Menu

Controller

Company: Tiroler Flughafenbetriebsgesellschaft m.b.H.
Street: Fürstenweg 180
Postal code / City / Country: 6020 Innsbruck / Austria
Commercial Register: FN 46367m, Regional Court of Innsbruck
Managing Director: Dipl.-Ing. Marco Pernetta
Telephone: +43 512 22525-0
Email: info@innsbruck-airport.com

1. General Information on Data Processing and Legal Bases

This Privacy Policy informs you about the type, scope and purpose of the processing of personal data within our online offering and the associated websites, functions and content (hereinafter collectively referred to as the “online offering” or “website”).
This Privacy Policy applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) used to access the online offering.

For the terminology used, such as “personal data” or “processing,” we refer to the definitions set out in Article 4 of the General Data Protection Regulation (GDPR).

The personal data of users processed within this online offering includes usage data (e.g. pages visited within our website) and content data (e.g. information entered into the contact form, job application form, competition form, PPR form, handling request, parking reservation, or press image request).

The term “user” covers all categories of individuals affected by data processing. This includes our business partners, customers, interested parties and other visitors to our online offering. The terms used, such as “user,” are to be understood as gender-neutral.

Tiroler Flughafenbetriebsgesellschaft m.b.H. processes users' personal data only in compliance with the applicable data protection regulations. This means that user data is processed only when legally permitted—particularly where the processing is necessary for the performance of our contractual services (e.g. processing orders) or online services, where users have given consent, or where processing is based on our legitimate interests (i.e. interest in the analysis, optimisation and efficient and secure operation of our online offering within the meaning of Art. 6(1)(f) GDPR, especially in relation to reach measurement, profiling for advertising and marketing purposes, and the collection of access data, as well as the use of third-party services).

We point out the following legal bases:

  • Consent: Art. 6(1)(a) and Art. 7 GDPR
  • Performance of contractual obligations: Art. 6(1)(b) GDPR
  • Compliance with legal obligations: Art. 6(1)(c) GDPR
  • Legitimate interests: Art. 6(1)(f) GDPR
2. Security Measures

We implement organisational, contractual and technical security measures in accordance with the state of the art to ensure compliance with data protection laws and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons.
Security measures include, in particular, the encrypted transmission of data between your browser and our server.

3. Disclosure of Data to Third Parties and Third-Party Providers

Data is only disclosed to third parties within the framework of legal requirements. We pass on user data to third parties only if this is necessary for contractual purposes in accordance with Art. 6(1)(b) GDPR or based on our legitimate interests in the economic and effective operation of our business pursuant to Art. 6(1)(f) GDPR.

If we use subcontractors to provide our services, we take appropriate legal, technical and organisational measures to ensure the protection of personal data in accordance with statutory requirements.

Where this Privacy Policy refers to content, tools or services provided by other providers (hereinafter “third-party providers”) whose registered office is located in a third country, it must be assumed that data is transferred to the countries where these providers are based.
A third country is a country in which the GDPR does not apply as directly binding law—generally countries outside the EU or the EEA. Data is transferred to third countries only when an adequate level of data protection, user consent, or other legal permission exists.

4. Provision of Contractual Services

We process inventory data (e.g. names, addresses, contact details of users) and contractual data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and providing services in accordance with Art. 6(1)(b) GDPR.

5. Contacting Us

When users contact us (via contact form or email), the information provided by the user is processed to handle and respond to the request in accordance with Art. 6(1)(b) GDPR.

6. Collection of Access Data and Log Files

Based on our legitimate interests pursuant to Art. 6(1)(f) GDPR, we collect data on every access to the server on which this service is hosted (server log files). Access data includes: name of the accessed webpage, file accessed, date and time of access, data volume transferred, notification of successful retrieval, browser type and version, user’s operating system, referrer URL (previously visited page), IP address, and requesting provider.

Log file information is stored for a maximum of one year for security reasons (e.g. investigation of misuse or fraud) and is then deleted. Data that must be retained for evidentiary purposes is excluded from deletion until the respective incident has been finally resolved.

7. Cookies & Reach Measurement

Cookies are pieces of information transmitted from our web server or third-party web servers to the users’ browsers and stored there for later retrieval. Cookies may be small files or other forms of information storage.

Users are informed about the use of cookies for pseudonymous reach measurement within this Privacy Policy.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser’s system settings. Stored cookies can be deleted in the browser settings.
Please note that disabling cookies may lead to functional limitations of the online offering.

Cookie overview

Essential cookies are required for basic functions of the website. This ensures that the website functions properly.

Name
omCookieConsent
Descr.

Saves the user-selected cookie settings.

Lifetime
365 days
Provider
Oliver Pfaff - Olli macht's

Marketing cookies include tracking and statistics cookies

Open cookie settings
8. Google Analytics

Innsbruck Airport does not use Google Analytics and instead utilises the privacy-friendly on-premise version of Matomo.

9. Social Media

Our website uses social media plugins from Meta Platforms (Facebook, Instagram) and LinkedIn to give you the option to share or recommend our content. These plugins are small buttons embedded in our website, identifiable by the Facebook, Instagram, or LinkedIn logos or by the terms “Like”, “Share”, or “Follow”.

When you access a page on our website that contains such a plugin, your browser establishes a direct connection to the servers of the respective providers. The content of the plugin is transmitted directly to your browser and integrated into the page. Through this integration, the providers receive the information that your browser has accessed the corresponding page of our website—even if you do not have a profile with the provider or are not logged in. This information (including your IP address) is transmitted from your browser directly to a server of Meta Platforms or LinkedIn in the USA and stored there.

If you are logged into Facebook, Instagram, or LinkedIn, these providers can directly associate your visit to our website with your profile. If you interact with the plugins—for example by clicking the “Like” button or posting a comment—this information is also transmitted directly to a server of Meta Platforms or LinkedIn and stored there. The information is additionally published on your profile and shown to your contacts.

Activating a plugin means that personal data is transmitted to the plugin provider and stored there (for US providers, this occurs in the USA). Please note that U.S. laws such as the Foreign Intelligence Surveillance Act (FISA) require U.S. companies offering internet services to provide information to U.S. authorities, regardless of server location. This may also enable surveillance of users outside the USA.

For further details on the purpose and scope of data collection and the further processing and use of data by Meta Platforms and LinkedIn, as well as your rights and privacy settings, please refer to the providers’ privacy notices:

Meta Platforms Inc., 1601 Willow Road, Menlo Park, CA 94025, USA
Privacy Policy: https://www.facebook.com/privacy/policy/?entry_point=about_fb

LinkedIn Corp., 1000 West Maude Avenue, Sunnyvale, CA 94085, USA
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Privacy Policy: https://www.linkedin.com/legal/privacy-policy

If you do not want the data collected through our website to be directly associated with your profile on these platforms, you must log out of Facebook, Instagram, or LinkedIn before visiting our website, or reject cookies from these providers via the Innsbruck Airport cookie banner.

You can also entirely prevent the loading of plugins by using browser add-ons such as the “NoScript” script blocker (http://noscript.net).

10. Integration of Third-Party Services and Content

Within our online offering, and based on our legitimate interests (i.e. interest in the analysis, optimisation and efficient operation of our online offering pursuant to Art. 6(1)(f) GDPR), we incorporate content or service offerings from third-party providers in order to embed their content and services—such as videos or fonts (hereinafter collectively referred to as “content”).
This always requires that the third-party providers of this content process the users’ IP addresses, since they cannot deliver the content to the users’ browsers without the IP address. The IP address is therefore necessary for the display of such content.

We endeavour to use only content whose respective providers use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. Pixel tags enable the analysis of visitor traffic on this website. The pseudonymised information may also be stored in cookies on the users’ devices and may include, among other things, technical information about the browser and operating system, referring websites, visit times, as well as additional information about the use of our online offering; such information may also be combined with similar data from other sources.

The following overview lists the third-party providers we use, along with the content they provide and links to their privacy policies, which contain further details on data processing and, where applicable, opt-out options:

YouTube (Google Inc.)

  • Within our online offering, we embed YouTube videos provided by the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, using extended data protection mode. Accessing these pages establishes a connection to YouTube and the DoubleClick network. Clicking on such videos may trigger additional data processing.
    Privacy Policy: https://www.google.com/policies/privacy/
    Opt-Out: https://www.google.com/settings/ads/

  • Flight and Travel Insurance Booking Tool (Ypsilon.net AG / Specials.de)The booking tool is integrated as an iFrame and is provided by our partner Ypsilon.net AG / Specials.de (RMK nurflug.de GmbH), Vilbeler Landstrasse 203, 60388 Frankfurt, Germany.Terms & Conditions, Legal Notice, Privacy Policy: see provider’s website.

  • Google Maps (Google Inc.)Maps services are provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.Privacy Policy: https://www.google.com/policies/privacy/
    Opt-Out: https://www.google.com/settings/ads/

  • Public Transport Information (Verkehrsverbund Tirol GesmbH) Provider: Verkehrsverbund Tirol GesmbH, Sterzingerstraße 3, 6020 Innsbruck. Terms & Conditions, Legal Notice, Privacy Policy: see provider’s website.

  • Weather Information (Geosphere Austria) Provider: Geosphere Austria – Federal Agency for Geology, Geophysics, Climatology, Meteorology and Geodynamics, Hohe Warte 38, 1190 Vienna. Legal Notice, Privacy Policy: see provider’s website.

11. Newsletter

The following information explains the content of our newsletter, the registration process, the sending procedure, the statistical analysis carried out, and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described below.

Newsletter content:
We send newsletters, emails and other electronic notifications containing promotional information (hereinafter “newsletter”) only with the consent of the recipients or based on a legal permission. If, during the registration process, the specific content of the newsletter is described, it is decisive for the user’s consent. Otherwise, our newsletters contain information about our products, offers, promotions and our company.

Double opt-in and logging:
Registration for our newsletter is carried out in a double opt-in procedure. After registering, you will receive an email asking you to confirm your subscription. This confirmation is necessary to ensure that no one can register using someone else’s email address.
Newsletter registrations are logged in order to prove compliance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to the data stored with our email service provider are also logged.

Email service provider:
The newsletters are sent using Brevo (Sendinblue GmbH), Köpenicker Str. 126, 10179 Berlin, Germany (hereinafter “email service provider”).
The provider’s privacy policy is available at: https://www.brevo.com/de/legal/privacypolicy/

According to the provider, data may also be used in pseudonymised form—i.e. without assigning it to a specific user—for the optimisation or improvement of their services (e.g. technical optimisation of sending processes, display of newsletters, or statistical evaluations such as determining recipient locations).
The email service provider does not use the data of our newsletter recipients to contact them directly or to share it with third parties.

Registration data:
To subscribe to the newsletter, it is sufficient to provide your email address.

Statistical analysis:
Our newsletters contain a “web beacon,” i.e. a pixel-sized file that is retrieved from the email service provider’s server when the newsletter is opened. During this retrieval, technical information such as browser details, operating system, IP address, and time of access is collected.
These data are used to improve technical performance and to analyse target groups based on their reading behaviour determined by access locations (which can be derived from the IP address) or access times.
Statistical evaluations include whether newsletters are opened, when they are opened, and which links are clicked. Although these evaluations may technically be attributed to individual recipients, neither we nor the email service provider aim to monitor individual users. Instead, analyses help us understand reading habits and tailor content or distribute different content based on user interests.

The use of the email service provider, the statistical analyses, and the logging of the registration process are carried out based on our legitimate interests pursuant to Art. 6(1)(f) GDPR. Our interest lies in using a user-friendly and secure newsletter system that supports our business interests and meets user expectations.

Cancellation / Withdrawal:
You may cancel your newsletter subscription at any time, i.e. withdraw your consent. This withdrawal terminates both your consent to receiving the newsletter via the email service provider and your consent to statistical analysis. A separate withdrawal of consent regarding sending or analysis is unfortunately not possible.
A link to unsubscribe can be found at the end of every newsletter. If users unsubscribe, their personal data will be deleted—provided they subscribed solely to the newsletter and have no other active data relationship with us.

12. Video Surveillance

The premises of TFG as well as the entire airport area are equipped with video surveillance systems. When entering areas covered by the surveillance system, you will be informed by clearly visible warning signs.
The Privacy Policy for Video Surveillance is available for download here as a PDF Datenschutzerklärung Videoüberwachung

13. Your Rights

In line with the principle of transparency, we welcome your questions, requests and suggestions. As a rule, we aim to respond to all inquiries within four weeks. In exceptional cases, and where legally permissible, it may take longer to provide you with a complete answer. Should this occur, we will of course inform you. To ensure that we provide your data to the correct individual, we may ask you to present an ID document or similar proof of identity.

The General Data Protection Regulation sets out your rights in Articles 15 to 21. We have summarised these rights for you below:

13.1 Right of Access

You have the right to obtain information at any time about the personal data we process.
If the data is no longer accurate or is incomplete, you have the right to request rectification or correction. Please notify us immediately so we can comply with your request.
If we have disclosed your data to a third party, we will inform them of the requested correction or deletion whenever we are legally obligated to do so.

13.2 Right to Erasure (Right to Be Forgotten)

You have the right to request the immediate deletion of your personal data if one of the following reasons applies:

  • The purpose for which the data was collected no longer exists.

  • The processing was based on your consent, and you have withdrawn that consent, provided no other legal basis applies.

  • You object to the processing, and there are no overriding legitimate grounds for the processing.

  • Your data has been processed unlawfully.

  • There is a legal obligation requiring us to delete your data.

13.3 Right to Restrict Processing

You have the right to request the restriction of processing if one of the following conditions applies:

  • You contest the accuracy of your personal data, and we need time to verify its accuracy.

  • The processing is unlawful, but instead of deletion, you request restricted use of the data.

  • We, as Tiroler Flughafenbetriebsgesellschaft m.b.H., no longer need your data for processing purposes, but you require it for the establishment, exercise or defence of legal claims.

  • You have objected to the processing, and it has not yet been determined whether your legitimate interests override ours.

13.4 Right to Object

If we process your data based on legitimate interests or in the public interest, you have the right to object to such processing at any time.
This also applies when we use your data for direct marketing purposes for departments of Tiroler Flughafenbetriebsgesellschaft m.b.H.
Please also refer to our information box on the right to object.

13.5 Right to Lodge a Complaint

If you are not satisfied with our response to your request, you have the right to lodge a complaint with our Data Protection Coordinator (datenschutz@innsbruck-airport.com) and with the competent supervisory authority.

In Austria, the supervisory authority is:

Austrian Data Protection Authority
Barichgasse 40–42
1030 Vienna
Telephone: +43 1 52 152-0
Email: dsb@dsb.gv.at

13.6 Right to Data Portability

You have the right to receive the personal data you have provided to us in a machine-readable and transferable format.

14. Deletion of Data

Data stored by us is deleted as soon as it is no longer required for its intended purpose and provided that no statutory retention obligations prevent deletion.
If user data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for any other purposes. This applies, for example, to user data that must be retained for commercial or tax law reasons.

15. Rights of Minors

We are committed to protecting the rights of minors. Website visitors who are 14 years of age or younger are asked to obtain parental or guardian consent before submitting any data to us via our website. Without such consent, providing data is not permitted.
If we nevertheless receive data from minors, we will cease processing such data as soon as we become aware of it.

16. Right to Object

Users may object to the future processing of their personal data at any time in accordance with statutory requirements. This includes objecting to processing for direct marketing purposes.

The objection may be submitted informally and should preferably be addressed to:
datenschutz@innsbruck-airport.com

Contact details of the Data Protection Officer:
Tiroler Flughafenbetriebsgesellschaft m.b.H.
c/o Data Protection
Fürstenweg 180
6020 Innsbruck
Telephone: +43 512 22525-0

17. Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy to reflect changes in legal requirements or modifications to our services or data processing procedures. This applies only to statements regarding data processing.
Where user consent is required or where changes affect contractual relationships with users, modifications will only be made with the users’ consent.

Users are encouraged to regularly review the contents of this Privacy Policy.

Last updated: 1 May 2023

The item cannot be displayed. To see the item, accept the marketing cookies.

Open cookie settings
Data Privacy

Cookies are used on our website. Some of them are mandatory, while others enable us to improve your user experience on our website.

Essential

Essential cookies are required for basic functions of the website. This ensures that the website functions properly.

Name
omCookieConsent
Descr.

Saves the user-selected cookie settings.

Lifetime
365 days
Provider
Oliver Pfaff - Olli macht's

Marketing cookies include tracking and statistics cookies

Privacy Policy