Data Privacy

Schmittenhöhebahn AG

The protection of your personal data is a matter of particular importance to us. For that reason we process your data exclusively on the basis of legally binding regulations (DSGVO, TKG 2003). In messages such as this one regarding data protection information, we inform you about the most important aspects of data processing in the framework of our company.

When you make contact with us, either using the form on our website or by sending us an email, the data you provide is saved by us for six months for purposes of dealing with your inquiry or in case questions in connection with that inquiry arise. These data are not given to anyone else without your express permission.

Data storage of personal client details                                    

We permit ourselves to point out that for purposes of simplifying purchases and subsequent contractual matters of the website provider, the IP address of the connecting party is stored by means of cookies; also the name, address, date of birth and email address of the purchaser.

Beyond that, the following data are also stored by us for purposes of developing and settling the terms of the contract: invoice address, delivery address, photo as a point of reference for a ski pass. The data supplied by you are necessary in order to fulfil the contract and to carry out all pre-contractual measures. Without these data, we cannot conclude a contract with you. These data are provided to a third party solely and exclusively within the framework of fulfilling the contract with you, with the one exception of providing your credit card data to the bank or payment provider which is involved for purposes of debiting the purchase price; to the mail-order company commissioned by us to deliver the goods; and to our tax advisor for purposes of fulfilling our tax responsibilities. In the event of financial claims made on us or legal actions in court, the data will be provided to insurance companies, lawyers and the court.

In case the purchasing process is interrupted or cancelled, the data which we have stored will be deleted. When the contract is completed, any and all data from the contractual relationship will be stored until the mandatory legal requirements of saving such data are met.



Our website uses so-called cookies. These are small text files which with the help of a browser are deposited in your computer apparatus. They cause no harm, do no damage.

We use cookies in order to make our own presentation more attractive. Some cookies remain in your computer until you yourself delete them. They enable us to recognize your browser when you visit our website the next time.

If you do not desire this to take place, you can configure your browser so that you are informed about the deposition of cookies and, if you wish, can permit this only in each individual case.

When cookies are deactivated, the functionality of our website can be reduced thereby.


Web Analysis

Our website uses the functions of the Google Analytics web analysis service operated by the company Alphabet Inc. in the U.S.A. To achieve that purpose, cookies are utilised to make possible an analysis of the website use by its users. The information which is generated through this analysis is transferred to the server of the provider and stored there. The data are stored anonymously, i.e. in a fashion without attaching it to your name.

You can prevent this by configuring your browser in such a way that no cookies are stored.

Our business relationship with the web analysis provider is based on the current and applicable EU resolution on commensurability and acceptability. It is known as the “Privacy Shield”.

The data processing is then carried out on the basis of obligatory legal regulations in accordance with Article 96, section 3 of the TKG laws and Article 6, section 1, sub-section a (compliance) and/or sub-section f (justifiable interest) of the DSGVO.

It is in our interest within the framework and purposes of the DSGVO (justifiable interest) to improve our offerings and our website presentation. Since the private sphere of our website users is a matter of great importance to us, all user data are dealt with by means of pseudonyms.

Google utilises the data transferred to its keeping by the operator in order to evaluate the use of the website by its users, in order to compose analytical reports on website activities; and in order to make possible other related services in the utilisation of the website and Internet use in general.

The user data are stored for a period of 26 months.

The user can prevent the storage of the cookies in the framework of Google Analytics through the appropriate configuration of the browser software. In such a case, the user cannot take advantage of the full spread of functions on the website. The user can also prevent the reception and recording of the data generated by the cookie which relates to the use of the website, including IP address, by Google; as well as the processing of these data by Google, by downloading and installing the browser plug-in available via the following link:

For further details about conditions of use and the data protection measures regarding Google Analytics, please consult:


Droid Marketing Automation

Our website uses the functions of Droid Marketing Automation on the legal basis of your consent in accordance with Art. 6 (1) lit. a GDPR. The provider of this service is Droid Marketing GmbH (Ungargasse 64-66/1/110, A-1030 Vienna, e-mail These functions enable us to analyse your usage behaviour on our website by setting cookies on your device. In addition to your consent to the setting of the corresponding marketing cookies on our website, the prerequisite for the further processing of your data is that you have reached our website via a link from the tourist marketing organization of our region, Zell am See-Kaprun Tourismus GmbH (Brucker Bundesstr. 1a, A-5700). This link can be made from the website (, the Zell am See-Kaprun app or the newsletter of Zell am See-Kaprun Tourismus GmbH. Zell am See-Kaprun Tourismus GmbH uses this information to show you certain content on its website, in its app or in its newsletter, if you use this app or have subscribed to the newsletter or are logged in to your user account of the Zell am See-Kaprun Tourismus GmbH website.  We process this data together with Zell am See-Kaprun Tourismus GmbH as "Joint Controllers" and have also concluded an agreement with this partner within the meaning of Art. 26 GDPR, which obliges all partners to provide you with the corresponding information about this joint processing within the meaning of Articles 12 to 14 GDPR, to ensure appropriate protection of this data and to exercise your rights as a data subject within the meaning of the GDPR. Art. 15-21 GDPR. To exercise your rights as a data subject, you can contact us as well as our partner Zell am See-Kaprun Tourismus GmbH.



Via our website, you have the opportunity to subscribe to our “Newsletter”, which is published regularly up to 10 times each year and informs readers about activities and events, competitions, special offers, prizes, campaigns and promotions, as well as news and novelties. To receive this newsletter, we need your email address, title, first name, last name, the preferred language of the desired newsletter (German or English) and your declaration that you accept our sending the newsletter to you. As soon as you have registered for the newsletter, we send you a confirmation email with a link so that you can provide express confirmation of your registration (double-opt-in).

The subscription to the Newsletter can be cancelled at any time. To do this, use the link to unsubscribe at the end of each newsletter or use the form on the website home page at Of course you can also send us an email to unsubscribe at this address: Subsequently and without delay, we delete all your data connected to the subscription to the newsletter.

For purposes of sending you the English language newsletter, we transfer your data to the Zell am See TVB (Tourist Association) which then sends out the newsletter. Also this newsletter can be cancelled at any time, on the website or by using the link at the end of each newsletter.


Access control

We call your attention to the fact that for purposes of controlling access to our facilities, a reference photo of the skilift ticket owner is shot upon your initial entrance to the area by means of a camera installed at the turnstile. This reference photo is subsequently compared by our ski area personnel with the photos which are taken of that skipass owner at every future instance when a turnstile is passed. The reference photo is immediately deleted when the period of validity for that skilift ticket has expired; and all other photos are deleted 30 minutes after the passing of a turnstile. We call your attention to the fact that there is a possibility to purchase lift tickets which are configured in such a way that no photo is shot when you pass through a turnstile. However, random checks by ski area personnel can be expected.


Photo points

We provide a variety of photo points distributed through the ski area which can be used to shoot photos. By using one of these photo points, a photo is immediately taken and published online. You can delete at any time the photos which you have taken. Please consult us via our email address in order to do so. Some of the photo points are operated by Alturos Destinations GmbH (Skiline). These are not treated or dealt with in our Data Protection Declaration and are not within the area of responsibility of Schmittenhöhebahn AG. For that reason, the Schmittenhöhebahn AG cannot assume any liability for the data protection measures and regulations of the operator.



On our website you reach the external service Skiline to view your own personal “altitude profile”. Skiline receives information of the turnstiles you have passed through and couples it to your ticket number for purposes of composing your altitude profile. With this information it calculates the kilometers of ski runs you have skied and the altitude meters you have descended. We do not provide any personal data from you for this purpose. When you follow a link to the Skiline services on our website, you leave our website presentation and we can no longer assume any liability.



From time to time you have the opportunity to take part in competitions and/or games which are sponsored by Schmittenhöhebahn AG. In the context of these promotions, personal data such as email address, name, address are drawn and processed for the duration of the promotion. The personal data which is utilised for purposes of such a competition are used solely and exclusively for that particular campaign (i.e. in the case of a game in order to determine the winner, notify the winner and send the prize). Once the campaign is over and the promotion is terminated, the data of all participants is stored for maximum 24 months (for purposes of any possible claims for a prize or for damages) and subsequently deleted. Each user who participates in the competition declares himself/herself to thereby accept that his/her name, in the event of becoming the winner, is published on our website as well as our social media channels. No further use of data which has been provided by you in the course of the competition for receiving the Newsletter will be permitted without your express permission.


Video supervision

For purposes of safety and security, as well as to protect against theft and vandalism, some zones and buildings of the Schmittenhöhebahn AG are watched over by video cameras. These recorded videos are used only in the event that insurance companies, government authorities or courts of law require them. In all other cases, they are automatically deleted upon completion of the storage time limits. Due to the isolated locations of some of the video cameras, these videos are controlled regularly by personnel of Schmittenhöhebahn AG.



The WIFI which is made available by Schmittenhöhebahn AG can be used free of charge once the General Terms of Business have been accepted. The WIFI serves towards providing information about activities and events, attractions and pertinent local information in the ski area which, depending on the zone in which you are active, can vary from place to place. In order to improve the convenience of the WIFI users, we store a clear ID of the user, i.e. of the computer being used in order to facilitate recognition upon re-entry, and thereby spare the user the necessity of agreeing repeatedly to the General Terms of Business. Furthermore, users of the free WIFI can register to participate in surveys about customer satisfaction and possibly win prizes for their participation. The personal data necessary for this (title, first name, last name, email address) are dealt with as described in the above section on Competitions.

Activities and events

Photos and videos which are generated in the course of events or activities can be published on our website or in our social media channels (Facebook, Instagram, Google Plus, Youtube, Twitter and Flickr). If you do not agree to such photos being published, you can at any time revoke permission for them to be shown by contacting us at

Schmidolins kids club

Kids up to 12 years can be member of  the Schmidolin kids club. Therefore we need Name, adress and the age oft he kid as well as the parents agreement. We use this data for sending the Schmidolin kids letter, invitations to Schmidolin kids olympic games and Schmidolin skiing day and for sending birthday greetings card. Additionally the kid takes part in the Schmidolin competition. All data is beeing deleted when reaching the age of 12 years.

Social media plug-ins

Schmittenhöhebahn AG uses on its website so-called embedded social media plug-ins, i.e. interfaces to social networks. When you visit our website, the system establishes – based on the integration of the plug-ins – a connection to the respective social network and transfers the data (IP address, visit to the website, etc.).

The transfer of data is carried out without any assistance of the user and outside the area of responsibility of the operator. The user can prevent this data transfer by logging out of the respective social network prior to visiting the website. Only in a “logged in” state can the social network receive and allot specific data to the activity profile of the user through automatic data transfer.

The automatically transferred data are used only by the operators of the social networks and not by our operator. Other information on this subject, including the contents of data acquisition by social networks, can be obtained directly on the Internet site of the respective social network. Your preferred privacy configurations can be established, altered and adjusted there.

The social networks which are integrated into our website are as follows:

Facebook (“Like”)
Facebook Inc., 1601 S California Ave, Palo Alto, CA, 94304, USA
For further details, please consult:
Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA
For further details, please consult: +
Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA
For further details, please consult:
Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA
For further details, please consult:
Instagram, LLC Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA
For further details, please consult:
Yahoo! Inc., 701 First Avenue, Sunnyvale, CA 94089, USA
For further details, please consult:
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
For further details, please consult:

Job applications

Contact data which is provided in the course of a job application, as well as other application-oriented materials, are used only internally for purposes of selecting suitable candidates for a job, i.e. a contract of service. In case a job application is rejected, the application materials are stored for maximum 7 months. If you wish us to retain these materials in our files for longer, you must say so in your application, thereby agreeing to an extended period of data storage.


Principles of processing personal data

The processing of personal data is based on strict and well defined principles which view the protection and security of the data, together with the rights of the person involved, as a matter of preeminent importance.


Lawfulness & transparency

The processing of data is carried out in a legitimate, justifiable way, adhering to articles of good faith. The person involved is accurately informed when data is acquired about the intended processing of that data and the ways in which it is to be handled. Thus, the involved person is at very least informed about the following points.

  • Who is responsible for processing the data
  • Purpose of processing the data
  • Legal basis of the data processing

Thus, at all our ticket windows you will find concise informational materials about the processing of the personal data we have been provided by you.


    Earmarking of usage for a specific purpose

The data are requested and processed in adherence to a clearly formulated pre-determined and legitimate purpose. The processing of the data is not carried out in any way or in any form which is not compatible with these purposes.

    Minimizing data

Only those data are requested and processed which are absolutely necessary to the purpose which is given. If it is possible to accomplish that purpose which is appropriate to the costs and efforts involved, only anonymous data are processed.

    Storage limits and deletion

Personal data are deleted as soon as the purpose for which they were originally provided has been accomplished and the legal time limits of data storage provide no obstacle to their deletion. If, in an individual case, interests worthy of protection ensue from these data, the data can be stored for a longer period until the interests worthy of protection are legally settled.

    Data security

Data secrecy laws are valid and applicable to personal data. The data are to be treated confidentially when they are being processed and are protected in appropriate ways and through applicable technical support measures against unauthorised access, transmission or dissemination, as well as against loss or destruction.


Personal data are to be kept in correct, complete and currently updated form. Appropriate measures are to be taken to correct any and all incorrect, obsolete or incomplete data.

    Obligation of data secrecy

All employees of Schmittenhöhebahn AG are contractually obligated to maintain data secrecy. They are schooled and instructed regularly in the secure handling of personal data and other critical forms of information.

Data security

The security of the confidentiality, availability and integrity of data is a significant and essential task of Schmittenhöhebahn AG. That applies equally to company secrets, customer data, personal data which is drawn from website users and to other forms of critical information. Technical and organisational security measures in accordance with state-of-the-art technology and internationally recognized best-practices and security standards have been established, have been installed and are continually being improved upon.

Data transfer

The transfer of personal data takes place only in accordance with valid and applicable laws and on a legitimate, justifiable basis, as well as giving due consideration to the highest possible degree of confidentiality and data security. In the context of coordinated processing of personally recorded data between our cash window system and our website access system, a certain exchange of data between all operating companies in the ski regions where a ski ticket is valid takes place, as well as among the listed business associates in our website and our informational folders. This exchange of data serves the purpose of coordinated access control and dealing with the exigencies of a border-crossing ski area. Schmittenhöhebahn AG avails itself of a number of contractual service providers. All these providers are contractually obligated through a provider-commission agreement to maintain the legally valid and applicable data protection regulations.

Your rights

You have fundamental rights as regards the information, correction, deletion, limitation, transferability and revocation of your data. If you believe the processing of your data violates data protection laws or your own claims to data protection rights in some way, you can lodge a complaint at the authoritative governmental body. In Austria, this is the Data Protection Agency (Datenschutzbehörde, Hohenstaufengasse 3, 1010 Wien,

To assert your claims to data protection rights, we require clear identification of the person involved.

You reach us under:
Schmittenhöhebahn AG
+43 (0) 6542 789 0