Cookies

Cookie Policy

Vienna Pass GmbH
Status: March 2025

1. Introduction

This Cookie Policy informs you about how we use cookies and similar technologies to provide you with the best possible experience on our website. We distinguish between technically necessary cookies and those that require your consent (e.g., analytics, marketing, or social media cookies).

2. Website Operator and Data Controller

VPG Vienna Pass GmbH
Opernring 3-5, Top 508-529, 1010 Vienna, Austria
Phone: 0043 (0)1 712 46 83 - 0
Fax: 0043 (0)1 714 11 41
Web: www.viennapass.de and www.viennapass.info

Email: info(at)viennapass.com

Further information about our company can be found in the legal notice on our website.
No data protection officer has been appointed, as this is not legally required.

3. Purposes of Processing Activities

To provide you with the best possible user experience, we use cookies for the following purposes:

Technically necessary functions:

  • Enabling the use of our website (e.g., session cookies for shopping cart functions, language settings).

  • Identifying the user within our system.

  • Providing security notifications and protecting against fraud, abuse, and harmful activities.

  • Technically required storage takes place without your explicit consent in accordance with § 165(3) TKG 2021.

Analytics & Personalization:

  • Customizing your user experience and analyzing user behavior.

  • Providing individualized customer service.

  • These cookies are processed exclusively with your consent (Art. 6(1)(a) GDPR).

4. Data Collection and Processing on Our Website

4.1. Legal Basis

The use of cookies and similar technologies is generally based on § 165(3) TKG 2021.

  • For technically necessary cookies: Storage and processing take place to ensure the error-free provision of our services without requiring your consent.

  • For all other purposes: Processing is based on your consent (Art. 6(1)(a) GDPR), which you can withdraw at any time with future effect.

  • When using our website, access to information (e.g., IP address) or storage of information (e.g., cookies) on your device may occur. If these data are strictly necessary for the operation of the website, processing occurs without consent; otherwise, it is only carried out with consent.

  • The provisions of the GDPR and the Austrian Data Protection Act (DSG) apply to the processing of your personal data.

4.2. Server Log Files

When accessing our website, your browser automatically transmits technical data to our web server. The following data are collected:

  • Date and time of the request

  • Name of the requested file

  • Page from which the file was requested

  • Access status

  • Browser and operating system used

  • (Complete) IP address of the requesting computer

  • Transferred data volume

These data are processed to ensure a smooth connection and system security. The legal basis is our legitimate interest (Art. 6(1)(f) GDPR). Log file data are stored for security reasons and anonymized by truncating the IP address at the domain level after a maximum of seven days. In anonymized form, these data may be used for statistical purposes, but they are not merged with other personal data.

4.3. Cookies

Our website uses cookies, which are small files stored on your device.

Types of cookies:

  • Session cookies: Temporary cookies that are automatically deleted after your visit ends.

  • Persistent cookies: Remain on your device until deleted by you or your browser.

Functions of cookies:

  • Technically necessary cookies: Enable essential functions (e.g., shopping cart, language settings).

  • Analytics and marketing cookies: Track user behavior, optimize our website, and serve personalized advertising – these are processed only with your consent.

The processing of technically necessary cookies is based on our legitimate interest (Art. 6(1)(f) GDPR). Other cookies are processed only with your consent (Art. 6(1)(a) GDPR), which you can withdraw at any time.

For a detailed overview of the cookies used on our website, including name, purpose, and storage duration, please refer to our cookie overview.

To manage, update, or restrict the use of cookies, please follow your browser's instructions (e.g., Google Chrome, Microsoft Edge, Safari, Firefox, Opera).

5. Consent Management via Usercentrics

We use the Usercentrics Consent Management service (Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany) to obtain, manage, and document your consent for data processing.

Processed data by Usercentrics:

  • Opt-in and opt-out data

  • Referrer URL

  • User agent

  • User settings

  • Consent ID, timestamp, and type of consent

  • Template version, banner language

  • IP address and geographic location

The website's functionality is not guaranteed without this processing. Usercentrics acts as a data processor for us. Further details can be found in Usercentrics' privacy policy. Processing occurs within the European Union, and data are deleted after three years. You can change your consent preferences at any time via the Usercentrics interface.

6. Integration of Additional Tools and Services

6.1. AVS

AVS Abrechnungs- und Verwaltungs-Systeme GmbH; Josephsplatz 8, 95444 Bayreuth, which provides us with the Card AVS card platform as a technical service provider.
Further information can be found in the AVS privacy policy.

6.2. Trust My Travel & Adyen

For payment processing, we use Trust My Travel (Trust My Travel Ltd, UK) and Adyen (Adyen N.V., NL). More information can be found in their respective privacy policies. Trust My Travel and Adyen

6.3. Cloudflare

Cloudflare protects our website against DDoS attacks and enhances security. More information can be found in Cloudflare's privacy policy. Cloudflare is certified under the EU-U.S. Data Privacy Framework.

6.4. Google Tools

Google Tag Manager:

  • Purpose: Central management of tags (small sections of code) to control other tools on our website.
  • Legal basis: Your consent (Art. 6 para. 1 lit. a GDPR) or our legitimate interest (Art. 6 para. 1 lit. f GDPR).
  • Data transfer: To Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Note: Data transfers to the USA are based on the European Commission's adequacy decision C(2023) 4745.
Google Gtag / Analytics / Ads / Remarketing:

  • Google Analytics:

Collects data such as pages viewed, clicks, location and technical information.
IP anonymization is activated - the full IP address is only transmitted in exceptional cases.
Data is automatically deleted after 14 months, aggregated data remains longer.
Processing is based on your consent (Art. 6 para. 1 lit. a GDPR) - you can revoke this at any time.

  • Google Ads and remarketing:

Collect data such as cookie ID, device information and interaction data to enable personalized advertising.
For further details and the legal basis (consent), please refer to the respective sections.
The following applies to all Google tools:
Data transfers to third countries are carried out in accordance with the applicable data protection regulations and the EU adequacy decision.

6.5. Social Media Features and Widgets

Our website contains social media features such as the Meta Pixel (formerly Facebook Pixel).

  • Purpose: Enables the tracking of interactions to optimize advertisements on Facebook and Instagram.
  • Data processing: Collects device information, IP address, click behavior and interaction data, among other things.
  • Legal basis: Your consent (Art. 6 para. 1 lit. a GDPR).
  • Data transfer: To Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland.

Note: Alternatively, you can deactivate interest-based advertising via your Facebook settings.

6.6. Hotjar

Hotjar is a technology service that helps us better understand user behavior, enabling us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on the behavior of our users and their devices. 

  • Purpose: To track user behavior on the website in order to build and maintain our service with user feedback.
  • Data processing: IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic locations (country only), preferred language, user behavior (e.g. how much time they spend on which pages, which links they choose, what users like and dislike, etc.) - Hotjar stores this information in a pseudonymized user profile on our behalf.
  • Legal basis: Your consent (Art. 6 para. 1 lit. a GDPR).
  • Data transfer: To Hotjar Ltd - Dragonara Business Centre 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta, C65490 - Hotjar is contractually obliged not to sell any of the data collected on our behalf.

Further information can be found in Hotjar's privacy policy. (link)

7. Sharing of Non-Personal Data

We aggregate and share non-personal data (e.g., visitor numbers, demographic statistics) solely for statistical purposes. No personally identifiable information is shared.

8. User Rights

As a data subject, you have the following rights:

  • Access, rectification, erasure, restriction of processing, and data portability.

  • Withdrawal of consent: You can withdraw your consent at any time with future effect.

  • Right to object, particularly against processing for direct marketing purposes.

To exercise your rights, contact us via email at info(at)viennapass.com, phone at 0043 (0)1 712 46 83 - 0, or mail to the above address. If you believe your data is being processed unlawfully, you can contact the Austrian Data Protection Authority (www.dsb.gv.at).

9. Final Provisions and Updates

This policy is regularly reviewed and updated to comply with legal and technical developments. Please check third-party links in this policy regularly for updates.