Data protection declaration

July 2018

Your privacy is important to us. Here, you can learn how we at VPG Vienna Pass GmbH collect and use your data. Our aim is to provide you with the best possible booking experience.

In this data protection declaration, we inform you about the most important aspects of data processing in the scope of our activities as issuers of Vienna PASS, the all-inclusive sightseeing card for your vacation in Vienna. We need to process your personal data for the following purposes: 

  • issuing, administration and sales of the Vienna PASS, as well as
  • additional processing operations:
  • supplier management
  • public relations and marketing for our own purposes
  • image processing at events

Controller for Vienna PASS data processing (use of pass):

VPG Vienna Pass GmbH
Opernring 3-5, Top 508-529, 1010 Wien, Austria
Phone: 0043 (0)1 50 33 033

Controller for data processing (use of website

Leisure Pass Group Ltd, 25 Soho Square, Soho, London W1D 3QR, United Kingdom

Further information on the companies is available on the website.

No data protection officer has been appointed, as it is not required by law.

Data processing purposes:

We process your data for purposes that are essential for you as a

  • Vienna PASS customer
  • Vienna PASS distribution partner, such as agencies etc.
  • supplier or contractor
  • participant in the Vienna PASS programme (operators of attractions)
  • natural person (e.g. contact person or person in charge of matters related to the Vienna PASS) at one of our distribution partners, suppliers, contractors or otherwise involved parties
  • marketing contact, newsletter subscriber or visitor of the website

These purposes are:

  • sale, administration and management of the Vienna PASS
  • reimbursement of attraction operators in conjunction with the Vienna PASS
  • supplier and client management (for managing sales, procurement and our back office)
  • contact forms on the website (answering queries)
  • call centre
  • database of contacts (from public sources or calling cards)
  • public relations activities (to present our work)
  • marketing activities (to inform customers and interested potential customers and to gain new customers) with your consent
  • information about events sent by e-mail to existing contacts out of our legitimate interest in providing such information about our offers
  • newsletter (service and information for existing B2B contacts out of our legitimate interest in providing such information about our offers)

Categories of recipients

As part of our data processing operations, we transmit data to the following categories of recipients, who either are acting on our behalf, or where the transmission is necessary to fulfil contractual or legal obligations. For specific processing operations, the following specific recipients shall be specified: 

  • business partners and third parties who are currently or are to be involved in the operation of the business (e.g. chartered accountants, auditors, liability and legal expenses insurance companies, other insurance companies, notaries, translators, lawyers)
  • the Leisure Pass Group (system and hosting provider), whose privacy policy is available here:
  • contracted processors for IT and communications services (software support, marketing service providers, network, server and client support, e-mail service providers, and telephone service providers)
  • authorities, should they request disclosure

In certain situations, we are legally obliged to disclose your data. This may be in response to legal requests from authorities for purposes of national security or for law enforcement to protect the rights, property or safety of VPG Vienna PASS or others. This includes but is not limited to customer fraud and misuse of the system. We may also share customer information with third parties such as credit card companies for the purpose of dispute resolution.

We do not intend to transfer data to international organisations or recipients in third countries. Should the transfer of data to recipients in third countries become necessary, this will be done on the basis of sufficient guarantees, e.g. standard data protection clauses, or in the context of an adequacy decision.

Contact us

If you have any questions or concerns regarding your privacy or security on our website, you can contact us at

Your rights as a data subject

  • Rights as a data subject
    1. We do not create profiles of data subjects or other persons and do not carry out any profiling activities. No automated decision-making takes place as part of our activities.
    2. As a data subject, you have the right of information, rectification, erasure and restriction of processing personal data, and the right to data portability, within the scope of the statutory provisions for each of these. However, we want to make you aware that these rights may be restricted if the disclosure of the information would endanger a business or company secret of the controller or third parties (Art. 4 (6) Austrian Data Protection Act).
    3. If you have consented to us processing your data, you have the right to revoke this consent at any time. This does not affect the legality of the processing of the data before the revocation. Once you revoke consent, the data will no longer be used for the purpose to which you had initially consented (e.g. e-mail newsletter).
    4. If the processing of the data is based on a legitimate interest, you have the right to object against this use. If you object to the processing for direct marketing purposes, your personal data shall no longer be processed for these purposes. If data are processed by us for other purposes on the basis of a legitimate interest, we shall no longer process these personal data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is done for the establishment, exercise or defence of legal claims.
    5. To exercise your rights, contact us by email to, by phone to 0043 (0)1 50 33 033, or by post to Opernring 3-5, Top 508-529, 1010 Wien. We would appreciate it if you could provide us with the necessary information to clearly identify yourself when making an enquiry.
    6. If you believe that the processing of your personal data violates the Data Protection Act or that your right to privacy has been violated in any way, you may also file a complaint with the Austrian Data Protection Authority. The website of the Data Protection Authority is