Controller pursuant to Art. 4 para. 7 GDPR is:

OnTours Software OG
Glacisstrasse 53

8010 Graz

ATU77929413

FN572882z

GENERAL INFORMATION ON DATA PROCESSING AND COLLECTION

Personal data is all information that relates to a person. Examples of this are name, address or e-mail address. We only process this data to the extent necessary. Personal data is only collected with consent or if the processing of the data is permitted by law. Personal data is only collected if you enter it in the forms provided on this website.

AUTOMATED DATA COLLECTION OF THE WEBSITE

When you visit this website, even if you do not enter any data, non-personal data is automatically transmitted by your internet browser or device for technical reasons. These are necessary in order to display our website to you and to ensure stability and security.

• IP address of the user
• Date and time of the request
• Operating system of the user
• Language and version of the Internet browser
• Access status/HTTP status code
• Website from which the request comes
• Amount of data transferred in each case

This data is temporarily stored in log files on the server. There is no allocation to personal data and the log files are only viewed and used in the event of incidents. The log files are automatically deleted after ten days. Since the collection and storage of this data is essential for the use of the website and the maintenance of IT security, you have no option to object in this regard.

Other data that we use

By concluding a contract with OnTours Software OG, the following data is used and stored due to the legal obligation to provide evidence:

Master data of the client: first and last name, address, contact information and information about the contract.

Other personal data: Data that you provide to us in the course of fulfilling the contract. These are, for example Age, gender or marital status.

We do not collect or store sensitive data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, or data concerning health, sex life or sexual orientation.

Data processing

In accordance with Art. 6 para. 1 lit. a GDPR, we process the personal data collected by the service with your consent only to the extent necessary to provide our services.

Use of collected data

We use personal data to provide the requested service. If you have besp. use the contact form, we will use this information to contact you. This data is used exclusively for answering your request and the associated administration. Your data will be deleted after processing has been completed, if desired and if there is no legal obligation to retain it.

Data deletion

In principle, your master data and other personal data arising from the provision of our services will be deleted after expiry of the statutory retention period (7 years), unless otherwise required by law.

Data that does not fall under the retention obligation will be deleted after 14 days at the latest.

Rights of data subjects

If your personal data is processed by us, you are a data subject within the meaning of the GDPR and you have the following rights:

Right of revocation

If the processing of your personal data is based on your consent, you have the right to withdraw this consent.

Right to information

You can request confirmation from us as to whether we are processing your data and to what extent.

Right to rectification

You have the right to request the correction of your personal data if it is incorrect.

Right to erasure

You have the right to request that we delete your personal data. We are obliged to irrevocably and permanently delete this data, unless it is necessary due to the legal obligation to retain it or for the current fulfillment of your order.

As manual intervention in the archive system would be necessary for deletion, and this is only possible with a high level of economic and technical effort, we ask for your understanding that complete deletion will only take place after a backup cycle (up to 28 days). If we have to perform a data restore in the meantime, the data to be deleted will of course not be restored.

Right to restriction of processing

You may request the restriction of the processing of your personal data if at least one of the following conditions is met:

You contest the accuracy of the personal data for a period enabling us to verify the accuracy of the personal data.

The processing is unlawful and you request the restriction of the use of the data instead of its erasure.

We no longer need the data, but you need it to assert, exercise or defend legal claims.

If you have lodged an objection to the processing, as long as it is not yet clear whether our legitimate reasons outweigh your reasons.

Right to data portability

You have the right to receive the personal data concerning you, which we hold, in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit this data to another controller, provided that the processing is based on consent or on a contract and is carried out by automated means.

Right of objection

You have the right to object to the processing of your personal data at any time. We will then no longer process this data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights or freedoms, or the processing serves the establishment, exercise or defense of legal claims.

You can object to the sending of advertising at any time without giving reasons.

Right of appeal

If you are of the opinion that we are violating Austrian or European data protection law when processing your data, please contact us. Of course, you also have the right to lodge a complaint with the Austrian or European data protection authority.

Confirmation of identity

If we have any doubts about any requests, we may ask for additional information to confirm your identity. This is in the interest of your rights and privacy.

Excessive claim

If one of the aforementioned rights is manifestly unfounded or exercised particularly frequently, we may demand an appropriate processing fee or refuse to process the order.

Web hosting provider

All web pages are created by the company

• Hetzner Online GmbH
• Industriestr. 25
• 91710 Gunzenhausen
• Germany

hosted. We have selected the company with great care as a specialized service provider. The server infrastructure meets the highest security standards and is also located in Karlsruhe. Furthermore, we have a separate data protection agreement with the provider, which is even stricter than the GDPR. If it is necessary for the fulfillment of the requested service (e.g. domain registration), we pass on personal data to this company. The privacy policy of World4You Internet Services GmbH can be viewed at the following link: https://www.hetzner.com/de/legal/privacy-policy

Cookies

Cookies are small files that enable this website to store specific user-related information on the visitor’s computer while our website is being visited. Cookies help us to determine the frequency of use and the number of users of our website, as well as to make our offers convenient and efficient for you. We use session cookies, which are only stored temporarily for the duration of your use of our website, and permanent cookies to store information about visitors who repeatedly access our website. The purpose of using these cookies is to offer optimal user guidance, to recognize visitors and to be able to present the most attractive website and interesting content possible for repeated use. The content of a permanent cookie is limited to an identification number. Name, IP address etc. are not stored. An individual profile of your usage behavior does not take place. It is also possible to use our services without cookies. You can deactivate the storage of cookies in your browser, restrict it to certain websites or set your web browser (Chrome, IE, Firefox, etc.) to notify you as soon as a cookie is sent. You can also delete cookies from the hard disk of your PC at any time. Please note, however, that in this case you will have to reckon with a limited display of the page and limited user guidance.

Google Analytics: Data protection and opt-out options

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: Browser add-on to deactivate Google Analytics.

You can prevent Google Analytics from collecting data by clicking on the following link. An opt-out cookie is set which prevents the future collection of your data when you visit this website as long as the cookie is not deleted: Deactivate Google Analytics.

Further information on terms of use and data protection can be found at https://www.google.com/analytics/terms/de.html or at https://www.google.com/intl/de/analytics/privacyoverview.html. We would like to point out that on this website Google Analytics has been extended by the code “gat._anonymizeIp();” in order to ensure an anonymized collection of IP addresses (so-called IP masking).

Google Maps

This website uses Google Maps to display map information. When using Google Maps, Google also collects, processes and uses data about the use of the Maps functions by visitors to the websites. You can find more information about data processing by Google in Google’s privacy policy at https://www.google.at/intl/de/policies/privacy/. You can also change your settings there in the data protection center so that you can manage and protect your data.

Children

Our offer and services are aimed at adults. Persons under the age of 16 may not transmit any personal data to us without the consent of their parents or legal guardians.

Google reCAPTCHA privacy policy

Our primary goal is to secure and protect our website for you and for us in the best possible way. To ensure this, we use Google reCAPTCHA from Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With reCAPTCHA we can determine whether you are really a flesh and blood person and not a robot or other spam software. By spam we mean any unsolicited information that is sent to us electronically. In the classic CAPTCHAS, you usually had to solve text or picture puzzles to check your knowledge. With reCAPTCHA from Google, we usually don’t have to bother you with such puzzles. In most cases, it is sufficient to simply tick the box to confirm that you are not a bot. With the new Invisible reCAPTCHA version, you don’t even have to check the box. You can find out exactly how this works and, above all, which data is used for this purpose in the course of this privacy policy.

WHAT IS RECAPTCHA?

reCAPTCHA is a free captcha service from Google that protects websites from spam software and misuse by non-human visitors. This service is most frequently used when you fill out forms on the Internet. A captcha service is a kind of automatic Turing test designed to ensure that an action on the Internet is carried out by a human and not by a bot. In the classic Turing test (named after the computer scientist Alan Turing), a human determines the difference between a bot and a human. With captchas, the computer or a software program also takes care of this. Classic captchas work with small tasks that are easy for humans to solve but present considerable difficulties for machines. With reCAPTCHA you no longer have to actively solve puzzles. The tool uses modern risk techniques to distinguish humans from bots. Here you only need to check the text field “I am not a robot” or, with Invisible reCAPTCHA, even this is no longer necessary. With reCAPTCHA, a JavaScript element is integrated into the source code and then the tool runs in the background and analyzes your user behavior. The software calculates a so-called captcha score from these user actions. Google uses this score to calculate the probability that you are human even before you enter the captcha. reCAPTCHA or captchas in general are always used when bots could manipulate or abuse certain actions (such as registrations, surveys, etc.).

WHY DO WE USE RECAPTCHA ON OUR WEBSITE?

We only want to welcome people of flesh and blood on our side. Bots or spam software of all kinds can safely stay at home. That is why we are doing everything we can to protect ourselves and offer you the best possible user experience. For this reason, we use Google reCAPTCHA from Google. This way we can be pretty sure that we remain a “bot-free” website. By using reCAPTCHA, data is transmitted to Google to determine whether you are actually a human being. reCAPTCHA therefore serves the security of our website and consequently also your security. For example, without reCAPTCHA it could happen that a bot registers as many email addresses as possible during registration in order to subsequently “spam” forums or blogs with unwanted advertising content. With reCAPTCHA we can avoid such bot attacks.

WHAT DATA IS STORED BY RECAPTCHA?

reCAPTCHA collects personal data from users to determine whether the actions on our website actually originate from people. This means that the IP address and other data that Google requires for the reCAPTCHA service can be sent to Google. IP addresses within the member states of the EU or other states party to the Agreement on the European Economic Area are almost always truncated before the data ends up on a server in the USA. The IP address will not be combined with other Google data unless you are logged in with your Google account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) have already been placed on your browser. reCAPTCHA then sets an additional cookie in your browser and records a snapshot of your browser window.

The following list of collected browser and user data is not intended to be exhaustive. Rather, these are examples of data which, to our knowledge, are processed by Google.

• Referrer URL (the address of the page from which the visitor comes)
• IP address (e.g. 256.123.123.1)
• Information about the operating system (the software that enables your computer to operate. Common operating systems are Windows, Mac OS X or Linux)
• Cookies (small text files that store data in your browser)
• Mouse and keyboard behavior (every action you perform with the mouse or keyboard is saved)
• Date and language settings (which language or date you have preset on your PC is saved)
• All JavaScript objects (JavaScript is a programming language that enables websites to adapt to the user. JavaScript objects can collect all kinds of data under one name)
• Screen resolution (indicates how many pixels the image display consists of)

It is undisputed that Google uses and analyzes this data even before you click on the “I am not a robot” checkbox. With the Invisible reCAPTCHA version, there is even no need to check the box and the entire recognition process runs in the background. Google does not tell you in detail exactly how much and what data it stores.

The following cookies are used by reCAPTCHA: Here we refer to the reCAPTCHA demo version from Google at https://www.google.com/recaptcha/api2/demo. All these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA has set on the demo version:

Name: IDE
Value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-211140065-8
Purpose: This cookie is set by the company DoubleClick (also owned by Google) to register and report the actions of a user on the website in dealing with advertisements. This allows the effectiveness of advertising to be measured and appropriate optimization measures to be taken. IDE is stored in browsers under the domain doubleclick.net.
Expiration date: after one year

Name: 1P_JAR
Value: 2019-5-14-12
Purpose: This cookie collects statistics on website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to display relevant advertisements to users. The cookie can also be used to prevent a user from seeing the same ad more than once.
Expiration date: after one month

Name: ANID
Wert: U7j1v3dZa2111400650xgZFmiqWppRWKOr
Purpose: We were unable to find out much information about this cookie. In Google’s privacy policy, the cookie is mentioned in connection with “advertising cookies” such as “DSID”, “FLC”, “AID”, “TAID”. ANID is stored under domain google.com.
Expiration date: after 9 months

Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: The cookie stores the status of a user’s consent to the use of various Google services. CONSENT is also used for security purposes to check users, prevent fraudulent login information and protect user data from unauthorized attacks.
Expiration date: after 19 years

Name: NID
Wert: 0WmuWqy211140065zILzqV_nmt3sDXwPeM5Q
Intended use: NID is used by Google to customize advertisements to your Google search. With the help of the cookie, Google “remembers” your most frequently entered search queries or your previous interaction with ads. So you always get customized ads. The cookie contains a unique ID to collect the user’s personal settings for advertising purposes.
Expiration date: after 6 months

Name: DV
Wert: gEAABBCjJMXcI0dSAAAANbqc211140065-4
Intended use: As soon as you have checked the “I am not a robot” box, this cookie is set. The cookie is used by Google Analytics for personalized advertising. DV collects information in anonymized form and is also used to make user distinctions.
Expiration date: after 10 minutes

Note: This list cannot claim to be exhaustive, as experience has shown that Google changes its choice of cookies from time to time.

HOW LONG AND WHERE IS THE DATA STORED?

By inserting reCAPTCHA, data is transferred from you to the Google server. Where exactly this data is stored is not made clear by Google, even after repeated requests. Without having received confirmation from Google, it can be assumed that data such as mouse interaction, time spent on the website or language settings are stored on the European or American Google servers. The IP address that your browser transmits to Google is not merged with other Google data from other Google services. However, if you are logged in to your Google account while using the reCAPTCHA plug-in, the data will be merged, subject to Google’s differing data protection provisions.

HOW CAN I DELETE MY DATA OR PREVENT DATA STORAGE?

If you do not want any data about you and your behavior to be transmitted to Google, you must log out of Google completely and delete all Google cookies before you visit our website or use the reCAPTCHA software. In principle, the data is automatically transmitted to Google as soon as you access our website. To delete this data again, you must contact Google support at https://support.google.com/?hl=de&tid=211140065.

Therefore, when you use our website, you consent to Google LLC and its representatives automatically collecting, processing and using data.

You can find out more about reCAPTCHA on Google’s web developer page at https://developers.google.com/recaptcha/. Although Google goes into more detail here about the technical development of reCAPTCHA, you will search in vain for precise information about data storage and data protection issues. You can find a good overview of the basic use of data at Google in the company’s own privacy policy at https://www.google.com/intl/de/policies/privacy/.

Period of validity

This privacy policy applies from May 25, 2018 when the GDPR comes into force and replaces all data protection provisions in the GTCs.

Changes

OnTours Software OG reserves the right to amend this privacy policy at any time in compliance with the applicable data protection regulations.