Cookies

Vienna Sightseeing Tours 

1. Privacy Notice 

Effective August 2024

2. Website Operator and Data Processing Controller 

Vienna Sightseeing Tours - Wiener Rundfahrten GmbH & Co. KG 

Opernring 3-5, Top 508-529, 1010 Vienna 

Austria 

Phone: +43 (0)1 712 46 83 - 0 

Fax: +43 (0)1 714 11 41 

Website: www.viennasightseeing.at

Email: office(at)viennasightseeing.at

Further information about our company can be found in the imprint on our website. 

There is no data protection officer appointed, as it is not legally required.

3. Purposes of Processing Operations 

- Website tracking & cookies:

  - To enable the use of our website

  - To identify you as a user in our system

  - To send you notifications on security-related topics

  - To detect fraud and misuse and prevent harmful activities

  - For risk assessment

  - To personalize your user experience

  - To provide customer service

4. Data Collection & Processing on Our Website www.viennasightseeing.at

4.1. Legal Bases: 

The use of cookies and similar technologies is based on Section 165 (3) of the TKG 2021. Subsequent data processing is based on your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). 

By using our website, access to or storage of information (e.g., IP address, cookies) may occur on your device. This access or storage can involve further processing of personal data under the GDPR.

Where such access or storage is required for the technically error-free provision of our services, it is based on Section 165 (3) sentence 3 of the TKG 2021. In cases where it serves other purposes (e.g., tailoring the website to your needs), it occurs based on Section 165 (3) TKG 2021 with your consent under Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time with future effect. The GDPR and Austrian Data Protection Act (DSG) apply to the processing of your personal data.

Further details about processing your personal data and legal bases can be found in the following sections about specific processing activities on our website.

4.2. Server Logfiles: 

When you access our website, your web browser must transmit data to our web server. The following data is recorded during communication between your web browser and our web server:

- Date and time of the request

- Name of the requested file

- Page from which the file was requested

- Access status

- Web browser and operating system used

- (Full) IP address of the requesting computer

- Transmitted data volume

We collect the listed data to ensure a smooth connection to the website and to enable users to use our website comfortably. In addition, the log file is used to evaluate system security and stability as well as for administrative purposes. The legal basis for the temporary storage of the data or log files is our legitimate interest (Art. 6 para. 1 lit. f GDPR).

This listed data is stored by us for a short time for reasons of technical security, in particular to prevent attacks on our web server. It is not possible for us to draw conclusions about individual persons based on this data. After seven days at the latest, the data is anonymized by shortening the IP address at domain level so that it is no longer possible to identify individual users. The data may be evaluated in anonymized form for statistical purposes. At no time is this data merged with other personal data of the user, compared with other databases or passed on to third parties.

4.3. Cookies: 

Our website uses "cookies," which are small files stored on your device, either temporarily for a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted after your visit, while persistent cookies remain until you delete them or your browser does so automatically. 

Cookies serve various functions, including essential ones (e.g., shopping cart or language settings). Other cookies analyze user behavior or display advertisements.

Processing data via essential cookies is based on our legitimate interest under Art. 6 para. 1 lit. f GDPR for the technically flawless provision of our services. Details on processing purposes and legitimate interests can be found in the explanations on specific data processing.

Other cookies process personal data based on your consent under Art. 6 para. 1 lit. a GDPR. You can revoke consent at any time. For cookies used for analytics or optimization, we will inform you in this privacy notice and obtain your consent in accordance with Art. 6 para. 1 lit. a GDPR.

To manage cookies, update or restrict their use, select your browser and follow the instructions: Google Chrome, Microsoft Edge, Safari, Firefox, Opera.

5. Usercentrics: 

We use the consent management service Usercentrics, provided by Usercentrics GmbH (Sendlinger Str. 7, 80331 Munich, Germany). This allows us to obtain and manage user consent for data processing. Processing is required to fulfill a legal obligation (Art. 7 para. 1 GDPR in conjunction with §165 para. 3 TKG 2021) to which we are subject (Art. 6 para. 1 sentence 1 lit. c GDPR). The following data are processed:

- Opt-in and opt-out data

- Referrer URL

- User agent

- User settings

- Consent ID

- Time of consent

- Type of consent

- Template version

- Banner language

- IP address

- Geographic location

The functionality of the website cannot be ensured without this processing. 

Usercentrics is the recipient of your personal data and acts as a data processor for us. Processing takes place within the European Union. More information about objection and removal options for Usercentrics can be found at: https://usercentrics.com/de/datenschutzerklaerung/ . 

The data is deleted after 3 years.

6. TourCMS & Palisis: 

Vienna Sightseeing has a business relationship with Palisis AG, a software company in Switzerland that licenses TourCMS. Vienna Sightseeing uses the TourCMS software for services and booking reservations on www.viennasightseeing.at . The privacy policy and company information are available at: http://www.palisis.com/privacypolicy/  and http://www.tourcms.com/company/privacy.php .

7. Trust my Travel & Adyen: 

This website uses Trust my Travel by Trust My Travel Ltd (Unit 10, Tinwell Business Park, UK) and Adyen by Adyen N.V. (NL) for payment processing on www.viennasightseeing.at . The privacy policies and information about the companies can be found here: https://trustmytravel.com/worldwide-privacy-notice/  and https://www.adyen.com/policies-and-disclaimer/privacy-policy.

8. Cloudflare 

This website uses Cloudflare for site security and to prevent DDoS and "bot" attacks. You can find the privacy policy and information about the company Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA, here: [https://www.cloudflare.com/security-policy/ ](https://www.cloudflare.com/security-policy/ ). Cloudflare is certified under the EU-U.S. Data Privacy Framework.

9. Google Tools

9.1. Use of Google Tag Manager 

Personal data is processed when you visit our website. Processed data categories: technical connection data of the server access (IP address, date, time, requested page, browser information).

Purpose of processing: Triggering, controlling and managing other services on our website. Google Tag Manager allows tags to be integrated centrally via a user interface. Tags are small sections of code that can track activities. Script codes from other tools are integrated via the Google Tag Manager. The Tag Manager allows us to control when a specific tag is triggered.

The legal basis for processing: your consent (Art. 6 (1) a GDPR), if you have given it via our consent management platform “Usercentrics”. as well as a legitimate interest in the secure and functioning operation of the technical systems, compliance with legal and contractual obligations (Art. 6 (1) f GDPR).

A transfer of data takes place: to the processor Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This may also involve the transfer of personal data to a country outside the European Union. The transfer of data to the USA is based on Art. 45 GDPR in conjunction with the European Commission's adequacy decision C(2023) 4745, as the data recipient has undertaken to comply with the data processing principles of the Data Pricacy Framework (DPF).

9.1.1. Google Tag Manager Usercentrics Collected Data 

This list contains all (personal) data collected by or through the use of this service.

- Aggregated data about tag triggering

9.2. Use of Google Gtag (Consent Mode/Ads/Analytics)

9.2.1. Google Gtag (Consent Mode): 

This website uses Google Consent Mode. This is a signal sent to Google that informs Google of the consent status of the user tracker or app ID. As a result, the user's consent decision, which you have given via our consent management platform “Usercentrics”, is passed on to Google and the behavior of Google Analytics, Google Ads and possibly other services is adjusted.

9.2.2. Google Gtag (Google Ads): 

This website uses Google Ads, an online advertising service by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, IE ("Google"). This service can display personalized or non-personalized advertisements to users. We use enhanced conversion tracking as part of Google Ads, which requires consent, and you can choose to opt-out.

Enhanced conversion tracking is a feature that complements existing conversion tags, improving the accuracy of conversion measurement and unlocking more powerful bidding capabilities. It allows us to send encrypted conversion data collected on our website to Google.

When visiting our website, personal data is processed with your consent. The data categories processed include information about website usage and logging clicks on individual elements. This data is used to optimize the website and marketing measures.

Purpose of processing: To analyze user behavior, assess the impact of online marketing measures, and select online advertising on other platforms, which is automatically chosen based on user behavior through real-time bidding.

Legal basis for processing: Your consent under Art. 6(1)(a) GDPR, provided via our Consent Management Platform "Usercentrics".

Data is transferred to: The independent controller Google Ireland Limited, Google Building Gordon House Barrow St, Dublin, Dublin 4, Ireland. The legal basis for data transfers to Google Ireland Limited is your consent under Art. 6(1)(a) GDPR, provided via "Usercentrics". This may include the transfer of personal data to a country outside the European Union. Data transfers to the USA occur based on Art. 45 GDPR in conjunction with the European Commission's adequacy decision C(2023) 4745, as the data recipient is committed to the principles of the Data Privacy Framework (DPF).

9.2.3. Google Ads Usercentrics Collected Data 

This list contains all (personal) data collected by or through the use of this service:

- Viewed advertisements

- Cookie ID

- Date and time of visit

- Device information

- Geographic location

- IP address

- Search terms

- Displayed advertisements

- Customer ID

- Impressions

- Online identifiers

9.2.4. Google Gtag (Google Analytics): 

This website uses Google Analytics, a web analysis service operated and provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States). With Google Analytics, we can measure the return on investment (ROI) of advertisements and track user behavior on Flash, video, websites, and applications. Google processes the website usage data on our behalf and is contractually committed to confidentiality measures. Due to the activation of IP anonymization on this website, your IP address is shortened by Google within member states of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

We also use the technical extension "Google Signals," which enables cross-device tracking, allowing the association of a single website visitor with multiple devices. However, this only occurs if the visitor is logged into a Google service during their visits (e.g., in the browser or YouTube) and has enabled the "personalized advertising" option in their Google account settings. Even in this case, no personal data or user profiles are made available to us; they remain anonymous.

If you do not wish to use "Google Signals," you can disable the "personalized advertising" option in your Google account settings.

More information about Google Ads and Google enhanced conversion tracking can be found in Google's privacy policy:https://policies.google.com/privacy .

During your website visit, the following data, among others, is recorded:

- Pages viewed

- Orders, including revenue and purchased products

- Your behavior on the pages (e.g., clicks, scroll behavior, time spent)

- Your approximate location (country and city)

- Your IP address (shortened so that it cannot be uniquely assigned)

- Technical information, such as browser, internet provider, device, and screen resolution

- Source of your visit (i.e., the website or advertisement that referred you to us)

This data is transmitted to a Google server in the USA. Google Analytics stores cookies in your web browser for a duration of two years after your last visit. These cookies contain a randomly generated user ID, allowing you to be recognized during future website visits. The recorded data is stored along with the randomly generated user ID, enabling the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregate form indefinitely.

Data processing in connection with Google Analytics, including the extended "Google Signals" feature, and any potential data transfers to the USA, are based on your consent (Art. 6(1)(a) GDPR in conjunction with Art. 49(1)(a) GDPR), if you have provided this via "Usercentrics." You can revoke your consent at any time with future effect by adjusting your preferences. If you do not wish to use "Google Signals," you can disable the "personalized advertising" option in your Google account settings.

If you do not agree with the data collection, you can prevent it by installing the Google Analytics opt-out browser add-on.

(Reference: traffic3.net) 

Google is certified under the EU-U.S. Data Privacy Framework. We have also entered into a data processing agreement with Google (Standard Contractual Clauses [SCC]).

9.2.5. Google Analytics Usercentrics Collected Data 

This list contains all (personal) data collected by or through the use of this service:

- Click path

- Date and time of visit

- Device information

- Location information

- IP address

- Pages visited

- Referrer URL

- Browser information

- Hostname

- Browser language

- Browser type

- Screen resolution

- Device operating system

- Interaction data

- User behavior

- Visited URL

- Cookie ID

9.2.6. Use of Google Remarketing 

We also use Google's remarketing feature. This allows us to display personalized advertising to you on suitable ad spaces on other websites, based on your interests shown on our website.

Further information can be found in Google's privacy policy. You can prevent interest-based advertising by installing this browser plugin. 

(Reference: traffic3.net)

10. Social Media Functions and Widgets

Your website uses social media features, such as the Facebook widget, which may collect data like the visitor's IP address and the visited pages. These features are either hosted by third parties or directly on your site, and interactions with them are governed by the privacy policies of the companies providing these features.

10.1 Use of Meta Pixel

Our website uses the Meta Pixel and other meta-marketing services and functions such as Meta Custom Audiences, Meta Conversion Tracking, Meta Retargeting and the Meta Ads ad manager to place and manage targeted ads for our products and services on the meta-social media platforms Facebook and Instagram and to measure the success of these ads.

The data collection and processing on our website takes place via the “Meta Pixel”. This is a tracking technology offered by Meta (formerly: Facebook) and used by other Meta/Facebook services. It is used to track visitors' interactions with websites (“events”) after they have clicked on an ad placed on Facebook or other services provided by Meta (“conversion”).

Our website uses the remarketing function “Meta Pixel” of Meta Platforms, Inc. (formerly Facebook Inc., or if you are based in the EU, Meta Platforms Ireland Limited (formerly Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2), Ireland (“Facebook”). This function is used to present interest-based advertisements (“Facebook Ads”) to visitors to this website when they visit the Facebook social network. Meta-Pixel has been implemented on our website for this purpose. A direct connection to the Facebook servers is established via meta pixels when the website is visited. It is transmitted to the Facebook server that you have visited this website and Facebook assigns this information to your personal Facebook user account.

Personal data is processed when you visit our website. Categories of data processed: Data on the use of the website and the logging of clicks on individual elements. Purpose of processing: Investigation of user behavior, analysis of the effect of online marketing measures and selection of online advertising on other platforms, which are automatically selected by means of real-time bidding based on user behavior. The legal basis for processing: your consent in accordance with Art. 6 para. 1 lit. a GDPR. Data is transferred: to the independent controller Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The legal basis for the transfer of data to Meta Platforms Ireland Ltd. is your consent in accordance with Art. 6 para. 1 lit. a GDPR, provided that you have given this consent via our consent management platform “Usercentrics”. This may also involve the transfer of personal data to a country outside the European Union. The transfer of data to the USA is based on Art. 45 GDPR in conjunction with the European Commission's adequacy decision C(2023) 4745, as the data recipient has undertaken to comply with the data processing principles of the Data Pricacy Framework (DPF). Information about the DPF membership of Meta Platforms Ireland Ltd.

Basis

The use of the meta pixel and the storage of “conversion cookies” is based on your consent (Art. 6 para. 1 lit. a GDPR), provided that you have given this consent via our consent management platform “Usercentrics”. We also have a legitimate interest in analyzing user behavior in order to optimize both our website and our advertising.

For more information on the collection and use of data by Facebook as well as your rights in this regard and options for protecting your privacy, please refer to Facebook's privacy policy at www.facebook.com/about/privacy/.

Alternatively, you can deactivate Facebook's remarketing function at www.facebook.com/settings/. To do this, you must be logged in to Facebook.

10.2 Meta Pixel Data Collected via Usercentrics

• Viewed advertisements
• Viewed content
• Device information
• Geographic location
• HTTP header
• Interactions with ads, services and products
• IP address
• Clicked elements
• Marketing information
• Pages visited
• Pixel ID
• Referrer URL
• Usage data
• User behavior
• Facebook cookie information
• Facebook user ID
• Usage/click behavior
• Browser information
• Device operating system
• Device ID
• User Agent
• Browser type

11. Sharing of Non-Personal Data

In some cases, we aggregate non-personal data such as the number of visitors, demographic data and the number and type of services booked and share this with partners. However, we do not disclose your name, address or other personal information. We never use your data for purposes other than those for which it was originally collected, and if we do, you have the option to opt out.

12. Contact Information

For privacy or security-related queries, users can contact you at:

- Email: office(at)viennasightseeing.at

- Phone: +43 (0)1 712 46 83 - 0

- Mail: Opernring 3-5, Top 508-529, 1010 Wien, Austria

13. Your Rights as a Data Subject Affected by Data Processing

As a data subject, users have various rights under data protection laws, including:

13.1 We do not create profiles of data subjects or other persons and do not engage in profiling and there is no automated decision-making as part of our activities.

13.2 As a data subject, you have the right to information, rectification, erasure, restriction and data portability within the framework of the statutory provisions. However, we would like to point out that these rights may be restricted if the provision of information would jeopardize a business or trade secret of the controller or third parties (§ 4 para. 6 DSG).

13.3 If you have given us your consent to process your data, you have the right to withdraw this consent at any time with effect for the future. This does not affect the lawfulness of the processing of the data up to the point of withdrawal. After revocation, the data will no longer be used for the purpose to which you consented (e.g. sending an e-mail newsletter).

13.4  If the processing of the data is based on a legitimate interest, you have the right to object to it. If you object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes. If we process data for other purposes on the basis of legitimate interest, we will no longer process the personal data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

13.5 To exercise your rights, please contact us by email at office@viennasightseeing.at, by phone: 0043 (0)1 712 46 83 - 0 or by post at the address: Opernring 3-5, Top 508-529, 1010 Vienna. It would be desirable if you could provide us with the necessary information to clearly identify yourself when making an inquiry.

13.6 If you believe that the processing of your personal data violates data protection law or your data protection claims have otherwise been violated in any way, you are free to lodge a complaint with the Austrian Data Protection Authority. The website of the data protection authority can be found at www.dsb.gv.at.