KUNST HAUS WIEN GmbH (KUNST HAUS WIEN, data controller or “we”) respects all laws and regulations applicable on the topic of data protection and is committed to the values of privacy in relation to the processing of personal data. This Privacy Statement explains how we collect, process and use information about you when you use our website (“Privacy Policies”). We are the operator of the website www.kunsthauswien.com. We will routinely update this Privacy Statement to clarify our practices and to reflect new or different privacy practices.
1. PERSONAL DATA
“Personal data” means any information relating to an identified or identifiable natural person or a legal entity (“data subjects” or “users” of our website).
Data entered into online forms (when registering for the KUNST HAUS WIEN Newsletter, with the purchase of a KUNST HAUS WIEN annual pass etc.) is stored. In addition to the visible fields in the forms, such as your e-mail address, first name and surname, the time of storage and the current IP address are also recorded.
2. DATA PROCESSING
Our website enables you to purchase tickets and various products online. When you place an order, we use your information (name, telephone number, E-mail address, street address) in connection with your person. We collect, process, and store this information for the purpose of processing and facilitating delivery of your order. We neither reveal nor sell or lease your personal data to third parties. We transfer your data to third parties only in cases where doing so is necessary for the fulfilment of your contract with us. It is for this purpose that we transfer your data to our technology partners (NOUS Wissensmanagment GmbH, 1150 Vienna, Ullmannstarße 35), to our payment services provider (mPAY24 GmbH, 1050 Vienna, Grüngasse 16), and to our delivery agents and/or shippers (such as Österreichische Post AG) so that you receive the products you have purchased.
Should you break off your placement of an order before completing it, none of the data you have entered will be saved by us. But if a contract is concluded, we save all data pertaining to this contractual relationship for a period of ten years, at which time the legal obligation to retain this data expires.
Data processing takes place in conformance with legal requirements (TKG, DSGVO, DSG/2018).
3. WEB ANALYTICSA. GENERAL
To enhance your experience with the website, we may place a cookie (a small text file) on the computer or your mobile device to make the usage of the website more convenient. Cookies are small files with configuration settings that help us to ascertain frequency of use and the kind of use of the website. Cookies are also used to implement certain user functions. The main purpose of a cookie is therefore the recognition of the visitors of the website and thus it is possible to present each visitor a more individual and personalized website tailored to their needs. Cookies can be deleted at any time by using the browser options.
Cookies may contain the following files:
• the name of the server that wrote the data package
• a one-time ID number
• sometimes an end date
B. COOKIES FEATURING THE FOLLOWING FUNCTIONS ARE STORED BEYOND ANY PARTICULAR SESSION
csrftoken: enhances the security of the data sent via the website;
lang: saves a user’s language preference;
sessionid: identifies several related requests by one and the same user and assigns them to a session;
cfduid: allows loading times to be shortened.
Web analysis cookies
Google Analytics uses the following cookies:
_ga (stored for 2 years), _gat (stored for 10 minutes), _gid (stored for 24 hours)
C. ACTIVATING AND DEACTIVATING COOKIES
Most browsers accept cookies automatically. Cookies can be managed and deleted in your browser settings. When a setting prevents cookies from being stored, not all functions of the website may be able to be used in full.
D. THIRD PARTY COOKIES
4. CONVERSION TRACKING
We use Google AdWords in order to place advertisements and measure the performance of these advertising measures. In doing so, we make use of Google AdWords Conversion Tracking. So if you do a Google search and arrive at our website by clicking on a Google AdWords advertisement, we will be able to tell via which advertising measure you reached our site. This process does not cause any personal data about you to be saved. All we receive is an advertising ID.
You can configure your browser so that it will refuse cookie placement. Alternatively, you can configure your browser so that it will notify you before a cookie is placed. Certain services require the placement of cookies; should you decide to refuse such cookies, our website will not be able to provide certain aspects of these services. The various commonly used browsers offer a range of different configuration options. You can find more detailed information on setting up your browser and on ways in which your browser can deactivate cookies by referring to its documentation.
5. LOG FILES
Our systems automatically gather some anonymous information about visitors, including IP addresses, browser type, language, and the times and dates of webpage visits. The data collected does not include personally identifiable information and is used, as described above, for statistical analysis, to understand user behaviour, to fix any errors, and to protect our website from threats such as DDOS attacks.
6. SOCIAL MEDIA PLUG-INS
On the KUNST HAUS WIEN website, you will find social media plug-ins from facebook.com, Instagram.com, and youtube.com. These plug-ins are symbolized by the miniature logos of their respective providers. As soon as you surf to a page on a website that includes such a logo, a connection is automatically made to the server of the social media provider in question. This social media provider then receives information on the pages that you visit. KUNST HAUS WIEN has no way of influencing what data is transferred to the respective providers, and the transfer of this data takes place even if you do not click on any of the plug-in symbols. If you are logged into Facebook, Instagram, or YouTube parallel to your visit to our website, these plug-ins can also connect with your accounts on the respective social media networks. So if you click on “Like” or leave a comment via such a plug-in, the plug-in will transfer this information to the social media provider and associate it with your existing account on their network. If you do not consent to this taking place, you must log out of your social media account before clicking on the associated plug-in or install an add-on that blocks social media plug-ins in the software that you are using.
Please note that for social media plug-ins, the personal data policies of the respective providers (Facebook, Instagram, YouTube) apply.
You have the option of subscribing to our Newsletter via our website, in which case we require your email address, first name and surname as well as your consent to the Newsletter subscription.
Once you have registered for the Newsletter, we will send you a confirmation email with a link to confirm your registration.
You can cancel the Newsletter subscription at any time, either using a link in the Newsletters themselves or by emailing us at firstname.lastname@example.org. We will then promptly delete your data associated with sending out the Newsletter.
To send out our Newsletter we use the MailChimp newsletter service. MailChimp is a member of the Certified Senders Alliance. We send the data collected via the form to MailChimp solely for the purpose of sending out our Newsletter. MailChimp stores your data in such a way that other MailChimp customers or third parties have no access to that data. For more detailed information please refer to MailChimp’s Data Policies (mailchimp.com/legal/privacy).
8. DATA PROTECTION
Your data security is our highest priority. Our declared aim is to take all necessary technical and organisational measures to ensure the security of data processing and to process your personal data in such a way that they are protected from access by unauthorised third parties. Through the use of state-of-the-art security software, coding and encryption methods our IT infrastructure meets the highest international security standards. For the transmission and storage of personal data, encryption procedures and access control systems of the applicable standards are used in order to protect these from unauthorized access as best as possible.
The data categories are only stored for as long as necessary for the purposes as described or otherwise to comply with legal or regulatory requirements that are applicable to us. We are taking measures to destroy or permanently anonymize personal data categories when they are no longer needed.
9. RIGHTS OF DATA SUBJECTS
The data protection rules now in force accord you the following rights:
• You may at any time, upon providing proof of your identity, request information about the data regarding your person that we process (initial requests are free of charge, whereas follow-up requests may entail an obligatory fee in certain cases);
• You may at any time request the correction of out-of-date or incorrect information regarding your person and/or demand that your data be deleted;
• You may at any time object to the use of your personal information on account of special personal interests for the protection of which confidentiality is warranted.
• You may request that your information be transferred to third parties insofar as this is compatible with applicable data protection laws.
All requests concerning the actions mentioned above will be completed without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.
We welcome your feedback. If you have any comments, questions or complaints regarding
this Privacy Statement or our processing of your personal data categories, or you would like
to exercise any of the rights (“Rights of the data subjects”) that are applicable, you can contact us (email@example.com). If you are unhappy with the way we have handled your personal data categories or any privacy query or request that you have raised with us, you have a right to complain to your local data protection regulator (www.dsb.gv.at).