Privacy policy

Data protection

Vienna Pass

1. data protection information

Status April 2025

Your privacy is important to us. Here you can find out how we at VPG Vienna Pass collect and use your data. The aim is to provide you with the best booking experience.

2. controller of the data processing

VPG Vienna Pass GmbH

Opernring 3-5, Top 508-529, 1010 Vienna, Austria

Telephone: 0043 (0)1 50 33 033

Web: https://www.viennapass.de

E-mail: info(at)viennapass.com

Controller for data processing (website use www.viennapass.com)

Vienna Pass GmbH, Opernring 3-5, 1010 Vienna, Austria

Further information about the company can be found in the legal notice on our website.

No data protection officer has been appointed, as this is not required by law.

3. general information on data processing

In our data protection information, we inform you about the most important aspects of data processing in the context of our activities as a provider of sightseeing tickets for Vienna, namely

- the administration and sale of our Vienna PASS and Flexi PASS sightseeing cards and

- additional processing activities:

- Client and supplier administration,

- Public relations and marketing for our own purposes,

- Image processing for events,

- functionalities of our website and

- our newsletter and

- customer surveys.

4 Purposes of the processing operations:

4.1 We carry out the following processing operations that are necessary for you

- as a Vienna PASS customer,

- as a sales partner of Vienna PASS such as agencies etc.,

- as a supplier and other contractors and

- as an involved person (operator of attractions) and

- as a natural person (contact person/person in charge) at our sales partners, suppliers, contractors, involved persons,

- as a marketing contact, newsletter subscriber or website visitor

are essential, namely:

- Sales, administration and processing of the Vienna PASS

- Reimbursement to attractions in connection with our Vienna PASS

- Supplier and customer management (for handling our sales and purchasing as well as our back office)

- Contact forms on the website (for answering enquiries)

- Call centre

- Contact database (from public sources or business cards)

- Public relations (to present our activities)

- Marketing (to inform customers, interested parties and for customer acquisition) with your consent

- Information about events by electronic mail to existing contacts based on our legitimate interest in such information about our offers

- Newsletters (for the support and information of existing B2B contacts based on our legitimate interest in such information about our offerings)

4.2 In order to provide you with a better service, we collect information from you. This information allows us to identify you directly or indirectly. In some cases, the information we need from you is personal data to enable you to use certain services on our website. For example, when you make a booking on our website, we require you to provide personal information such as your first and last name, email address, billing address and hotel name, as well as payment information such as credit card number, expiry date and security code. We use this information for billing and transaction purposes. If there are any problems processing the order, we will use this information to contact you. We also use the information to ensure the successful fulfilment of the service.

4.3 As the controller, we process the data provided by you in the context of the conclusion of the contract for the duration of the ongoing contractual relationship for the fulfilment or initiation of the contract and for the implementation of pre-contractual measures, for example in cases of enquiries about our products or services (Art. 6 para. 1 lit. b GDPR) and beyond that, as long as required by tax law (Art. 6 para. 1 lit. c GDPR). In addition, the processing operations may also be based on our legitimate interest or the legitimate interest of a third party (Art. 6 para. 1 lit. f GDPR), provided that this processing is not covered by any of the aforementioned legal bases. In the opinion of the European legislator, a legitimate interest can be assumed if the data subject is a customer of the controller, for example for direct marketing purposes.

5 Categories of recipients

5.1 As part of the processing operations, we transfer data to the following categories of recipients, whereby the recipients are acting on our behalf or the transfer is necessary to fulfil contractual or legal obligations; for special processing operations, we name the special recipients here:

- Business partners and third parties who cooperate or are to cooperate in the processing of business transactions (e.g. tax consultants, auditors, liability and legal expenses insurers, other insurance companies, notaries, translators, lawyers)

- Banks and credit card companies (Trust my Travel, Adyen...) for the processing of payment transactions

- Processors within the scope of IT and communication services (AVS Abrechnungs- und Verwaltungs-Systeme GmbH, software support, marketing service providers, maintainers of our network, server and clients, email service providers and telephone service providers)

- If applicable, authorities via their request

- Website (public)

5.2 In certain situations, we are legally obliged to disclose your data. This may be in response to lawful requests by public authorities, for national security or law enforcement purposes, to protect the rights, property or safety of VPG Vienna Pass or others. This includes - but is not limited to - customer fraud and abuse of the system. We may also transfer customer data to third parties such as credit card institutions for the purpose of settling disputes.

5.3 We do not intend to transfer the data to international organisations and recipients in third countries. If a transfer to recipients in third countries should be necessary, this will take place on the basis of sufficient guarantees, e.g. standard data protection clauses or within the framework of an adequacy decision.

6 Public forums

We offer a publicly accessible blog and reviews on our website. Please note that any information you provide in these areas can be read, collected and used by others. If you would like us to remove this information, please email us at info(at)viennapass.com. However, it may not be possible to delete your personal data, in which case we will notify you and give reasons.

7 How your data is protected

We take various measures to protect your data accordingly. When you provide us with personal data, we encrypt the forms accordingly. However, no method of data transmission over the Internet is 100% secure, so while we use commercially reasonable efforts to ensure data security, we cannot guarantee absolute security.

8 opt-out options

We offer you the possibility to prohibit the use of your personal data for certain purposes. You cannot unsubscribe from transaction-related emails. You also have the option of deactivating push notifications under device settings. You can also switch off location-based services there.

9 Newsletter

9.1 Newsletter subscription: Our newsletter can only be received by the data subject if

a) the data subject has a functioning e-mail address and

b) the data subject registers to receive the newsletter.

For legal reasons, a confirmation e-mail is sent to the e-mail address entered by the data subject for the first time for the newsletter dispatch using the double opt-in procedure. This confirmation email is used to check whether the owner of the email address as the data subject has authorised the receipt of the newsletter.

9.2 Newsletter dispatch: When sending our newsletter, we process personal data of the following data categories:

E-mail address, data for the creation of usage statistics, data on the use of the website as well as the logging of clicks on individual elements of the newsletter and contact data such as name or e-mail address.

Purpose of processing: Electronic sending of direct advertising and optimisation of content, analysis of user behaviour.

9.3 Newsletter evaluation (tracking): Our newsletters contain so-called tracking pixels. This is a small graphic embedded in the newsletter that enables us to record and analyse log files. This data helps us to statistically analyse the success or failure of our online marketing campaigns. With the help of the tracking pixel, we can track whether and when a newsletter was opened and which links within the newsletter were clicked on. The personal data collected in this way is stored and evaluated by us in order to optimise the sending of our newsletters and to better adapt their content to the interests of the recipients.

9.4 Legal basis for processing: Your consent (Art. 6 para. 1 lit. a GDPR in conjunction with § 174 para. 4 TKG).

You have the option to withdraw your consent at any time within the framework of the statutory provisions with effect for the future. For the purpose of revoking consent, each newsletter contains a corresponding link to unsubscribe from the newsletter. It is also possible to unsubscribe from the newsletter at any time directly on the controller's website or to inform the controller of this in another way, e.g. by sending an email to info(at)viennapass.com.

9.5 Provision of data: You are not obliged to provide the data. If you do not provide the data, we will not be able to send you any information.

9.6 Processor: Data is transmitted to the processor CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede (Germany). We use CleverReach as our newsletter provider. The privacy policy and information about the company can be found here https://www.cleverreach.com/de-de/datenschutz/. We have concluded an order processing agreement with CleverReach (Art. 28 GDPR).

9.7 Storage period: We store the data provided to us when registering for the newsletter for a period of 3 years after the last contact.

9.8 B2B newsletter: Existing B2B customers are regularly sent newsletters in accordance with Section 174 (4) TKG 2021 due to our legitimate interest in informing them about our offers for the purpose of advertising to existing customers or informing existing customers.

10 Your rights as a data subject affected by data processing

10.1 We do not create profiles of data subjects or other persons and do not engage in profiling and there is no automated decision-making as part of our activities.

10.2 As a data subject, you have the right to information, rectification, erasure, restriction and data portability within the framework of the statutory provisions. However, we would like to point out that these rights may be restricted if the provision of information would jeopardise a business or trade secret of the controller or third parties (§ 4 para. 6 DSG).

10.3 If you have given us your consent to process your data, you have the right to withdraw this consent at any time with effect for the future. This does not affect the lawfulness of the processing of the data up to the point of revocation. After cancellation, the data will no longer be used for the purpose to which you consented (e.g. sending an e-mail newsletter).

10.4 If the processing of the data is based on a legitimate interest, you have the right to object to this. If you object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes. If we process data for other purposes on the basis of legitimate interest, we will no longer process the personal data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

10.5 To exercise your rights, please contact us by e-mail at info(at)viennapass.com, by telephone at 0043 (0)1 50 33 033 or by post at the following address: Opernring 3-5, Top 508-529, 1010 Vienna. It would be desirable if you could provide us with the necessary information to clearly identify yourself when making an enquiry.

10.6 If you believe that the processing of your personal data violates data protection law or your data protection claims have otherwise been violated in any way, you are free to lodge a complaint with the Austrian Data Protection Authority. The website of the data protection authority can be found at www.dsb.gv.at.

11 contact us

If you have any questions or concerns about your privacy or security on our website, please feel free to contact us at info(at)viennapass.com.