Data Protection Policy

This Data Protection Policy is to inform you of what happens to the personal data (“data”) that we collect from you or that you provide to us during your online visit to our website (“site”).


The data controller responsible for your data under the protection provisions is
DocLX Travel Events GmbH
Palais Schönborn-Batthyány, Renngasse 4/Freyung
A-1010 Vienna
References to “we,” “our” or “us” in this Data Protection Policy relate to DocLX Travel Events GmbH (DocLX).


The Vienna City Card offers visitors to Vienna free travel on public transportation, Hop-On Hop-Off rides with the Big Bus Vienna add-on or on the means of transportation offered in the Airport Transfer add-on (CAT, ÖBB, Postbus), as well as discounts at museums and points of interest, in theaters and at concerts, when shopping or in cafés, restaurants, heuriger (taverns) and at other attractions. It is designed and issued by the Vienna Tourist Board. Further details are available at 
DocLX is the exclusive sales partner of the Vienna Tourist Board and operates the Vienna City Card. You can purchase the Vienna City Card from our web shop at or as an app in the Apple App Store or via Google Play.
We must process various pieces of information about our customers to ensure smooth handling. In this Data Protection Policy, we wish to inform you about this and about how to contact us with questions or comments. Please note that we generally assume you have read and consented to this Data Protection Policy when you provide us with information or use our services. You can find additional details regarding your rights and how to contact us with questions about data protection of any kind below.
Please note that you can also purchase the Vienna City Card from third-party providers, such as travel agencies, online platforms and hotels. The latter are responsible for processing your data in conformity with data protection rules. This Data Protection Policy does not apply to them.



(3.1)  Web shop

If you purchase the Vienna City Card in our web shop, we collect the personal data you enter. This consists of the following categories of data:
  • Company name
  • First name
  • Last name
  • Billing address (house number, apartment number, street, place of residence)
  • Country
  • E-mail address
  • Telephone number
  • Time (month) of your planned stay in Vienna
In general, this data is processed for the purposes of processing and handling your purchases and orders.

(3.2) App

If you use our app to purchase the Vienna City Card, we only collect the personal data you input there. This consists of the following categories of data:
  • Company name
  • First name
  • Last name
  • Billing address (house number, apartment number, street, place of residence)
  • Country
  • E-mail address
  • Telephone number
  • Date of birth
In general, this data is processed for the purposes of processing and handling your purchases and orders.

(3.3) Business customers

To the extent that our business customers purchase the Vienna City Card from us for resale to end customers, we collect the following data about them:

  • Company name
  • Tax number
  • First name and last name of contact person
  • Occupational status of the contact person
  • Company address
  • Company website
  • Company e-mail address
  • Company telephone number
  • Order history
Apart from the name of the contact person, this generally does not include any personal data.

(3.4) On our website

When you visit the website at, we do not collect any personal data except for the IP address of the device from which you surfed on our website. However, we use various analytical tools to ascertain the traffic on our website or simplify use of the website. However, it is not possible for us or third parties to draw conclusions regarding your identity from this information. This is explained in detail below::
(3.4.1) Cookies: Cookies are information that is stored directly on the computer you use. Cookies enable us to collect information, such as browser type, time spent on our website, pages visited, preferred languages and other data about web traffic. Together with our service providers, we use this information for security purposes, to facilitate online navigation, to display information more effectively, to make individualized adjustments to your experience with our website and to otherwise analyze visitor activity. We can recognize your computer to assist in your use of our website. We also collect statistical data about the use of our website to continuously improve its design and functionality, to understand how it is used and to assist us in answering questions. Cookies also enable us to determine which of our advertisements or offerings appeal to you the most and to insert them. If you wish to dispense with data collection by cookies when using your customer profile or our website, most browsers have a simple option for you to automatically reject cookies or choose whether to accept or reject the transfer of one or more cookies from a particular website to your computer. Further details are available at

(3.4.2) Analytical tools: We use third-party services for website and application analysis. The service providers use cookies and similar technologies to collect information regarding the use of websites or applications and to report trends without identifying individual visitors. The third parties that provide such services to us can also collect information about your use of third-party websites. You can download the add-on to the Google Analytics opt-out browser at to learn more about how Google collects this information and how you can object to it.

(3.4.3) Pixel tags and other similar technologies: Pixel tags (also called web beacons or clear GIFs) can be used in connection with some services, e.g., to trace the actions of users of the service (including e-mail recipients), to measure the success of our advertising campaigns and to compile statistics on the use of the services and the response rates.

(3.5) E-mail traffic

We also store any e-mail traffic generated with you in the course of the usual clerical activities. The e-mails are stored in our e-mail program, and e-mails are regularly archived or deleted – if they are not needed.



If we have not collected your data ourselves or you have not provided the data to us, it comes from a reliable source, and we have verified its authorization to collect and transmit the data.



We use the data that we collect in the web shop or in the app solely to process your order, process payments and issue invoices. In particular, we use your contact data to send you the Vienna City Card and our invoices by mail or in electronic form.

We also use the data of our business partners to process orders, process payments and issue invoices. If you have given us your consent, we also use this data to keep you informed with our newsletter.
Finally, we use your contact data to respond to your inquiries and fill your orders, to obtain feedback regarding our services and to provide you with administrative information, such as information about our Standard Terms of Business and guidelines or changes to them.


We process your data based on one or more of the following legal grounds. Not every one of them must apply to you personally.
  • Because it is required for your order, i.e., to fulfill the contract concluded between us or to prepare for settlement, i.e., to implement pre-contractual measures.
  • Based on your consent (please note that you can withdraw your consent at any time; more about this below).
  • Because it is necessary to meet legal obligations to which we are subject. This relates, in particular, to retention obligations under tax law.
  • Because it is necessary to process your data to protect our legitimate interests. “Legitimates interests” also include market communications and advertising.
  • Because it is necessary to realize our legitimate interests in connection with the management, operation and optimization of the website.
  • Because it is necessary to realize our legitimate interests in connection with quality control and business planning.
  • Because it is necessary to enforce our legal claims (collection, etc.).


In general, your data is not passed on to third parties. However, we may utilize processors to process the data we need to fill your order or handle our business operations or process orders in accordance with our specifications and instructions. This primarily relates to Reinisch Technologies GmbH, Hirschstettner Strasse 19/J, A-1220 Vienna, from which our app and our web shop originate and which supports and maintains them. In addition, it also includes Wiener Linien GmbH & CO KG, Erdbergstrasse 202, A-1031 Vienna, to which we must send the name and (possibly) the date of birth of every customer who also wishes to use the Vienna City Card as a digital ticket for public transportation. Finally, it also includes our accountants, tax advisors and attorneys, who work on our behalf.



In general, our services are provided from Austria and therefore your data is stored in Austria. The data is not transmitted outside the European Economic Area (EEA). However, if this were necessary, it would be done in accordance with standard contract clauses approved by the European Commission.



As already stated above, we attach great importance to proper, transparent and, above all, confidential handling of your data. Therefore, we wish to inform you of your rights below:

(9.1) Information or rectification

You can at any time request information on the data concerning you that we have processed and/or stored and ask for it to be corrected, if necessary. We will respond to all your requests in accordance with our legal obligations. We may need additional information from you to process such requests, such as a copy of your personal ID or details of the job advertised. We will comply with justified requests for information and/or rectification within the legal period of no more than one month.

(9.2) Right of erasure

You also have the right to have your data erased if
  • the data is no longer needed for the purposes for which it was collected or otherwise processed;
  • you have withdrawn your consent to data processing or lodged an objection against the processing (to the extent that there is no other legal basis for processing);
  • your data was unlawfully processed;
  • your data must be erased to meet a legal obligation;
  • or if data was obtained from a child (i.e., a person under the age of 16) in connection with information society service.
You can make requests for erasure using the contact data listed below. We will comply with justified requests for erasure within the legal period of no more than one month.

(9.3) Right to restrict processing

You have the right to request restriction of the processing of your data. You can make requests for restriction by using our contact data below. Justified requests will be complied with within the legal period.

(9.4) Objection to processing

You have the right to object at any time to our processing of your data based on public interest or to protect our legitimate interests. The same applies if personal data is processed for the purposes of direct advertising or profiling. The result of your objection will be that your data is no longer processed for these purposes and that it is erased. You can make an objection at any time using our contact data below.

(9.5) Right to transfer your data

You have the right to transfer your data. We will provide you with such data in a structured, commonly used, machine-readable format so you can transfer it to another client without impediment. If possible, and if you so desire, we will transfer your data directly to the client you designate.

(9.6) Right to withdraw consent

You can withdraw your consent to data processing at any time, with no negative consequences for you. You can exercise your right to withdraw consent by using the contact data below.

(9.7) Right to lodge a complaint

If you think you have found violations of the provisions of data protection law, we suggest that you contact us first so that we can investigate and provide a remedy, if necessary. However, you also have the right to lodge a complaint with the Austrian Data Protection Authority, Wickenburggasse 8, A-1080 Vienna, telephone: +43 1 52 152-0, e-mail:

(9.8) Exercising your rights

In your request, we ask that you clearly indicate what information you have provided to us or wish to have corrected and whether you wish the information you provided to be blocked in our database or what other restrictions you wish to impose on us with respect to the use of the information you provided. For your protection, we only process requests regarding information that is associated with the e-mail address you used to send the request. We may have to check your identity before complying with your request.
Please also note that we may have to retain certain information for document management purposes or for purposes prescribed by law and/or in order to complete transactions that were commenced before the requested change or erasure. There may also be residual information that remains in our databases and other records and cannot be removed.

(9.9) Security

We strive to ensure that adequate organizational, technical and administrative security measures are taken to protect the information within our organization. Unfortunately, the security of data transfers or storage systems cannot be fully guaranteed. If you have reason to assume that your interaction with us is not secure, please inform us of the problem immediately. The quicker you notify us, the better we can minimize the damage.


We retain the data that we receive from you as long as necessary to fulfill the purposes set forth in this Data Protection Policy, unless a longer retention period is legally permissible or required. In general, we adhere to the following erasure policy:
Your personal data is processed on the above legal grounds for 40 months after the end of the contractual relationship (i.e., 36 months for potential contractual damage claims plus up to four months for serving a complaint) and then it (at least the identifying information) is erased. Thereafter, any personal data related to invoicing will be processed until the end of the statutory retention period (generally seven years at present).


Our services are not intended for persons who are younger than 15 or 16 years old. Therefore, we request that such persons do not provide us with information.


This Data Protection Policy does not cover the data protection, information or other practices of third parties, and we are not responsible for them. This also includes third parties that operate websites or provide services to which these services are linked. The inclusion of any link on our website does not imply endorsement of the linked site or service by us or our affiliates and does not indicate affiliation with said third party. Please note that we are not responsible for the collection, use or disclosure policies and practices (including data protection practices) of other organizations, such as those of other app developers, app providers, social media platform providers, operating system suppliers, or WLAN providers. Likewise, we are not responsible for the information you disclose to other organizations about or in connection with our software applications or social media sites.


We are entitled to change this Data Protection Policy. We refer you to the “Last updated on” legend at the end of the page. All changes to this Data Protection Policy shall take effect as soon as we publish the revised Data Protection Policy for our services. If you provide us with information after these changes take effect, you accept the revised Data Protection Policy.


We welcome your questions, comments and inquiries with respect to this Data Protection Policy. You can contact us by using our contact form or with the assistance of the following contact data:
DocLX Travel Events GmbH
Palais Schönborn-Batthyány, Renngasse 4/Freyung
A-1010 Vienna
Telephone: +43 1 370 7000- 22 od. 23, e-mail:
Last updated on March 22, 2019