Privacy Policy
The Vienna City Marathon, the VCM Winter Running Series, the VCM Pop-Up Runs and other events of the VCM Group, as well as the implementation of the physical activity initiative The Daily Mile, are made possible through the cooperation of several organisations that must coordinate the processing of your data among themselves for this purpose:
Enterprise Sport Promotion GmbH: Acts as the organiser and is responsible for operational implementation. Tasks include, among others:
Sport- und Leichtathletikclub Wien (SLW): Is commissioned by Enterprise Sport Promotion GmbH as needed, under a service contract, to handle parts of the sporting organisation (e.g., officials, personnel for sporting delivery, training runs, etc.) and occasionally acts as an organiser.
Enterprise Sport Promotion GmbH
VAT No.: ATU 160 47 105
Akaziengasse 36
A-1230 Vienna
Tel.: +43 1 606 95 10
E-mail: office@vienna-marathon.com
Website: www.vienna-marathon.com
[Information obligation]
In addition, due to the nature of the event, additional data relating to all participants are generated and collected by us and by third parties commissioned by us for this purpose during a running event (e.g., timekeeping, rankings, etc.).
Use of the websites, such as www.vienna-marathon.com , operated by Enterprise Sport Promotion GmbH is generally possible without providing any personal data. If you wish to use special services of our company via our website, however, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal, contractual or, in accordance with Art. 6 para. 1 (b–f) GDPR, other basis for such processing (details see chapter “Legal basis”), we generally obtain your consent.
The processing of your personal data—for example, name, address, e-mail address or telephone number—is always carried out in accordance with the General Data Protection Regulation and in compliance with the data protection provisions applicable to Enterprise Sport Promotion GmbH.
As the controller responsible for processing, Enterprise Sport Promotion GmbH has implemented numerous technical and organisational measures to ensure the most complete protection possible of personal data processed via this website. Nevertheless, internet-based data transmissions can generally have security gaps, so absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us by alternative means, for example by telephone.
You have the right at any time to obtain information about your stored personal data, their origin and recipients, and the purpose of data processing, as well as the right to rectification, data portability, objection, restriction of processing, and the blocking or deletion of incorrect or unlawfully processed data.
If you believe that the processing of your personal data by us violates applicable data protection law or that your data protection rights have been infringed in any other way, you have the statutory right to lodge a complaint with the Austrian Data Protection Authority.
If the use of personal data is based on consent you have given, you also have the right to withdraw this consent at any time. However, the withdrawal of consent given by a participant during registration for a Vienna City Marathon prior to completion of the relevant Vienna City Marathon has the effect that this participant cannot take part in that Vienna City Marathon because the data are required for smooth delivery. Such withdrawal has the same legal consequences as cancellation of participation. There is no entitlement to a refund of the participation fee in this case.
Where separate consent is required for additional purposes, such as sending regular newsletters, we obtain this in particular during the registration process for the event (Art. 6 para. 1 (a) and Art. 9 para. 2 (a) GDPR).
It may also be necessary for us to process your data (e.g., medical data provided during registration) in order to protect vital interests of you or of other persons (Art. 6 para. 1 (d) and Art. 9 para. 2 (c) GDPR).
And finally, we must also process your data due to legal obligations binding on us (Art. 6 para. 1 (c) and Art. 9 para. 2 (g) GDPR) and, where applicable, also on the basis of our legitimate interests (Art. 6 para. 1 (f) GDPR), for example when we record your payments in our accounting and bookkeeping systems.
For statistical purposes, we may also anonymise your personal data so that a link to you can no longer be established and thus any risk of a violation of your right to data protection is eliminated.
Disclosure of the data necessary for the respective purpose is required in particular to the following third parties:
Anonymous information of this kind may be statistically evaluated by us to optimise our online presence and the technology behind it.
Cookies cannot be used to start programs or to transmit viruses to a computer. Based on the information contained in cookies, we can make navigation easier for you and enable the correct display of our web pages.
Under no circumstances will the data we collect be passed on to third parties or be linked to personal data without your consent.
Of course, you can also view our website without cookies as a rule. Internet browsers are regularly set to accept cookies. In general, you can deactivate the use of cookies at any time via your browser settings. Please use your internet browser’s help functions to learn how to change these settings. Please note that some features of our website may not function if you have disabled the use of cookies.
To enable correct personal addressing in the newsletter, your e-mail address, as well as first and last name and gender, are processed for sending the newsletter.
As an interested party, you may unsubscribe from the newsletter at any time and thus exercise your right to withdraw consent given and/or to object to data processing. For this purpose, all relevant messages contain a corresponding link. This does not apply to all messages to participants—especially during an ongoing event—whose dispatch is necessary to safeguard your own interests or the legitimate interests of the organiser.
Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. Using the embedded tracking pixel, we can recognise whether and when an e-mail was opened by a data subject and which links contained in the e-mail were called up by the data subject.
To optimise newsletter dispatch, the personal data collected via the tracking pixels included in the newsletters are stored and evaluated by us. These personal data are not passed on to third parties.
Enquiries on data protection are to be addressed exclusively to datenschutz@vienna-marathon.com .
The information generated by the cookie about your use of the internet offering is stored on a server in Austria.
The IP address is anonymised immediately after processing and before storage. You have the option of preventing the installation of cookies by changing your browser software settings. We point out that, if you do so, not all functions of this website may be fully available.
You can choose whether a unique web analytics cookie may be placed in your browser to enable the website operator to collect and analyse various statistical data.
If you do not wish this, click the following link to place the Matomo opt-out cookie in your browser.
Further information and Matomo’s applicable data protection provisions can be found at https://matomo.org/privacy/ .
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
For web analytics via Google Analytics, we use the “_gat._anonymizeIp” add-on. By means of this add-on, the IP address of the data subject’s internet connection is shortened and anonymised by Google when access to our websites originates from a Member State of the European Union or from another Contracting State to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse visitor flows on our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us that show the activities on our websites, and to provide further services related to the use of our website.
Google Analytics sets a cookie on the data subject’s IT system. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyse the use of our website. With each call-up to one of the individual pages of this website operated by the controller and into which a Google Analytics component has been integrated, the internet browser on the data subject’s IT system is automatically prompted by the respective Google Analytics component to submit data to Google for online analysis. As part of this technical procedure, Google obtains knowledge of personal data, such as the data subject’s IP address, which Google uses, among other things, to trace the origin of visitors and clicks and subsequently to enable commission settlements.
By means of the cookie, personal information—such as the access time, the location from which access originated and the frequency of visits to our website by the data subject—is stored. Each time our websites are visited, these personal data, including the IP address of the internet connection used by the data subject, are transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected via the technical procedure on to third parties.
The data subject may, as stated above, prevent the setting of cookies by our website at any time by means of a corresponding setting of the internet browser used and thus permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Google from setting a cookie on the data subject’s IT system. In addition, a cookie already set by Google Analytics may be deleted at any time via the internet browser or other software programs.
Furthermore, the data subject has the possibility to object to the collection of data generated by Google Analytics relating to the use of this website, as well as to the processing of these data by Google, and to prevent such processing. To do this, the data subject must download and install a browser add-on under the link http://tools.google.com/dlpage/gaoptout?hl=de
This browser add-on informs Google Analytics via JavaScript that no data and information on visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is considered an objection by Google. If the data subject’s IT system is deleted, formatted or reinstalled at a later date, the data subject must reinstall the browser add-on to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or any other person attributable to their sphere of control, it is possible to reinstall or reactivate the browser add-on.
Further information and Google’s applicable data protection provisions can be retrieved at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html . Google Analytics is explained in more detail under this link https://www.google.com/intl/de_de/analytics/ .
Clarity is a tool for analysing user behaviour on this website. Clarity records, in particular, mouse movements and creates a graphical representation of which parts of the website users scroll through most frequently (heatmaps). Clarity can also record sessions so that we can view website use in the form of videos. We also receive information about general user behaviour within our website.
Clarity uses technologies that enable recognition of the user for the purpose of analysing user behaviour (e.g., cookies or device fingerprinting). Your personal data are stored on Microsoft servers (Microsoft Azure Cloud Service) in the USA.
Where consent is obtained, the use of the above-mentioned service is based exclusively on Art. 6 para. 1 (a) GDPR and § 25 TTDSG. Consent can be withdrawn at any time. Where no consent is obtained, the use of this service is based on Art. 6 para. 1 (f) GDPR; the website operator has a legitimate interest in effective user analysis.
Further details on Clarity’s data protection can be found here: https://docs.microsoft.com/en-us/clarity/faq.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov
You can read which functions (social plugins) Facebook provides at https://developers.facebook.com/docs/plugins/ .
By visiting our website, information can be transmitted to Facebook. If you have a Facebook account, Facebook can assign this data to your personal account. If you do not wish this, please log out of Facebook.
Facebook’s privacy policy, which sets out what information Facebook collects and how they use it, can be found at https://www.facebook.com/policy.php .
If you wish to object to the use of Facebook Website Custom Audiences, you can do so at https://www.facebook.com/ads/website_custom_audiences .
This may also transfer personal data to Twitter. We do not monitor this data exchange and do not store any information about it.
If you want to learn more about how Twitter uses your data, you will find all the information in Twitter’s privacy policy at https://twitter.com/de/privacy .
If you have an account with Twitter, you can change your privacy settings in the account settings at https://twitter.com/settings/account .
With the functions for embedding Instagram content (embed function), we can display images and videos. When calling up pages that use such functions, data (IP address, browser data, date and time, cookies) are transmitted to Instagram, stored and evaluated.
If you have an Instagram account and are logged in, this data will be assigned to your personal account and the data stored in it.
The privacy policy, which information Instagram collects and how it is used, can be found at https://help.instagram.com/155833707900388 .
When a YouTube video is started, the provider uses cookies that collect information about user behaviour. Anyone who has deactivated the storage of cookies for the Google Ads program will not have to expect such cookies even when watching YouTube videos. YouTube also stores non-personal usage information in other cookies. If you wish to prevent this, you must block the storage of cookies in your browser.
Further information on data protection at “YouTube” can be found in the provider’s privacy policy at: https://www.google.de/intl/de/policies/privacy/
The applicable data protection provisions of Payone GmbH can be found here: https://www.payone.com/AT-de/datenschutz
Data that were only directly relevant to the delivery of the respective Vienna City Marathon and are not needed for any further purpose will be deleted no later than 6 months after completion of the respective event.
Any unsolicited applications from potential employees and other business correspondence will also be retained in the normal course of business under the same considerations.
Start lists and results lists of the Vienna City Marathon or other races are stored indefinitely for historical reasons.
Log files (system logs) collected as part of administrative monitoring and which may contain personal data (“profiling” within the meaning of the GDPR) are automatically deleted at the end of the year following logging, unless there is a reason for further storage (traceability/provability of misconduct by users or systems).
The same applies to processing operations required to carry out pre-contractual measures, for example in cases of enquiries about our products or services. If our company is subject to a legal obligation by which processing of personal data becomes necessary, such as for the fulfilment of tax obligations, processing is based on Art. 6 para. 1 (c) GDPR. In rare cases, processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person.
Ultimately, processing operations could be based on Art. 6 para. 1 (f) GDPR. This legal basis covers processing operations not encompassed by any of the aforementioned legal bases where processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, provided that the interests or fundamental rights and freedoms of the data subject do not override these. Such processing operations are particularly permitted to us because they were expressly mentioned by the European legislator. It considered that a legitimate interest could be assumed if the data subject is a customer (Recital 47 sentence 2 GDPR).
Where the processing of personal data is based on Art. 6 para. 1 (f) GDPR, our legitimate interest is the conduct of our business for the benefit of the well-being of all our employees and our owners.
Notwithstanding efforts to maintain an appropriately high standard of due care, it cannot be ruled out that information you disclose to us over the internet may be viewed and used by other persons. Please note, therefore, that we accept no liability whatsoever for the disclosure of information due to errors in data transmission not caused by us and/or unauthorised access by third parties (e.g., hacking of e-mail accounts or telephones, interception of faxes).
- The organiser and the party responsible for the operational implementation of most of the above-mentioned sporting events is Enterprise Sport Promotion GmbH, FN 49412 s, Akaziengasse 36, 1230 Vienna;
- Vienna City Marathon Marketing & Vertriebs GesmbH, FN 130533k, is responsible for the marketing of all the above-mentioned sporting events, as well as other events of the VCM Group, and for The Daily Mile.
- The Sport- und Leichtathletikclub Wien (SLW), ZVR number 735282923, is commissioned by Enterprise Sport Promotion GmbH under a service contract, as needed, to handle parts of the sporting organisation and occasionally organises events.
Enterprise Sport Promotion GmbH: Acts as the organiser and is responsible for operational implementation. Tasks include, among others:
- Organisation of sporting operations
- Participant management
- Logistics, infrastructure tasks
- Supplier management
- Public authority liaison
- Safety and security management
- Personnel management
- Communications management (public and media)
- Marketing & Sales (VCM Event Services)
- Vienna Sports World (marathon expo)
- VCM Hospitality
- VCM Web Services
- VCM Sampling
- VCM Online Shop
- Advertising, sponsoring, promotion
Sport- und Leichtathletikclub Wien (SLW): Is commissioned by Enterprise Sport Promotion GmbH as needed, under a service contract, to handle parts of the sporting organisation (e.g., officials, personnel for sporting delivery, training runs, etc.) and occasionally acts as an organiser.
Name and address of the controller
We have set up the following joint contact point for all requests from any data subject:Enterprise Sport Promotion GmbH
VAT No.: ATU 160 47 105
Akaziengasse 36
A-1230 Vienna
Tel.: +43 1 606 95 10
E-mail: office@vienna-marathon.com
Website: www.vienna-marathon.com
[Information obligation]
Information on data processing pursuant to Articles 13, 14
As a rule, we only collect and process data that you personally disclose to us, e.g., during registration for the event or through use of a contact form. The data provided during registration may also include particularly sensitive data such as medical information.In addition, due to the nature of the event, additional data relating to all participants are generated and collected by us and by third parties commissioned by us for this purpose during a running event (e.g., timekeeping, rankings, etc.).
Use of the websites, such as www.vienna-marathon.com , operated by Enterprise Sport Promotion GmbH is generally possible without providing any personal data. If you wish to use special services of our company via our website, however, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal, contractual or, in accordance with Art. 6 para. 1 (b–f) GDPR, other basis for such processing (details see chapter “Legal basis”), we generally obtain your consent.
The processing of your personal data—for example, name, address, e-mail address or telephone number—is always carried out in accordance with the General Data Protection Regulation and in compliance with the data protection provisions applicable to Enterprise Sport Promotion GmbH.
As the controller responsible for processing, Enterprise Sport Promotion GmbH has implemented numerous technical and organisational measures to ensure the most complete protection possible of personal data processed via this website. Nevertheless, internet-based data transmissions can generally have security gaps, so absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us by alternative means, for example by telephone.
Your rights as a data subject
Using the contact details provided at the end of this document, you may exercise the following rights at any time:You have the right at any time to obtain information about your stored personal data, their origin and recipients, and the purpose of data processing, as well as the right to rectification, data portability, objection, restriction of processing, and the blocking or deletion of incorrect or unlawfully processed data.
If you believe that the processing of your personal data by us violates applicable data protection law or that your data protection rights have been infringed in any other way, you have the statutory right to lodge a complaint with the Austrian Data Protection Authority.
If the use of personal data is based on consent you have given, you also have the right to withdraw this consent at any time. However, the withdrawal of consent given by a participant during registration for a Vienna City Marathon prior to completion of the relevant Vienna City Marathon has the effect that this participant cannot take part in that Vienna City Marathon because the data are required for smooth delivery. Such withdrawal has the same legal consequences as cancellation of participation. There is no entitlement to a refund of the participation fee in this case.
Purposes of data processing by the responsible entity and by third parties
Your personal data are collected, processed and used for the purposes necessary to fulfil our respective contractual obligations (Art. 6 para. 1 (b) GDPR). This includes, in particular, the delivery of running events with all necessary preparatory and follow-up work. To find out more about the scope of our mutual contractual obligations in the context of our running events, we recommend reading the respective terms and conditions of participation.Where separate consent is required for additional purposes, such as sending regular newsletters, we obtain this in particular during the registration process for the event (Art. 6 para. 1 (a) and Art. 9 para. 2 (a) GDPR).
It may also be necessary for us to process your data (e.g., medical data provided during registration) in order to protect vital interests of you or of other persons (Art. 6 para. 1 (d) and Art. 9 para. 2 (c) GDPR).
And finally, we must also process your data due to legal obligations binding on us (Art. 6 para. 1 (c) and Art. 9 para. 2 (g) GDPR) and, where applicable, also on the basis of our legitimate interests (Art. 6 para. 1 (f) GDPR), for example when we record your payments in our accounting and bookkeeping systems.
For statistical purposes, we may also anonymise your personal data so that a link to you can no longer be established and thus any risk of a violation of your right to data protection is eliminated.
Transfer of data to third parties
It may also be necessary to pass on your personal data to third parties. Data are forwarded exclusively on the basis of the GDPR, in particular to fulfil the mutual contractual obligations in connection with participation in the Vienna City Marathon, the VCM Tribute to Eliud, the VCM Winter Running Series, the VCM Pop-Up Runs and/or on the basis of your prior consent. In this regard, we also refer to our general terms and conditions of participation for the respective running event.Disclosure of the data necessary for the respective purpose is required in particular to the following third parties:
- to event-relevant media and the social media portals used by the organisations involved for reporting on the Vienna City Marathon or any other event
- to service providers for data management, accreditation of employees, suppliers, media, VIPs
- to service providers of payment transactions, accounting and bookkeeping,
when visiting our website to the service providers listed below.
Collection of general information when visiting our website
When you access our website, information of a general nature is automatically collected by means of a cookie. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider and similar. This is exclusively information that does not allow any conclusions to be drawn about your person.
This information is technically necessary to correctly deliver content you requested from websites and is necessarily generated when using the internet. In particular, it is processed for the following purposes:- Ensuring a problem-free connection set-up of the website,
- Ensuring smooth use of our website,
- Evaluation of system security and stability, and
- for further administrative purposes, especially to trace any misconduct by users or systems.
Anonymous information of this kind may be statistically evaluated by us to optimise our online presence and the technology behind it.
Cookies
Like many other websites, we also use “cookies.” Cookies are small text files that are transferred from a website server to your hard drive. This automatically provides us with certain data such as IP address, browser used, operating system and your connection to the internet.Cookies cannot be used to start programs or to transmit viruses to a computer. Based on the information contained in cookies, we can make navigation easier for you and enable the correct display of our web pages.
Under no circumstances will the data we collect be passed on to third parties or be linked to personal data without your consent.
Of course, you can also view our website without cookies as a rule. Internet browsers are regularly set to accept cookies. In general, you can deactivate the use of cookies at any time via your browser settings. Please use your internet browser’s help functions to learn how to change these settings. Please note that some features of our website may not function if you have disabled the use of cookies.
SSL encryption
To protect the security of your data during transmission from unauthorised access, we use encryption methods corresponding to the current state of the art (e.g., SSL) via HTTPS.Newsletter
We send different categories of newsletters to interested parties who have provided their e-mail address for this purpose, to participants and former participants (regular customers) of the Vienna City Marathon and other events of the SLW, such as the VCM Winter Running Series or VCM Training Runs.To enable correct personal addressing in the newsletter, your e-mail address, as well as first and last name and gender, are processed for sending the newsletter.
As an interested party, you may unsubscribe from the newsletter at any time and thus exercise your right to withdraw consent given and/or to object to data processing. For this purpose, all relevant messages contain a corresponding link. This does not apply to all messages to participants—especially during an ongoing event—whose dispatch is necessary to safeguard your own interests or the legitimate interests of the organiser.
Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. Using the embedded tracking pixel, we can recognise whether and when an e-mail was opened by a data subject and which links contained in the e-mail were called up by the data subject.
To optimise newsletter dispatch, the personal data collected via the tracking pixels included in the newsletters are stored and evaluated by us. These personal data are not passed on to third parties.
Contact form
If you contact us by e-mail or contact form with any kind of enquiry, you voluntarily give your consent for us to contact you. For this purpose, a valid e-mail address as well as first and last name and gender are required. This serves to allocate the enquiry and subsequently answer the same. Providing further data is optional. The details you provide will be stored for the purpose of processing the enquiry and for possible follow-up questions. After your enquiry has been dealt with, personal data are automatically deleted.Enquiries on data protection are to be addressed exclusively to datenschutz@vienna-marathon.com .
Use of Matomo
This website uses Matomo (formerly Piwik), an open-source software for the statistical evaluation of visitor access. Matomo uses cookies, i.e., text files that are stored on your computer and enable an analysis of your use of the website.The information generated by the cookie about your use of the internet offering is stored on a server in Austria.
The IP address is anonymised immediately after processing and before storage. You have the option of preventing the installation of cookies by changing your browser software settings. We point out that, if you do so, not all functions of this website may be fully available.
You can choose whether a unique web analytics cookie may be placed in your browser to enable the website operator to collect and analyse various statistical data.
If you do not wish this, click the following link to place the Matomo opt-out cookie in your browser.
Further information and Matomo’s applicable data protection provisions can be found at https://matomo.org/privacy/ .
Use of Google Analytics
We have integrated the Google Analytics component (with anonymisation function) on our websites. Google Analytics is a web analytics service. Web analytics is the collection, gathering and evaluation of data on the behaviour of visitors to websites. A web analytics service collects, among other things, data on the website from which a data subject came to a website (so-called referrer), which subpages of the website are accessed or how often and for what length of time a subpage was viewed. Web analytics is used primarily to optimise a website and for a cost-benefit analysis of internet advertising.The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
For web analytics via Google Analytics, we use the “_gat._anonymizeIp” add-on. By means of this add-on, the IP address of the data subject’s internet connection is shortened and anonymised by Google when access to our websites originates from a Member State of the European Union or from another Contracting State to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse visitor flows on our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us that show the activities on our websites, and to provide further services related to the use of our website.
Google Analytics sets a cookie on the data subject’s IT system. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyse the use of our website. With each call-up to one of the individual pages of this website operated by the controller and into which a Google Analytics component has been integrated, the internet browser on the data subject’s IT system is automatically prompted by the respective Google Analytics component to submit data to Google for online analysis. As part of this technical procedure, Google obtains knowledge of personal data, such as the data subject’s IP address, which Google uses, among other things, to trace the origin of visitors and clicks and subsequently to enable commission settlements.
By means of the cookie, personal information—such as the access time, the location from which access originated and the frequency of visits to our website by the data subject—is stored. Each time our websites are visited, these personal data, including the IP address of the internet connection used by the data subject, are transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected via the technical procedure on to third parties.
The data subject may, as stated above, prevent the setting of cookies by our website at any time by means of a corresponding setting of the internet browser used and thus permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Google from setting a cookie on the data subject’s IT system. In addition, a cookie already set by Google Analytics may be deleted at any time via the internet browser or other software programs.
Furthermore, the data subject has the possibility to object to the collection of data generated by Google Analytics relating to the use of this website, as well as to the processing of these data by Google, and to prevent such processing. To do this, the data subject must download and install a browser add-on under the link http://tools.google.com/dlpage/gaoptout?hl=de
This browser add-on informs Google Analytics via JavaScript that no data and information on visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is considered an objection by Google. If the data subject’s IT system is deleted, formatted or reinstalled at a later date, the data subject must reinstall the browser add-on to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or any other person attributable to their sphere of control, it is possible to reinstall or reactivate the browser add-on.
Further information and Google’s applicable data protection provisions can be retrieved at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html . Google Analytics is explained in more detail under this link https://www.google.com/intl/de_de/analytics/ .
Use of Clarity
This website uses Clarity. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, https://docs.microsoft.com/en-us/clarity/ (“Clarity”).Clarity is a tool for analysing user behaviour on this website. Clarity records, in particular, mouse movements and creates a graphical representation of which parts of the website users scroll through most frequently (heatmaps). Clarity can also record sessions so that we can view website use in the form of videos. We also receive information about general user behaviour within our website.
Clarity uses technologies that enable recognition of the user for the purpose of analysing user behaviour (e.g., cookies or device fingerprinting). Your personal data are stored on Microsoft servers (Microsoft Azure Cloud Service) in the USA.
Where consent is obtained, the use of the above-mentioned service is based exclusively on Art. 6 para. 1 (a) GDPR and § 25 TTDSG. Consent can be withdrawn at any time. Where no consent is obtained, the use of this service is based on Art. 6 para. 1 (f) GDPR; the website operator has a legitimate interest in effective user analysis.
Further details on Clarity’s data protection can be found here: https://docs.microsoft.com/en-us/clarity/faq.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov
Use of Chatling
This website uses Chatling. The provider is Chatling Inc., 100 Queensway West, Suite 200, Toronto, Ontario, Canada (“Chatling”). Further information about the provider can be found at https://chatling.ai/. Chatling is an AI-powered chat tool embedded on this website to assist visitors in real time. Visitors can ask questions, provide comments and, where applicable, upload files. Chatling stores the transmitted content (e.g., texts, screenshots, uploaded documents) as well as technical metadata (IP address, browser information, timestamps) to process the request and ensure the service’s functionality. Chatling uses technologies that enable recognition of the user for the purpose of providing the chat service (e.g., session cookies). Your personal data, such as name, e-mail address and the content exchanged in the conversation, are collected in the course of the chat process and stored on Chatling’s servers in the European Union (DigitalOcean data centre, Amsterdam, Netherlands). Where consent is obtained, the use of the above-mentioned service is based exclusively on Art. 6 para. 1 (a) GDPR and Section 96 of the Telecommunications Act (TKG), which requires the collection of explicit consent for the processing of communications data. Consent can be withdrawn at any time. Where no consent is obtained, the use of this service is based on Art. 6 para. 1 (f) GDPR; the website operator has a legitimate interest in efficient user feedback analysis and error resolution. Further details on Chatling’s privacy can be found here: https://chatling.ai/privacy-policy. The company Chatling Inc. is subject to the data protection laws of the European Union (in particular the GDPR) and ensures a high level of data protection and security when processing your data.Use of Facebook
We use functions of Facebook on this website, a social media network of the FIrma Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.You can read which functions (social plugins) Facebook provides at https://developers.facebook.com/docs/plugins/ .
By visiting our website, information can be transmitted to Facebook. If you have a Facebook account, Facebook can assign this data to your personal account. If you do not wish this, please log out of Facebook.
Facebook’s privacy policy, which sets out what information Facebook collects and how they use it, can be found at https://www.facebook.com/policy.php .
Use of Facebook Custom Audience Pixel
This website uses Custom Audiences by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. For this purpose, so-called Facebook pixels are integrated on our websites. These mark visitors to our website in anonymised form. Personal information is not collected from visitors to our website in this context. If you are logged in to Facebook at a later time, Facebook can recognise your previous visit to our pages and use the information obtained in this way for displaying Facebook Ads. The Facebook cookie is used for the product Website Custom Audiences. The website operator and Facebook are responsible for the collection and processing. Further information on the purpose and scope of data collection and the further processing and use of data by Facebook as well as your settings options to protect your privacy can be found in Facebook’s privacy policies, which can be found, among other places, at https://www.facebook.com/ads/website_custom_audiences and https://www.facebook.com/privacy/explanation .If you wish to object to the use of Facebook Website Custom Audiences, you can do so at https://www.facebook.com/ads/website_custom_audiences .
Use of Twitter
We use functions of Twitter on this website, a social network of Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.This may also transfer personal data to Twitter. We do not monitor this data exchange and do not store any information about it.
If you want to learn more about how Twitter uses your data, you will find all the information in Twitter’s privacy policy at https://twitter.com/de/privacy .
If you have an account with Twitter, you can change your privacy settings in the account settings at https://twitter.com/settings/account .
Use of Instagram
We use functions of the social media network Instagram on our website, provided by Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA.With the functions for embedding Instagram content (embed function), we can display images and videos. When calling up pages that use such functions, data (IP address, browser data, date and time, cookies) are transmitted to Instagram, stored and evaluated.
If you have an Instagram account and are logged in, this data will be assigned to your personal account and the data stored in it.
The privacy policy, which information Instagram collects and how it is used, can be found at https://help.instagram.com/155833707900388 .
Embedded YouTube videos
We embed YouTube videos on our websites. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page with the YouTube plugin, a connection to YouTube servers is established. YouTube is informed which pages you visit. If you are logged in to your YouTube account, YouTube can assign your surfing behaviour to you personally. You can prevent this by logging out of your YouTube account beforehand.When a YouTube video is started, the provider uses cookies that collect information about user behaviour. Anyone who has deactivated the storage of cookies for the Google Ads program will not have to expect such cookies even when watching YouTube videos. YouTube also stores non-personal usage information in other cookies. If you wish to prevent this, you must block the storage of cookies in your browser.
Further information on data protection at “YouTube” can be found in the provider’s privacy policy at: https://www.google.de/intl/de/policies/privacy/
Registration and payment processing – registration system
For registration and payment processing for our running events, we have engaged Haku App Corporation (“haku”). The applicable data protection provisions of “haku” can be found here: https://www.hakuapp.com/legal/Payment processing – online shop
To ensure secure payment processing in our online shop for our customers, we have engaged Payone GmbH for processing electronic payment transactions by credit card or instant transfer.The applicable data protection provisions of Payone GmbH can be found here: https://www.payone.com/AT-de/datenschutz
External links
Third-party pages are linked on our websites in order to provide you with comprehensive information. We have no influence on the design of these pages and are not responsible for the content offered there. The principles of this statement do not apply to these external pages.Retention of personal data
We will not retain personal data longer than is necessary to fulfil our contractual and/or legal obligations and to clarify any claims and/or liabilities. All data relevant to our accounting must therefore be retained for at least 7 years due to statutory obligations.Data that were only directly relevant to the delivery of the respective Vienna City Marathon and are not needed for any further purpose will be deleted no later than 6 months after completion of the respective event.
Any unsolicited applications from potential employees and other business correspondence will also be retained in the normal course of business under the same considerations.
Start lists and results lists of the Vienna City Marathon or other races are stored indefinitely for historical reasons.
Log files (system logs) collected as part of administrative monitoring and which may contain personal data (“profiling” within the meaning of the GDPR) are automatically deleted at the end of the year following logging, unless there is a reason for further storage (traceability/provability of misconduct by users or systems).
Legal basis
Art. 6 para. 1 (a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party—as is the case, for example, with processing operations necessary for registration for a running event or for the provision of some other service or consideration—processing is based on Art. 6 para. 1 (b) GDPR. The data subject is, for example, obliged to provide us with personal data if our company concludes a contract with them. Failure to provide personal data would result in the contract with the data subject not being able to be concluded.The same applies to processing operations required to carry out pre-contractual measures, for example in cases of enquiries about our products or services. If our company is subject to a legal obligation by which processing of personal data becomes necessary, such as for the fulfilment of tax obligations, processing is based on Art. 6 para. 1 (c) GDPR. In rare cases, processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person.
Ultimately, processing operations could be based on Art. 6 para. 1 (f) GDPR. This legal basis covers processing operations not encompassed by any of the aforementioned legal bases where processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, provided that the interests or fundamental rights and freedoms of the data subject do not override these. Such processing operations are particularly permitted to us because they were expressly mentioned by the European legislator. It considered that a legitimate interest could be assumed if the data subject is a customer (Recital 47 sentence 2 GDPR).
Where the processing of personal data is based on Art. 6 para. 1 (f) GDPR, our legitimate interest is the conduct of our business for the benefit of the well-being of all our employees and our owners.
Data security
The protection of your personal data is ensured by appropriate organisational and technical measures. These measures relate in particular to protection against unauthorised, unlawful or accidental access, processing, loss, use and manipulation.Notwithstanding efforts to maintain an appropriately high standard of due care, it cannot be ruled out that information you disclose to us over the internet may be viewed and used by other persons. Please note, therefore, that we accept no liability whatsoever for the disclosure of information due to errors in data transmission not caused by us and/or unauthorised access by third parties (e.g., hacking of e-mail accounts or telephones, interception of faxes).