Superskicard Data Protection

The protection of your personal data is a matter of particular importance to us. For that reason we process your data exclusively on the base of legally binding regulations (DSGVO, TKG 2003). In messages such as this one regarding data protection information, we inform you about the most important aspects of data processing in the framework of our company.

Contact with us
When you contact us, either using the form on our website or by sending us an email, the data you provide is saved by us for six months for purposes of dealing with your inquiry or in case questions in connection with that inquiry arise. These data are not given to anyone else without your express permission.

Data storage of personal client details
We permit ourselves to point out that for purposes of simplifying purchases and subsequent contractual matters of the website provider, the IP address of the connecting party is stored by means of cookies; also the name, address, photo, date of birth and email address of the purchaser.
Beyond that, the following data are also stored by us for purposes of developing and settling the terms of the contract: invoice address, delivery address, photo as a point of reference for a ski pass. The data supplied by you are necessary in order to fulfil the contract and to carry out all pre-contractual measures. Without these data, we cannot conclude a contract with you. These data are provided to a third party solely and exclusively within the framework of fulfilling the contract with you, with the one exception of providing your credit card data to the bank or payment provider which is involved for purposes of debiting the purchase price; to the mail-order company commissioned by us to deliver the goods; and to our tax advisor for purposes of fulfilling our tax responsibilities. In the event of financial claims made on us or legal actions in court, the data will be provided to insurance companies, lawyers and the court.
Further more, the data are used for sending newsletters, birthday-concrats, invitations, information regarding the next season. 
In case the purchasing process is interrupted or cancelled, the data which we have stored will be deleted. When the contract is completed, any and all data from the contractual relationship will be stored until the mandatory legal requirements of saving such data are met.

Cookies
Our website uses so-called cookies. These are small text files which with the help of a browser are deposited in your computer apparatus. They cause no harm, do no damage.
We use cookies in order to make our own presentation more attractive. Some cookies remain in your computer until you yourself delete them. They enable us to recognize your browser when you visit our website the next time.
If you do not desire this to take place, you can configure your browser so that you are informed about the deposition of cookies and, if you wish, can permit this only in each individual case.
When cookies are deactivated, the functionality of our website can be reduced thereby.

Web Analysis
Our website uses the functions of the Google Analytics web analysis service operated by the company Alphabet Inc. in the U.S.A. To achieve that purpose, cookies are utilised to make possible an analysis of the website use by its users. The information which is generated through this analysis is transferred to the server of the provider and stored there. The data are stored anonymously, i.e. in a fashion without attaching it to your name.
You can prevent this by configuring your browser in such a way that no cookies are stored.
Our business relationship with the web analysis provider is based on the current and applicable EU resolution on commensurability and acceptability. It is known as the “Privacy Shield”.
The data processing is then carried out on the basis of obligatory legal regulations in accordance with Article 96, section 3 of the TKG laws and Article 6, section 1, sub-section a (compliance) and/or sub-section f (justifiable interest) of the DSGVO.
It is in our interest within the framework and purposes of the DSGVO (justifiable interest) to improve our offerings and our website presentation. Since the private sphere of our website users is a matter of great importance to us, all user data are dealt with by means of pseudonyms.
Google utilises the data transferred to its keeping by the operator in order to evaluate the use of the website by its users, in order to compose analytical reports on website activities; and in order to make possible other related services in the utilisation of the website and Internet use in general.
The user data are stored for a period of 26 months.
The user can prevent the storage of the cookies in the framework of Google Analytics through the appropriate configuration of the browser software. In such a case, the user cannot take advantage of the full spread of functions on the website. The user can also prevent the reception and recording of the data generated by the cookie which relates to the use of the website, including IP address, by Google; as well as the processing of these data by Google, by downloading and installing the browser plug-in available via the following link:
http://tools.google.com/dlpage/gaoptout?hl=en.
For further details about conditions of use and the data protection measures regarding Google Analytics, please consult: http://www.google.com/analytics/terms/en.html .

Access control 
We call your attention to the fact, that for purposes of controlling access to the facilities the ski area that you enter is responsible. For details you have to check the data privacy of the respective ski region.

Photo points
Some of the ski areas, beeing member in the SuperSkiCard-pool, provide photo points. If photo points are offered, the ski area where the points are offered, is responsible to handle according the DSGVO. 

Skiline
If a Skiline-service is offered, the ski area that offers the service is responsible, or later on you leave the Homepage of the skiarea that can no longer assume any liablity. 

Competitions
From time to time you may have the opportunity to take part in competitions and/or games which are sponsored by the SuperSkiCard in different ski areas or on separate Homepages. In this case, the respective ski area or the operator of the Homepage is responsible regarding the correct handling according the DSGVO. 

Video surveilance
In case of video surveilance, the respective ski area in which it is realized is responsible regarding the correct handling according to the DSGVO.

WLAN
Some of the ski areas, beeing member in the SuperSkiCard-pool, provide WLAN. If WLAN is offered, the respective ski area is responsible regarding the correct handling according to the DSGVO. 

Activities and events
In case of taking photos and videos (which are generated in the course of events or activities) the respective ski area is responsible regarding the correct handling according to the DSGVO. 

Social media plug-Ins
At the moment (25.019.2018) no social media plug-ins are used on www.superskicard.com.  For social media plug-ins on the homepages of the ski areas, taking part in the SuperSkiCard-pool, the respective ski area is responsible. 

Principles of processing personal data
The processing of personal data is based on strict and well defined principles which view the protection and security of the data, together with the rights of the person involved, as a matter of preeminent importance.

Lawfulness & transparency
The processing of data is carried out in a legitimate, justifiable way, adhering to articles of good faith. The person involved is accurately informed when data is acquired about the intended processing of that data and the ways in which it is to be handled. Thus, the involved person is at very least informed about the following points:
   Who is responsible for processing the data
   Purpose of processing the data
   Legal basis of the data processing
   The ski areas, taking part in the Pool of the SuperSkiCard, are responsible for informing all their customers. 

Earmarking of usage for a specific purpose
The data are requested and processed in adherence to a clearly formulated pre-determined and legitimate purpose. The processing of the data is not carried out in any way or in any form which is not compatible with these purposes.

Minimizing data
Only those data are requested and processed which are absolutely necessary to the purpose which is given. If it is possible to accomplish that purpose which is appropriate to the costs and efforts involved, only anonymous data are processed.

Storage limits and deletion
Personal data are deleted as soon as the purpose for which they were originally provided has been accomplished and the legal time limits of data storage provide no obstacle to their deletion. If, in an individual case, interests worthy of protection ensue from these data, the data can be stored for a longer period until the interests worthy of protection are legally settled.

Data security
The security of the confidentiality, availability and integrity of data is a significant and essential task of the SuperSkiCard-pool . That applies equally to company secrets, customer data, personal data which is drawn from website users and to other forms of critical information. Technical and organisational security measures in accordance with state-of-the-art technology and internationally recognized best-practices and security standards have been established, have been installed and are continually being improved upon.

Accuracy
Personal data are to be kept in correct, complete and currently updated form. Appropriate measures are to be taken to correct any and all incorrect, obsolete or incomplete data.

Obligation of data secrecy
All employees of the SuperSkiCard-pool are contractually obligated to maintain data secrecy. They have to be schooled and instructed regularly in the secure handling of personal data and other critical forms of information through the respective ski area where they are employed. 

Data security
The security of the confidentiality, availability and integrity of data is a significant and essential task of all SuperSkiCard-partners. That applies equally to company secrets, customer data, personal data which is drawn from website users and to other forms of critical information. Technical and organisational security measures in accordance with state-of-the-art technology and internationally recognized best-practices and security standards have been established, have been installed and are continually being improved upon.

Data transfer
The transfer of personal data takes place only in accordance with valid and applicable laws and on a legitimate, justifiable basis, as well as giving due consideration to the highest possible degree of confidentiality and data security. In the context of coordinated processing of personally recorded data between all SuperSkiCard-companies and our website access system a certain exchange of data between all operating companies in the ski regions where a ski ticket is valid takes place, as well as among the listed business associates in our website and our informational folders. This exchange of data serves the purpose of coordinated access control and dealing with the exigencies of a border-crossing ski area. All these providers are contractually obligated through a provider-commission agreement to maintain the legally valid and applicable data protection regulations.

 
Your rights
You have fundamental rights as regards the information, correction, deletion, limitation, transferability and revocation of your data (regarding the assertion of claims, we refer to the company that has sold you the ticket, for purchases on www.superskicard.com as well for purchased at Intersport Bründl, Designer Outlet Salzburg, the Schmittenhöhebahn AG/Rubr. SuperSkiCard, is responsible. 
If you believe the processing of your data violates data protection laws or your own claims to data protection rights in some way, you can lodge a complaint at the authoritative governmental body. In Austria, this is the Data Protection Agency (Datenschutzbehörde, Hohenstaufengasse 3, 1010 Wien, dsb@dsb.gv.at, www.dsb.gv.at).
 
To assert your claims to data protection rights, we require clear identification of the person involved.

You can reach us:
Schmittenhöhebahn AG/Rubr. SSC
datenschutz@schmitten.at
Tel.: +43 6542 789 0

or
contact the responsible data protection coordinator at the company where you bought your SuperSkiCard.