ATS Airport Transfer Service Logo

Privacy Policy

The protection of your personal data is important to us. This privacy policy informs you about the nature, scope and purpose of processing personal data on our website https://ats-vie.at and the rights to which you are entitled. This privacy policy applies to the use of our website and extends to all services we offer.

1. DATA CONTROLLER

The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG) is:

ATS AIRPORT TRANSFER SERVICE
Vienna Airport
Objekt 115 00 B 5728
A-1300 Flughafen
Austria

If you have any questions about data protection, you can contact us at any time using the contact details provided in the imprint.

2. GENERAL INFORMATION ON DATA PROCESSING

2.1 What is personal data?

Personal data is all information relating to an identified or identifiable natural person. This includes, for example, name, email address, telephone number, IP address and other information that can be directly or indirectly assigned to a person.

2.2 Legal basis for data processing

The processing of your personal data is based on the following legal bases in accordance with GDPR:

  • Art. 6 para. 1 lit. a GDPR (Consent): You have given us your express consent to process your data for a specific purpose.
  • Art. 6 para. 1 lit. b GDPR (Performance of contract): The processing is necessary for the performance of a contract with you or for taking steps at your request prior to entering into a contract.
  • Art. 6 para. 1 lit. c GDPR (Legal obligation): The processing is necessary for compliance with a legal obligation.
  • Art. 6 para. 1 lit. f GDPR (Legitimate interest): The processing is necessary for the purposes of our legitimate interests, unless your interests or fundamental rights override.

2.3 Data security and encryption

We use SSL or TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

We would like to point out that data transmission over the Internet (e.g. when communicating by email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

3. HOSTING AND TECHNICAL INFRASTRUCTURE

3.1 Netlify Hosting

Our website is hosted on Netlify. The provider is Netlify, Inc., 44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA.

When you visit our website, Netlify automatically collects certain technical data:

  • IP address
  • Browser type and browser version
  • Operating system
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request

This data is processed to ensure the security, stability and performance of the website. The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in secure and efficient operation of our website).

Netlify has implemented appropriate data protection measures and complies with GDPR requirements. Further information on data protection at Netlify can be found at: https://www.netlify.com/privacy/

3.2 Cloudflare Turnstile (Anti-Bot Protection)

We use Cloudflare Turnstile to protect against automated access (bots) and spam. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA.

Cloudflare Turnstile analyzes user behavior to distinguish between human users and bots. The following data is processed:

  • Browser information, device information, IP address and interaction patterns

The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in preventing abuse and securing our website).

Further information on data protection at Cloudflare Turnstile can be found at: https://www.cloudflare.com/privacypolicy/

3.3 Supabase (Backend and Database)

We use Supabase to process requests and store data. The provider is Supabase Inc., USA.

Supabase processes the following data on our behalf:

  • Contact form requests (name, email address, message)
  • Taxi orders (name, email address, telephone number, pickup location, destination, order details)

The legal basis is Art. 6 para. 1 lit. b GDPR (performance of contract) and Art. 6 para. 1 lit. f GDPR (legitimate interest). We have concluded a data processing agreement with Supabase in accordance with Art. 28 GDPR. Further information on data protection at Supabase can be found at: https://supabase.com/privacy

4. DATA COLLECTION ON OUR WEBSITE

4.1 Cookies and local storage

Our website only uses technically necessary cookies that are required for the operation of the website. We do not use analytics, marketing or tracking cookies.

4.1.1 Cookie Consent (cookie_consent)

Wir setzen ein Cookie zur Speicherung Ihrer Cookie-Einstellungen.

  • Name: cookie_consent
  • Saves your consent regarding the use of cookies. Speicherung der Cookie-Zustimmung (enthält die Zeichenfolge 'technical%22%3Atrue%2C...' zur Speicherung der technischen Cookie-Einwilligung)
  • 1 year 1 Jahr
  • Art. 6 para. 1 lit. a GDPR (consent) Art. 6 Abs. 1 lit. c DSGVO (rechtliche Verpflichtung zur Dokumentation der Einwilligung)

4.1.2 Cookie-Zeitstempel (cookie_consent_timestamp)

Dieses Cookie speichert den Zeitpunkt Ihrer Cookie-Zustimmung.

  • Name: cookie_consent_timestamp
  • Zweck: Zeitstempel der Cookie-Einwilligung für Ablaufkontrolle
  • Speicherdauer: 1 Jahr
  • Rechtsgrundlage: Art. 6 Abs. 1 lit. c DSGVO (rechtliche Verpflichtung zur Dokumentation)

4.1.3 Cookie-Version (cookie_consent_version)

Dieses Cookie speichert die Version der Cookie-Richtlinie, der Sie zugestimmt haben.

  • Name: cookie_consent_version
  • Zweck: Versionskontrolle der Cookie-Einwilligung (aktuell Version 1.0.0)
  • Speicherdauer: 1 Jahr
  • Rechtsgrundlage: Art. 6 Abs. 1 lit. c DSGVO (rechtliche Verpflichtung zur Versionsverwaltung)

4.1.4 Sprach-Cookie (user-locale)

Wir setzen ein Cookie zur Speicherung Ihrer Spracheinstellung. Dieses Cookie ermöglicht es, dass die Website bei Ihrem nächsten Besuch in der von Ihnen gewählten Sprache angezeigt wird.

  • Name: user-locale
  • Zweck: Speicherung der gewählten Sprache (z.B. 'de' für Deutsch)
  • Speicherdauer: 1 Jahr
  • Rechtsgrundlage: Art. 6 Abs. 1 lit. f DSGVO (berechtigtes Interesse an benutzerfreundlicher Darstellung)

4.1.5 Viewport-Cookie (viewport)

Dieses Cookie speichert Informationen über die Bildschirmgröße Ihres Geräts zur optimalen Darstellung der Website.

  • Name: viewport
  • Zweck: Speicherung der Bildschirmgröße für responsive Darstellung (z.B. 'mobileMedium', 'desktop')
  • Speicherdauer: Session (wird beim Schließen des Browsers gelöscht)
  • Rechtsgrundlage: Art. 6 Abs. 1 lit. f DSGVO (berechtigtes Interesse an optimaler Darstellung)

4.1.6 Session Storage

Für technische Funktionen der Website nutzen wir Session Storage zur temporären Datenspeicherung im Browser:

  • Zweck: Temporäre Speicherung von Buchungsdaten während der Bestellung
  • Speicherdauer: Nur während der Browser-Sitzung, automatische Löschung beim Schließen des Browsers

Diese Daten werden ausschließlich lokal in Ihrem Browser gespeichert und nicht an unsere Server übertragen.

4.2 Server Log Files

Our hosting provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources. The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in ensuring the security and stability of our website).

This data is stored for a maximum of 30 days and then deleted.

4.3 Contact Form

Wenn Sie uns per Kontaktformular Anfragen zukommen lassen, werden Ihre Angaben aus dem Anfrageformular inklusive der von Ihnen dort angegebenen Kontaktdaten zwecks Bearbeitung der Anfrage und für den Fall von Anschlussfragen bei uns gespeichert.

Folgende Daten werden erhoben:

  • Name
  • E-Mail-Adresse
  • Nachricht/Anfrage

The legal basis is Art. 6 para. 1 lit. b GDPR (pre-contractual measures) or Art. 6 para. 1 lit. f GDPR (legitimate interest in processing your inquiry).

This data will be deleted after complete processing of your inquiry, unless a contractual relationship arises.

Our hosting provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources. The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in ensuring the security and stability of our website).

This data is stored for a maximum of 30 days and then deleted.

4.3 Contact Form

Wenn Sie uns per Kontaktformular Anfragen zukommen lassen, werden Ihre Angaben aus dem Anfrageformular inklusive der von Ihnen dort angegebenen Kontaktdaten zwecks Bearbeitung der Anfrage und für den Fall von Anschlussfragen bei uns gespeichert.

Folgende Daten werden erhoben:

  • Name
  • E-Mail-Adresse
  • Nachricht/Anfrage

The legal basis is Art. 6 para. 1 lit. b GDPR (pre-contractual measures) or Art. 6 para. 1 lit. f GDPR (legitimate interest in processing your inquiry).

This data will be deleted after complete processing of your inquiry, unless a contractual relationship arises.

5. EXTERNAL SERVICES AND INTEGRATIONS

Bei der Bestellung eines Taxis über unsere Website verarbeiten wir folgende Daten zur Durchführung des Vertrags:

5.1 OpenStreetMap

  • IP address
  • Browser type
  • Operating system
  • Requested map section
  • Datum und Uhrzeit der Fahrt
  • Anzahl der Personen und Gepäckstücke

5.2 Google Places API

Die Verarbeitung erfolgt zur Durchführung des Beförderungsvertrags, zur Kontaktaufnahme mit Ihnen sowie zur Erfüllung unserer steuer- und handelsrechtlichen Pflichten. Die Rechtsgrundlage ist Art. 6 Abs. 1 lit. b DSGVO (Vertragserfüllung) sowie Art. 6 Abs. 1 lit. c DSGVO (rechtliche Verpflichtung).

5.3 Weitergabe an Dritte

Ihre Daten werden nur an die für die Durchführung der Fahrt beauftragten Fahrer weitergegeben. Eine darüber hinausgehende Weitergabe an Dritte erfolgt nicht.

6. EMAIL COMMUNICATION

6.1 OpenStreetMap (Kartendarstellung)

Wir verwenden auf unserer Website OpenStreetMap zur Darstellung von Karten. OpenStreetMap ist ein Open-Source-Kartendienst der OpenStreetMap Foundation (OSMF), St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, Vereinigtes Königreich.

Bei der Nutzung von OpenStreetMap werden folgende Daten an die Server der OpenStreetMap Foundation übertragen:

  • IP-Adresse
  • Browserinformationen
  • Angezeigte Kartenausschnitte

Die Rechtsgrundlage ist Art. 6 Abs. 1 lit. f DSGVO (berechtigtes Interesse an der Bereitstellung einer benutzerfreundlichen Kartendarstellung für die Routenplanung).

OpenStreetMap speichert keine personenbezogenen Daten dauerhaft. Die IP-Adressen werden nur zur Auslieferung der Kartenkacheln verwendet. Weitere Informationen zum Datenschutz bei OpenStreetMap finden Sie unter: https://wiki.osmfoundation.org/wiki/Privacy_Policy

6.2 Google Places API (Adresssuche und Autovervollständigung)

Wir verwenden die Google Places API zur Adresssuche und Autovervollständigung bei Eingaben in Adressfeldern. Anbieter ist Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.

Bei der Nutzung der Google Places API werden folgende Daten an Google übertragen:

  • IP-Adresse
  • Eingegebene Suchanfragen und Adressteile
  • Browserinformationen

Die Rechtsgrundlage ist Art. 6 Abs. 1 lit. f DSGVO (berechtigtes Interesse an der Bereitstellung einer benutzerfreundlichen Adresssuche mit Autovervollständigung).

Google hat sich nach dem EU-US Data Privacy Framework zertifiziert. Die Google Places API wird nur aktiviert, wenn Sie in ein Adressfeld Zeichen eingeben. Weitere Informationen zum Datenschutz bei Google finden Sie unter: https://policies.google.com/privacy

6.3 Cloudflare Turnstile (Bot-Schutz in Formularen)

Zum Schutz unserer Formulare vor automatisierten Zugriffen verwenden wir Cloudflare Turnstile. Anbieter ist Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA.

Cloudflare Turnstile analysiert das Nutzerverhalten, um zwischen Menschen und Bots zu unterscheiden. Dabei können folgende Daten verarbeitet werden:

  • IP-Adresse
  • Browserinformationen und Geräteinformationen
  • Interaktionsmuster auf der Website

Die Rechtsgrundlage ist Art. 6 Abs. 1 lit. f DSGVO (berechtigtes Interesse am Schutz vor Spam und Missbrauch).

Weitere Informationen zum Datenschutz bei Cloudflare finden Sie unter: https://www.cloudflare.com/privacypolicy/

7. PAYMENT PROCESSING

For payments via our website, we work with external payment service providers. Data processing is carried out directly by the respective payment service provider.

The following data may be transmitted to the payment service provider:

  • Name
  • Email address
  • Payment amount

The legal basis is Art. 6 para. 1 lit. b GDPR (performance of contract).

We do not have access to your payment data (e.g., credit card numbers). These are processed exclusively by the payment service provider.

8. STORAGE DURATION

We only store personal data for as long as is necessary to fulfill the respective purpose or as required by legal retention periods.

Specific retention periods:

  • Contact form requests: Until complete processing of the request, then deletion unless a contractual relationship arises
  • Taxi orders: For the duration of contract processing and in accordance with tax and commercial retention periods (7 years from the end of the calendar year in which the contract was concluded)
  • Server log files: Maximum 30 days
  • Cookies: Cookie consent, timestamp and version: 1 year; Language cookie: 1 year; Viewport cookie: Session-based

After expiration of the retention periods, the data will be routinely deleted, unless they are still required for contract fulfillment or contract initiation and there is no legitimate interest on our part in continued storage.

9. YOUR RIGHTS AS A DATA SUBJECT

You have the following rights under GDPR:

9.1 Right of Access (Art. 15 GDPR)

You have the right to request information about whether and which personal data we process about you. This includes in particular information about the processing purposes, the categories of personal data, the recipients of the data, the planned storage duration and your other rights.

9.2 Right to Rectification (Art. 16 GDPR)

You have the right to demand the immediate correction of incorrect or the completion of incomplete personal data.

9.3 Right to Erasure (Art. 17 GDPR)

You have the right to demand the immediate deletion of your personal data, provided one of the legally provided grounds applies and the processing is not necessary.

9.4 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of the processing of your personal data if one of the legal requirements applies.

9.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and to transmit this data to another controller.

9.6 Right to Object (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 lit. e or f GDPR.

9.7 Right to Withdraw Consent

If the processing of your personal data is based on consent given by you, you have the right to withdraw this consent at any time with effect for the future. The lawfulness of the processing carried out on the basis of the consent until the withdrawal remains unaffected.

9.8 Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)

You have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data.

The competent supervisory authority in Austria is:

Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Phone: +43 1 52 152-0
Email: [email protected]
Website: www.dsb.gv.at

9.9 Exercising Your Rights

To exercise your rights, please contact us using the contact details provided in the imprint. We will process your request within one month. In complex cases, this period can be extended by a further two months, which we will inform you about.

10. DATA PROTECTION IN JOB APPLICATIONS

If you apply to us, your personal data (e.g., contact details, application documents) will be processed to handle your application. The legal basis is Art. 6 para. 1 lit. b GDPR (pre-contractual measures) or § 26 para. 1 BDSG (application process). In the event of rejection, your data will be deleted after a maximum of 6 months, unless you have expressly consented to longer storage.

11. PROTECTION OF MINORS

Our offer is generally aimed at adults. Persons under 16 years of age should not transmit personal data to us without the consent of their parents or guardians. We do not knowingly request, collect or disclose personal data from children and adolescents to third parties.

12. CHANGES TO THIS PRIVACY POLICY

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g., when introducing new services. The new privacy policy will then apply to your next visit.

Status of this privacy policy: December 2025

13. DATA PROTECTION CONTACT

If you have any questions about the collection, processing or use of your personal data, for information, correction, blocking or deletion of data, as well as revocation of granted consents, please contact us using the contact details provided in the imprint.