privacy policy
Privacy Policy
Last updated: April 8, 2025
Thank you for your interest in the information on our website!
With this privacy policy, we aim to inform all individuals using this website about the nature, scope, and purposes of processing personal data. Personal data in this context refers to all information that can potentially identify you as a user of our website, including your IP address. Information stored in cookies is generally not personal data or only in exceptional cases; however, they are covered by a special regulation that largely depends on the active consent of users for their use, depending on their purpose.
In a general section of this privacy policy, we provide you with information about data protection that generally applies to our data processing, including data collection on our website. In particular, you will be informed about your rights as a data subject. We strive to provide this information in gender-neutral language. If individual formulations do not yet consider this, we point out that this information applies to all people of any gender.
The terms used in our privacy policy and our data protection practices are based on the provisions of the EU General Data Protection Regulation ("GDPR") and other relevant national legal provisions.
Responsible under the GDPR
ARGE Golf & Seen Tourism Association Mondsee-Irrsee
Dr. Franz Müller Street 3
5310 Mondsee
Austria
Data Protection Coordinator
Mr. Thomas Ebner
Data Collection on Our Website
Personal data from you is collected either when you explicitly provide it to us or when data, particularly technical data, is automatically captured during your visit to our website. Some of this data is collected to ensure the error-free functionality of our website. Other data may be used for analysis purposes. You can generally use our website without having to provide personal information.
Technologies on Our Website
CleverReach
Our website uses the services of CleverReach for sending newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany ("CleverReach"). CleverReach is a service that organizes and analyzes newsletter distribution.
If you enter data for the purpose of receiving newsletters (e.g., email address), it is stored on Mailjet's servers. Mailjet can use recipient data in pseudonymous form, i.e., without associating it with a user, to optimize or improve its services, such as technical optimization of sending and displaying newsletters or for statistical purposes. The sending service provider does not use the data of our newsletter recipients to contact them directly or to pass the data on to third parties.
If you do not want analysis by CleverReach, you must unsubscribe from the newsletter. We provide a corresponding link in each newsletter message.
The sending of the newsletter and the associated success measurement is based on the consent of the recipients according to Art. 6 para. 1 lit. a GDPR or, if consent is not required, on our legitimate interests in direct marketing for similar products and services according to Art. 6 para. 1 lit. f GDPR. You can revoke your consent according to Art. 7 para. 3 GDPR at any time with effect for the future by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
Further information on CleverReach's data protection can be found in the privacy policy at: https://www.cleverreach.com/de/datenschutz/
Cookies and Local Storage
We use cookies on our website to make our online presence more user-friendly and functional. Some cookies remain stored on your device.
Cookies are small data packets exchanged between your browser and our web server when you visit our website. They do not cause any harm and are used solely to recognize website visitors. Cookies can only store information provided by your browser, i.e., information you have entered into the browser or that is present on the website. Cookies cannot execute code and cannot be used to access your device.
Upon your next visit to our website with the same device, the information stored in cookies can be sent back either to us ("first-party cookie") or to a third-party web application to which the cookie belongs ("third-party cookie"). The stored and returned information allows the respective web application to recognize that you have already accessed and visited the website with your device's browser.
Cookies contain the following information:
Cookie Name
Name of the server from which the cookie originally came
Cookie ID number
A date when the cookie will be automatically deleted
Depending on the purpose and function, we categorize cookies into the following categories:
Technically necessary cookies to ensure the technical operation and basic functions of our website. This type of cookie is used, for example, to maintain your settings while navigating the website or to ensure that important information remains available throughout the session (e.g., login, shopping cart).
Statistics cookies to understand how visitors interact with our website by collecting and analyzing information anonymously. This provides valuable insights to optimize both the website and our products and services.
Marketing cookies to set targeted advertising activities for users on our website.
Unclassified cookies are cookies that we are currently trying to classify together with providers of individual cookies.
Depending on the storage duration, we also categorize cookies into session and permanent cookies. Session cookies store information used during your current browser session. These cookies are automatically deleted when you close the browser. No information remains on your device. Permanent cookies store information between two visits to the website. Based on this information, you are recognized as a returning visitor on your next visit, and the website reacts accordingly. The lifespan of a permanent cookie is determined by the cookie provider.
The legal basis for using technically necessary cookies is based on our legitimate interest in the technically flawless operation and smooth functionality of our website. Our website cannot function properly without these cookies. The use of statistics and marketing cookies requires your consent. You can revoke your consent to the use of cookies at any time for the future. Consent is voluntary. If not granted, there are no disadvantages. Further information about the cookies we actually use (especially their purpose and storage duration) can be found in this privacy policy and in the information about the cookies we use in our cookie banner.
You can also set your internet browser to prevent cookies from being stored on your device in general or to ask you each time whether you agree to the setting of cookies. You can delete cookies once set at any time. How all this works in detail can be found in the help function of your browser.
Please note that a general deactivation of cookies may lead to functional restrictions on our website.
We also use so-called local storage functions (also known as "local storage") on our website. Data is stored locally in your browser's cache, which can persist even after closing the browser – unless you delete the cache or it is session storage.
Third parties cannot access the data stored in local storage. If specific plugins or tools use local storage functions, this is described in the respective plugin or tool.
If you do not want plugins or tools to use local storage functions, you can control this in your browser settings. We point out that this may lead to functional restrictions.
Google Analytics
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Email: support-de(at)google.com
Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Purpose: Web analysis, success measurement, conversion tracking, collection of statistical data
Category: Statistics
Recipients: EU, USA
Processed data: IP address, information about website visit, user data
Affected: Website visitors
Technology: JavaScript call, cookies (details in the cookie list), fingerprinting, local storage
Legal basis: Consent (purpose)
Certifications: EU-U.S. Data Privacy Framework, Swiss-U.S. Data Privacy Framework, UK Extension to the EU-U.S. Data Privacy Framework
Further information:
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out where Google data centers are located: https://www.google.com/about/datacenters/locations/
We use the functions of the web analysis service Google Analytics on our website to analyze user behavior and optimize our online presence.
Google Analytics uses cookies that enable an analysis of the use of our website. All details (name, purpose, storage duration) of the cookies can be found in our specific list of used cookies.
Google Analytics can use local storage. This is an alternative to using cookies for storing the client ID. This allows tracking user behavior without setting cookies.
Information about the use of the website, such as browser type/version, operating system used, previously visited page, hostname of the accessing computer (IP address), time of server request, is usually transmitted to a Google server and stored there. We have concluded a contract with Google for this purpose.
On our behalf, Google will use this information to evaluate the use of our website, compile reports on activities within our website, and provide us with other services related to the use of our website and internet usage.
We use Google Analytics only with IP anonymization enabled by default. This means that the IP address of a user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. According to Google, the IP address transmitted by a user's browser within the framework of Google Analytics is not merged with other Google data.
During the website visit, user behavior is recorded in the form of so-called events. These can represent the following:
Page views, the click path of a user
First visit to our website
Visited websites
Start of a session
Interaction with our website
User behavior (e.g., clicks, scrolls, dwell time, bounce rates)
File downloads
Viewed/clicked ads
Interaction with videos
Internal search queries
Furthermore, the following is recorded:
Approximate location (region)
Date and time of visit
IP address (in shortened form)
Technical information about the browser or used devices (e.g., language settings, screen resolution)
Internet provider
Referrer URL (through which website/advertising medium a user came to our website)
The processing of this data is mainly carried out by Google for its own purposes, such as profiling (without our influence).
The data about the use of our website is deleted immediately after the end of the retention period we have set. Google Analytics provides us with a standard retention period of 2 months for user and event data, with a maximum retention period of 14 months. This retention period also applies to conversion data. For all other event data, the following options are available: 2 months, 14 months, 26 months (only Google Analytics 360), 38 months (only Google Analytics 360), 50 months (only Google Analytics 360). We choose the shortest storage duration that corresponds to our intended use. You can inquire about the current retention period we have set at any time.
The deletion of data whose retention period has been reached is carried out automatically once a month.
Supplementary details can be found in the linked further information. It is recommended to regularly check these links for changes, as Google Analytics may update its functions and privacy policies. Further information on rights and contact details can be found in the general part of this privacy policy.
Google Fonts
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company Google LLC (USA), https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Purpose: Integration of fonts
Category: Statistics
Recipients: EU, USA (possible)
Processed data: IP address, language settings, screen resolution, version and name of the browser
Affected: Website visitors
Technology: JavaScript call
Legal basis: Consent, Data Privacy Framework
Website: www.google.com
Further information: https://developers.google.com/fonts/faqhttps://policies.google.com/privacyhttps://www.google.com/about/datacenters/inside/locations/
Our website uses so-called web fonts provided by Google for uniform font representation.
To display Google web fonts, the browser you use must connect to Google's servers. This allows Google to know that our website was accessed via your IP address. The IP address of the browser of the visitor's device is also stored by Google. If your browser does not support web fonts, a standard font from your device will be used.
With each Google font request, information such as language settings, screen resolution, version, and name of the browser is automatically transmitted to Google servers along with the IP address. Through the collected usage data, Google can determine the popularity of fonts. Google publishes the results on internal analysis pages (e.g., Google Analytics).
With Google Fonts, we can use fonts on our website without having to upload them to our server. Google Fonts is an important component to maintain the quality of our website. All Google fonts are automatically optimized for the web, saving data volume and being particularly advantageous for mobile devices. When you visit us, the low file size ensures fast loading times. Furthermore, Google Fonts are secure web fonts and support all common browsers.
Requests for CSS assets are stored by Google on its servers for one day. This allows us to use the fonts with a Google stylesheet. The font files are stored at Google for one year. To delete data prematurely, you must contact Google support (https://support.google.com).
Google Maps
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC (USA)
Purpose: Integration of map services
Category: Statistics
Recipients: EU, USA
Processed data: IP address, information about website visit, user data
Affected: Users
Technology: JavaScript call, cookies
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out where Google data centers are located: https://www.google.com/about/datacenters/locations/
Our website integrates the Google Maps service to better display geographical information about locations for users.
Google Maps is an online map service that makes geographical information more readable on a device. It shows, among other things, directions or map sections of a location embedded in a website.
When calling Google Maps, the browser establishes a connection to Google's servers. This allows Google to know that our website was accessed via the user's IP address. The use of Google Maps enables Google to collect and process data about the use of the service.
Google Maps processes, based on the IP address, entered search terms and latitude/longitude coordinates for providing this service. If the route planner function of Google Maps is used, the entered start address is also stored. This data processing is carried out exclusively by Google and is beyond our control.
We point out that when executing this service, Google sets a cookie named "NID." Google Maps currently does not offer us the option to operate this service in a mode without this cookie. The NID cookie contains information about your user behavior, which Google uses to optimize its services and provide personalized advertising for you.
Google anonymizes data in server logs by deleting part of the IP address and cookie information after 9 or 18 months.
Location and activity data are stored for either 3 or 18 months and then deleted. Users can manually delete the history at any time via a Google account. To completely prevent location tracking, a user must disable the "Web & App Activity" section in their Google account.
Google Tag Manager
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC (USA)
Purpose: Management of tools and plugins
Category: Technically necessary
Recipients: EU, USA
Processed data: IP address
Affected: Users
Technology: JavaScript call
Legal basis: Legitimate interest, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out where Google data centers are located: https://www.google.com/about/datacenters/locations/
Our website uses the Google Tag Manager service.
The Tag Manager is a service that allows us to manage website tags via an interface. This way, we can integrate code snippets such as tracking codes or conversion pixels on websites without interfering with the source code. The data is only forwarded by the Tag Manager, but not collected or stored. The Tag Manager itself is a cookie-less domain and does not process personal data, as it solely serves the management of other services in our online offering.
When starting the Google Tag Manager, the browser establishes a connection to Google's servers. These are mainly located in the USA. This allows Google to know that our website was accessed via a user's IP address.
The Tag Manager ensures the resolution of other tags that may collect data themselves. However, the Tag Manager does not access this data. If a deactivation is carried out on the domain or cookie level, it remains for all tracking tags implemented with the Tag Manager.
Hosting
In the context of hosting our website, all data processed in connection with the operation of our website is stored. This is necessary to enable the operation of the website. We process the data accordingly based on our legitimate interest in optimizing our website offering. To provide our online presence, we use services from web hosting providers to whom we provide the above-mentioned data within the framework of order processing.
Contact
We offer various ways to contact us on our website. In the context of contacting us, your information is used to process the contact request and its handling within the framework of fulfilling pre-contractual rights and obligations. The processing of your data is necessary to process and respond to your request; otherwise, we may not be able to respond to your request or only to a limited extent. The information may be stored in a customer and prospect database based on our legitimate interest in direct marketing.
We delete your request and contact data if your request has been conclusively answered and there are no legal retention periods preventing deletion, e.g., in the context of subsequent contract processing. This is usually the case if there has been no contact with you for three consecutive years.
Meta Pixel
Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Email: privacy(at)facebook.com
Parent company: Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA
Purpose: Web analysis, tracking (conversion)
Category: Marketing
Recipients: EU, USA
Processed data: Visitor data (e.g., IP address, location data), behavioral data (e.g., clicks, dwell time, conversion data), device data (e.g., browser type, operating system), e-commerce data (e.g., order ID, product information)
Affected: Website visitors
Technology: JavaScript, cookies (details in the cookie list), tracking pixel
Legal basis: Consent (purpose)
Certifications: EU-U.S. Data Privacy Framework, Swiss-U.S. Data Privacy Framework, UK Extension to the EU-U.S. Data Privacy Framework
Website: https://www.facebook.com/business/tools/meta-pixel
Further information:
https://www.facebook.com/privacy/policy/
https://www.facebook.com/legal/terms
Our website uses the Meta-Pixel service from the social network Facebook for analysis, optimization, and economic operation of our online offering.
With the help of Meta-Pixel, Meta can determine the visitors of our website as a target group for displaying personalized ads. Accordingly, we use Meta-Pixel to show ads placed by us only to users who have shown interest in our online offering or who have certain characteristics (e.g., interests in specific topics or products determined based on visited websites) that we transmit to Meta ("Custom Audiences"). With the help of Meta-Pixel, we also want to ensure that our Meta ads correspond to the potential interest of users and do not appear annoying. With the help of Meta-Pixel, we can also track the effectiveness of Meta ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Meta ad ("conversion").
The actions of users are stored in one or more cookies. These cookies allow Meta to match user data (such as IP address, user ID) with the data of a Facebook account. The collected data is anonymous to us and not visible and can only be used in the context of advertisements. Users can prevent the association with the Facebook account by logging out before taking action.
To set which types of ads are displayed within Facebook, users can call up the page set up by Meta and follow the instructions for settings based on usage-based advertising: https://www.facebook.com/settings?tab=ads
The settings are platform-independent, i.e., they are adopted for all devices, such as desktop computers or mobile devices.
Supplementary details can be found in the linked further information. It is recommended to regularly check these links for changes, as Meta may update its functions and privacy policies. Further information on rights and contact details can be found in the general part of this privacy policy.
Server Log Files
For technical reasons, especially to ensure a functional and secure online presence, we process technically necessary data about accesses to our website in so-called server log files, which your browser automatically transmits to us.
The access data we process includes:
Name of the accessed website
Used browser type including version
Operating system used by visitors
The previously visited page of visitors (referrer URL)
Time of server request
Transferred data volume
Hostname of the accessing computer (used IP address)
These data are not assigned to natural persons and serve only statistical evaluations as well as the operation and improvement of our website and the security and optimization of our online offering. These data are only transmitted to our website host. There is no connection or merging of these data with other data sources. If there is suspicion of illegal use of our website, we reserve the right to subsequently check these data. The data processing is based on our legitimate interest in the technically flawless presentation and optimization of our website.
The access data is deleted shortly after the purpose is fulfilled, usually after a few days, unless further retention for evidence purposes is required. Otherwise, the data is retained until the final clarification of an incident.
SSL Encryption
We use the widespread SSL (Secure Socket Layer) procedure for your visit to our website in connection with the highest encryption level supported by your browser. Whether an individual page of our website is transmitted encrypted can be recognized by the closed representation of the key or lock symbol in the status bar of your browser. The use of this procedure is based on our legitimate interest in using appropriate encryption techniques.
We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved according to technological development and kept up to date.
Webcare
Provider: DataReporter GmbH, Zeileisstraße 6, 4600 Wels, Austria
Purpose: Consent Management
Category: Technically necessary
Recipients: EU, AT
Processed data: IP address, consent data
Affected: Users
Technology: JavaScript call, cookies, swarm crawler
Legal basis: Legitimate interest, consent (swarm crawler for evaluating search results)
Website: https://www.datareporter.eu/
Further information: https://www.datareporter.eu/company/info
We use the Webcare tool for consent management on our website. Webcare records and stores the decision of the respective users of our website. Through our consent banner, it is ensured that statistical and marketing technologies such as cookies or external tools are only set or started when the user has explicitly consented to their use.
We store information on whether the user has confirmed the use of cookies. The user's decision can be revoked at any time by calling up the cookie settings and managing the consent declaration. Existing cookies are deleted after revocation of consent. A cookie is also set to store information about the user's consent status, which is indicated in the cookie details. Furthermore, the IP address of the respective user is transmitted to DataReporter servers for the execution of this service. The IP address is neither stored nor associated with any other user data; it is used solely for the correct execution of the service.
With the help of Webcare, our website is regularly examined for data protection-relevant technologies. This examination is only carried out for users who have explicitly declared consent (for statistical or marketing purposes). The search results of users are evaluated by Webcare in anonymized form and used for fulfilling our information obligations. For starting the swarm crawler technology, a request is sent to our servers, and the user's IP address is transmitted for data transmission. Servers located geographically close to the user's location are selected. It is assumed that for users within the EU, a server located within the EU is chosen. The user's IP address is not retained and is immediately removed after the end of communication.
YouTube
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC (USA)
Purpose: Integration of video content, collection of statistical data
Category: Statistics
Recipients: EU, USA
Processed data: IP address, information about website visit, user data
Affected: Users
Technology: JavaScript call, cookies, device fingerprinting, local storage
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.youtube.com
Further information: https://www.youtube.com/intl/ALL_at/howyoutubeworks/user-settings/privacy/
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://support.google.com/youtube/answer/10364219?hl=de
We use the YouTube service to embed external videos on our website.
We have activated the extended data protection mode on YouTube. According to YouTube, this mode ensures that YouTube does not store information about visitors to this website before they watch a video. However, the transmission of data to YouTube partners is not excluded by the extended data protection mode.
Once a YouTube video is started on our website, a connection to YouTube's servers is established. This allows YouTube to know which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to associate your browsing behavior directly with your personal profile. This can be prevented by logging out of your account.
Furthermore, YouTube can store various cookies on your device or use comparable technologies (e.g., device fingerprinting) after starting a video. YouTube also uses local storage on your device. This way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve user-friendliness, and prevent fraud attempts.
General Information on Data Protection
The following provisions apply not only to data collection on our website but also generally to the processing of personal data.
Personal Data
Personal data is information that can be individually assigned to you. Examples include your address, name, postal address, email address, or phone number. Information such as the number of users visiting a website is not personal data because it does not allow assignment to an individual person.
Legal Basis for Processing Personal Data
Unless specifically mentioned in this privacy policy (e.g., for the technologies used), we can process your personal data based on the following legal grounds:
Consent according to Art. 6 para. 1 lit. a GDPR – the data subject has given consent to the processing of their personal data for one or more specific purposes.
Contract performance and pre-contractual measures according to Art. 6 para. 1 lit. b GDPR – The processing is necessary for the performance of a contract to which the data subject is a party or to carry out pre-contractual measures.
Legal obligation according to Art. 6 para. 1 lit. c GDPR – The processing is necessary to fulfill a legal obligation.
Protection of vital interests according to Art. 6 para. 1 lit. d GDPR – The processing is necessary to protect the vital interests of the data subject or another natural person.
Legitimate interests according to Art. 6 para. 1 lit. f GDPR – The processing is necessary to safeguard the legitimate interests of the controller or a third party, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.
Please note that in addition to the GDPR regulations, national data protection provisions in your or our home country may apply.
Transfer of Personal Data
Your personal data will not be transferred to third parties for purposes other than those listed in this privacy policy.
We only share your personal data with third parties if:
You have given your explicit consent according to Art. 6 para. 1 lit. a GDPR,
the transfer is necessary according to Art. 6 para. 1 lit. f GDPR to safeguard legitimate interests and to assert, exercise, or defend legal claims, and there is no reason to assume that you have an overriding interest in the non-disclosure of your data,
there is a legal obligation for the transfer according to Art. 6 para. 1 lit. c GDPR, and it is legally permissible and/or
it is necessary according to Art. 6 para. 1 lit. b GDPR for processing contractual relationships with you.
Collaboration with Processors
We carefully select our service providers who process personal data on our behalf. If we commission third parties to process personal data based on a processing agreement, this is done according to Art. 28 GDPR.
Transfer to Third Countries
If we process data in a third country or this occurs in the context of using third-party services or disclosure or transfer of data to other persons or companies, this is done only based on the legal grounds for data transfer presented above.
Subject to explicit consent or contractual necessity, we process or have the data processed in accordance with Art. 44-49 GDPR only in third countries with a recognized adequate level of data protection or based on special guarantees, such as a contractual obligation through so-called standard contractual clauses of the EU Commission, the presence of certifications, or binding internal data protection regulations.
Data Transfer to the USA
We expressly point out that on July 10, 2023, the EU Commission issued an adequacy decision under Art. 45 para. 1 GDPR for the EU-US Data Privacy Framework (Data Privacy Framework). Accordingly, organizations or companies (as data importers) in the USA, which are registered in a public list within the framework of self-certification of the Data Privacy Framework, offer an adequate level of protection for data transfer. Whether the specific provider of a service is already certified can be found here: https://www.dataprivacyframework.gov/s/participant-search
The Data Privacy Framework provides a valid legal basis for the transfer of personal data to the USA. Binding guarantees are created to comply with all requirements of the ECJ; for example, it is provided that the access of US intelligence services to EU data is limited to a necessary and proportionate extent, and a court for reviewing data protection is established, to which individuals in the EU have access.
If a data transfer by us to the USA takes place at all or a service provider based in the USA is used by us, we explicitly refer to this in this privacy policy (see especially the description of technologies on our website).
It should be noted that despite significant improvements, the Data Privacy Framework only applies partially and only to data transfers to those data importers in the USA that appear in the public list of certified organizations/companies.
What can the transfer of personal data to the USA mean for you as a user, and what risks exist in this context?
Risks for you as a user, insofar as data importers in the USA are affected that do not fall under the Data Privacy Framework, are certainly the powers of the US intelligence services and the legal situation in the USA, which currently, according to the ECJ, does not ensure an adequate level of data protection. Among other things, these include the following points:
Section 702 of the Foreign Intelligence Surveillance Act (FISA) does not provide restrictions on intelligence surveillance measures and no guarantees for non-US citizens.
Presidential Policy Directive 28 (PPD-28) does not provide effective remedies for measures by US authorities and does not provide barriers for ensuring proportionate measures.
The ombudsman provided for in the Privacy Shield does not have sufficient independence from the executive; it cannot issue binding orders to the intelligence services.
Legal Transfer of Data to the USA Based on Standard Contractual Clauses for Data Importers Not Covered by the Data Privacy Framework?
In June 2021, the European Commission adopted new standard contractual clauses (Standard Contractual Clauses SCC) with Decision 2021/914/EU. These create a new legal basis for data transfer where the same level of data protection as in the EU does not exist.
Legal Transfer of Data to the USA Based on Consent?
If a data transfer to a service provider based in the USA takes place, which does not fall under the Data Privacy Framework, and this data transfer is based on explicit consent, we explicitly inform about this in this privacy policy, especially in the description of the technologies used on our website.
What measures do we take to make data transfer to the USA legally compliant?
If US providers offer the option, we choose to process data on EU servers. This should technically ensure that the data is located within the European Union and access by US authorities is not possible.
General Storage Duration
If no explicit storage duration is specified during data collection (e.g., in the context of a consent declaration), we are obliged under Art. 5 para. 1 lit. e GDPR to delete personal data as soon as the purpose of their processing no longer exists. In this context, we point out that legal retention obligations to which we are subject represent a legitimate purpose for further processing of the personal data covered by them.
Data is generally stored and retained by us in personal form until the termination of a business relationship or until the expiration of applicable warranty, guarantee, or limitation periods, beyond that until the termination of any legal disputes in which the data is needed as evidence, or at least until the end of the third year after the last contact with a business partner.
Specific Storage Duration
In the description of individual technologies on our website, you will find specific information about the storage duration of data. In our cookie table, you will be informed about the storage duration of individual cookies. Additionally, you always have the option to inquire directly with us about the specific storage duration of data. Please contact the contact details provided in this privacy policy.
Rights of Data Subjects
Data subjects have the right:
(i) according to Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been disclosed or will be disclosed, the planned storage duration, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to complain, the origin of your data, if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
(ii) according to Art. 16 GDPR, to request the immediate correction of incorrect or completion of your personal data stored by us;
(iii) according to Art. 17 GDPR, under certain circumstances, to request the deletion of your personal data stored by us, provided that the processing is not necessary for exercising the right to freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest, or for asserting, exercising, or defending legal claims;
(iv) according to Art. 18 GDPR, to request the (temporary) restriction of processing your personal data, provided that the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion, we no longer need the data, but you need it for asserting, exercising, or defending legal claims, or you have objected to the processing according to Art. 21 GDPR;
(v) according to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common, and machine-readable format or to request its direct transfer to another responsible person; However, this only applies to your personal data that we process based on your consent or a contract using automated procedures;
(vi) according to Art. 21 GDPR, if your personal data is processed based on our legitimate interest, to object to the processing of your personal data, provided that there are reasons arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which is implemented by us without specifying a particular situation;
(vii) according to Art. 7 para. 3 GDPR, to revoke your consent once given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent in the future. Among other things, you have the option to revoke your consent to the use of cookies on our website with effect for the future by calling up our cookie settings;
(viii) according to Art. 77 GDPR, to complain to a supervisory authority regarding the unlawful processing of your data by us. You can usually contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
The competent supervisory authority for ARGE Golf & Seen Tourism Association Mondsee-Irrsee is:
Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna, Austria
Tel.: +43 1 52 152-0, dsb(at)dsb.gv.at
Assertion of Data Subject Rights
You decide about the use of your personal data. If you wish to exercise any of your above-mentioned rights towards us, you can contact us by email at info(at)golfundseen.at or by post, as well as by phone.
Please support us in specifying your request by answering questions from our responsible employee regarding the specific processing of your personal data. In case of justified doubts about your identity, an ID copy may be requested from us.
For questions on the topic of data protection, you can reach us at info(at)golfundseen.at or at the other contact details provided in this privacy policy.
Mondsee, April 8, 2025