1.1 We are pleased that you visit our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data means all data that can personally identify you.
1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
IXXALP Touristik & Event GmbH
Zwölferkogelweg 121, 5754 Hinterglemm, Austria
E-mail: info@ixxalp.com
Phone: +43 6541 6640
The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.
1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential contents (e.g., orders or inquiries to the controller). You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser line.
For purely informational use of our website, i.e., if you do not register or otherwise provide us with information, we only collect such data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data necessary for technical reasons to display the website to you:
The processing takes place according to Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used otherwise. However, we reserve the right to review the server log files afterward if there are concrete indications of unlawful use.
Purposes of processing:
Legal bases:
Categories of data processed:
Identification and contact data (name/company, address, email, phone), booking and ticket data (event day/period, number of guests, table/slot, minimum consumption, mandatory additional purchase, cancellation/no-show status), payment data (payment method, transaction/token IDs), communication data (service emails, logs of checkbox consents and displayed terms and conditions including timestamp). These data are necessary for purchase/reservation. Without these, a ticket purchase or table reservation is not possible.
IXXALP is responsible for the intermediary service (table reservation) and ticket purchase (including collection of minimum consumption/cancellation on behalf and account of the restaurateur). The catering contract is concluded between the customer and the restaurateur, who processes the received reservation data on their own responsibility.
Purposes of processing: Organization and implementation of the sports program (group allocation, communication about meeting points/changes, safety concept).
Legal bases:
Categories of data processed: Identification and contact data (name, email, phone), program selection/slot, possibly health information (voluntary, only as far as necessary for safe implementation), consent protocol (time, content, proof).
Recipients/categories of recipients:
Withdrawal of consent: You can revoke your consent at any time with effect for the future. The revocation does not affect the lawfulness of processing carried out on the basis of consent before its revocation; without consent, participation is not possible.
We use cookies, small text files stored on your device, to make visiting our website attractive and enable the use of certain functions. Some cookies are automatically deleted after closing the browser ("session cookies"), others remain longer ("persistent cookies"). You can find the storage duration of cookies in your browser's cookie settings.
If cookies process personal data, processing of necessary cookies is based on Art. 6 Para. 1 lit. f GDPR to safeguard our legitimate interests for the best possible functionality and customer-friendly, effective design of the site visit.
Non-essential cookies require your consent under Art. 6 Para. 1 lit. a GDPR, which is obtained via a cookie popup.
You can configure your browser to inform you about cookie setting and decide individually on acceptance or reject cookies generally or in specific cases. Please note that refusal may limit website functionality.
When contacting us (e.g., contact form or email), personal data are processed exclusively to handle and answer your concern and only to the extent necessary.
Legal bases are Art. 6 Para. 1 lit. b GDPR (contract or pre-contractual measures), Art. 6 Para. 1 lit. f GDPR (professional business communication and necessary programs like email servers), or Art. 6 Para. 1 lit. a GDPR (your consent).
Your data will be deleted if the matter is conclusively resolved and no legal retention obligations apply.
According to Art. 6 Para. 1 lit. b GDPR, personal data are collected and processed to the extent necessary if you provide them when opening a customer account. Required data are indicated in the input mask of the form on our website.
You can delete your customer account anytime by contacting the controller. After deletion, your data will be deleted unless contracts are still open, legal retention periods apply, or legitimate interests remain on our side.
If you register for our newsletter, we regularly send you information about our offers. The only mandatory information is your email address. Other data are voluntary and used for personal addressing.
We use a double opt-in procedure to ensure you receive newsletters only after confirming via a verification link sent to your email. With the confirmation, you consent to the use of your personal data under Art. 6 Para. 1 lit. a GDPR. We save your ISP-recorded IP address and registration date/time to trace misuse.
Data collected are used solely for the newsletter purpose. You can unsubscribe anytime via the provided link or by contacting us, upon which your email will be deleted from the newsletter list unless you consent otherwise or legal exceptions apply.
For the newsletter dispatch, we commission processors (see point 6.2). These have committed to complying with applicable data protection regulations. A data processing agreement according to Art. 28 GDPR has been concluded.
We use MailChimp “The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA” (http://www.mailchimp.com/) to send newsletters. MailChimp processes recipient data as a processor under Art. 28 GDPR based on our contract with them (https://mailchimp.com/legal/data-processing-addendum/).
The dispatch takes place based on the following legal bases:
Tracking (opens/clicks): We use web beacons and click redirects to track email opens and clicks only with your consent. Information collected includes IP address, timestamp, device/browser, used for campaign statistics and optimization. Participation is voluntary, and you can revoke consent anytime. Without consent, newsletters are sent without tracking.
Data are usually transferred to and stored on MailChimp servers in the USA.
Own purposes of The Rocket Science Group (Mailchimp): MailChimp processes some data independently for research, analysis, service improvement, and personalization but does not sell contact lists or disclose data outside the group.
MailChimp is certified under the EU-US Data Privacy Framework (DPF), and we supplement with standard contractual clauses if necessary. You can view MailChimp’s privacy policy here: https://mailchimp.com/legal/privacy/
Recipients/categories of recipients include:
If we owe you updates for digital products under contract, we process provided contact data (name, address, email) to inform you personally within legally prescribed periods. Data are used strictly for this purpose.
To achieve the above purposes, personal data may be disclosed to recipients such as website hosters, internet and telephone providers, IT support, data storage platforms, cooperation partners (e.g., restaurateurs), insurers, tax consultants, lawyers, courts, authorities, or the tax office.
Some recipients may be outside your country or process your data there. The data protection level may differ from Austria’s. We only transfer data to countries with an EU Commission adequacy decision or take measures to ensure an adequate data protection level, such as standard contractual clauses.
Our website uses YouTube's embedding function to display videos. The extended privacy mode is used, which, according to YouTube, only stores user information when videos are played. When playing embedded YouTube videos, YouTube uses cookies to collect user behavior data for video statistics, user-friendliness, and abuse prevention.
If you are logged into Google, your data are linked to your YouTube account. To avoid this, log out before clicking the video. You have the right to object to the creation of user profiles by YouTube by contacting YouTube directly.
Data may be transferred to Google LLC servers in the USA. Even without video playback, a connection to Google’s network is made on each page load, potentially triggering further data processing beyond our control. These processes are only carried out with your explicit consent under Art. 6 Para. 1 lit. a GDPR. Without consent, YouTube videos are not used during your visit. You can revoke consent anytime via the cookie consent tool.
Transfers to the USA are based on the EU-US Data Privacy Framework (DPF). Google LLC is certified under DPF.
Further information on data protection at YouTube can be found in the YouTube Terms of Service at https://www.youtube.com/static?template=terms as well as in Google’s Privacy Policy at https://www.google.de/intl/de/policies/privacy.
We use Google Web Fonts to display fonts uniformly. Your browser loads the fonts from Google servers, which may transfer personal data such as IP address, access time, and requested URL to Google LLC in the USA.
Google stores this data for secure and efficient font delivery, processed separately from other Google services, and not linked to Google accounts or used for advertising. The use is based on our legitimate interest under Art. 6 Para. 1 lit. f GDPR for a uniform and appealing presentation. If your browser does not support Web Fonts, a standard font is used.
Transfers to the USA are based on the EU-US Data Privacy Framework (DPF). Google LLC is certified under DPF.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s Privacy Policy at https://www.google.com/policies/privacy/.
This website uses Google Analytics, a web analytics service from Google LLC ("Google"). Google Analytics uses cookies to analyze website usage. Information generated about your use (browser type/version, operating system, referrer URL, IP address, time of server request) is usually transmitted to and stored by Google servers in the USA.
IP addresses are anonymized by deleting the last 8 bits ("anonymizeIp"). Only in exceptional cases is the full IP address transmitted to a Google server and shortened there. Google uses this information to evaluate site usage, compile reports, and provide other services to the site operator.
Use of web analytics requires your consent, which we obtain via the cookie popup. Rejecting the Google Analytics cookies prevents data transmission. Declining is pre-set in cookie settings; by clicking "Accept all", you consent to analytics cookies. Data linked to cookies are automatically deleted after 14 months. Deletion occurs once a month.
Transfers to the USA are based on the EU-US Data Privacy Framework (DPF). We have a data processing contract with Google LLC.
For further information on Google's terms and privacy please visit https://www.google.com/analytics/terms/de.html, https://policies.google.com/?hl=de, and https://support.google.com/analytics/answer/6004245?hl=de.
At our events (especially White Pearl Mountain Days), photos and videos may be taken showing participants. Group and situational recordings serve documentation, reporting, public relations, and promotion. They may be published in print media, press reports, on our website, newsletters, and social media.
Legal basis is our legitimate interest under Art. 6 Para. 1 lit. f GDPR. Individual portraits are only taken with your consent, which can be explicit or implied (e.g., looking consciously into the camera after being informed by the photographer). Legal basis is Art. 6 Para. 1 lit. a GDPR.
You can revoke consent anytime for the future. Recipients are media companies and the general public when published. Recordings are generally stored indefinitely unless revoked or objected to successfully.
Note on your rights: You have the right to object to processing your data in group/situational recordings for reasons related to your particular situation (Art. 21 GDPR). We will comply if possible. For individual portraits, revocation leads to discontinuation of use and deletion where possible.
11.1 Under current data protection law, you have the following rights regarding your personal data processed by the controller (with respective legal basis):
Right to object (Art. 21 GDPR):
IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME FOR REASONS RELATED TO YOUR PARTICULAR SITUATION.
WE WILL STOP PROCESSING UNLESS WE CAN PROVE COMPELLING LEGITIMATE GROUNDS OVERRIDING YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF PROCESSING IS FOR LEGAL CLAIMS.
FOR DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, LEADING TO CESSATION OF PROCESSING FOR MARKETING PURPOSES.
Right to lodge a complaint (Art. 77 GDPR):
If you believe data processing violates data protection laws, you can contact us or the supervisory authority. In Austria, this is the Data Protection Authority (https://dsb.gv.at/ueber-die-datenschutzbehoerde/kontakt).
Right to withdraw consent (Art. 7 Para. 3 GDPR):
You can revoke consent at any time with future effect. Revocation does not affect lawfulness of processing prior to revocation.
The duration of the storage of personal data is determined based on the respective legal basis, the purpose of processing, and—if applicable—additionally based on the respective statutory retention period (e.g., corporate and tax retention periods).
When processing personal data based on an explicit consent pursuant to Art. 6(1)(a) GDPR, such data will be stored until the data subject withdraws their consent.
Data subject to statutory retention periods under contracts (Art. 6 Para. 1 lit. b GDPR) are routinely deleted after retention expires, unless needed for contract performance or legitimate interest persists. Contract and booking data are generally stored for 7 years (tax law retention).
Data processed on legitimate interest basis (Art. 6 Para. 1 lit. f GDPR) are no longer processed if you object under Art. 21 GDPR unless overriding reasons apply or for legal claims.
When processing personal data for the purpose of direct marketing based on Art. 6(1)(f) GDPR, such data will no longer be processed if the data subject exercises their right to object pursuant to Art. 21 (2) GDPR.
Unless otherwise stated, personal data are deleted once no longer necessary for the purpose collected or processed.
