logo.
All share buttons are installed in line with data protection laws. Only once you have clicked on the share button on our site is a direct connection established between your browser and the respective social network. According to the social network operators, no personal or business-related data is captured without clicking on the share button. It is only when users are logged in to their social network account that such data, including their IP address, is collected and processed. Should you not wish for a connection to be established between your visit to our website and a specific social network, please log out of its account.
We incorporate posts and photos from Instagram channels in the Steiermark Blog. Your browser exchanges data with the network that these are downloaded from. When loading an image or layout information, for example, your browser transmits your IP address to the social network Instagram. Instagram also sends information to the browser, which is saved e.g. in cookies.
As website operators, the content of the data transmitted to and from social networks and its use is not known to us. You can find further information on the use of data in the respective social network’s privacy statements.
12. Capturing anonymous data and information
With each use of our website, i.e. whenever a file is accessed or attempted to be accessed from its server, details of the process are saved in a log file. This data is not related to an individual, so we cannot see which user accessed the file, and we do not attempt to.
Records that are saved:
- Name of the file that was accessed
- Date and time of access
- Transferred data volume
- Notification of whether the access was a success
- Notification of why an error might have occurred
- Name of the internet provider used to access the website
- Where applicable, the operating system and browser software of your computer, and the website
- from which you visited us
The above data is used for statistical purposes only by ourselves and those appointed by us. We use this data to improve our website for you.
Disclosure of campaign data to Steiermark Tourismus partners
In line with marketing campaigns, anonymised data is collected for remarketing purposes on the individual campaign landing pages and passed on to campaign partners. This is used to target ads for visitors of our own and our campaign partnersʼ websites.
13. Contact form and electronic enquiries
When you send an enquiry via email@example.com or our contact form, we save your information and contact details to process this and, if necessary, pass them on to other contact partners for further processing. Your details are deleted once we have successfully responded to the enquiry.
14. Catalogue and brochure request
We require certain information to despatch catologues and brochures ordered via our website. These details are solely used to send the requested material, and are not passed on to third parties unless they are involved in delivery. Once the request has been processed, your details are deleted.
15. Other collection and processing of personal data
Personal and business-related data (e-mail, name, address) is disclosed on a voluntary basis to access the tools on our website (e.g. brochure request, vouchers or newsletters). If you send us an e-mail, your e-mail address and further details are only used for the correspondence with yourself.
Where technically possible and acceptable, you can use and pay for services offered by ourselves without disclosing personal data or by using anonymised data or a pseudonym.
16. Use of images (e.g. events)
We capture images (photos / videos) of our events, in particular press conferences and events with a speech or appearance by those working with or for us.
Guests are advised in invitations and at the event that pictures will be taken. Provided that the "media privilege" is not applicable, the photographer is instructed to ask for consent from small groups. Pictures of large groups at events are used to raise awareness of our organisation and image. We publish these online and, where appropriate, in printed material about our organisation (legitimate interest).
If you are captured as an individual or in a small group, the photographer will ask for your consent before a picture is taken. Should you not wish to be in the photo, you will have the opportunity to step aside. Provided that the "media privilege" is not applicable, you have the right to decline your consent for all future images.
In the event of revocation, the images will be deleted where technically possibly and an attempt to remove them from any further media will be made. Print brochures will not be withdrawn, but the images will no longer be processed for this purpose. Should costs arise in line with the revocation (website amendments, disposal of printed material) without legitimate interest, then these must be beared by the individual.
There is a right to appeal where there is legitimate interest, although it must be taken into account that an invitation was accepted to an event in a public space, and that the promotion of this event was in the interest of our organisation.
The images will be removed from our website after their copyright has expired or upon withdrawal of consent. Should they have been published in social networks, they will only be deleted upon withdrawal of consent.
17. Your rights as data subject
17.1 The right to confirmation
As data subject, you have the right to demand confirmation that your personal data is being processed by ourselves. You can contact us in line with this at any time at firstname.lastname@example.org.
17.2 The right to be informed
As data subject, you have the right to obtain free information on the personal data we hold of you and a copy of this. You can contact us in line with this at any time at email@example.com.
Your right to be informed entails the following:
- Intended purpose
- The personal data categories that are processed
- The recipients or recipient categories that personal data has or will be disclosed to
- Where possible, the planned duration your personal data will be stored for, or the criteria that determines this
- Your right to have personal data corrected or erased, limited to use by ourselves or not be processed at all
- Your right to file a complaint with the Austrian data protection authorities as regluatory body and, if they do not hold this, your right to all available information on where the data was obtained
We use software providers and agencies to help run our website, who may gain access to personal data in line with their work. They have committed themselves to upholding our data protection regulations. You can request further information on our service providers from firstname.lastname@example.org.
As data subject, you also have the right to know whether your personal data has been passed on to a third country or international organisation. Should this be the case, you have the right to find out whether the transmitted information is being stored / processed in a legitimate manner.
17.3 The right to rectification
As data subject, you have the right ask to us to amend any incorrect personal data. You can contact us in line with this at any time at email@example.com.
17.4 The right to erase (be forgotten)
As data subject, you have the right to ask us to to delete your personal data with immediate effect where the following applies and a further processing is not required:
Your personal data is no longer necessary in relation to the purpose for which it was collected / processed.
As data subject, you object to the processing in line with GDPR Article 6, paragraph 1, letter a or GDPR Article 9, paragraph 2, letter a, and there are no overriding legitimate grounds for the processing.
As data subject, you object to the processing in line with GDPR Article 21, paragraph 1 and there are no overriding legitimate grounds for the processing, or you object to the processing in line with GDPR Article 21, paragraph 2.
Your personal data was unlawfully processed.
Your personal data must be deleted in line with Austrian or European Union law.
Should one of the above apply and you wish to have your personal data held by the Steirische Tourismus GmbH deleted, contact us at any time at firstname.lastname@example.org.
17.5 The right to restrict processing
As data subject, you have the right to restrict the processing of data held by us where:
You have contested the accuracy of personal data held on yourself and given us adequate time to review this.
Processing is unlawful and you have declined the erasure of your personal data, but wish to restrict its processing.
We no longer need the data, but you require it to establish, exercise or defend a legal claim.
You have objected to the processing in line with GDPR Article 21, paragraph 1 and it is not yet clear whether there is a legitimate ground to override this.
Should one of the above apply and you wish to have the processing of your personal data held by the Steirische Tourismus GmbH restricted, contact us at any time at email@example.com.
17.6 The right to data portability
As data subject, you have the right to receive the personal data that has been provided to us in a structured, commonly used and machine-readable format. You also have the right to share this data without hindrance if its processing is in line with GDPR Article 6, paragraph 1, letter a or GDPR Article 9, paragraph 2, letter a or another contract in line with GDPR Article 6, paragraph 1, letter b. Processing must be carried out by automated means and the data must not be required for the performance of a task carried out in the public interest or in the exercise of official authority.
Furthermore, as data subject in line with the right to data portability of GDPR Article 20, paragraph 1, you have the right to request that we transmit your personal data directly to another controller where technically possible and the rights and freedoms of others are not impaired.
To make use of the right to data portability, contact us at any time at firstname.lastname@example.org.
17.7 The right to object
As data subject, you have the right to object to the processing of your personal data in line with GDPR Article 6, paragraph 1, letter e or f in certain circumstances. You can contact us in regards to this at any time at email@example.com.
You have an absolute right to stop your data being used for direct marketing purposes at any time.
18. Newsletter subscription
We use a double opt-in process for our newsletter registration. After registering, you receive an e-mail to confirm your subscription. You can unsubscribe by clicking on the link at the end of each newsletter. We use a service provider to send our newsletter, who is committed to upholding our data protection regulations. You can request further information on our service providers from firstname.lastname@example.org.