Super information
Data protection
SuperSkiCard Data protection
Protecting your personal details is particularly important to us. For that reason, we process your details solely based on legal provisions (GDPR, Telecommunications Act 2003). In this data protection information we inform you about the most important aspects of data processing in the context of our business.
Contact with us
When you contact us using the form on the website or by e-mail, your details will be stored for six months for the purpose of processing your enquiry and should you have any follow-up questions. We will not forward this data without your consent.
Storing of customer details
We would point out that for the purpose of easy processing and later contract handling by the webshop operator and at the cashdesks, the IP data of the subscriber will be stored via cookies, so too will the name, address, photo, date of birth and e-mail address of the purchaser and data relating to other persons collected on their behalf.
In addition, for the purpose of contract implementation we will also store the following data: Billing addresses, delivery addresses, image as ski pass reference photo; the data provided by you is required to fulfil the contract and for the implementation of pre-contractual measures. We cannot enter into a contract with you without these details. The transfer of data to a third party will only be done to fulfil a contract, with the exception of the transfer of credit card details to the processing bank institute/payment service provider for the purpose of debiting the purchase price, to the shipping company commissioned by us to deliver the goods and to our tax advisor to fulfil our statutory duties. In the event of possible claims for damages or judicial proceedings, data will be transferred to insurance companies, lawyers and courts.
We will also use your details to send you newsletters, birthday greetings, invitations, information about the coming season etc.
Upon severance of the purchasing process, data stored here by us will be deleted. In the event of conclusion of contract, all the data from the contractual arrangement will be stored until the expiration of statutory retention period.
Cookies
Our website uses what are known as cookies. These are small text files that are placed on your end device via your browser. They do not cause any damage.
We also use cookies to make our offer more user-friendly. Some cookies remain stored on your end device until you delete them. They enable us to recognise your browser when you next visit.
If you do not want this, you can set your browser in such a way that you are informed about the setting of cookies and only allow them in individual instances.
if you deactivate cookies, the functionality of our website may be limited.
Web analysis
Our website uses functions from the web analysis service Google Analytics operated by Alphabet Inc. in the USA. Cookies will also be used to make an analysis of the user’s use of the website possible. The information generated will be transferred to the service provider's server and stored there. The data will be stored anonymised.
You can prevent this happening by setting your browser in such a way that no cookies will be stored.
The link with the web analytics provider is based on the resolution suitability of the European Commission known as the ‘Privacy Shield’.
Data processing is carried out on the basis of legal provisions from § 96 Para 3 Telecommunications Act and Art 6 Sect 1 lit a (Consent) and/or f (legitimate interest) of GDPR.
Our objective in the context of GDPR (legitimate interest) is the improvement of our offer and of our web presence. Since the privacy of our users is important to us, user details will be pseudonymised.
Google will use the data transferred on behalf of the operator to assess the use of the website by the user, to create reports about website activities and to provide services connected with website and Internet use.
User details will be stored for a duration of 26 months.
The user can prevent the storage of cookies in the context of Google Analytics via the relevant setting on their browser software. In this instance you may not be able to use all the functions of this website to their full extent. The user can also prevent data being generated by the cookie related to use of the website (incl. IP address) and be passed to Google, by downloading and installing the browser available via the following link:
http://tools.google.com/dlpage/gaoptout?hl=de.
More information about terms of use and data protection with regard to Google Analytics can be found at http://www.google.com/analytics/terms/de.html.
Entry control
Entry control applies to any ski area a guest enters and details can be found in the respective data protection statement for the ski area.
Photopoints
If Photopoints are available in ski areas, the responsibility (including use as per GDPR) lies with the respective ski area.
Skiline
If SSC partners offer a Skiline service, the responsibility lies with the respective ski area, and subsequently, in the event of calling up a Skiline service and leaving the respective homepage, no liability can be accepted by the ski area.
Prize draws
If the same prize draws are carried out in ski areas on their homepages, responsibility (including use in accordance with GDPR) lies with the respective ski area.
Video monitoring
If video monitoring is provided in ski areas, the responsibility (including use in accordance with GDPR) lies with the respective ski area.
WLAN
If WLAN is provided in ski areas, responsibility (including use in accordance with GDPR) lies with the respective ski area.
Occasions and Events
For photos and videos taken as part of an occasion or event or a function by SSC cooperation partners, the respective cooperation partner is responsible with regard to GDPR.
Social Media Plug-Ins
The website of Schmittenhöhebahn AG/Rubrik SuperSkiCard, as the authorised agent of theSuperSkiCard homepage, uses ‘embedded’ Social Media plug-ins (interfaces with social networks). Upon visiting a website, the system automatically connects to the respective social network thanks to the integration of a plug-in and transfers data (IP address, visit to the website etc.).
Data transfer occurs without assistance and is outside the area of responsibility of the operator. The user can prevent this transfer of data by logging out of the website of the respective social networks before visiting. Only when ‘logged-in’ can a social network allocate specific details about the activity profile of the user via automatic data transfer.
Data that is transferred automatically will only be used by the operators of social networks and not by the operator. Further information on this, including the content of data compiled by social networks can be found directly on the Internet site of the relevant social network. Privacy settings can also be altered there.
The social networks that are integrated on the website are:
Facebook (‘Like’)
Facebook Inc., 1601 S California Ave, Palo Alto, CA, 94304, USA
Further information available at https://de-de.facebook.com/policy.php
Basic information regarding the processing of personal details
Personal details are processed based on strict provisions which regard the protection and security of data and the rights of the person concerned as essential commodities.
Legitimacy & transparency
Data processing is done in a lawful manner, in good faith. The person involved will be informed about the planned use of and how data compiled is handled. The person involved is to be informed about the following points at the very least:
Participating ski area in the SSC pool are responsible for informing their customers accordingly.
• Purpose limitation
Data will be compiled and processed for set, clear and legitimate purposes. Data will not be processed in a way that is not agreed upon.
• Data minimisation
Only date that is necessary for the purposes quoted will be compiled and processed. When it is possible for and effort is appropriate, only anonymised data is processed.
• Storage limitation and deletion
Personal details are deleted as soon as the purpose for which they were originally compiled has finished and statutory retention period provisions do not prevent deletion. In individual instances, where there is data that is worthy of protection, this will be retained until the interest that is worthy of protection has been legally defined.
• Data security
Data secrecy applies to personal data. Data is to be handled confidentially and will be protected via the relevant organisational and technical measures from any unauthorised access, unlawful manipulation or forwarding, and against loss or deletion.
• Factual accuracy
Personal details kept are to be correct, complete and up-to-date. Appropriate measures will be taken to correct outdated, incorrect or incomplete details.
Obligation to data secrecy
All employees in the SuperSkiCard pool are contractually obliged to maintain secrecy and will receive regular training in safe handling of personal and other crucial details.
Data security
Protecting confidentiality, availability and integrity of data is a fundamental task for all SSC cooperation partners. This also applies to trade secrets, customer data, personal data and other critical information. For this purpose, technical and organisational security measures will be established as per technology status and internationally recognised Best Practices and security standards and continually improved.
Data transfer
Transfer of personal data will only be done in accordance with current law and on a lawful basis, with attention paid to the utmost confidentiality and data security. As part of common processing of personal data in the cashdesk and access system, there is data transfer between all operating companies in the ski regions where the ski card is valid and all of the listed partner companies on our website in our information folders. This swapping of data is for common access control and to create a comprehensive ski operation. All SSC cooperation partners use various different contract processors. All contract processors are obliged, vi a contract processor agreement to adhere to the legally valid data protection provisions.
Your rights
You have fundamental rights to information, reporting, deletion, limitation, data transferability, revocation and dissension (for assertion we refer to the seller SSC company, for purchases via www.superskicard.com and with Intersport Bründl in Designer Outlet Salzburg the competent authority is Schmittenhöhebahn AG/Rubrik SuperSkiCard). If you believe that the processing of your details contravenes data protection law or that your data protection rights have been infringed in any other way, you can lodge a complaint with the supervisory authorities. In Austria this is the data protection authority (Hohenstaufengasse 3, 1010 Wien, dsb@dsb.gv.at, www.dsb.gv.at).
For the enforcement of data subject rights we need clear identification of the person concerned.
You can contact us via the following details:
Schmittenhöhebahn AG / Rubr. SSC
datenschutz@schmitten.at
Tel.: +43 6542 789 0
or contact the respective data protection coordinator for the vendor company.