weTours eU takes the protection of your personal data very seriously. Your personal data disclosed to us will be treated confidentially and in accordance with the statutory data protection regulations and the valid data protection declaration (DSGVO 2018).
In the following, we provide you with information to demonstrate and ensure fair and transparent collection and processing of your data. Our website can also be used without providing personal data.
1. LEGAL BASIS
What is our right to process your personal data? The legal basis for this data processing can be:
- Your consent in accordance with Article 6 Paragraph 1 lit a GDPR (e.g. registration for a newsletter)
- A contract initiation/contract fulfillment in accordance with Article 6 Paragraph 1 lit b GDPR (e.g. purchase of tickets in web shops etc.)
- A legal obligation of the person responsible according to Article 6 paragraph 1 lit GDPR (e.g. a tax retention obligation)
- an overriding legitimate interest of the person responsible or a third party according to Article 6 paragraph 1 lit f GDPR (e.g. marketing and advertising purposes)
We only process the personal data that were made available on the basis of an inquiry or for the conclusion or processing of a contract.
2. WHO HAS ACCESS TO OR RECEIVES YOUR DATA?
Within weTours eU, only those employees have access to your personal data who really need it to process the data for the purpose stated above.
If third parties are involved for the fulfillment of tasks, there is a separate order processing contract with them.
Other recipients only receive data if transmission is required for legal reasons (e.g. tax office) or to enforce legal claims (e.g. lawyer).
All employees, processors, cooperation partners and other recipients and their employees are obliged to comply with data protection regulations.
3. DIRECT ADVERTISING TO CONTRACTUAL
weTours eU also uses your personal data to provide you, as long as you are a contractual partner and unless you previously object to the use of your data for this purpose, for direct advertising purposes, specifically to provide you with general information about our own activities and services send to weTours eU.
WeTours eU has a legitimate interest in carrying out direct advertising with this personal data in order to align marketing strategies accordingly. The legal basis for the processing is therefore the existence of a legitimate interest in accordance with Art 6 Para 1 lit f GDPR. When using the data for this purpose, the communication law requirements, in particular § 107 TKG 2003, are observed.
Unless you object to the use of your data for this purpose, your data will be deleted 3 years after your last contact with weTours eU or earlier in the event of an objection, unless they are subject to a statutory storage and documentation obligation. Your data will not be passed on to third parties for their own purposes without your consent.
4. YOUR RIGHTS
You have the right to information, correction, deletion or restriction of the processing of your stored personal data, a right to object to the processing and a right to data portability at any time.
If the processing of your personal data is based on consent in accordance with Article 6 Paragraph 1 lit a GDPR, you have the right to revoke your consent in writing at any time with effect for the future.
Contact details of weTours eU’s:
Telephone: +43 660 9493552
The provision of your personal data is often required to fulfill legal obligations or for the Conclusion and execution of a contract required. If you do not want to provide your personal data in this case or revoke the processing of data that has already been provided, it is no longer possible for us to fulfill these legal or contractual obligations.
We may then have to refuse to conclude a contract or terminate an existing contract. If weTours eU intends to further process your personal data for a purpose other than the current one, you will receive the relevant information prior to any further processing.
You can address complaints to the Austrian data protection authority.
Austrian Data Protection
Authority Barichgasse 40-42
Telephone: +43 1 52 152
5. TRANSMISSION OF DATA WHEN ACCESSING OUR WEBSITE
Each time you access our website, your browser automatically transmits the data listed below for technical reasons to our web server. The storage serves exclusively for statistical and technical purposes, for example to be able to evaluate the frequency of page visits or to determine malfunctions in server operation. The following data is logged and evaluated:
- Request (file name of the requested file)
- and browser
- version Operating system used
- Referrer URL, i.e. the website from which you are visiting our website
- IP address
- Date and time of your visit
- The websites visited within our website
- User name and password (for registrations)
6. PERSONAL DATA
Personal data, such as
- first name
- last name
- home address
- e-mail address
- date of birth
- or business-related data
are only recorded if you provide them yourself.
On our website you can, for example, provide such data
- in the web shop when booking a ticket, when
- filling out the contact form or
- when registering for a newsletter
At the same time, you agree that we may process the data you have provided in accordance with the associated purpose. This is expressly done on a voluntary basis.
By disclosing your personal data (e.g. e-mail address, telephone number), you also agree that we may contact you via these communication channels. Your details will only be saved to process the request or for a specific purpose.
If you have given us your consent to process your personal data, processing will only take place in accordance with the purposes specified in the declaration of consent and to the extent agreed therein. You can therefore receive advertising or email newsletters from us based on your consent.
You can revoke your consent at any time with effect for the future free of charge: in electronic newsletters via the link provided to unsubscribe, via written and telephone notification to all of the contact details provided.
In addition, only those departments or employees of weTours eU who need them to fulfill contractual, legal and supervisory obligations and legitimate interests will receive your data.
We also use selected processors for the technical and organizational implementation of our website and for sending out newsletters. All processors are contractually obliged to treat your personal data confidentially and only process it within the framework of the provision of services in accordance with our instructions.
7. Data Security
The security of your data in our systems is very important to us. Our goal is to manage your data with the utmost care and to take all necessary technical and organizational security measures to protect your personal data from loss and misuse.
Access to our website is secured via HTTPS if your browser supports SSL. This means that the communication between your end device and our servers is encrypted.
8. HANDLING E-MAIL ADDRESSES
If you send us an e-mail, we will only use your e-mail address for correspondence with you, in accordance with the purpose of the inquiry or a contractual relationship resulting from it. Please note, however, that the confidentiality of e-mails or other electronic forms of communication on the Internet is generally not guaranteed. You should therefore not transmit particularly confidential information to us in this form, but rather encrypt it.
To ensure appropriate information and system security and to detect malware, we store log data on e-mail traffic. If you send an e-mail to one of our addresses, the following data is logged:
- e-mail of the recipient and the sender
- IP address of the recipient and the sender
- number of recipients
- date and time of receipt by the server
- file name of any attachments
- size of the Message
- risk classification for spam
- delivery status
In a first step, e-mails are checked purely automatically. Individual e-mails are only checked manually by responsible persons if there is a suspicion of a risk to the security of the IT systems.
In addition, we process your personal data in connection with e-mails, if necessary, for the duration of the entire business initiation and beyond that in accordance with the statutory retention and documentation obligations.
9. EXTERNAL LINKS
We have no influence on the content of other websites to which external links refer. We assume no liability for the correctness, topicality or any illegal content or data protection regulations of these other websites.
10. PLUG-INS FOR THE FUNCTIONALITY OF THE WEBSITE
In order to improve the structure and navigation of our website and to tailor it to your needs, we use certain programs that occasionally collect data, in particular IP addresses. By continuing to use our website, you expressly consent to this.
10.2 Google plug-ins
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored on the basis of Article 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.
If you do not agree to the collection, you can prevent it by installing the browser add-on to deactivate Google Analytics once or by rejecting the cookies via our cookie settings dialog.
10.3 Google Remarketing
Our websites use the functions of Google Analytics Remarketing in connection with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
This function makes it possible to link the advertising target groups created with Google Analytics Remarketing to the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-related, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC).
If you have given your consent, Google will link your web and app browser history to your Google account for this purpose. In this way, the same personalized advertising messages can be placed on every device on which you log in with your Google account.
To support this feature, Google Analytics collects Google-authenticated user IDs, which are temporarily linked to our Google Analytics data to define and create audiences for cross-device advertising.
You can permanently object to cross-device remarketing/targeting by deactivating personalized advertising in your Google account; follow this link: https://www.google.com/settings/ads/onweb/.
The summary of the recorded data in your Google account is based solely on your consent, which you can give or revoke with Google (Article 6 (1) (a) GDPR). In the case of data collection processes that are not merged in your Google account (e.g. because you do not have a Google account or have objected to the merger), the collection of data is based on Article 6 Paragraph 1 lit. f GDPR. The legitimate interest results from the fact that the website operator has an interest in the anonymous analysis of website visitors for advertising purposes.
Further information and the data protection regulations can be found in Google’s data protection declaration at: https://www.google.com/policies/technologies/ads/.
10.4 Google AdWords
This website uses Google AdWords. AdWords is an online advertising program from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”).
As part of Google AdWords, we use so-called conversion tracking. If you click on an ad placed by Google, a cookie will be set for conversion tracking. Cookies are small text files that the Internet browser stores on the user’s computer. These cookies lose their validity after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page.
Each Google AdWords customer receives a different cookie. The cookies cannot be tracked through AdWords advertisers’ websites. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. Customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. If you do not wish to participate in the tracking, you can object to this use by easily deactivating the Google conversion tracking cookie in your Internet browser under user settings. You will then not be included in the conversion tracking statistics.
“Conversion cookies” are stored on the basis of Article 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.
You can find more information about Google AdWords and Google Conversion Tracking in Google’s data protection regulations: https://www.google.de/policies/privacy/.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.
10.5 Google Tag Manager
Our website uses the Google Tag Manager service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
When you start the Google Tag Manager, your browser establishes a connection to the Google servers. This gives Google knowledge that our website has been accessed via your IP address.
The Tag Manager is a service that allows us to manage website tags via an interface. We can use code snippets such as Install tracking codes or conversion pixels on websites without interfering with the source code. The data is only forwarded by the Tag Manager, but not collected or stored. The Tag Manager itself is a cookie-free domain and does not process any personal data because it is pure is used to manage other services in our online offering. The Tag Manager ensures that other tags are resolved, which in turn may collect data. D However, the Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this will remain in place for all tracking tags implemented with the Tag Manager.
You can find out exactly where Google data centers are located here: https://www.google.com/about/datacenters/inside/locations/ You can find more information on data protection on the following Google websites: Data protection declaration: https:/ /policies.google.com/privacy
FAQ Google Tag Manager: https://www.google.com/intl/de/tagmanager/faq.html
Google Ads Data Processing Terms including standard contractual clauses for third country transfers: https://business.safety.google/adsprocessorterms/
10.6 Google reCAPTCHA
10.7 Google Web Fonts
This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. There is no connection to Google servers.
10.8 Google Maps
This site uses the Google Maps map service via an API. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
In order to use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
Google Maps is used in the interest of an attractive presentation of our online offers and to make it easier to find the places we have indicated on the website. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR.
You can find more information on the handling of user data in Google’s data protection declaration: https://www.google.de/intl/de/policies/ privacy/.
Our website uses plugins from the Google-operated YouTube site. The site operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers will be established. The YouTube server is informed which of our pages you have visited.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR.
You can find further information on the handling of user data in YouTube’s data protection declaration at: https://www.google.de/intl/de/policies /privacy.
11. SOCIAL MEDIA PLUG-INS
We integrate the services of various social networks or operate social platforms on our website using social media plug-ins. These are Facebook, Instagram, Linkedin and TripAdvisor.
We prevent data transmission to these services as far as possible. Your IP address and cookies, among other things, are only transmitted and the service receives the information that you have visited our website with your IP address if you click on the symbol for a service and thus actively call it up. If you are actively logged into one of the social media networks, this information will be assigned to your user account. Please note that we ourselves have neither reliable knowledge nor influence on how and which data exactly reaches the respective services. By activating and using a social media plug-in, you agree to the associated transmission of personal data to the selected service.
The current information on the type, purpose, scope, use and protection of your data through these networks as well as your related rights can be found in the data protection declaration of the selected service provider. According to our information, these are the following. We assume no liability for the completeness and accuracy of this information:
Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA Facebook’s data protection information: https://www.facebook.com/about/privacy/
Google Inc. , 1600 Amphitheater Parkway, Mountain View, CA 94043, USA Data protection information from Google (YouTube and Google+): https://policies.google.com/privacy?hl=de&gl=de
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043 , USA.
TripAdvisor Inc., 400 1st Avenue, Needham, MA 02494 USA
11.1 Facebook plug-ins (like and share button, pixel)
On our website are plug-ins from the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, integrated. You can recognize the Facebook plugins by the Facebook logo or the “Like button” (“Like”) on our site. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/.
When you visit our pages, a direct connection is established between your browser and the Facebook server via the plugin. Facebook receives the information that you have visited our site with your IP address. If you click the Facebook “Like” button while you are logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to associate your visit to our site with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the data transmitted or how it is used by Facebook.
If you do not want Facebook to be able to associate your visit to our site with your Facebook user account, please log out of your Facebook user account.
Our website also uses the Facebook visitor action pixel to measure conversion.
In this way, the behavior of site visitors can be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.
The data collected is anonymous to us as the operator of this website, we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage guidelines. This enables Facebook to place advertisements on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.
You will find further information on protecting your privacy in Facebook’s data protection information: https://www.facebook.com/about/privacy/.
You can also disable the “Custom Audiences” remarketing feature in the Ads Settings section at
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.
If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
11.2 Instagram plug-in
Functions of the Instagram service are integrated on our website. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to our site with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or how it is used by Instagram.
11.3 LinkedIn plug-in
Our website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time one of our pages that contains LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click LinkedIn’s “Recommend” button and are logged into your LinkedIn account, LinkedIn is able to assign your visit to our website to you and your user account. We would like to point out that as the provider of the pages, we have no knowledge of the content of the data transmitted or how it is used by LinkedIn.
On our website, data from the travel website TripAdvisor is used by TripAdvisor Inc., 400 1st Avenue, Needham, MA 02494 USA to display guest reviews. You can recognize the plugin by the corresponding logo.
When you visit our website, a connection to the TripAdvisor servers is established via the plugin and cookies are set. In order to ensure the functionality of the widget, it is necessary to save your IP address. This information is usually transferred to a Tripadvisor server in the USA and stored there. The Tripadvisor widget is used in the interest of presenting the reviews given on Tripadvisor and to be able to offer the possibility of writing a review on Tripadvisor.
12. E-MAIL NEWSLETTER
Double opt-in and logging
Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you will be asked to confirm your registration. This confirmation is necessary so that nobody can register with someone else’s e-mail address. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored with Direct Mail, e3 software are also logged.
Direct Mail adds a small, invisible image to every outgoing message. Direct Mail rewrites the URLs in the message to point to Direct Mail’s tracking servers, e3 Software. When the recipient clicks on a link, this is registered and the user is then redirected to the original URL. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval, are initially collected. This information is used to technically improve the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or the access times. However, neither weTours eU nor Direct Mail, e3 Software strives to monitor individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
We also offer you the option of contacting weTours eU during business hours via a chat function integrated on the website. The disclosure of the name and a telephone number and/or an e-mail is voluntary and with the consent to temporarily use and store this data for the purpose of further contact until the end of the contact. This data will be deleted by us immediately if no further contact is made. Further personal data is not exchanged via the chat and the chat user is expressly informed of this before the chat.
If you decide to make a booking via this website, checkfront will collect various personal data from you. You can read about this in the data protection declaration and the terms and conditions of checkfront under the following link: https://www.checkfront.com/privacy , https://www.checkfront.com/terms , https://www.checkfront.com/ security . The aforementioned documents have not yet been translated into German. If you should have difficulties in understanding the information, please contact us.
Your data is transmitted to checkfront on the basis of Art. 6 Para. 1 lit. a GDPR (consent) and Art. 6 Para. 1 lit. b GDPR (processing to fulfill a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of past data processing operations.
15. PAYMENT PROVIDER
Insofar as this is necessary for the fulfillment of the contract, data will also be passed on to our payment service provider or the bank responsible for processing the payment. The scope of the data is limited to the minimum required for the purpose of contract processing.
On our website we offer, among other things, payment by “Stripe”. When paying by credit card or direct debit, payment is processed via Stripe by the payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland.
You can find more information about Stripe’s data protection at: https://stripe.com/de/privacy#translation
On our website we offer, among other things, payment via PayPal. The provider of this payment service is PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).
If you choose to pay via PayPal, the payment details you enter will be sent to PayPal.
Your data is transmitted to PayPal on the basis of Article 6 (1) (a) GDPR (consent) and Article 6 (1) (b) GDPR (processing to fulfill a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of past data processing operations.
We reserve the right to adapt this data protection declaration if necessary to technical developments and legal changes or to update it in connection with the offer of new services or products. As a user, you are asked to inform yourself regularly about the content of the data protection declaration. We see continued use of this website as an implied consent to our data protection regulations in the respective version.