Privacy policy for guest surveys:


Person responsible
This guest survey is carried out by:

Michael Partel
Mountain-Management Consulting Est.
Industriering 591
FL-9491 Ruggell
Principality of Liechtenstein

You can contact our data protection officer Michael Partel by email at: mpartel@aon.at

This guest survey by Mountain-Management Consulting records your information for the analysis of trends, requirements and focal points of market development in relation to winter sports areas. The guest survey serves solely the purpose of general market research. Our interest is to optimize the range of services offered by winter sports areas. As part of this guest survey, Mountain-Management Consulting stores your information on satisfaction with various performance aspects of the winter sports area, potential for improvement, assessments and demographic information such as age, gender, country of origin, etc. Providing your name and email address is voluntary, as is answering the other questions. The information is not analyzed on an individual level, but only considered in aggregate form - across many participants. Our client only receives aggregated representations of the market research data collected.

With the following data protection declaration, we would like to inform you in detail about which types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our website. The terms used are not gender-specific. (As of November 3, 2023)

Table of contents



Person responsible

Mountain Management Consulting Est.
Industriering 591
FL-9491 Ruggell
E-mail address: mpartel@aon.at
Tel: +423-231-1331


Overview of processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the persons concerned.

Types of data processed Categories of persons concerned Purposes of processing

Relevant legal bases


Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are relevant in individual cases, we will inform you of these in the data protection declaration.

National data protection regulations in Austria: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Austria. This includes in particular the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act - DSG). The Data Protection Act contains in particular special regulations on the right to information, the right to rectification or deletion, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases.

Relevant legal bases under the Swiss Data Protection Act: If you are located in Switzerland, we process your data on the basis of the Federal Act on Data Protection (short "Swiss DSG"). This also applies if our processing of your data otherwise affects you in Switzerland and you are affected by the processing. The Swiss DSG does not generally provide (unlike the GDPR, for example) that a legal basis for the processing of personal data must be stated. We only process personal data if the processing is lawful, carried out in good faith and is proportionate (Art. 6 para. 1 and 2 of the Swiss DSG). Furthermore, we only collect personal data for a specific purpose that is recognizable to the person concerned and only process it in a way that is compatible with these purposes (Art. 6 Para. 3 of the Swiss DSG).

Note on the validity of the GDPR and the Swiss DSG: This data protection notice serves to provide information in accordance with the Swiss Federal Data Protection Act (Swiss DSG) as well as the General Data Protection Regulation (GDPR). For this reason, we ask you to note that the terms of the GDPR are used due to the broader spatial application and comprehensibility. In particular, instead of the terms "processing" of "personal data", "overriding interest" and "personal data requiring particular protection" used in the Swiss DSG, the terms "processing" of "personal data" as well as "legitimate interest" and "special categories of data" used in the GDPR are used. However, the legal meaning of the terms will continue to be determined according to the Swiss DSG within the scope of the validity of the Swiss DSG.


Security measures


We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transmission, securing the availability and separation of the data. Furthermore, we have set up procedures that ensure the exercise of the rights of those affected, the deletion of data and reactions to threats to the data. We also take the protection of personal data into account when developing or selecting hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

TLS/SSL encryption (https): We use TLS/SSL encryption to protect user data transmitted via our online services. Secure Sockets Layer (SSL) is the standard technology for securing Internet connections by encrypting data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured by an SSL/TLS certificate.


Transmission of personal data


As part of our processing of personal data, it may happen that the data is transmitted to or disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.


International data transfers


Data processing in third countries: If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of the use of third-party services or the disclosure or transmission of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements. If the level of data protection in the third country has been recognized by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers only take place if the level of data protection is otherwise ensured, in particular through standard contractual clauses (Art. 46 Para. 2 lit. c) GDPR), express consent or in the case of contractual or legally required transmission (Art. 49 Para. 1 GDPR). In addition, we will inform you of the basis for third-country transfers for the individual providers from the third country, with the adequacy decisions taking priority as the basis. Information on third country transfers and existing adequacy decisions can be found in the information provided by the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de.

EU-US Trans-Atlantic Data Privacy Framework: As part of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the level of data protection as secure for certain companies from the USA as part of the adequacy decision of July 10, 2023. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English). As part of the data protection information, we inform you which service providers we use are certified under the Data Privacy Framework.

Disclosure of personal data abroad: In accordance with the Swiss Data Protection Act (DSG), we only disclose personal data abroad if adequate protection of the data subjects is guaranteed (Art. 16 Swiss DSG). If the Federal Council has not determined adequate protection (list: https://www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung-staaten.html), we take alternative security measures. These may include international treaties, specific guarantees, data protection clauses in contracts, standard data protection clauses approved by the Federal Data Protection and Information Commissioner (FDPIC) or internal company data protection rules approved in advance by the FDPIC or a competent data protection authority in another country.

According to Art. 16 of the Swiss DSG, exceptions to the disclosure of data abroad may be permitted if certain conditions are met, including the consent of the data subject, contract execution, public interest, protection of life or physical integrity, data made public or data from a legally provided register. These disclosures are always made in accordance with the legal requirements.


Deletion of data


The data we process will be deleted in accordance with the legal requirements as soon as the consents permitted for processing are revoked or other permissions no longer apply (e.g. if the purpose of processing this data no longer applies or it is no longer required for the purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person. As part of our data protection information, we can provide users with further information on the deletion and storage of data that applies specifically to the respective processing procedures.


Rights of the data subjects


Rights of the data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:
Rights of the data subjects under the Swiss DSG:
As a data subject, you have the following rights in accordance with the requirements of the Swiss DSG:

Use of cookies


Cookies are small text files or other storage notes that store information on end devices and read information from the end devices. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the content accessed or functions used in an online offer. Cookies can also be used for different purposes, e.g. for the purposes of the functionality, security and convenience of online offers and to create analyses of
visitor flows.

Notes on consent: We use cookies in accordance with the legal regulations. Consent is not necessary in particular if the storage and reading of information, including cookies, is absolutely necessary in order to provide users with a telemedia service that they have expressly requested (i.e. our offer). The absolutely necessary cookies generally include cookies with functions that serve to display and run the online offer, load balancing, security, storing the preferences and choices of the users or similar purposes related to the provision of the main and secondary functions of the online offer requested by the users. The revocable consent is clearly communicated to the users and contains information on the respective cookie usage.

Notes on data protection legal bases: The data protection legal basis on which we process the personal data of users with the help of cookies depends on whether we ask users for consent. If the users consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests (e.g. in the commercial operation of our online offer and improving its usability) or, if this is done as part of the fulfillment of our contractual obligations, if the use of cookies is necessary to fulfill our contractual obligations. We will explain the purposes for which we process cookies in the course of this data protection declaration or as part of our consent and processing processes.

Storage period: With regard to the storage period, a distinction is made between the following types of cookies:
General information on revocation and objection (so-called “opt-out”): Users can revoke the consent they have given at any time and object to processing in accordance with the legal requirements. To do so, users can, among other things, restrict the use of cookies in the settings of their browser (although this may also limit the functionality of our online offer). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR). Consent (Article 6, Paragraph 1, Sentence 1, Letter a) of GDPR).
Further information on processing procedures, methods and services:


Provision of the online offer and web hosting


We process the user's data in order to be able to carry out our guest survey. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

Further information on processing procedures, methods and services:

Contact and inquiry management


When you contact us (e.g. by post, contact form, email, telephone or via social media) and within the framework of existing user and business relationships, the details of the inquiring persons are processed to the extent that this is necessary to answer the contact inquiries and any requested measures.

Further information on processing processes, procedures and services:
Contact form: If users contact us via our contact form, email or other communication channels, we process the data communicated to us in this context to process the communicated request; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR).


Web analysis, monitoring and optimization


We do not use any third-party tools or instruments for web analysis, monitoring or optimization. We generally do not use social media plugins / mashups on our website.


Changes and updates to the data protection declaration


We ask you to regularly inform yourself about the content of our data protection declaration. We will adapt the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

If we provide addresses and contact information for companies and organizations in this privacy policy, please note that the addresses may change over time and please check the information before contacting us.



Definitions of terms


This section provides you with an overview of the terms used in this privacy policy. To the extent that the terms are defined by law, their legal definitions apply. The following explanations, however, are primarily intended to help you understand.