Datenschutzerklärung
Principles
We are aware that the careful handling of your personal data is important to you. Therefore, we appreciate the confidence you have in CAT GmbH to treat these data with due diligence.
We are aware that the careful handling of your personal data is important to you. Therefore, we appreciate the confidence you have in CAT GmbH to treat these data with due diligence.
We therefore have a policy setting out how your personal data will be processed and protected.
Who is responsible for your personal data?
City Air Terminal Betriebsgesellschaf m.b.H. is responsible for the personal data you submit to us under the Austrian Data Protection Act which implements the EU Data Protection Directive.
What types of personal data do we collect?
We will collect personal data that you submit to us, for example, when you place orders, contact our customer service or participate in competitions. The personal data that you submit to us may for example include contact information, date of birth and payment information. In addition we may collect certain personal data from external sources such as credit information and address updates.
By accepting this Data Privacy Statement you agree that we may collect, process and use your personal data for the purposes stated herein.
- When you purchase a product of City Air Terminal Betriebsgesellschaft m.b.H. (for example, purchase of a ticket) for the fulfilment and processing of the order
- When you create an account on our website When claims are outstanding that have not been paid by a customer
- When the occasion may arise that contact with you is necessary
- When you would like to receive advertising (for example, newsletters, information on products and special offers, etc.) or other information from us or you would like to participate in our other activities and campaigns (for example, in promotional competitions, customer surveys, promotions or benefits, etc.)
- When you have submitted questions, requests, suggestions or criticism to Customer Service and we contact you for our internal quality assurance for continuous improvement of our service
- When you assert your rights as a passenger or in the case of an ex post fare claim
- For statistical research to improve our services or systems, whereby the results of these investigations will not give an indication of your identity under any circumstances
Your rights and revocation of consent to use the data
In accordance with the applicable data protection regulations, you have the right at any time to request (free of charge once a year) information about your data stored by us (request for information) as well as if necessary, where the legal requirements exist, to have your data corrected or deleted. For this purpose, send us an E-mail to info@cityairporttrain.com. We cannot remove your data when there is a legal storage requirement, such as book-keeping rules or when there are other legitimate grounds to keep the data, such as unsettled debts.
Disclosure to third parties
Data that is forwarded to third parties, is only used to provide you with the services mentioned above.
We reserve the right to disclose personal data in accordance with the legal provisions and, if we deem it necessary, for the protection of our rights or the compliance with a legal procedure.
Changes
If we should decide to change our data privacy principles, we will include these changes in the Data Privacy Statement, our homepage and any other areas, in which we deem this necessary. Thus you will always be informed about which data we collect, how we use it and under which circumstances we disclose it, if necessary. We reserve the right to change this Data Privacy Statement at any time. Therefore, we kindly ask you to regularly check this Data Privacy Statement. If we should make a comprehensive change to our data privacy policy, we will inform you about it with a note on our homepage.
Representatives
This website uses an order form for customers requesting information, products or services. We commission other companies and individuals to perform tasks on our behalf.
These representatives process or assign orders, bill you for goods and services and support us with our marketing activities. They are provided access to personal data required for the performance of their tasks, but are not allowed to store, save or otherwise use such data.
General data (non-personal data)
We commission other service providers to provide support services for the analysis of the general data regarding the visitors of our website. This data, which is useful for the optimisation of our web site's user friendliness, is collected by cookies or log files of these service providers. We do not allocate any personal data to the general data.
Cookies
We use cookies on this web site to guarantee the integrity of the registration procedure and to customise the web site to meet individual needs. A cookie is a small text file that is placed on your hard drive by a web page server. Cookies cannot be used to run programmes or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.
You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of this or other web sites you visit.
Links
This web site contains links to other web sites. CAT GmbH is not responsible for the data privacy policy or the content of such web sites. Therefore, we recommend you to read the privacy statement published on such web sites.
We will not disclose any special information you transmitted to us without your express consent. We may disclose general demographic data to third parties. We will, however, not publish any of your personal data (including your name, email address, residential address and phone number) without obtaining your express consent.
Newsletter
If you have agreed to receiving our newsletter, we will send information from City Air Terminal Betriebsgesellschaft m.b.H or our cooperation partners to your E-mail address.
Our newsletter, in particular, contains information:
- For administrative purposes,
- About the latest special offers,
- About continuing promotions, promotional competitions, discounts and benefits, and
- About City Air Terminal Betriebsgesellschaft m.b.H. and
- About other cooperation partners.
Your E-mail address will only be used by us and will not be forwarded to cooperation partners. You can revoke your consent at any time by clicking on the unsubscribe link at the end of an e-mail or by sending a written cancellation to info@cityairporttrain.com. In this case your E-mail address will no longer be used for sending the newsletter. As part of the newsletter, your data will be forwarded to our technical service provider IWAVES Media Technology. We commend our processor to process your information solely as part of our instructions to fulfill our obligations, as well as to comply with applicable laws and regulations, and not to disclose your information to third parties.
Payment Information and ticket purchase
You have the option to register on our website (CAT Bonus Club) and create a customer account. The personal data disclosed by you when registering (first name, surname, e-mail address and voluntary information) on our website will be used by us to process bookings and in connection with ticket purchases in accordance with Art. 6 para. 1 lit. b of the General Data Protection Regulation (DSGVO ) processed.
Ticket purchases on our website are also possible without prior registration. When booking a ticket unregistered, we collect your e-mail address so that we can send you the ticket you have purchased electronically. The processing of the aforementioned data is required to fulfill the contract in accordance with Art. 6 (1) (b) DSGVO and is required for the execution of the contract.
Your personal data will also be passed on to our service provider (processor), ÖBB-Personenverkehr AG, as part of the booking process. We contractually obligate our processor to process your data only as part of our instructions to fulfill our obligations and within the framework of applicable laws and regulations. The payment process is handled by payment providers (Wirecard Bank AG, paypal), who have the same obligations under the contract and who themselves are "controllers" of the processing of their personal data within the meaning of the GDPR.
Customer data can also be transmitted for tracking open claims to collection service providers. They are obliged to treat the transmitted data confidentially and to use it only in connection with the contractual relationship existing between the customer and CAT.
Due to the regulations of the German Commercial Code (UGB) and the Federal Tax Code (BAO), we are obliged to keep the booking data for 7 years. Subsequently, the data will be deleted unless there is a legal authorization or obligation to continue processing that data.
By payment information we mean the information we need for processing payment. We ourselves store payment information only to a limited extent, namely:
- If a cancellation cannot be carried out automatically by us, but we have to subsequently transfer the cancellation amount (in this case we store the name of the claimant, IBAN, BIC, name of the bank and the address (postcode, city, country, street and house number));
- For a specific booking only the card type (VISA, MasterCard, etc.) and the last 4 digits of the means of payment.
In all other cases, payment information (e.g., expiration date or Card Validation Code (CVC) is processed and used by an inspected and certified payment service provider (Terminal Service Provider and Payment Service Provider).
Terminal Service Providers and Payment Service Providers are only used to securely process the payment process if they have the PCI certifications required for payment transactions.
Once you have successfully completed a payment transaction, you can save your payment data as a preferred payment method for future convenient and quick purchase of tickets without re-entering your data. Your payment details are stored by our Payment Service Provider, which processes your payment data using the international standard PCI-DSS. The preferred payment method you have created can be deleted at any time by you.
Customer Care
If you send us inquiries by e-mail, your details will be processed for the execution of pre-contractual measures or in the context of fulfillment of the contract for the purpose of processing requests pursuant to Art. 6 (1) (b) GDPR and stored in case of follow-up questions. In this regard, we are supported by Flughafen Wien AG, with which a processing contract exists. We will not share this information without your consent unless it is necessary to fulfill your request (for example, for refunds to the bank). The data will be erased as soon as it is no longer necessary for the purposes for which it was collected, unless there is a legal authorization or obligation to continue processing that data.
Safety
The safety of your personal data is important for us. We have taken technical and organisational measures to protect your data from loss, manipulation, unauthorised access.
If you enter any sensitive data in our registration or order forms (for example your credit card and/or insurance number), we encrypt this data using Secure Sockets Layer (SSL) technology.
We comply with the generally recognised industry standards for the protection of personal data both during the transmission and the receipt of your personal data (such as firewalls, encryption, safety tests, system checks and ongoing monitoring).
However, no transmission method on the Internet and no electronic security method is 100% safe. Although we do strive to use all economically reasonable means to protect your personal data, we cannot guarantee complete safety.
If you have any questions regarding the safety on our web site, please send us an email to info@cityairporttrain.com
Google Analytics
We use Google Analytics in order to analyze how many people visit our website and how often. We do not use this software to collect individual personal information or individual IP addresses. The data will be used only in anonymous and summarized form for statistical purposes and for the further development of the website.
This site uses adform retargeting technology. This makes it possible to specifically target web users of our partners to those users who have already taken an interest in our website and our products. The insertion of the advertising material takes place during the retainer on the basis of a cookie-based analysis of the previous user behavior. This is a temporary cookie that expires after 60 days. If you do not want to receive interest - based advertising from Adform, you can opt out of data collection and storage at any time for the future here.
Period of storage
Data is stored by us only to the extent strictly necessary, and always deleted after the expiry of the statutory limitation periods or statutory retention periods.
Use of customer data for other purposes
If we wish to use data for a purpose that requires your consent in accordance with the law, we ask for your express consent beforehand. You can revoke this consent at any time, thereby preventing your data from being used for this purpose in the future.
Use of service providers by us
The term “service provider” within the meaning of the Data Protection Act refers to natural persons and legal entities who are entrusted by us with the provision of a specific service, for example, the maintenance of our databases.
We only use service providers for lawfully processed data. We always make sure ourselves in advance that the individual service provider is suitable for providing the service, and in particular that it offers sufficient guarantee for a lawful and secure use of the data.
Service providers receive personal data from us only to the extent absolutely necessary.
Data application
Temporary use of a scanning app
To determine and analyse the number of customers using CAT as company transport, we use a scanning app.
From its duty of care to the company, alone, the management feels itself compelled to introduce such control measures in order to be able to exercise financially viable management of capacity and utilisation and to be able to exclude abuse, which justifies the legitimate interest of investigation. The legal basis is Art. 6 para. 1 lit. f DSGVO (GDPR). Our legitimate interest lies in the purposes described above.
In the course of the scanning process, CAT only records the ID numbers, company affiliation and validity. This data is processed immediately after collection so that any personal reference is excluded.
Implementation is carried out jointly with Flughafen Wien AG, with which a general processing contract has been concluded for data exchange and processing. The data will not be passed on.
The data is kept for 7 years.
Contact form
Our website provides a contact form which may be used for contacting us electronically. If a user chooses this option, the data entered in the entry mask will be transmitted to us and stored. The relevant data includes:
Reason for request
Salutation
Title
Name
E-Mail address
Comment
When the message is sent, the following data will be stored in addition:
Date and time of contact
In connection with the sending process your consent to data processing will be obtained with reference to this data protection policy.
Alternatively, you may contact us via info@cityairporttrain.com. In that case the personal data of the user transmitted with the email message will be stored.
In this connection no data will be forwarded to third parties. Data will exclusively be used to process the conversation.
In case it is necessary to process the enquiry, the user gives consent that the enquiry as well as the data provided in the contact form may be transmitted to the departments within the parent companies of the CAT responsible for the individual case. The user is entitled to withdraw this consent at any time and to forward the enquiry to the responsible company himself.
Legal basis for data processing
The legal basis for data processing is Art. 6(1)(a) GDPR, provided that the user has given his/her consent thereto.
The legal basis for processing data that is transmitted in the course of transmission of an email is Art. 6(1)(f) GDPR. If the purpose of the email contact is conclusion of a contract, Art. 6(1)(b) GDPR is an additional legal basis for processing.
Purpose of data processing
Personal data from the entry mask is processed by us only to reply to your enquiry. If you contact us via email, this constitutes the required legitimate interest in data processing.
Other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our IT systems.
Storage period
The data will be erased as soon as it is no longer required for achieving the purpose of its collection. For personal data from the entry mask of the contact form and for data transmitted by email this is the case once the relevant conversationwith the user is terminated. The conversation is deemed terminated if the circumstances suggest that the relevant matter has been clarified exhaustively.
Possibility of objection and removal
The user may withdraw his/her consent to the processing of personal data at any time. If the user contacts us via email, he/she may object the storage of his/her personal data at any time. In such a case the conversation may not be continued.
In order to exercise your right to object, please send a message to info@cityairporttrain.com. Upon receipt of your objection by us all personal data stored during our contact will be erased in that case.
Controller of personal data and responsible for the operation of the website
City Air Terminal Betriebsgesellschaft m.b.H.
Postfach 1
1300 Wien-Flughafen
Austria
Contact us:
call: + 43 1 25 25 0
E-Mail: info@cityairporttrain.com
Published January 2020