DE
LOGIN
HIGHLINE179

Privacy

Privacy policy & information on data processing (GDPR).
Terms Imprint

Contents

Controller Data processing & legal bases Your rights Security & retention
Controller

Controller within the meaning of Art. 4(7) GDPR is WLF-Projekt GmbH (FN 400521b), Ritterweg 12, A-6682 Vils, Austria.

info@highline179.tirol ATU68149489

Back to top
Data processing, legal bases

The controller processes personal data of users/customers depending on the respective interaction. Depending on the processing activity, the following legal bases under Art. 6(1) GDPR may apply in particular:

  • Art. 6(1)(a) GDPR (consent, revocable)
  • Art. 6(1)(b) GDPR (performance of a contract, pre-contractual steps)
  • Art. 6(1)(c) GDPR (compliance with a legal obligation)
  • Art. 6(1)(f) GDPR (legitimate interests, right to object)

Key processing activities including data categories, purposes, legal bases and retention periods are listed below.

Visiting the website
Processing Personal data Purpose Legal basis Retention period
Server log files IP address, date/time, browser, operating system Ensuring operation, IT security Art. 6 (1) lit. f DSGVO 7–14 days
Cookies (strictly necessary) Session ID Website functionality Art. 6 (1) lit. f DSGVO End of session
Cookies (analytics/marketing, e.g. Google Analytics) Usage behavior, pseudonymous IDs Audience measurement, optimization Art. 6 (1) lit. a DSGVO Until withdrawal / 24 months
Contact form Name, email, message Responding to inquiries Art. 6 (1) lit. b, f DSGVO Project-related, max. 3 years
Newsletter (only if subscribed) Name, email address Advertising, product information Art. 6 (1) lit. a DSGVO Until withdrawal
Using the online shop (ticket purchase)
Processing Personal data Purpose Legal basis Retention period
Order processing Name, address, date of birth, email, payment/bank details, order history Contract performance, delivery, invoicing Art. 6 (1) lit. b DSGVO Statutory retention periods (7 years under the Austrian Federal Fiscal Code)
Customer account (optional) Login data, order history Simplified ordering Art. 6 (1) lit. a, b DSGVO Until account deletion
Payment service providers Name, payment data, bank details Payment processing Art. 6 (1) lit. b DSGVO According to the provider
Visiting & using “highline 179”
Processing Personal data Purpose Legal basis Retention period
Ticket/entry purchase (online or at the cashier) Name, email, payment data Contract performance Art. 6 (1) lit. b DSGVO Statutory retention periods
Video surveillance (parking area) Image/video recordings Property protection, personal safety, detection of misconduct Art. 6 (1) lit. b, f DSGVO Max. 34 hours; if required, until clarification / for evidentiary purposes
Accident documentation Name, date of birth, accident circumstances Documentation, liability matters Art. 6 (1) lit. c, f DSGVO 30 years (limitation period for personal injury)
Back to top
Your rights

As a data subject, you have the following rights under the GDPR in particular:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Withdrawal of consent (Art. 7(3) GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Complaint / supervisory authority

Österreichische Datenschutzbehörde, Barichgasse 40–42, 1030 Wien, www.dsb.gv.at, dsb@dsb.gv.at.

Objection & withdrawal

If processing is based on legitimate interests (Art. 6(1)(f) GDPR), you may object at any time on grounds relating to your particular situation. Consents can be withdrawn at any time with effect for the future (e.g. by email or via opt-out options such as the newsletter link or cookie settings).

Back to top
Security & retention

Data security

We take the protection of your personal data very seriously and implement organizational and technical measures to protect data against unauthorized access.

Please note that despite these measures, it cannot be completely ruled out that data transmitted via the internet or by email may be viewed or used by third parties (e.g. due to unauthorized access, hacking, malware, etc.).

Retention of personal data

We store personal data only for as long as necessary to fulfill contractual and/or legal obligations (e.g. retention obligations under tax law; legal basis Art. 6(1)(c) GDPR).

If no contract is concluded after an initial contact, the data collected in the course of the contact will generally be deleted without delay; deletion may also be carried out based on a request for erasure.

Back to top
Last updated: 17.03.2026 • Version I/2026