© Lukas Beck
The Wiener Konzerthausgesellschaft, Lothringerstraße 20, 1030 Vienna, ZVR-Number: 748441625, donation registration number (Spenden-Registrierungsnummer): KK-3282, email address: email@example.com, Telephone: +43 1 242002, Telefax: +43 1 24200-110, («Wiener Konzerthaus», «we», «us») takes the protection of your personal data seriously. We therefore observe all applicable laws, in particular the General Data Protection Regulation («DPR») and the applicable Austrian Data Protection Act (Datenschutzgesetz – «DSG») as amended, for the protection, proper handling and secrecy of personal data and data security.
The privacy statement and the information on cookies explain how we collect, use, and process your personal data and sets out the scope, duration and purpose of our use of your personal data when we provide services and offers, including when you use our website www.konzerthaus.at («Website»).
1. Definition of personal data
Personal data includes information on affected persons (in this case, customers, members, donors, interested persons, newsletter subscribers, cooperation partners) who have been identified or are at least identifiable (e.g. Name, email address or IP address).
2. What personal data on you do we collect?
Master Data: The master data we process are the personal information given voluntarily by you when you actively contact us or which is necessary for registration on our website (title, academic degree, name, address, date of birth, preferred language, user name, password, email address and telephone numbers). In case of legal entities, the master data are processed in terms of data protection if they can be traced to a private individual (e.g. name, telephone number, email address of a contact person). In addition to master data, we also process the contents of correspondence.
Order and booking data: In addition to the master data, we collect data concerning the subject matter of the contract (e.g. event, seating information), bank and credit card data, possibly memberships with third party suppliers, data for the use of special offers (e.g. offers to students, seniors), and health data (e.g. wheelchair seats, reductions for the disabled).
Data of members and donors: In addition to the master data, we collect data on the type and duration of your membership and possibly the intended purpose of your donation (e.g. allocation to a specific purpose), as well as your bank and credit card data.
Technical data: We record the IP address of your device, the Internet browser used, the browser language, your operating system, the data requested on our website, your preferences on Java, screen resolution, color depth, your clicking behavior on the website (time of access, clicks) as well as the website from which you accessed us (referrer URL).
Images of persons and other photographs: We also process photos with persons made with the consent of the affected persons for the purposes set out in Clause 4.
3. How do we collect your data?
The data produced when you visit our website is collected automatically. Otherwise, we only collect data on the grounds of your entries on our website (particularly regarding master data, order and booking data) or other provision of information (e.g. by correspondence, a telephone call, when you visit our Ticket & Service Center, by completing forms). In case of individual tickets, season tickets, memberships, articles and gift certificates ordered for third parties, the data of the gift recipient are collected on the grounds of information provided by the giver. For sending information material to a third party, we collect their data on the grounds of the information provided by the person arranging the mailing.
4. What do we use your data for?
We process the personal data set out under Clause 2 for the following purposes and on the basis of the stated legal grounds:
Contract fulfillment and carrying out of pre-contractual measures under Art 6 para1 lit b GDPR: The master data are processed for the purpose of providing an online account. Master data, order and booking data, the data of members and donors are used for the fulfillment and processing of contracts, customer services, customer support and customer information, membership services and administration of master and contract data and amendments. In accordance with the by-laws of the Wiener Konzerthausgesellschaft, member data are further included in a membership directory; data of patrons and sponsors are further noted on a commemorative plaque at the Wiener Konzerthaus, in accordance with the by-laws. The conclusion and fulfillment of the contract are only possible on the grounds of this data processing. If the customer does not provide the requisite data, no contract can be concluded.
Fulfillment of statutory obligations under Art 6 para1 lit c GDPR: The personal data set out in Clause 2 are further processed for the purpose of observing requirements under the laws on associations, trusts and taxes. Furthermore, health data provided on occasion of ordering tickets are used in accordance with the General Law on Equal Treatment (Gleichbehandlungsgesetz) for meeting equal treatment requirements.
Legitimate interests of the Wiener Konzerthaus or third parties under Art 6 Abs 1 lit f DSGVO: Data of members and donors are used for direct contact for the purpose of raising the funds required for obtaining the goals under the bylaws (e.g. by donations, legacies, inheritances and sponsorships). Furthermore, all data listed under Clause 2 are used for the purpose of internal market research, statistical analyses, direct advertising and for credit checks mandatory for providing services.
Consent to data processing under Art 6 para1 lit a GDPR: If none of the legal grounds set out above is given, we will separately obtain consent to data processing. The Wiener Konzerthaus requires in particular the voluntary consent to being contacted electronically and by telephone for marketing purposes. This consent can be revoked at any time and with effect for the future (e.g. by the unsubscribe link in the email newsletter, or by contacting us by email to firstname.lastname@example.org. When buying tickets for events organized by the Wiener Konzerthausgesellschaft jointly with cooperation partners, customers can also consent to receiving direct marketing information from these cooperation partners by email.
Images of persons are used for documentation, announcements and advertising for Konzerthaus events and activities, as well as in digital media and print media, and archive them for these purposes only. The exact purposes are exhaustively listed in the respective declaration of consent. The prospective recipients are the general public via various print media and via the Internet, YouTube etc.
5. Data processing at cooperation events
At events organized by the Wiener Konzerthausgesellschaft in cooperation with the Wiener Symphoniker, the Klangforum Wien, the Musikverein Wien Modern or the Forum Alpbach, personal master data as well as order and booking data are transmitted to cooperation partners. Furthermore, the data (name, email address) provided voluntarily in the course of the purchase of tickets for cooperation events are submitted to
- the Wiener Symphoniker (Daffingerstraße 4, 1030 Vienna, telephone number: 01 589790, email address: email@example.com);
- the Klangforum Wien (Diehlgasse 51, 1050 Vienna, telephone number: 01 521 67, email address: firstname.lastname@example.org);
- the Musikverein Wien Modern (Lothringerstraße 20, 1030 Vienna, telephone number: 01 24200, email address: email@example.com);
- European Forum Alpbach (Franz-Josefs-Kai 13, 1010 Vienna, telephone number: 01 7181711, email address: firstname.lastname@example.org)
(jointly «Cooperation Partners») for the following direct advertising purposes: For surveys on satisfaction with service and customer care, invitations to events, gift certificates, prize draws, discount campaigns and contacting as well as for sending marketing and product information on the Wiener Konzerthaus and our cooperation partners by us and by our cooperation partners by email in terms of Sec 107 TKG (Austrian Telecommunications Act, Telekommunikationsgesetz).
6. How long do we store your data?
Personal data is stored for 25 seasons. Beyond this term, personal data is only stored as far as required for raising or defending legal claims. If you have signed up for the newsletter and consented to receiving advertising information and are no customer of ours, we store your data until you revoke your consent, at most for three seasons after the last contact. Membership directories, images of persons and other photos relevant under the association laws (Vereinsrecht) are stored until further notice.
7. Your rights as affected person
You have a right to obtain information in a clear, transparent and easily understandable manner on how we process your personal data and on your rights as affected person (Art 13 et seq. DSGVO):
Right of access under Art 15 GDPR
You have a right to demand from the Wiener Konzerthaus a copy of the personal data we have stored on you (subject to certain limitations).
Right to rectification under Art 16 GDPR
You have the right to demand from the Wiener Konzerthaus the rectification of your personal data if they are wrong or no longer up to date, and/or have a right to amend missing information.
Right to erasure/right to be forgotten under Art 17 GDPR
You have the right to demand of the Wiener Konzerthaus that your personal data be deleted without delay. Please note that this is no absolute right, because there may exist statutory or legitimate grounds for maintaining data.
Right to restriction of processing under Art 18 GDPR
You have the right to demand of the Wiener Konzerthaus the limitation of processing if one of the grounds set out in Art 18 GDPR is given.
Disclosure requirement in connection with the rectification or erasure of personal data or limitation of processing Art 19 GDPR
The Wiener Konzerthaus will notify all affected persons of any rectification or erasure of personal data or any limitation of processing under Article 16, Article 17 para 1 and Article 18 unless this proves impossible or involves an unreasonable effort.
Right to data portability under Art 20 GDPR
You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format from the Wiener Konzerthaus, and every person has a right to transmit these data to another controller without hindrance by us. This shall only apply to data provided by you, data where the processing is based on contract or your consent, or the processing is carried out by automated means.
Right to object against direct marketing including profiling, and against any consent to data processing granted under Art 21 et seqq. GDPR
If the processing serves the purpose of preserving the legitimate interests of the Wiener Konzerthaus, you are entitled to object to this on grounds relating to your particular situation. In this case, however, compelling legitimate grounds of the Wiener Konzerthaus may prevail, in which case the Wiener Konzerthaus can continue the processing.
In addition, you have the right to object to the processing of your data if the processing is effected for the purpose of direct advertising.
Right to lodge a complaint with a supervisory authority under Art 77 GDPR
You also have the right to lodge a complaint with the data protection agency if you believe that the processing of your personal data violates the GDPR or the DSG. The competent data protection supervisory authority is the Austrian Data Protection Agency (Österreichische Datenschutzbehörde), Wickenburggasse 8, 1080 Vienna.
8. How do we protect your data?
We take appropriate technical and organizational security measures in terms of Art 5 Abs 1 lit f or Art 32 GDPR, as the case may be, in order to protect your personal data against unintended or unlawful erasure, modification, damage or loss, unauthorized disclosure or unauthorized access. In accordance with Sec 6 DSG (Austrian Data Protection Act, Datenschutzgesetz) we have also concluded confidentiality agreements with all staff members with access to your personal data, protecting your data secrecy. Furthermore, we also take numerous measures on our website:
a. Encryption on the website
Your data is secure konzerthaus.at. The Wiener Konzerthausgesellschaft uses the SSL (Secure Socket Layer)-protocol on its entire website. This encrypts data during the transmission between the user and the Konzerthaus server, so that the data cannot be read by third parties.
- Data is transmitted by way of a 128 Bit encrypted SSL-connection (Secure Socket Layer)
- By encrypted transmission we ensure that your data is protected from access and/or manipulation by unauthorized parties. The SSL connection further guarantees that you only establish and maintain a connection with the Konzerthaus server.
- The Konzerthaus-Server has been certified by DigiCert Inc, USA
- How can you see whether the website is secured? The address (URL) starts with https:// and a lock or a key is shown in the status bar.
The safety certificate belongs to the Wiener Konzerthausgesellschaft, was issued by DigiCert Inc and is valid. By clicking on the symbol of DigiCert Inc in your browser (lock or key in the status bar) you can show detailed information on the safety certificate.
b. Credit card clearing
Credit card clearing is carried out by the company Wirecard CEE GmbH, Reininghausstraße 13a, 8020 Graz. The Wiener Konzerthausgesellschaft does not save electronic credit card data.
9. Cookies, Social Media und Google
a. Shopping cart - Cookies
b. Use of Social Plugins
Our website uses Social Plugins (Plugins) of various social networks such as Facebook, Twitter, Instagram and YouTube.
Plugins of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated on our website. The Facebook-plugins can be recognized by the Facebook-logo (white «f» on a blue tile) or the «recommend on Facebook»-symbol on our website. An overview of Facebook plugins can be found here: https://developers.facebook.com/docs/plugins.
When you visit our website, the plugin creates a direct connection between your browser and the Facebook server. This provides Facebook with the information that you have visited our websites with your IP address. When you click on the Facebook button while you are logged into your Facebook account, you can link the contents of our website to your user account. Please note that we are not aware of the contents of the transmitted data or their use by Facebook. Further information can be found in Facebook’s Privacy Statement under https://www.facebook.com/policy.php. If you do not want Facebook to attribute the visit of our website to your Facebook user account, please log out of your Facebook user account before retrieving our website.
Use of Twitter
Our website uses plugins of the microblogging service Twitter, which is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA («Twitter»). The Plugins are characterized by a Twitter logo, for instance in the shape of a blue «Twitter Bird». An overview of the Twitter plugins and their appearance can be found here: https://dev.twitter.com/web/tweet-button.
When you retrieve one of our websites containing such a plugin, your browser creates a direct connection to the Twitter servers. The contents of the plugin are transmitted by Twitter directly to your browser and incorporated into the page. By this incorporation, Twitter receives the information that your browser has retrieved the requisite page on our website, even if you have no Twitter account or are currently not logged on to Twitter. This information (including your IP address) is transmitted by your browser directly to a Twitter server in the USA and stored there. If you are logged on to Twitter, Twitter can directly attribute your visit to our website to your Twitter account. If you interact with the plugins, for instance by clicking on the «Twitter»-button, the requisite information is also sent directly to a Twitter server and stored there. The information is further published on your Twitter account and shown to your contacts.
The purpose and extent of the data collection and the further processing and use of the data by Twitter as well as your rights and settings options in this regard for the protection of your privacy can be found in Twitter’s privacy statement: https://twitter.com/de/privacy.
If you do not want Twitter to directly attribute the data collected about our website to your Twitter account, please log out of Twitter before visiting our website. You can also prevent the loading of the Twitter plugin with add-ons for your browser, for instance with the script blocker «NoScript» (http://noscript.net/).
Use of Instagram
On our website, we use plugins of the social network Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA. The plugins are characterized by an Instagram-logo, for instance in the shape of an «Instagram Camera». An overview of the Instagram plugins and their appearance can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.
When you retrieve our website, your browser creates a direct connection to the Instagram servers. The contents of the plugin are transmitted by Instagram directly to your browser and incorporated into the page. By this incorporation, Instagram receives the information that your browser has retrieved the requisite page on our website, even if you have no Instagram profile or are currently not logged on to Instagram. This information (including your IP address) is transmitted by your browser directly to an Instagram server in the USA and stored there. If you are logged on to Instagram, Instagram can directly attribute your visit to our website to your Instagram account. If you interact with the plugins, for instance by clicking on the «Instagram»-button, the requisite information is also sent directly to an Instagram server and stored there. The information is further published on your Instagram account and shown to your contacts.
The purpose and extent of the data collection and the further processing and use of the data by Instagram as well as your rights and settings options in this regard for the protection of your privacy can be found in Instagram’s privacy statement: https://help.instagram.com/155833707900388.
Use of YouTube
We have also incorporated YouTube plugins on our websites, which refer you to the YouTube channel of the Wiener Konzerthaus at www.youtube.com.
When you operate the YouTube button, YouTube cookies are stored on your computer, and data is sent to Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, as YouTube-operator. The following personal data are transmitted to Google, Inc.: IP-address and cookie ID, the specific address of the page retrieved on our website, language setting of the browser, system date and time of the retrieval as well as your browser identification. The data transmission is regardless of whether you are registered and logged in with Google. If you are logged in, this data is attributed directly to your account.
If you object to this attribution to your profile, please log out before activating the button. YouTube or Google, Inc., as the case may be, stores this data as user profiles and uses them for advertising purposes, market research and/or needs-based design of its websites. Any such evaluation is effected in particular (also in respect of non-logged-in users) for providing needs-based advertisement, and in order to inform other users of your activities on our website. You have the right to object to the creation of such user profiles, addressing such objection to Google Inc. as operator of YouTube. Further information on the extent and scope of data collection and its processing by Google, Inc. can be found at http://www.google.at/intl/de/policies/privacy/. No personal data is processed by us when the YouTube video is retrieved.
c. Facebook Custom Audience
d. Google Analytics
e. Google Remarketing
The Wiener Konzerthaus uses Google Remarketing technology, a service of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043, United States. This function allows us to evaluate data from adwords and the DoubleClick Cookie for statistical purposes and to support the ad placement and administration in the web. When you retrieve a website and show or click on a website of the Google advertising network, it is possible that a DoubleClick Cookie is set on your browser. The DoubleClick Cookie identifier is the same as the one used when visiting websites on which DoubleClick advertising programs are used. If your browser already has a DoubleClick Cookie, no further DoubleClick Cookie should be placed. The information generated by the cookie are transmitted to a Google server, stored there and can be evaluated by the Wiener Konzerthaus within the framework of statistics, and used for designing interest-based advertisements. Where appropriate, Google will transfer this information to third parties, if this is required by law or as far as third parties process such data on behalf of Google.
Should you object to this, you can deactivate this function via the Ads Preferences Manager, (https://support.google.com/ads/answer/2662922?hl=de).
10. Final Provisions
The further development of the Internet, our Internet offers and our services portfolio can have an effect on the handling of personal data. We therefore reserve the right to adapt this Privacy Statement in the future within the scope of data protection requirements. For this reason, we ask that you regularly obtain information on the current status of data protection regulations.