Home Data Protection Declaration

Data Protection Declaration


Manage Browser Data

Here you can edit your privacy settings.

Change Browser Data Settings

1. General information

The protection of your personal data is a particular concern to us. We exclusively process your personal data on the basis of the legal provisions (DSGVO, DSG, TKG 2021).

In order to provide our website and carry out the sale of our goods and the delivery of our services, we process information about your person, so-called personal data – hereafter referred to in short as “data”. The term “process” is to be understood as every form of handling of these data, including the collation, storage, use, or deletion of personal data.

In the context of this Data Protection Declaration, we are pleased to inform you about the processing of your personal data and about your rights and entitlements as set out in the data protection regulations.

In the event of any complaints, questions, and suggestions regarding the subject of data protection, we and our Data Protection Officer are always at your disposal via the contact details set out below.

The responsibility for processing your personal data lies with:

Museen der Stadt Wien
Karlsplatz 8
1040 Vienna
T: +43 (0)1 505 87 47
E: office@wienmuseum.at

2. Data processing in the context of our website and online services
2.1. General information

In the context of our website and online services, we process data that you make known to us (such as when you make an order), logs (our server logs in-formation about all those making requests for security reasons), and cookies (small text files that are stored on your device and contain information that enables you to be recognized).

Cookies

Cookies are small text files that are stored on your end device. We use the following, technically necessary cookies for the operation and display of our website:

  • omCookieConsent: This cookie saves the settings of the visitors to the website as selected in the cookie banner. These are saved for one year.
  • Fe_typo_user: This cookie saves the access data entered during the user-login to a restricted area. These are only saved for the duration of the session.

We use technically necessary cookies due to our legitimate interest in the operation of the website and the improvement of the internet presence.

We set all further cookies (for marketing purposes, social media, etc.) on the basis of your consent or our legitimate interest. You can find further information about cookies in the relevant items of this Data Protection Declaration.

In order to avoid the setting of cookies from third parties you can block so-called third-party cookies in your browser. You can find instructions about how to do this for the most common browsers here:

Firefox: here
Chrome: here
Microsoft Edge: here
Safari: In Apple’s Safari, third-party cookies are blocked as standard.

2.2. Data processing for the operation and security of our website and online services (server logs)

2.2.1. Server logs

Purpose of processing: When you call up our website, the web server collates use data (so-called server logs). The collation of these data is necessary in order to technically facilitate the creation of the connection to our server and the use of the website. In addition to this, these data help us to repel and analyze attacks.

The following server logs are collated: The IP address of the requesting device, together with the date, time, request, which data are requested (name and URL), the quantity of data transferred to you, a report of whether the request was successful, recognition data of the browser and operating system that were used, and the website, from which the access took place (if the access occurs via a link).

Legal basis of the processing: The processing of your data takes place due to our legitimate interest in ensuring the operation of the service and the security of the system.

Recipients of the data:

  • The web server for the operation of our website is technically operated by a contracted processor, abaton EDV-Dienstleistungs GmbH, from the computer center at Raiffeisen Raaba, Hans-Resel-Gasse 17, 8020 Graz. If a hacker attack has taken place, the data from the server logs are passed on to the law enforcement authorities. These data are passed on to no other third parties.
  • In addition to this, we use “amepheas” from the service provider amepheas GmbH, Heiligenstädter Lände 27c, 1190 Vienna for the operation of the online shop. This company works for us as a contracted processor and may only use your data for the execution of the concrete orders and is contractually obliged to us to comply with all legal data protection regulations.

Further information:

  • The server logs at abaton are saved for a maximum of one month.
  • The server logs at amepheas are saved for a maximum of 90 days.
2.3. Social media plugins

We use so-called “social media plugins” on our website. Such plugins enable content or interactive elements from social media services to be displayed. When visiting our website, which displays relevant symbols, your browser establishes a connection with the respective server of the social media operator. Data can then be passed on to the social media operator via plugins and used by them. The direct connection between your browser and the server of the social media provider requires your consent to the passing on of data.

2.4. Data processing for marketing purposes
2.4.1. Web analysis with Matomo

We use the function of the web analysis service Matomo to analyze user behavior and optimize our internet presence. If you call up our website, the web server collates use data, so-called server logs. These data are analyzed in order to evaluate the number of visitors to the website and their user behavior. This enables user statistics to be drawn up that facilitate the optimal adaptation of the website in the interest of visitors.

Matomo records the following server logs for the purposes of web analysis:

  • IP address of the end device, from which our website is accessed;
  • Recognition data of the browser and operating system that are used; 
  • Date, time, and length of the access;
  • Name of the retrieved data or information;
  • Quantity of transferred data;
  • A report of whether the request was successful;
  • Internet addresses of the websites via which our website is accessed;
  • Internet addresses of the websites that are called up via our website.

You can find further information about Matomo in the Data Protection Declaration of Matomo. Legal basis: The processing of the server logs for the drawing up of user statistics takes place on the basis of our legitimate interest in improving our offers and our internet presence. Recipients of the data: No data are passed on to third parties. We exclusively evaluate the determined data ourselves.

Storage period: We store our data for a maximum of six months.

Further information: You are free to object to an analysis of your user behavior. To do so, simply click on the already completed checkbox below and remove the “tick”. Please note that this deselection will better protect your privacy but that you are depriving the operator of the website of the opportunity to learn from your user behavior and, thus, improve operability.

“Insert ticked checkbox” Data from you are currently being collated by Matomo. By deselecting this checkbox this data collection is stopped.

3. Data processing for purposes of direct advertising:
Purpose and legal basis of the processing
  • If we have received your contact data in connection with a sale or the provi-sion of a service, we also process these data in order to be able to send you (advertising) information about similar products and services of ours by post, e-mail (including the newsletter), and SMS on the basis of our legiti-mate interest.
  • If you have subscribed to our newsletter you will receive regular information by e-mail about us and our range of services. It is no problem if you no longer wish to be contacted by us. Simply contact us at newslet-ter@wienmuseum.at or use the unsubscribe link in the newsletter.

Legal basis of the processing: Your data are processed on the basis of your consent

Recipients of the data: The following service providers receive your data in order to produce and send the newsletter in our name:

“mailworx”, an e-mail marketing platform of the service provider Network & Internet GmbH, Hanriederstraße 25, 4150 Rohrbach-Berg. This company works for us as a contracted processor and may only use your data for the execution of the concrete orders and is contractually obliged to us to comply with all le-gal data protection regulations.

Further information: We will process your data on the basis of our legitimate interest until the end of the third year after the last contact with you or until your objection to the data processing – whichever occurs earliest. If we are pro-cessing your data on the basis of your consent, we will continue to process your data until your objection or until you unsubscribe from the newsletter.

4.Data processing in the context of business operations
4.1. Data processing in the context of making contact

Purpose of the processing: If you make contact with us (e.g. by e-mail, contact form or telephone), we will only process the data made known during this con-tact as long as this is necessary for the processing or execution of the request.

Legal basis of the processing: Your data are processed in order to carry out pre-contractual measures or fulfill a contract or on the basis of our legitimate interest in organizing the response to your request. Recipients of the data: These data are only passed on provided that this passing on of the data is essential for responding to the request.

Further information: We process your data as long as this is necessary for pro-cessing the request and for a maximum of one month.

4.2. General data processing in the context of our shop

Purpose of the processing: If you order something from us, we will process your data for the purposes of executing the order, answering questions that you ask us in connection with your order, and formally carrying out the business that we have to carry out in the context of our business relationship. Legal basis of the processing: We process your data in order to fulfill a contract or on the basis of a legal requirement in the context of a business relationship (or in order to execute this). Recipients of the data: If it is necessary to pass on your relevant data in a certain individual case in order to fulfill the contract or on the basis of a legal re-quirement, these will be passed on to the following categories of recipients:

  • Banks
  • Legal representatives
  • Accountants, auditors, and tax advisors
  • Courts
  • Responsible statutory authorities
  • Debt collectors
  • Third-party lenders
  • Contractual and business partners
  • Insurance companies
  • Statistik Österreich
  • Transport companies
  • Suppliers
  • Computer centers as contracted processors

In addition to this, we use “amepheas” of the service provider amepheas GmbH, Heiligenstädter Lände 27c, 1190 Vienna for the operation of the online shop. This company works for us as a contracted processor and may only use your data for the execution of the concrete orders and is contractually obliged to us to comply with all legal data protection regulations.

Further information: We only process your data as long as this is necessary for fulfilling the contract or on the basis of legal requirements (such as the obligations to retain information for tax or company law reasons). We generally retain data for seven years.

Name  Purpose Length of storage
ticketshop_session Assigns the browser to a session on the server. This only influences the contents that are seen by visitors and is neither evaluated nor further processed by us. 1 year
cookie consent Saves the consent to the use of cookies. 1 year
XSRF-TOKEN  “Cross Request Forgery Token,” is generated when a form is filled out and automatically deleted after it is sent. limited
4.3. General data processing in the context of membership

Purpose of processing: If you would like to be or already are a member of the museum, we process your data in order to execute your application or manage your membership and for formally dealing with the business transactions that we have to manage in the context of a business relationship. This also includes the processing of your data in order to enable you to enjoy membership benefits (such as exclusive guided tours, exhibition visits), to organize events and guided tours, and to administer members.

Data necessary for membership: The fields specially marked (*) in the applica-tion form are necessary for a membership (for concluding a contract). If you do not give us this information you cannot join the “Unser Wien Museum – Förderverein”. Other information is optional.

Legal basis of the processing: Your data are processed in order to carry out pre-contractual measures or fulfill a contract or on the basis of a legal requirement in the context of a business relationship (or in order to execute this).

Recipients of the data:  The data are not passed on to third parties, or this only occurs on condition that you have specifically consented to this.

Further information: As long as you remain a member, we process your data in order to meet our obligations and protect your interests (such as exclusive guided tours). If you leave the “Unser Wien Museum – Förderverein”, your data are deleted as soon as the period during which we are required by law and statute to retain these data has expired. This period varies for each different category of data. Evidence that must be kept for a certain period, such as the seven years required by tax law, is only deleted after this period has expired.

4.4. General data processing in the context of the annual ticket

Purpose of processing: If you acquire an annual ticket from us, we process your data in order to execute your application and the contract and for formally dealing with the business transactions that we have to manage in the context of a business relationship. This also includes the processing of your data in order to enable you to enjoy the related benefits (such as unlimited access to special exhibitions, price reductions), to organize events, and to administer the holders of annual tickets.

Data necessary for membership: The fields specially marked (*) in the application form are necessary for concluding the contract. If you do not give us this information you cannot receive an annual ticket. Other information is optional.

Legal basis of the processing: Your data are processed in order to carry out pre-contractual measures or fulfill a contract or on the basis of a legal require-ment in the context of a business relationship (or in order to execute this).

Recipients of the data:  The data are not passed on to third parties, or this only occurs on condition that you have specifically consented to this.

Further information: As long as your annual ticket remains valid, we process your data in order to meet our obligations and protect your interests (such as price reductions). When your annual ticket expires, your data are deleted as soon as the period during which we are required by law and statute to retain these data has expired. This period varies for each different category of data. Evidence that must be kept for a certain period, such as the seven years re-quired by tax law, is only deleted after this period has expired.

4.5. Data processing for the organization of events

Purpose of processing: If you register with us for an event, we process your da-ta (first name, surname, e-mail address, telephone number, number of participants) in order to organize the registration and organize and carry out the event, to answer the questions that you ask in connection with your registra-tion, and for formally dealing with the business transactions that we have to manage in the context of a business relationship.

Legal basis of the processing: Your data are processed in order to fulfill a contract or on the basis of a legal requirement in the context of a business relation-ship (or in order to execute this).

Recipients of the data: If it is necessary to pass on your data for reasons determined by the event in question or due to a legal requirement or our legitimate interest, these data will be passed on to the following categories of recipients:

  • Contractual partners
  • Insurance companies

Further information: We only process your data as long as this is necessary for fulfilling the contract or on the basis of legal requirements (such as the obligations to retain information for tax or company law reasons). We generally retain data for seven years.

Please note that we may take photographs or make video recordings during the event in order to document it and for the purpose of media reporting (in, for example, journals, magazines, and publications, or websites and social media platforms).

These recorded images are processed on the basis of our legitimate interest. Our legitimate interest comprises the documentation and presentation of our activities. When publishing recorded images, care will be taken not to infringe the legitimate interest of the persons shown in the recorded images.

4.6. Data recording in the context of an application process

Purpose of processing: If you apply for a position with us, we will process your data in order to evaluate your suitability, abilities, and professional per-formance vis-à-vis the position to which you are applying. If you wish to be included in our pool of applicants, we will also process your data so that we can contact you at a later date.

Legal basis of the processing: Your data are processed in order to carry out pre-contractual measures or on the basis of our legitimate interest in the carry-ing out of an efficient application process. Your data are processed in the context of the pool of applicants on the basis of your consent to this processing. Recipients of the data: The following service providers receive your data so that we can optimize our application process:

“onlyfy,” a recruiting tool of the service provider New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. This company shares joint responsibility with us and may only process your data in line with the concluded agreement for joint responsibility.

Further information: We only process your data as long as this is necessary for carrying out the application process or defending any legal claims. If no employment relationship comes about between you and us, your data will be deleted seven months after the rejection of your application. If you wish to be included in our pool of applicants we will save your data for 12 months or until you withdraw your consent to us storing this data – whichever event occurs earliest.

4.7. Data processing in the context of the Artothek

Purpose of the processing: If you borrow an artwork from us via the “Artothek” borrowing service, we will process your data in order to execute your application and the contract and for formally dealing with the business transactions that we must manage in the context of a business relationship. To this end, a digital client card will be created for you, for which we will process master data and contact information. During the borrowing period, you will receive reminder and warning e-mails as necessary.

Legal basis of the processing: Your data are processed in order to fulfill a contract or on the basis of a legal requirement in the context of a business relation-ship (or in order to execute this). Recipients of the data:  The data are not passed on to third parties, or this only occurs on condition that you have specifically consented to this.

Further information: We only process your data as long as this is necessary for fulfilling the contract or due to legal requirements (such as the obligations to retain information for tax or company law reasons). We generally retain data for seven years.

4.8. Data processing in the context of accounting and invoicing

We process data related to the business relationships with clients or suppliers as part of our financial bookkeeping and invoicing. This includes data related to budgeting and cost accounting. Legal basis: Your data are processed on the basis of our fulfillment of our legal obligations. Recipients of the data: If the passing on of your data related to the specific situation is necessary on the basis of a legal requirement, these will be passed on to the following categories of recipients:

  • Renters of spaces for events
  • Banks
  • Legal representatives
  • Accountants, auditors, and tax advisors
  • Courts
  • Responsible statutory authorities
  • Contractual and business partners
  • Insurance companies

Length of retention of data: We only process your data as long as this is necessary for fulfilling the contract or on the basis of legal requirements (such as the obligations to retain information for tax or company law reasons). We generally retain data for seven years.

5.Your rights
5.1. Right to information about the stored data in line with Art 15 DSGVO

You have the right to demand information about whether we process your personal data. If this is the case, you have the right to receive information about these personal data and about other information related to this processing.

5.2. Right to the correction of inaccurate data in line with Art 16 DSGVO

If personal data that we process about you are not (no longer) accurate or are incomplete, you can demand the correction and, if applicable, the completion of these data.

5.3. Right to the deletion of data in line with Art 17 DSGVO

If the legal requirements are fulfilled you can demand the deletion of your personal data

.
5.4. Right to the restriction of data in line with Art 18 DSGVO

If the legal requirements are fulfilled you can demand the restriction of the processing of data that relate to you.

5.5. Right to data portability in line with Art 20 DSGVO

If the legal requirements are fulfilled you can demand the transfer of your data into a structured, standard, and machine-readable format.

5.6.Right to object to unreasonable data processing in line with Art 21 DSGVO

For reasons that result from your specific situation you can file an objection, at any time, to the processing of data that relate to you and that we are processing on the basis of a legitimate interest in line with Art 6 Abs 1 lit f DSGVO.

5.7.    Right to withdraw consent

If data are being processed on the basis of a declaration of consent, you have the option of withdrawing this at any time, without affecting the legality of the data processing that was carried out until this withdrawal of consent.

5.8.    Right to complain to the data protection authorities

If you believe that our processing of your data contravenes the applicable data protection law or that your rights to data protection are being infringed in another way, you have the option of complaining to the responsible supervisory authority (Austrian Data Protection Authority). The address is as follows:

Österreichische Datenschutzbehörde
Barichgasse 40-42 
1030 Vienna
Telephone: +43 1 52 152-0
E-mail: dsb@dsb.gv.at

6.    Further information

We need the data that we ask you to provide in order to execute the sale of our goods and the supply of our services in the context of the contract or in order to provide information that you have requested from us or to send you our news-letter or other information.

If you do not provide these data, we cannot supply our services.

There is no automated decision making including profiling. If we process your data for a purpose other than the purpose for which we have collected these data, we will inform you of this fact and of this other purpose.