Privacy Policy
Data protection information & cookies
This data protection notice informs you about what happens to personal data ("data") that we collect from you or that you provide to us online when you visit our website ("site").
1. WEBSITE OPERATOR AND PERSON RESPONSIBLE FOR DATA PROCESSING
The data controller responsible for processing your data in connection with the Vienna City Card is
VIENNA SIGHTSEEING TOURS - Wiener Rundfahrten GmbH & Co. KG
Opernring 3-5, Top 508-529, 1010 Vienna
Austria
Phone: 0043 (0)1 712 46 83 - 0
Fax: 0043 (0)1 714 11 41
Web: www.viennasightseeing.at
E-mail: [email protected]
Further information about our company can be found in the imprint of our website.
No data protection officer has been appointed as this is not required by law.
2. THE VIENNA CITY CARD
The Vienna City Card offers visitors to Vienna free travel on public transport, trips on the Hop-On Hop-Off add-on from Big Bus Vienna and Vienna Sightseeing Tours or the transport offered in the airport transfer add-on (CAT, ÖBB, Postbus), plus discounts at museums and sights, theaters and concerts, shopping, cafés, restaurants, wine taverns and other attractions. The Vienna City Card is designed and issued by the Vienna Tourist Board. You can find more information here www.viennacitycard.at. With regard to the operation of the Vienna City Card, VIENNA SIGHTSEEING TOURS - Wiener Rundfahrten GmbH & Co KG is the concessionaire and exclusive sales partner of the Vienna Tourist Board. You can purchase the Vienna City Card via the webshop operated by VIENNA SIGHTSEEING TOURS - Wiener Rundfahrten GmbH & Co. KG on the website www.viennacitycard.at or as an app ("IVIE-APP") in the Apple App Store or via Google Play. In order to ensure smooth processing when selling the Vienna City Card, we need to process various customer data. We would like to inform you about this and how you can contact us
with questions or feedback in this data protection information. Please note that we generally assume that if you provide us with information or make use of our services, you have read this data protection notice and agree to it. Further details on your rights and how you can contact us if you have any questions about data protection can be found below. Please note that you can also purchase the Vienna City Card via third-party providers, such as travel agencies, online platforms or hotels. These are responsible for data protection-compliant processing. This data protection information does not apply to these providers.
3. WHAT INFORMATION DO WE COLLECT?
1. When selecting the payment method "credit card", personal data is automatically transmitted to Adyen. By selecting this payment option, you consent to the transfer of personal data to our payment service provider required for payment processing and for identity and credit checks.
2. The personal data transmitted to Adyen is usually the card type (Mastercard or VISA), name of the cardholder, card number, check digit and expiry date.
3. When paying by credit card, the "3-D Secure" procedure is used to confirm the identity of the purchaser via two-factor authentication.
4. You have the option to revoke your consent to the handling of personal data at any time with effect for the future.
5. Information on data protection at Adyen can be found here.
(3.1) Webshop
When you purchase the Vienna City Card in our webshop, we collect the data about you that you enter there. This involves the following categories of data:
First name
Last name
E-mail address
Country
Date of the planned stay in Vienna
This data is processed for the purpose of carrying out and processing your purchases and orders, i.e. to fulfill the contract (Art. 6 para. 1 lit. b GDPR).
During the ordering process in our webshop, you have the option of selecting a payment method. Payments are processed via the payment service provider Adyen (Adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, Netherlands). We have concluded an order processing agreement with Adyen in accordance with Article 28 GDPR.
We transmit your IP address to Adyen for the purpose of fraud prevention and detection. All data is transmitted in encrypted form. Adyen collects and stores the data and only passes it on to the companies involved in the payment process. We do not collect or store the payment data.
We offer the following payment methods:
Payment by credit card
1. when selecting the payment method "credit card", personal data is automatically transmitted to Adyen. By selecting this payment option, you consent to the transfer of personal data to our payment service provider required for payment processing and for identity and credit checks.
2. the personal data transmitted to Adyen is usually the card type (Mastercard or VISA), name of the cardholder, card number, check digit and validity period.
3. the "3-D Secure" procedure is used for credit card payments to confirm the identity of the purchaser via two-factor authentication.
4. you have the possibility to revoke your consent to the handling of personal data at any time with effect for the future.
5. information on data protection at Adyen can be found here .
(3.2) IVIE app
If you purchase the Vienna City Card in the IVIE app ("digital Vienna City Card"), you will be automatically redirected to our webshop (3.1). We also only collect the data about you specified in 3.1 for the purpose specified in 3.1.
(3.3) Business customers
If our business customers purchase the Vienna City Card from us for resale to end customers, we collect the following data about them:
Company name
First and last name of the contact person
Address of the company (street + house number, zip code, town)
Company e-mail address
Order history
AGB checkbox
As a rule, this does not include any personal data other than the name of the contact person. This data is processed for the purpose of carrying out and processing your purchases and orders, i.e. to fulfill the contract (Art. 6 para. 1 lit. b GDPR).
(3.4) On our website
When you visit the website www.viennacitycard.at, we do not collect any personal data other than the IP address of the device from which you are accessing our website. However, we use various analysis tools to determine the traffic on our website or to simplify its use. However, it is not possible for us or third parties to draw any conclusions about you personally. Details are provided below:
(3.4.1) Cookies: Cookies are pieces of information that are stored directly on the computer you are using. Cookies allow us to collect information such as browser type, time spent on our website, pages visited, preferred languages and other web traffic data. Together with our service providers, we use this information for security purposes, to facilitate online navigation, to display information more effectively, to customize your experience when using our website and to otherwise analyze user activity. We may recognize your computer to support your use of our website. We also collect statistical data about the use of our website in order to continually improve its design and functionality, to understand how it is used and to help us answer questions. Cookies also allow us to determine which of our advertisements or offers appeal to you the most and enable us to display them. The following cookies are set:
1. Necessary Cookies:
1. PHPSESSID
2. cconsent
2. Analytics
1. _gcl_au
2. _ga_9BN1MFVDXP
3. _gid
4. _ga
5. IDE
3. Marketing:
1. test_cookie
2. fr
3. _fbp
4. _fbc
In addition, if you wish to opt out of data collection via cookies when using your customer profile or our website, most browsers provide a simple option that allows you to automatically reject cookies or gives you the choice of rejecting or accepting the transfer of one or more cookies from a particular website to your computer. You can find out more at www.allaboutcookies.org/manage-cookies/index.html
(3.4.2) Matomo: We use the web analysis tool "Matomo" on premise for the needs-based design of our website. For this purpose, permanent cookies are stored on your end device and read by us. In this way, we are able to recognize and count returning visitors. We also use the Session Recording modul. The session recording service records individual user sessions. We can play back recorded sessions and thus analyze the use of our website. Data entered in forms is not recorded and is not visible at any time.
Data processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR or § 165 para. 3 TKG 2021, provided that you have given your consent via our banner. You can withdraw your consent at any time. Please make the appropriate settings via our banner.
Further information on Matomo's terms of use and data protection regulations can be found at: matomo.org/privacy/
(3.4.3) Analysis tools: We use website and application analytics services provided by third parties that use cookies and similar technologies to collect information about website or application usage and report trends without identifying individual visitors. These third parties who provide such services to us may also collect information about your use of third party websites. You can download the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout, to learn more about how Google collects this information and how you can opt-out.
(3.4.4) Pixel tags and other similar technologies: Pixel tags (also known as web beacons or clear GIFs) may be used in connection with some services to, among other things, track the actions of users of the services (including email recipients), measure the success of our advertising campaigns and compile statistics on the use of the services and response rates.
(3.5) Email traffic
We also store any e-mail correspondence with you as part of our normal office activities. The storage takes place in our e-mail program and e-mails are regularly archived or deleted if not required.
4. SOURCE OF THE DATA
In the event that we have not collected your data ourselves or you have not provided it to us yourself, it will in any case originate from a reliable source that we have verified as being authorized to collect and transmit the data.
5. HOW DO WE USE YOUR DATA?
We use the data that we collect in the webshop or in the IVIE app exclusively to process your order and to issue invoices or payment confirmations. We use your contact details in particular to send you the Vienna City Card and invoices or payment confirmations by post or electronically. We also use the data of our business partners to process orders, to process payments and to issue invoices.
If you have given us your consent, we will pass on the data you have provided to subscribe to a newsletter to the Vienna Tourist Board in order to keep you up to date with the Vienna Tourist Board newsletter. Finally, we may also use your contact details to respond to your inquiries and fulfill your orders, to obtain feedback or customer satisfaction surveys regarding our services and to provide you with administrative information, such as information about or changes to our terms and conditions and policies.
6. LEGAL BASIS
We process your data on one or more of the following legal bases. Not all of these may apply to you personally:
• Because it is necessary for the execution of your order, i.e. for the fulfillment of the contract concluded between us, or also for the preparation of the processing, i.e. for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR).
• Your consent (please note that you can withdraw your consent at any time, more on this below) (Art. 6 para. 1 lit. a GDPR).
• Because it is necessary for the fulfillment of legal obligations to which we are subject (Art. 6 para. 1 lit. c GDPR). This applies in particular to retention obligations under tax law.
• Because the processing of your data is necessary to safeguard our legitimate interests (Art. 6 para. 1 lit. e GDPR). A legitimate interest is also the implementation of market communication and advertising (Art 21 (2) GDPR).
• Because it is necessary for the realization of our legitimate interests in connection with the administration, operation and optimization of the website (Art. 6 para. 1 lit. e GDPR).
• Because it is necessary for the realization of our legitimate interest in connection with quality control and business planning (Art. 6 para. 1 lit. e GDPR).
• Because we need them to enforce our legal claims (debt collection, etc.) (Art. 6 para. 1 lit. b GDPR).
7. WITH WHOM DO WE SHARE THE INFORMATION?
Your data will not be passed on to third parties.
In order to process your order or to handle our business operations, we use the support of processors who carry out the data processing for us in accordance with our specifications and instructions or who are required for order processing. These are
LimeSoda Interactive Marketing GmbH, Syringgasse 5, 1170 Vienna, which manages and maintains our webshop.
interneX GmbH, Lagerstraße 15, 3950 Gmünd, who host our website and webshop.
AVS Abrechnungs- und Verwaltungs-Systeme GmbH; Josephsplatz 8, 95444 Bayreuth, which provides us with the Card AVS card platform as a technical service provider.
In addition, this also includes Wiener Linien GmbH & CO KG, Erdbergstraße 202, A-1031 Vienna, to whom we must send the name and possibly also the date of birth of those customers who also wish to use the Vienna City Card as a digital ticket for public transport.
Other processors within the scope of IT and communication services to whom we transfer data for processing (Palisis AG, software support, marketing service provider, maintainer of our network as well as the server and clients, e-mail service provider and telephone service provider)
Finally, the transfer of data also affects our auditors, tax consultants and lawyers who work on our behalf.
If you have given us your consent, we will pass on your data to the Vienna Tourist Board in order to keep you up to date with the Vienna Tourist Board's newsletter. The Vienna Tourist Board processes this data under its own responsibility under data protection law.
8. CROSS-BORDER TRANSFERS
Our services are generally provided from Austria and your data is therefore also stored in Austria. Data is not transferred outside the European Economic Area (EEA). Should this be necessary, however, it would take place on the basis of standard contractual clauses approved by the European Commission.
9. YOUR RIGHTS
We attach great importance to the proper, transparent and, above all, confidential handling of your data. We would therefore like to inform you below about your rights as a "data subject":
(9.1) Information or correction
You can request information at any time about which of your data we process and/or have stored and that this data is corrected if necessary. We will respond to all your requests in accordance with our legal obligations. In order to be able to process such requests, we may require additional information from you, such as a copy of your ID or details of the advertised position. We will comply with justified requests for information and/or correction within the statutory period of no more than one month.
(9.2) Right to erasure
You also have the right to have your data deleted if:
• the data are no longer necessary for the purposes for which they were collected or otherwise processed;
• you have withdrawn your consent to the data processing or have objected to the processing (unless there is another legal basis for the processing);
• your data has been processed unlawfully;
• the deletion of your data is necessary to fulfill a legal obligation;
• or if the data was collected from a child (i.e. a person under the age of 16) in connection with information society services.
• You can submit requests for erasure using the contact details below. We will comply with justified requests for erasure within the statutory period of no more than one month.
(9.3) Right to restriction
You have the right to request the restriction of the processing of your data. You can submit requests for restriction using our contact details below. We will comply with requests for authorization within the statutory period.
(9.4) Objection to the processing
You have the right to object at any time to the processing of your data that is carried out in the public interest or to protect important interests on our part. The same applies in the event that personal data is processed for the purposes of direct marketing or profiling. If you object, your data will no longer be processed for these purposes and will be deleted. You can object at any time using the contact details below.
(9.5) Right to transfer
You have the right to portability of your data that you have provided to us by giving it to you in a structured, commonly used, machine-readable format so that you can pass it on to another client without hindrance. If possible and if requested by you, we will also transfer your data directly to the client named by you.
(9.6) Right of withdrawal
You have the option of withdrawing your consent to data processing at any time with effect for the future, without this having any negative consequences for you. You can exercise your right of withdrawal using the contact details below.
(9.7) Possibility of complaint
If you believe that you have discovered violations of data protection regulations, we suggest that you contact us in the first instance so that we can check this and take remedial action if necessary. However, you also have the right to complain to the
Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Phone: +43 1 52 152-0
E-mail: dsb(at)dsb.gv.at
to lodge a complaint.
(9.8) Exercising your rights
We ask that you clearly state in your request what information you have provided or wish to correct, whether you want the information provided to us to be blocked in our database, or what other restrictions you wish to place on our use of the information you have provided. For your protection, we will only process requests for information associated with the e-mail address you use to submit the request. We may need to verify your identity before complying with your request. Please also note that we may need to retain certain information for document management or legal purposes and/or to complete transactions that began prior to the requested change or deletion. There may also be residual information that remains in our databases and other records that cannot be removed.
(9.9) Security
We strive to maintain appropriate organizational, technical and administrative security measures to protect information within our organization. Unfortunately, the security of any data transmission or storage system can never be 100% guaranteed. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately of the problem. The sooner you let us know, the less damage we can do.
10. RETENTION AND DELETION PERIOD
We retain data that we have received from you for as long as is necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is legally permissible or required. As a rule, we adhere to the following deletion concept: Your data will be processed on the basis of the above-mentioned legal bases for the duration of the upright contractual relationship and then deleted, provided that there are no statutory retention obligations, in particular under tax law.
11. MINORS
Our services are not intended for persons under the age of fifteen or sixteen and we request that these persons do not provide us with any information.
12. LEFT
This Privacy Notice does not apply to, and we are not responsible for, the privacy, information or other practices of third parties.
This includes third parties who operate sites or services to which the services are linked. The inclusion of a link on our website does not imply endorsement of the linked site or service by us or our affiliates, nor is it an indication of any affiliation with that third party.
Please note that we are not responsible for the collection, use or disclosure policies and practices (including privacy practices) of other organizations, such as other app developers, app providers, social media platform providers, operating system providers or Wi-Fi providers. Similarly, we are not responsible for any information you disclose to other organizations through or in connection with our software applications or social media pages.
13. UPDATES TO THESE NOTES
We reserve the right to change this privacy policy. Please refer to the "Last updated on" legend at the bottom of the page. Any changes to this Privacy Notice will become effective as soon as we post the revised Privacy Notice on the Services. Any information you provide to us after these changes are made will be subject to the revised Privacy Notice.
14. WAYS TO CONTACT US
We look forward to receiving your questions, comments or requests in relation to this privacy policy. You can contact us via our contact form or using the following contact details: by email to [email protected],
by telephone: 0043 (0)1 712 46 83 - 0 or also
by post to the address: Opernring 3-5, Top 508-529, 1010 Vienna
last updated on June 3, 2024
Opening hours Service Center:
Opernring 3-5 17/24, 1010 Vienna daily 9:00am - 6:00pm
Opening hours Tourist-Info:
Albertinaplatz, 1010 Vienna daily 9:00am - 6:00pm
Airport daily 9:00am - 6:00pm