© Lukas Beck
Privacy Statement
The Wiener Konzerthausgesellschaft, Lothringerstraße 20, 1030 Vienna, ZVR-Number: 748441625, donation registration number (Spenden-Registrierungsnummer): KK-3282, email address: datenschutz@konzerthaus.at, Telephone: +43 1 242002, Telefax: +43 1 24200-110, (»Wiener Konzerthaus«, »we«, »us«) takes the protection of your personal data seriously. We therefore observe all applicable laws, in particular the General Data Protection Regulation (»DPR«) and the applicable Austrian Data Protection Act (Datenschutzgesetz – »DSG«) as amended, for the protection, proper handling and secrecy of personal data and data security.
The privacy statement and the information on cookies explain how we collect, use, and process your personal data and sets out the scope, duration and purpose of our use of your personal data when we provide services and offers, including when you use our website www.konzerthaus.at (»Website«).
1. Definition of personal data
Personal data includes information on affected persons (in this case, customers, members, donors, interested persons, newsletter subscribers, cooperation partners) who have been identified or are at least identifiable (e.g. Name, email address or IP address).
2. What personal data on you do we collect?
Master Data: The master data we process are the personal information given voluntarily by you when you actively contact us or which is necessary for registration on our website (title, academic degree, name, address, date of birth, preferred language, user name, password, email address and telephone numbers). In case of legal entities, the master data are processed in terms of data protection if they can be traced to a private individual (e.g. name, telephone number, email address of a contact person). In addition to master data, we also process the contents of correspondence.
Order and booking data: In addition to the master data, we collect data concerning the subject matter of the contract (e.g. event, seating information), bank and credit card data, possibly memberships with third party suppliers, data for the use of special offers (e.g. offers to students, seniors), and health data (e.g. wheelchair seats, reductions for the disabled).
Data of members and donors: In addition to the master data, we collect data on the type and duration of your membership and possibly the intended purpose of your donation (e.g. allocation to a specific purpose), as well as your bank and credit card data.
Technical data: We record the IP address of your device, the Internet browser used, the browser language, your operating system, the data requested on our website, your preferences on Java, screen resolution, color depth, your clicking behavior on the website (time of access, clicks) as well as the website from which you accessed us (referrer URL).
Images of persons and other photographs: We also process photos with persons made with the consent of the affected persons for the purposes set out in Clause 4.
Applicant data: If you send us your application, your details from the form and the application documents will be stored for the purpose of processing your application. If the application process is successful, your data will be stored for as long as statutory retention obligations exist (up to a maximum of 7 months in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with the Equal Treatment Act). If the application was unsuccessful, your data will be deleted immediately unless you have expressly consented to the data being kept on file. This consent can be revoked at any time with effect for the future.
3. How do we collect your data?
The data produced when you visit our website is collected automatically. Otherwise, we only collect data on the grounds of your entries on our website (particularly regarding master data, order and booking data) or other provision of information (e.g. by correspondence, a telephone call, when you visit our Ticket & Service Center, by completing forms). In case of individual tickets, season tickets, memberships, articles and gift certificates ordered for third parties, the data of the gift recipient are collected on the grounds of information provided by the giver. For sending information material to a third party, we collect their data on the grounds of the information provided by the person arranging the mailing.
4. What do we use your data for?
We process the personal data set out under Clause 2 for the following purposes and on the basis of the stated legal grounds:
Contract fulfillment and carrying out of pre-contractual measures under Art 6 para1 lit b GDPR: The master data are processed for the purpose of providing an online account. Master data, order and booking data, the data of members and donors are used for the fulfillment and processing of contracts, customer services, customer support and customer information, membership services and administration of master and contract data and amendments. In accordance with the by-laws of the Wiener Konzerthausgesellschaft, member data are further included in a membership directory; data of patrons and sponsors are further noted on a commemorative plaque at the Wiener Konzerthaus, in accordance with the by-laws. The conclusion and fulfillment of the contract are only possible on the grounds of this data processing. If the customer does not provide the requisite data, no contract can be concluded.
Fulfillment of statutory obligations under Art 6 para1 lit c GDPR: The personal data set out in Clause 2 are further processed for the purpose of observing requirements under the laws on associations, trusts and taxes. Furthermore, health data provided on occasion of ordering tickets are used in accordance with the General Law on Equal Treatment (Gleichbehandlungsgesetz) for meeting equal treatment requirements.
Legitimate interests of the Wiener Konzerthaus or third parties under Art 6 Abs 1 lit f DSGVO: Data of members and donors are used for direct contact for the purpose of raising the funds required for obtaining the goals under the bylaws (e.g. by donations, legacies, inheritances and sponsorships). Furthermore, all data listed under Clause 2 are used for the purpose of internal market research, statistical analyses, direct advertising and for credit checks mandatory for providing services.
Consent to data processing under Art 6 para1 lit a GDPR: If none of the legal grounds set out above is given, we will separately obtain consent to data processing. The Wiener Konzerthaus requires in particular the voluntary consent to being contacted electronically and by telephone for marketing purposes. This consent can be revoked at any time and with effect for the future (e.g. by the unsubscribe link in the email newsletter, or by contacting us by email to ticket@konzerthaus.at. When buying tickets for events organized by the Wiener Konzerthausgesellschaft jointly with cooperation partners, customers can also consent to receiving direct marketing information from these cooperation partners by email.
Images of persons are used for documentation, announcements and advertising for Konzerthaus events and activities, as well as in digital media and print media, and archive them for these purposes only. The exact purposes are exhaustively listed in the respective declaration of consent. The prospective recipients are the general public via various print media and via the Internet, YouTube etc.
5. Data processing at cooperation events
At events organized by the Wiener Konzerthausgesellschaft in cooperation with the Wiener Symphoniker, the Klangforum Wien, the Musikverein Wien Modern or the Forum Alpbach, personal master data as well as order and booking data are transmitted to cooperation partners. Furthermore, the data (name, email address) provided voluntarily in the course of the purchase of tickets for cooperation events are submitted to
- the Wiener Symphoniker (Daffingerstraße 4, 1030 Vienna, telephone number: 01 589790, email address: office@wienersymphoniker.at);
- the Klangforum Wien (Diehlgasse 51, 1050 Vienna, telephone number: 01 521 67, email address: info@klangforum.at);
- the Musikverein Wien Modern (Lothringerstraße 20, 1030 Vienna, telephone number: 01 24200, email address: office@wienmodern.at);
- European Forum Alpbach (Franz-Josefs-Kai 13, 1010 Vienna, telephone number: 01 7181711, email address: forum@alpbach.org)
(jointly »Cooperation Partners«) for the following direct advertising purposes: For surveys on satisfaction with service and customer care, invitations to events, gift certificates, prize draws, discount campaigns and contacting as well as for sending marketing and product information on the Wiener Konzerthaus and our cooperation partners by us and by our cooperation partners by email in terms of Sec 107 TKG (Austrian Telecommunications Act, Telekommunikationsgesetz).
6. How long do we store your data?
Personal data is stored for 25 seasons. Beyond this term, personal data is only stored as far as required for raising or defending legal claims. If you have signed up for the newsletter and consented to receiving advertising information and are no customer of ours, we store your data until you revoke your consent, at most for three seasons after the last contact. Membership directories, images of persons and other photos relevant under the association laws (Vereinsrecht) are stored until further notice.
7. Your rights as affected person
You have a right to obtain information in a clear, transparent and easily understandable manner on how we process your personal data and on your rights as affected person (Art 13 et seq. DSGVO):
Right of access under Art 15 GDPR
You have a right to demand from the Wiener Konzerthaus a copy of the personal data we have stored on you (subject to certain limitations).
Right to rectification under Art 16 GDPR
You have the right to demand from the Wiener Konzerthaus the rectification of your personal data if they are wrong or no longer up to date, and/or have a right to amend missing information.
Right to erasure/right to be forgotten under Art 17 GDPR
You have the right to demand of the Wiener Konzerthaus that your personal data be deleted without delay. Please note that this is no absolute right, because there may exist statutory or legitimate grounds for maintaining data.
Right to restriction of processing under Art 18 GDPR
You have the right to demand of the Wiener Konzerthaus the limitation of processing if one of the grounds set out in Art 18 GDPR is given.
Disclosure requirement in connection with the rectification or erasure of personal data or limitation of processing Art 19 GDPR
The Wiener Konzerthaus will notify all affected persons of any rectification or erasure of personal data or any limitation of processing under Article 16, Article 17 para 1 and Article 18 unless this proves impossible or involves an unreasonable effort.
Right to data portability under Art 20 GDPR
You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format from the Wiener Konzerthaus, and every person has a right to transmit these data to another controller without hindrance by us. This shall only apply to data provided by you, data where the processing is based on contract or your consent, or the processing is carried out by automated means.
Right to object against direct marketing including profiling, and against any consent to data processing granted under Art 21 et seqq. GDPR
If the processing serves the purpose of preserving the legitimate interests of the Wiener Konzerthaus, you are entitled to object to this on grounds relating to your particular situation. In this case, however, compelling legitimate grounds of the Wiener Konzerthaus may prevail, in which case the Wiener Konzerthaus can continue the processing.
In addition, you have the right to object to the processing of your data if the processing is effected for the purpose of direct advertising.
Right to lodge a complaint with a supervisory authority under Art 77 GDPR
You also have the right to lodge a complaint with the data protection agency if you believe that the processing of your personal data violates the GDPR or the DSG. The competent data protection supervisory authority is the Austrian Data Protection Agency (Österreichische Datenschutzbehörde), Wickenburggasse 8, 1080 Vienna.
8. How do we protect your data?
We take appropriate technical and organizational security measures in terms of Art 5 Abs 1 lit f or Art 32 GDPR, as the case may be, in order to protect your personal data against unintended or unlawful erasure, modification, damage or loss, unauthorized disclosure or unauthorized access. In accordance with Sec 6 DSG (Austrian Data Protection Act, Datenschutzgesetz) we have also concluded confidentiality agreements with all staff members with access to your personal data, protecting your data secrecy. Furthermore, we also take numerous measures on our website:
a. Encryption on the website
Your data is secure konzerthaus.at. The Wiener Konzerthausgesellschaft uses the SSL (Secure Socket Layer)-protocol on its entire website. This encrypts data during the transmission between the user and the Konzerthaus server, so that the data cannot be read by third parties.
- Data is transmitted by way of a 128 Bit encrypted SSL-connection (Secure Socket Layer)
- By encrypted transmission we ensure that your data is protected from access and/or manipulation by unauthorized parties. The SSL connection further guarantees that you only establish and maintain a connection with the Konzerthaus server.
- The Konzerthaus-Server has been certified by DigiCert Inc, USA
- How can you see whether the website is secured? The address (URL) starts with https:// and a lock or a key is shown in the status bar.
The safety certificate belongs to the Wiener Konzerthausgesellschaft, was issued by DigiCert Inc and is valid. By clicking on the symbol of DigiCert Inc in your browser (lock or key in the status bar) you can show detailed information on the safety certificate.
b. Credit card clearing
Credit card clearing is carried out by the company QENTA Payment CEE GmbH, Reininghausstraße 10, 8020 Graz. The Wiener Konzerthausgesellschaft does not save electronic credit card data.
9. Cookies, Social Media und Google
Our website uses cookies, which are small text files placed temporarily on your computer and saved by your browser. Cookies allow the website to save important data and to make your use of the website more comfortable. Like most websites, we use cookies for a number of purposes in order to improve your use of our website, provided you have given your consent. If you do not provide your consent, we only collect anonymous data so we can e.g. determine the total number of visitors of our website. We also use social plug-ins on our website.
a. Shopping cart - Cookies
In order to register reservations across pages we use cookies, allowing the free movement on the website with the browser without losing the data. The cookies are not stored permanently, but are deleted when the browser is closed.
b. Use of Social Plugins
Our website uses Social Plugins (Plugins) of various social networks such as Facebook, Twitter, Instagram and YouTube.
Use Facebook
Plugins of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated on our website. The Facebook-plugins can be recognized by the Facebook-logo (white »f« on a blue tile) or the »recommend on Facebook«-symbol on our website. An overview of Facebook plugins can be found here: https://developers.facebook.com/docs/plugins.
When you visit our website, the plugin creates a direct connection between your browser and the Facebook server. This provides Facebook with the information that you have visited our websites with your IP address. When you click on the Facebook button while you are logged into your Facebook account, you can link the contents of our website to your user account. Please note that we are not aware of the contents of the transmitted data or their use by Facebook. Further information can be found in Facebook’s Privacy Statement under https://www.facebook.com/policy.php. If you do not want Facebook to attribute the visit of our website to your Facebook user account, please log out of your Facebook user account before retrieving our website.
Use of Twitter
Our website uses plugins of the microblogging service Twitter, which is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (»Twitter«). The Plugins are characterized by a Twitter logo, for instance in the shape of a blue »Twitter Bird«. An overview of the Twitter plugins and their appearance can be found here: https://dev.twitter.com/web/tweet-button.
When you retrieve one of our websites containing such a plugin, your browser creates a direct connection to the Twitter servers. The contents of the plugin are transmitted by Twitter directly to your browser and incorporated into the page. By this incorporation, Twitter receives the information that your browser has retrieved the requisite page on our website, even if you have no Twitter account or are currently not logged on to Twitter. This information (including your IP address) is transmitted by your browser directly to a Twitter server in the USA and stored there. If you are logged on to Twitter, Twitter can directly attribute your visit to our website to your Twitter account. If you interact with the plugins, for instance by clicking on the »Twitter«-button, the requisite information is also sent directly to a Twitter server and stored there. The information is further published on your Twitter account and shown to your contacts.
The purpose and extent of the data collection and the further processing and use of the data by Twitter as well as your rights and settings options in this regard for the protection of your privacy can be found in Twitter’s privacy statement: https://twitter.com/de/privacy.
If you do not want Twitter to directly attribute the data collected about our website to your Twitter account, please log out of Twitter before visiting our website. You can also prevent the loading of the Twitter plugin with add-ons for your browser, for instance with the script blocker »NoScript« (http://noscript.net/).
Use of Instagram
On our website, we use plugins of the social network Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA. The plugins are characterized by an Instagram-logo, for instance in the shape of an »Instagram Camera«. An overview of the Instagram plugins and their appearance can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.
When you retrieve our website, your browser creates a direct connection to the Instagram servers. The contents of the plugin are transmitted by Instagram directly to your browser and incorporated into the page. By this incorporation, Instagram receives the information that your browser has retrieved the requisite page on our website, even if you have no Instagram profile or are currently not logged on to Instagram. This information (including your IP address) is transmitted by your browser directly to an Instagram server in the USA and stored there. If you are logged on to Instagram, Instagram can directly attribute your visit to our website to your Instagram account. If you interact with the plugins, for instance by clicking on the »Instagram«-button, the requisite information is also sent directly to an Instagram server and stored there. The information is further published on your Instagram account and shown to your contacts.
The purpose and extent of the data collection and the further processing and use of the data by Instagram as well as your rights and settings options in this regard for the protection of your privacy can be found in Instagram’s privacy statement: https://help.instagram.com/155833707900388.
Use of YouTube
We have also incorporated YouTube plugins on our websites, which refer you to the YouTube channel of the Wiener Konzerthaus at www.youtube.com.
When you operate the YouTube button, YouTube cookies are stored on your computer, and data is sent to Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, as YouTube-operator. The following personal data are transmitted to Google, Inc.: IP-address and cookie ID, the specific address of the page retrieved on our website, language setting of the browser, system date and time of the retrieval as well as your browser identification. The data transmission is regardless of whether you are registered and logged in with Google. If you are logged in, this data is attributed directly to your account.
If you object to this attribution to your profile, please log out before activating the button. YouTube or Google, Inc., as the case may be, stores this data as user profiles and uses them for advertising purposes, market research and/or needs-based design of its websites. Any such evaluation is effected in particular (also in respect of non-logged-in users) for providing needs-based advertisement, and in order to inform other users of your activities on our website. You have the right to object to the creation of such user profiles, addressing such objection to Google Inc. as operator of YouTube. Further information on the extent and scope of data collection and its processing by Google, Inc. can be found at http://www.google.at/intl/de/policies/privacy/. No personal data is processed by us when the YouTube video is retrieved.
c. Facebook Custom Audience
We further use the Facebook »Custom Audience«-technology, a service by Facebook Ireland Limited Hanover Reach, 5-7 Hanover Quay, Dublin 2 Ireland. The data collected by integrating cookies, web beacons or similar third party technology enable us to more effectively measure and design or advertising activities on Facebook, and for instance to have postings or advertisements only shown to visitors of our website. For collecting such data, we only use cookies, web beacons and similar tried and tested and widely used third-party technology. The data collected as a result of this are only transmitted to Facebook in an encrypted form. Any personal data of individual users are anonymized and are inaccessible for us. Further information hereon can be found in Facebook’s privacy statement under https://www.facebook.com/about/privacy/. If you object to data collection via »Custom Audience« you can deactivate »Custom Audience« here: https://www.facebook.com/ads/website_custom_audiences/.
d. Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. (»Google«). Google Analytics uses »cookies«, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (however, by using the code line »_anonymizeIp()« the last 8 bit of IP addresses will be erased and therefore made anonymous; a localisation is possible only roughly) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. Furthermore, you can prevent the compilation of data (including your IP address) through cookies and website use by downloading and installing the browser plug-in available through the following link http://tools.google.com/dlpage/gaoptout?hl=en.
By using this web site, you consent to the processing of data about you by Google in the manner and for the purposes set out above. The legal basis for the use of Google Analytics is Art. 6 Par. 1 lit. f DSGVO. The data sent by us and linked with cookies, user IDs or advertising IDs are automatically deleted after 50 months. Data whose retention period has been reached is automatically deleted once a month. For more information on terms of use and privacy, please visit https://www.google.com/analytics/terms/de.html or https://policies.google.com/?hl=en. Please note that this website uses Google Analytics with the extension»anonymizeIp()« so that your IP-address will be processed only in a shortened form to rule out a direct connection to the user's personal identity.
e. Google Remarketing
The Wiener Konzerthaus uses Google Remarketing technology, a service of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043, United States. This function allows us to evaluate data from adwords and the DoubleClick Cookie for statistical purposes and to support the ad placement and administration in the web. When you retrieve a website and show or click on a website of the Google advertising network, it is possible that a DoubleClick Cookie is set on your browser. The DoubleClick Cookie identifier is the same as the one used when visiting websites on which DoubleClick advertising programs are used. If your browser already has a DoubleClick Cookie, no further DoubleClick Cookie should be placed. The information generated by the cookie are transmitted to a Google server, stored there and can be evaluated by the Wiener Konzerthaus within the framework of statistics, and used for designing interest-based advertisements. Where appropriate, Google will transfer this information to third parties, if this is required by law or as far as third parties process such data on behalf of Google.
Should you object to this, you can deactivate this function via the Ads Preferences Manager, (https://support.google.com/ads/answer/2662922?hl=de).
10. Final Provisions
The further development of the Internet, our Internet offers and our services portfolio can have an effect on the handling of personal data. We therefore reserve the right to adapt this Privacy Statement in the future within the scope of data protection requirements. For this reason, we ask that you regularly obtain information on the current status of data protection regulations.