Data protection

In the case of merely informative use of the website, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security.

The legal basis for the data processing is the legitimate interest according to Art. 6 para. 1 p. 1 let. f of the GDPR, as well as Art. 25 para. 2 No. 2 of the Telecommunications Telemedia Data Privacy Act.

Within the framework of the balancing of interests pursuant to Art. 6 para. 1 let. f of the GDPR, we have taken into account and weighed our interest in providing, and your interest in processing your personal data in accordance with data protection. Since the following data is sometimes technically necessary for the provision of our service, in order to be able to offer you our website and also to ensure stability and security, in particular to provide protection against misuse, we have come to the conclusion that this data can be processed – with a guarantee of data security following the state of the art standards – taking into account your interest in an appropriate way of the data processing in accordance with data protection.

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility of rejection by the user.

According to Art. 13 para. 1 let. c of the GDPR, the following applies to the legal bases – if not mentioned in this privacy policy:

• in case of consent, Art. 6 para. 1 let. a of the GDPR and Art. 7 of the GDPR apply
• for the fulfillment of a contract or for the execution of pre-contractual measures and the response to inquiries, Art. 6 para. 1 let. b of the GDPR applies
• in case of fulfillment of a legal obligation, Art. 6 para. 1 let. c of the GDPR applies
• for the protection of legitimate interests, Art. 6 para. 1 let. f of the GDPR applies.

The use of tracking options is generally carried out within the framework of Art. 6 para. 1 let. a (consent), or in exceptional cases according to Art. 6 para. 1 let. f (legitimate interest) of the GDPR.

Our concern in the sense of the GDPR (legitimate interest) is marketing, as well as the improvement of our offer and our web presence. If we base the processing on a legitimate interest, personal data is generally pseudonymised.

Unless otherwise stated in this privacy policy, the personal data processed by us will be deleted, or its processing restricted in accordance with Art. 17 and 18 of the GDPR. Personal data is deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed, and there are no statutory retention obligations that would require the contrary. Processing is restricted if the personal data cannot be deleted, but is absolutely necessary for other purposes, in particular for the fulfillment of obligations under commercial or tax law. In principle, it is also possible to deactivate cookies in general or to reject their use. For example, http://www.youronlinechoices.com/  can be used for this purpose. You can also disable cookies via your browser settings.

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. If a user calls up a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is revisited.

Cookies – Differentiation type of cookies

a) Technically necessary cookies

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

Technically necessary cookies are not mandatory to display the website. However, some functions of the website, such as the contact form, cannot be used properly without these cookies. Consequently, there is no possibility for the user to reject them; these cookies can be deactivated by setting the browser each time.

The processing of your personal data is based on Art. 6 para. 1 sentence 1 let. f of the GDPR, as well as Art. 25 para. 2 no. 2 of the Telecommunications Telemedia Data Privacy Act. Technically necessary cookies are required to provide you with the service and are accordingly limited to the most necessary. In this respect, your interests and our interests are concurrent if you wish to use our service. In this respect, cookies are retained for up to one year.

Incert

The INCERT voucher system requires the following technically necessary cookies for the duration of the session.

b) Cookies for range measurement

Range measurement cookies collect information about how our website is used. These cookies do not store information that allows identification of the user. The information collected is exclusively aggregated and thus evaluated anonymously.

The use of cookies for range measurement is based on your consent in accordance with Art. 6 para. 1 let. a of the GDPR and Art. 25 para. 1 of the Telecommunications Telemedia Data Privacy Act. The consent applies to both the website and its mobile applications. You can revoke your consent at any time with effect for the future by making the appropriate selection in the “Cookie settings” (at the bottom of every page).

aa) Google

aaa) Google Tag Manager

For reasons of transparency, we would like to point out that we use the Google Tag Manager of the provider Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

The Google Tag Manager itself does not collect any personal data. The Google Tag Manager makes it easy for us to integrate and manage our tags. Tags are small pieces of code used to measure traffic and visitor behavior, track the impact of online advertising and social channels, set up remarketing and audience targeting, and test and optimise websites, among other things. We use the Tag Manager for the Google Analytics service. If you have made a deactivation, this deactivation will be taken into account by the Google Tag Manager. For more information on the Google Tag Manager see: https://www.google.com/intl/de/tagmanager/use-policy.html.

bbb) Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; “Google”). The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Google Analytics uses the so-called "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, IP anonymisation is activated on our website, i.e. your IP address is truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

Insofar as data is processed outside the EU/EEA, we have concluded, based on the standard data protection clauses adopted by the EU Commission in accordance with Art. 46 of the GDPR with the service provider, in order to establish a secure level of data protection, to allow the transfer of personal data to a third country in individual cases.

The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google information. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website usage and internet usage to the website operator. The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. The deletion of data whose retention period has been reached, takes place automatically once a month.

The legal basis for accessing the information is your consent pursuant to Art. 25 para. 1 of the Telecommunications Telemedia Data Privacy Act. The legal basis for the described data processing is your consent, Art. 6 para. 1 p. 1 let. a of the GDPR. You can give this consent during your first visit to the website. If you have already consented, you can revoke your consent at any time by changing the selection under "Cookie settings". You can find the link to the cookie settings at the bottom of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the Browser-Add-on. Opt-out cookies prevent the future collection of your data when visiting this website.

The data sent by us and linked to cookies are automatically deleted after 14 months. The deletion of data whose retention period has been reached, takes place automatically once a month.

For more information on the terms of use and privacy, please visit https://www.google.com/analytics/terms/de.html or https://policies.google.com/?hl=de.

The voucher store of Incert is directly integrated on our website via an IFrame. Through this store you have the opportunity to place orders and thereby purchase vouchers.

The data processed includes inventory data, communication data, contract data and payment data. The persons concerned by the processing are our customers. The processing is carried out for the purpose of providing contractual services within the framework of the operation of an online store, billing, delivery, and customer services. Here we set session cookies for the correct display of the voucher store, the storage of the shopping cart contents and the processing of the order. Further information on this can be found in this privacy policy under the item "Cookies".

On our website you can get information about the offered products – even without making a direct purchase. When you decide to purchase one or more items, these items are first placed in a shopping cart. You can purchase all items without a customer profile.

After selecting your items, enter the required shipping and billing information. You then choose your preferred delivery service and payment method. Afterwards, you will receive a summary, on which all order details are once again clearly displayed. This summary can be confirmed afterwards.

Upon confirmation of the order details, you will be redirected to the desired payment method to make the payment. The order is then completed and you will receive a confirmation email about the completed order.

The processing of your personal data related to this process is based on Art. 6 para. 1 sentence 1 let. b of the GDPR. Your personal data will be deleted upon expiry of the statutory retention obligations, i.e. after six or ten years.

Incidentally, the legal basis for the data processing associated with this is Art. 6 para.1 p. 1 let. f of the GDPR, our legitimate interest in providing you with a smooth ordering process and the provision of our products, and to handle all your requests in the most efficient manner possible.

The payment processing for voucher purchases is carried out directly with the payment service providers PayPal and SOFORT GmbH for the payment methods “direct wire transfer” and "PayPal". The payment method "credit card" is processed via the payment service provider PAYONE GmbH.

PAYONE GmbH

For credit card payments we use the services of the payment service provider PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main, Germany. For this payment method, your data required in connection with the purchase for payment processing (such as inventory data (name, address, contact details) and contract data (such as order details), are transmitted to PAYONE. The transfer of your data takes place exclusively for the purpose of payment processing. The legal basis is Art. 6 para. 1 p. 1 let. b of the GDPR. PAYONE will not pass on your payment data to us. For further information on data protection, please refer to PAYONE's privacy policy. (https://www.payone.com/DE-de/dsgvo#andere-zahlverfahren-msit-karte). 

When paying by credit card, your data will be processed by PAYONE for the purpose of payment processing for the credit institution commissioned with the payment in each case. We do not get access to your full credit card information.

PayPal

If you select payment via PayPal when purchasing a voucher, your data will be transmitted to the payment service provider PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg. Your data will only be passed on for the purpose of payment processing and only to the extent necessary for this purpose. The legal basis is Art. 6 para. 1 p. 1 let. b of the GDPR. When paying with PayPal, the bank data you have deposited with PayPal, will be used by PayPal for payment. For further information on data protection, please refer to PayPal's privacy policy. (https://www.paypal.com/de/webapps/mpp/ua/privacy-full).

You will receive a newsletter with news and current information about our mountains when you subscribe to a newsletter with us.

For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after you have provided us with your e-mail address, we will send you a confirmation e-mail to the e-mail address you have provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm this within 24 hours, your registration will be automatically deleted.

If you confirm your wish to receive the newsletter, we will store your e-mail address until you unsubscribe. The storage serves the sole purpose of being able to send you the newsletter. Furthermore, we store your IP addresses and the times of registration and confirmation in order to prevent misuse of your personal data. The only mandatory data for sending the newsletter is the e-mail address. The provision of further, separately marked, information is voluntary and will only be used to personalise the newsletter. This data will also be completely deleted upon revocation. You can revoke your consent to the sending of the newsletter at any time. You can declare the revocation by clicking on the unsubscribe link provided in every newsletter e-mail. The data you provide will not be disclosed to third parties. The processing within the scope of our newsletter is based on your consent (Art. 6 para. 1 let. a of the GDPR, Art. 7 of the GDPR).

We base the double opt-in procedure on a legitimate interest according to Art. 6 (1) sentence 1 let. f of the GDPR, as we need to prove your consent (Art. 7 (1) of the GDPR).

a) Google Maps

This site uses the map service Google Maps. Google Maps is a mapping service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. By using the functions of Google Maps or by visiting the website with the plug-in used, data is generally collected, processed, and stored. By calling up the Google Maps component on our website, the operating company stores cookies on your computer or mobile device via your browser. In addition, Google may store and evaluate your IP address and our website (as the starting point of the Google Maps request). For more detailed information on the processing of data by Google, please refer to the relevant Google privacy policy. To avoid an unauthorised and uncontrolled flow of data from the moment you visit our website, we implement the integration of the plugin with a so-called 2-click solution, i.e. Google Maps may only set cookies or receive information about your visit to our website when you have actively clicked on the plugin to display the map. By visiting our website, without the confirmation from your side by the2-click solution, no data is transmitted to Google.

Insofar as data is processed outside the European Economic Area / the EU, where there is no level of data protection equivalent to the European standard, Google states that it uses standard contractual clauses. More information on the handling of user data can be found in Google's privacy policy: https://www.google.com/intl/en/policies/privacy/.

The legal basis for accessing the information is your consent pursuant to Art. 25 para. 1 of the Telecommunications Telemedia Data Privacy Act. The legal basis for the described data processing is your consent, Art. 6 para. 1 p. 1 let. a of the GDPR. This can be revoked at any time with effect for the future.

b) YouTube

We use services from YouTube, LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, a subsidiary of Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. For users who are habitually resident in the European Economic Area or Switzerland, Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland, is the data controller for their data.

Here we use a two-click solution to protect your personal data. If you call up a page in which a YouTube video is embedded, a connection to the YouTube servers is not established until you click on the "Confirm" button. In this case, YouTube will set cookies and use your visit data for its own purposes. If you are logged into YouTube at this time, the information about the videos you watch will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.

Insofar as data is processed outside the European Economic Area / the EU, where there is no level of data protection equivalent to the European standard, Google states that it uses standard contractual clauses. Further information on YouTube privacy is provided by Google at the following link: https://www.google.de/intl/de/policies/privacy/

The legal basis for accessing the information is your consent pursuant to Art. 25 para. 1 of the Telecommunications Telemedia Data Privacy Act. The legal basis for the described data processing is your consent, Art. 6 para. 1 p. 1 let. a of the GDPR. This can be revoked at any time with effect for the future.

c) Issuu

A Flash application (Flash plug-in) of the company Issuu Inc., 131 Lytton Ave, Palo Alto, CA 94301, USA (hereinafter: Issuu) is integrated on our website through a JavaScript code, which enables you to call up the online catalogue.

Issuu uses cookies that enable an analysis of your use of the website. In this way, Issuu collects and stores personal data, such as the IP address and information about the time and duration of use. The transfer takes place if you have JavaScript enabled in your browser. Issuu is used in the interest of an appealing presentation of our online offers.

Further information on Issuu's terms of use and data protection can be found at http://issuu.com/legal/privacy.

d) Panomax

We use the external provider Panomax of Panomax GmbH, Landesstraße 23a, 5302 Henndorf, to embed webcam images. The webcam module we use is based on a 2-click system. When calling up the website, only placeholders are loaded for webcams from Panomax, and no connection to Panomax is established. This connection does not start until you click on the area to view the webcam – this establishes a connection to Panomax's servers and sends data to Panomax.

You can find further information on the handling of user data in the Privacy Policy of Panomax: https://www.panomax.com/datenschutz.html.

The legal basis for accessing the information is your consent pursuant to Art. 25 para. 1 of the Telecommunications Telemedia Data Privacy Act. The legal basis for the described data processing is your consent, Art. 6 para. 1 p. 1 let. a of the GDPR. This can be revoked at any time with effect for the future.

e) Webmedia Solution

On our website, the image archive of the Photostop on the Zugspitze is embedded as an iFrame. For this purpose, we use the external provider WebMediaSolutions GmbH, Primoschgasse 3, 9020 Klagenfurt, Austria. The iFrame module we use is based on a 2-click system. When calling up the website, only a placeholder is loaded for the image archive, and no connection to WebMediaSolutions is established. This connection starts only when you click on the area to view the image archive – a connection to the servers of WebMediaSolutions is established.

The so-called social bookmarks (e.g. from Facebook, Twitter, and YouTube) are integrated on our website. Social bookmarks are Internet bookmarks that allow users of such a service to collect links and news messages. These are only integrated on our website as a link to the corresponding services. After clicking on the embedded graphic, you will be redirected to the page of the respective provider, i.e. only then will user information be transmitted to the respective provider. For information on the handling of your personal data when using these websites, please refer to the respective data protection regulations of the providers.

You have the possibility to contact us via our e-mail address or the contact form.

We will, of course, use the personal data provided to us in this way exclusively for the purpose for which you provide it when contacting us. Insofar as we request input via our contact form that is not required for contacting us, we have always marked this as optional. This information is used to specify your request and to improve the processing of your request. A communication of this information is expressly on a voluntary basis and with your consent, Art. 6 para. 1 sentence 1 let. a of the GDPR. Insofar as this involves information on communication channels (e.g. e-mail address, telephone number), you also give us consent to contacting you via this communication channel, if necessary, in order to respond to your request. Of course, you can revoke this consent at any time for the future. Please contact our data protection officer for this purpose.

The processing of your personal data may also be carried out for the purpose of handling contact requests and in doing so may be based on Art. 6 para. 1 sentence 1 let. b of the GDPR.Furthermore, the provision of the contact form is in our legitimate interest in simple and secure communication (Art. 6 para. 1 let. f of the GDPR). The data will be deleted after responding to the contact if they are no longer required or and legal storage obligations are not contrary to it.

You can apply to our company electronically. We will use your information to process your application and will not pass it on to third parties (Art. 26 para. 1 of the German Federal Data Protection Act in conjunction with para. 8 p. 2 of the German Federal Data Protection Act). Furthermore, your personal data may be processed insofar as this is necessary for the defense of asserted legal claims against us arising from the application process. The legal basis for this is Art. 6 para. 1 p. 1 let. f of the GDPR. The stated purposes also constitute the legitimate interest in the processing. Please note that unencrypted e-mails are not transmitted with access protection.

Currently we do not offer you the possibility to send us your e-mail application in encrypted form. Therefore, there is always the possibility that third parties can intercept your application documents without authorisation during transmission. Therefore, please only send us your application by e-mail if you are aware of the risk. We generally recommend that applications are not submitted by e-mail, but directly via the application form in the job portal at Jobs-careers.

Your personal data will be deleted after 6 months at the latest if the employment relationship does not materialise, unless you have expressly given us your consent to store your data for a longer period and there are no other legitimate interests on our part to the contrary. Other legitimate interest in this sense, for example, is the obligation of providing proof in a procedure under the General Equal Treatment Act (GETA).

Insofar as an employment relationship arises between you and us, we may, in accordance with Art. 26 para. 1 of the German Federal Data Protection Act (BDSG), further process the personal data already received from you for the purposes of the employment relationship if this is necessary for the performance or termination of the employment relationship, or for the exercise or fulfillment of the rights and obligations of the employee representative body resulting from a law or a collective bargaining agreement, a company or service agreement (collective agreement).

Your personal data will not be transferred to third parties for purposes other than those listed.

We will only share your personal information with third parties if:

• you have given your express consent to this,
• the disclosure is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
• in the event that there is a legal obligation for the disclosure, and
• this is legally permissible and necessary for the processing of contractual relationships with you.

Subject to legal or contractual permissions, we process or allow the processing of data in a third country only if the special requirements of Art. 44 et seq. of the GDPR are met. This means, for example, that processing takes place on the basis of special guarantees, such as the officially recognised determination of a level of data protection that corresponds to the EU, or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").

You also have the right to appeal to the competent data protection supervisory authority about the processing of your personal data by us.

Instruction on revocation in case of consent

You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the applicability of the General Data Protection Regulation, as before May 25, 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected by this.

Right in case of data processing for direct marketing purposes

Pursuant to Art. 21 para. 2 of the GDPR, you have the right to object at any time to the processing of personal data concerning you. In the event of your objection to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes. Please note that the objection is only effective for the future. Processing that took place before the objection is not affected.

Reference to right of objection when weighing interests

Insofar as we base the processing of your personal data on a balance of interests, you can object to the processing. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as described by us. In the event of your justified objection, we will review the situation and either discontinue or adjust the data processing or explain to you our compelling reasons why protection is justified.

Links to other websites

Our websites may contain links to websites of other providers. We would like to point out that this data protection declaration applies exclusively to the websites of our company. We have no influence on and do not control whether other providers comply with the applicable data protection regulations.

Changes to the privacy policy

We reserve the right to change this privacy policy at any time in compliance with the applicable data protection regulations.

As of: May 2025