Data protection

Privacy Policy Verkehrsbüro AG

Insofar as in this data protection declaration a designation was made only in female or only in male form, both sexes are equally recorded. With this data protection declaration we inform you how we collect, use, pass on and otherwise process your personal data. As a concerned individual customer or employee of one of our corporate customers or other individual, we offer or make available to you our services (travel, stays, overnight stays, conferences and events and related products and services) via our websites, mobile applications, e-mail communication or by other means online or offline. We protect the privacy of the users of our websites in the best possible way and treat all personal data in accordance with the provisions of European and Austrian data protection law. Personal data, which you transmit to us within the scope of inquiries on the subject of data protection, is used exclusively for the purpose of processing your request.

Who is responsible for processing your data and where can you turn?

The person responsible within the meaning of the applicable provisions of data protection law is Österreichisches Verkehrsbüro AG.

Support facility for the staff of the Austrian Transport Office, Vienna, Gesellschaft m.b.H.

Austrian Tourist Office Personalbereitstellungs GmbH
Lassallestraße 3
A-1020 Vienna
Phone: +43/1/58800-752

Which categories of data are processed?

Due to our obligation to fulfil the contract concluded with you, we process:

Customer master data - When you contact us, register with us or make use of our services, we collect general personal data about you in order to be able to contact you in accordance with your wishes about our offers and in the course of a trip, a stay or other service. This information may include your name, email address, telephone numbers, employer and mailing address, gender and date of birth if applicable.

Guest and Travel Information - When you book a trip, stay or other service through us, we collect from you directly or indirectly (via third parties), such as your employer, other travel agents, friends and family or other organisers, the details of the trip or stay or other service (such as place and time of arrival and departure, airline, hotel, car rental) and other data necessary to complete your bookings, directly or indirectly (via third parties) if you do not book the trip or stay yourself. We may also collect special categories of data to provide accessibility, dining preferences or other requested services. We may also need passport data from travellers. When we book travel for your companions, we may collect the same categories of data from them. Please therefore pass this information on to all those affected whose data you provide in a travel booking. Your customer data is stored in your travel or guest profile, where we collect the information necessary for your travel booking and the provision of our services. You may also provide other information in your travel or guest profile, including frequent flyer program registration information, government identification numbers, and emergency contact information.

Payment Information - To enable you to pay for your bookings and other transactions through our services, we collect payment card or other payment processing information.

Due to our legitimate interest in providing you with personalized advertising and statistics on user behavior during your visit to our Web sites, we may process such information:

Device Data - We collect information about how you use our services, including the IP address of your computer and information that can be obtained about it (such as the Internet provider and general geographic location), the unique device number and other technical information. We also collect information about how you use our websites and mobile applications. Some of this information is collected through the use of cookies and similar technologies as described here.

How long will your data be processed?

In any case, your data will be stored for as long and to the extent required by the contractual basis. After termination of the contract, your data will be stored for a maximum of 7 years in accordance with the accounting obligations imposed on us. In addition, your data will be stored on the basis of our legitimate interest until we receive a justified objection from you, or on the basis of your express consent until you revoke this consent.

For what purposes will your data be processed?

Providing Our Services - We use your information for your travel bookings, overnight stays, organizing meetings and events, creating travel plans and invoices, communicating with you about your travel or our products and services, providing customer service and administering your account.

Providing our products and services to corporate customers - We use your information to fulfill our contracts with your employer or travel agent, to communicate about our products and services, and to assist them in complying with their policies.

Payment Processing - We use your master data and payment information to process transactions and provide related customer service.

Operating Websites, Mobile Applications and Electronic Communications - We use device data to secure online services and optimize the delivery and content of our services, for updates, for non-personal trend and usage analysis related to our services, and to measure the effectiveness of our advertisements and offers.

Business Operations and Improvement - We use your information to comply with our corporate policies and procedures, for accounting and commercial purposes, to detect or prevent fraudulent or criminal activity, for business operations, to analyze and improve our business and services, and otherwise as required by law.

Optimizing Services & Marketing

We use your data in your and our legitimate interest to optimize our services to you and for future services, including this:

  • Use of frequent flyer information and travel preferences
  • Pre-filling of forms and payment data
  • Use of contact data for the transmission of service changes
  • for emergency contact
  • to obtain feedback on the services provided
  • to send information about our products and services by electronic and postal means

If we do not accept a corresponding interest on your part in an appropriate manner, you are welcome to prove this to us by means of a contrary declaration.

To whom and how do we pass on your data?

In principle, we do not transfer your data to third parties either free of charge or against payment without your consent. Excepted from this are transfers which we carry out on the basis of a legal or contractual obligation or on the basis of our mutual interests mentioned above:

Your employer or travel/subsistence cost carrier - Our services to you may be provided under service contracts with your employer or travel cost carrier. We will share your information with them to enable them to manage their business travel and to ensure compliance with the company's travel policy. At the request of your employer or travel agent, we may also share your information with their service partners.

Travel providers and other travel service providers - In order to successfully complete the booking of your travel and the provision of travel-related services to you and any third parties, we may share information with travel providers (such as airlines and hotels) and travel service providers (such as ticket distribution systems and travel app providers) and their service partners.

Service Partners - We share information with service providers to the extent necessary to provide their services, such as other travel agencies, convention and event planners, visa and passport service providers, restaurants, mobile applications and software developers, and partners providing IT support, data hosting, marketing and communications systems and collection services.

Affiliates - We share information within the family of companies as permitted by law to provide, analyze and optimize their and our products and services.

Government agencies, banks and courts - We may share information with regulators, courts, banks and government agencies as required or permitted by law, regulation or legal process, or to protect either your and our interests, rights and property or others.

Business Transition - If we negotiate or conclude a transaction that affects the business in whole or in part (for example, restructuring, merger, sale or acquisition), we may, to the extent permitted by law, disclose information to third parties involved in that transaction.


We have integrated components of the company Facebook on our website.

The operating company of Facebook is Facebook, Inc. 1 Hacker Way, Menlo Park, CA 94025, USA. The person responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland if a data subject lives outside the USA or Canada.

Each time you access one of the individual pages on our website that is operated by us and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on your information technology system is automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at As part of this technical process, Facebook obtains information about which specific subpage of our website is visited by the person concerned.

If you are logged in to Facebook at the same time, Facebook recognizes which specific page of our website you are visiting each time you visit our website and for the entire duration of your visit. This information is collected by the Facebook component and assigned to the respective Facebook account by Facebook. If you click on one of the Facebook buttons integrated on our website, for example the "Like" button, or make a comment, Facebook assigns this information to your personal Facebook user account and saves this personal data.

If you do not want this information to be transferred to Facebook, Facebook may prevent the transfer by allowing you to log out of your Facebook account before accessing our website.

Facebook's published privacy policy, available at, discloses Facebook's collection, processing and use of personal information. It also explains what settings Facebook offers to protect your privacy.

With your consent, our website uses the Conversion Tracking Pixel Service of Facebook, Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA ("Facebook"). This pixel can be used to track users' behavior after they click on a Facebook ad to refer them to our site. This enables us to track the effectiveness of Facebook ads for statistical and market research purposes. The information collected remains anonymous. This means that we cannot view the personal information of individual users. However, the collected data is stored and processed by Facebook. We will inform you according to our level of knowledge. Facebook may link the data to the data in your Facebook account and uses it for its own advertising purposes, in accordance with Facebook's data guidelines. Facebook Conversion Tracking also allows Facebook and its partners to display advertisements inside and outside Facebook. In addition, a cookie is stored on your computer for this purpose. You have the option of prohibiting Facebook and its partners from placing advertisements. You can edit the settings for Facebook advertisements under the following link:

Google Analytics

We have integrated the Google Analytics component (with anonymization function) on our Internet pages. Google Analytics is a web analysis service. The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us showing the activities on our website and to provide other services in connection with the use of our website.

Google Analytics places a cookie on your information technology system. When the cookie is set, Google is able to analyse the use of our website. Each time you access one of the individual pages of the Internet pages operated by us and on which a Google Analytics component has been integrated, the Internet browser on your information technology system is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as your IP address, which Google uses, among other things, to track the origin of visitors and clicks and subsequently to enable commission statements.

The cookies are used to store personal information such as the access time, the location from which an access originated and the frequency of visits to our website. Each time you visit our website, this personal data, including the IP address of the Internet connection you are using, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data collected through the technical process with third parties.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. Such a setting of the Internet browser used would also prevent Google from setting a cookie on your information technology system. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

Furthermore, you have the possibility to object to and prevent the collection of data generated by Google Analytics and relating to the use of this website and the processing of this data by Google. To do this, you can download and install a browser add-on under the link . This browser add-on informs Google Analytics via JavaScript that no data and information on visits to Internet pages may be transmitted to Google Analytics. The installation of the browser add-on is regarded by Google as an objection. If your information technology system is later deleted, formatted or newly installed, the browser add-on must be reinstalled in order to deactivate Google Analytics.

For more information and to review Google's current privacy policies, please visit and Google Analytics is explained in more detail at

International data transfer

We may also share your information with service providers and jurisdictions outside your home country or our country of residence for the purposes described herein, including countries that may not have the same level of privacy protection. For data protection purposes, data will be shared in accordance with appropriate data sharing agreements and other safeguards. Regardless of where we process your data, we will protect it in the manner described in this Privacy Policy and in accordance with applicable law.

What rights do you have?

You have the right to

  • to request confirmation as to whether personal data relating to you will be processed and, subsequently, the right to receive free information about the personal data stored about you and a copy of this information;
  • to revoke your consent to the processing of personal data without affecting the lawfulness of the processing carried out on the basis of your consent until revocation;
  • to request the correction of any false personal data concerning you or, if applicable
  • that your data will be deleted immediately if we no longer have a legal reason to store the data in question;
  • to demand the restriction of the processing;
  • to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to forward this data to another responsible person (without our interference);
  • to ensure that your data is transmitted directly by us to another responsible person, insofar as this is technically feasible and insofar as this does not infringe the rights and freedoms of other persons;
  • If necessary, the possibility of lodging a complaint with the Austrian data protection authority in the event of unlawful inaction.

How do we protect your data?

We take appropriate administrative, technical and physical security measures to protect your data from unauthorized access and use. We will only store your data for as long as is necessary to provide our services and for legitimate business purposes, unless we are required by law, regulation, litigation or government investigation to do so for a longer period of time.

General data security measures

We undertake to take appropriate technical and organisational measures - such as pseudonymisation - both at the time of determining the means for processing and at the time of actual processing of your personal data, which are designed to effectively implement data protection and include the necessary guarantees in the processing in order to comply with the requirements of data protection law and to protect your data.

To this end, we take appropriate measures to ensure that only those personal data relating to your person whose processing is necessary for the respective specific processing purpose are processed by default, and above all to ensure that your data are not made accessible to an indefinite number of natural persons by default without your intervention. These measures include, inter alia, the pseudonymisation and encryption of your data, the ability to permanently ensure the confidentiality, integrity, availability and resilience of the systems and services associated with the processing, the ability to rapidly restore the availability of personal data and access to them in the event of a physical or technical incident and the regular review, evaluation and evaluation of the effectiveness of the technical and organisational measures to ensure the security of the processing.

Specific data security measures

Secure Socket Layer (SSL)

All booking forms with which you transmit personal information to us use an encrypted transmission method (SSL) for the security of your data. "SSL" stands for "Secure Socket Layer". You can tell that you are on a secure page, that is, that the data on this page has been transferred to your computer using this secure transfer method, by the fact that the address bar (the URL) begins with "https://" instead of the usual "http://", and by the display of special symbols in the status bar (usually at the bottom of the window) of the browser:

  • Internet Explorer
  • Firefox
  • Chrome
  • Safari

Encryption takes place between the server and the client (i.e. your computer) in the form of a secure connection over which all data can be transmitted. SSL requires certificates to ensure secure transmission so that you can be sure where the server is and who is running it. SSL Certificate Authority: To get such a certificate you need a kind of "witness" who vouches for the correctness of the data. Our secure servers are certified by the Comodo Group.


This Privacy Policy may be changed by us from time to time due to business or legal changes. We will post a notice on our website prior to the effective date of any material changes to this Privacy Statement and, if required by applicable law, notify you otherwise.


If you have any questions or complaints regarding the processing of your data, please contact our service staff or contact us in writing:

Verkehrsbüro Group,
Lassallestrasse 3,
1020 Vienna,

We will review your request and reply in writing within 30 days of receipt.