The Wiener Symphoniker (Vienna Symphony Orchestra), Daffingerstr. 4/DG, 1030 Vienna, ZVR-Number: 846159385, Donation Registration Number: KK-3320, E-Mail: email@example.com, Phone: +43 1 589 79-0, Fax: +43 1 58979-54, (“Vienna Symphony Orchestra”, “we”, “us”) is committed to adequately protecting your personal data. We therefore observe the applicable legal provisions, in particular the General Data Protection Regulation (“GDPR”) and the applicable Austrian Data Protection Act as amended (“Datenschutzgesetz – DPA”) for the protection, lawful handling and confidentiality of personal data as well as for data security.
The data protection and cookie regulations inform you about the collection, use, processing, scope and purposes of the use of your personal data by us within the scope of our service provision and our offers, also when using the website www.wienersymphoniker.at (“website”).
1. What is personal data?
Personal data is information about data subjects (specifically customers, sponsoring members, interested parties, newsletter subscribers, cooperation partners) whose identity is determined or at least determinable (e.g. name, e-mail address or IP address).
2. What personal data of yours do we collect?
- Registration data: When you register via the website, we collect the personal information you provide (title, name, user name, e-mail address, password, address, date of birth and telephone numbers).
- Order and booking data: In addition to the registration data, we also collect bank and credit card data and, if applicable, third-party club memberships and health data (necessary wheelchair space).
- Data of supporting members: If you register with us as a supporting member or book a supporting membership online, we collect the personal information you provide (title, name, e-mail address, password, postal address and telephone numbers).
- Data of supporters, friends, partners, sponsors and subsidy providers: If you register with us as a donor, we collect the personal information you provide (title, name, email address, password, address, and phone numbers). If you make a financial support contribution, we also record the stated purpose (e.g. date of birth, purpose of use) and your bank and credit card details.
- User data when contacting us: If you actively contact us (e.g. via e-mail), we process the data provided voluntarily (usually name, e-mail address, content of the inquiry and, if applicable, address and contact data).
- Master data of contract and cooperation partners: We also process master data of our contractual and cooperation partners relevant in terms of data protection law, provided this information can be traced back to a natural person (e.g. name, e-mail and telephone number of the managing director, the sole proprietor etc).
- Technical data: We record the IP address of your device, the Internet browser used, the browser language, your operating system, the files requested on our website, your Java settings, screen resolution, colour depth, your clicking behaviour on the website (time of access, clicks) as well as the website from which you visit us (referrer URL).
- Personal images and other photos: We also process photos with persons that were taken with the consent of the persons concerned for the purposes described in point 4.
3. How do we collect your data?
We automatically collect the data that is generated during your visit to our website. Otherwise, we collect the data only on the basis of your entries on our website (this applies in particular to the order and registration data mentioned above) or other disclosure.
4. For what do we use your data?
We process the personal data listed under point 2 for the following purposes and on the basis of the indicated legal foundations:
Fulfilment of the contract and implementation of pre-contractual measures in accordance with Art. 6 Para. 1 lit b GDPR:
The registration data is processed for the provision of the online account. In addition, the registration data, the order and booking data, the data of supporters, friends, partners, sponsors and subsidy providers, the user data within the scope of establishing contact as well as the master data of the contractual and cooperation partners are processed for the purpose of contract fulfilment and processing, customer care, advice and information, maintenance of any supporter membership as well as administration of master data and contract data and any changes thereto.
The conclusion and fulfilment of the contract is only possible on the basis of this data processing. If the customer does not provide the necessary data, no contract can be concluded.
Fulfilment of legal obligations in accordance with Art 6 Paragraph 1 lit c GDPR: The personal data referred to in Clause 2 will also be processed for the purpose of complying with the provisions of association law and tax law. In addition, the health data provided in the context of the ticket order will be used to fulfil the obligations of equal treatment under the Equal Treatment Act.
Legitimate interests of the Vienna Symphony Orchestra or a third party pursuant to Art. 6 Para. 1 lit f GDPR:
The data of supporters, friends, partners, sponsors and subsidy providers will be contacted directly by us in order to fulfill statutory purposes regarding gifts, bequests, inheritances and sponsorship. In addition, all data listed under point 2 will be used for the purpose of internal market research, statistical analyses and to obtain credit information that is absolutely necessary for the provision of services.
Consent to data processing in accordance with Art. 6 Para. 1 lit a GDPR:
We obtain the consent of newsletter subscribers, supporters, friends, partners, sponsors and subsidy providers as well as cooperation partners, provided that none of the above-mentioned justification reasons are given. In particular, the Vienna Symphony Orchestra requires the voluntary consent of the aforementioned persons concerned, which may be revoked at any time, for electronic and postal contact for marketing purposes. This consent can be given by users either during the registration and purchase process or via the homepage by entering the data and checking the checkbox. When purchasing tickets for events arranged with cooperation partners, customers can also consent to receiving direct marketing information by e-mail from these cooperation partners. We use images of persons to document, announce and promote Vienna Symphony Orchestra events and activities both in digital media and in print media, and archive them exclusively for these purposes. The exact purposes are listed exhaustively in the respective declaration of consent. The prospective recipients are the general public via various print media and via the Internet, YouTube etc.
Your consent also serves as a legal basis for us to set those cookies that are not technically necessary for the operation of the website (see also the section on "Cookies" below). We use these cookies for analyses and to increase user-friendliness, advertising and social media (marketing and tracking cookies).
Consent may be revoked at any time free of charge and with future effect for all or individual purposes (e.g. via an unsubscribe link in the e-mail newsletter, by contacting us by e-mail at firstname.lastname@example.org, via the cookie settings).
5. Transmission to third parties
For events with the Wiener Konzerthausgesellschaft, which we carry out in cooperation with the Wiener Konzerthausgesellschaft, personal registration, order and booking data are transmitted for the purpose of fulfilling the contract. In addition, the data (surname, first name, address, e-mail) voluntarily provided by the Wiener Konzerthausgesellschaft (Lothringerstr. 20, 1030 Vienna, telephone number: +43 1 242002, e-mail: email@example.com) in the course of purchasing tickets for a cooperation event will be used to fulfil the contract. (“Cooperation Partner”) for the following direct marketing purposes: For sending marketing and product information, in particular concert dates, background reports, radio / TV dates, competitions, discount campaigns, surveys as well as videos about the Vienna Symphony Orchestra and/or the cooperation partner by our cooperation partner by contacting us by e-mail in accordance with § 107 TKG.
In addition, your personal data is transmitted to the Ticket and Service Center of Wiener Konzerthausgesellschaft as data processor in connection with orders for the purpose of contract processing.
Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
The data sent by us and linked to cookies, user IDs (e.g. User ID) or advertising IDs are automatically deleted after 50 months. Data whose retention period has been reached is automatically deleted once a month.
a Use of Social Plugins
This website uses social plugins (plugins) of various social networks such as Facebook, Twitter, Instagram and Youtube.
Use of Facebook
Our website integrates plugins from the social network Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). You can recognize the Facebook plugins by the Facebook logo (white "f" on blue tile) or the "recommend on Facebook" sign on our website. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins.
If you do not want Facebook to be able to assign visits to our websites to your Facebook user account, please log out of your Facebook user account before accessing our website.
Use of Twitter
Our website uses plugins of the microblogging service Twitter, which is operated by Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). The plugins are marked with a Twitter logo, for example in the form of a blue "Twitter bird". An overview of the Twitter plugins and their appearance can be found here: https://dev.twitter.com/web/tweet-button.
If you visit one of our websites that contains such a plugin, your browser will establish a direct connection to the Twitter servers. The content of the plugin is transmitted by Twitter directly to your browser and integrated into the page. Through the integration, Twitter receives the information that your browser has called up the corresponding page of our website, even if you do not have a profile on Twitter or are not currently logged in to Twitter. This information (including your IP address) is transmitted by your browser directly to a Twitter server in the USA and stored there. If you are logged in to Twitter, Twitter can immediately assign your visit to our website to your Twitter account. If you interact with the plugins, for example by clicking the "Twitter" button, the corresponding information is also transmitted directly to a Twitter server and stored there. The information is also published on your Twitter account and displayed to your contacts.
If you do not want Twitter to assign the data collected via our website directly to your Twitter account, please log out of Twitter before visiting our website. You can also entirely disable the loading of the Twitter plugins with add-ons for your browser, e.g. with the script blocker "NoScript" (http://noscript.net/).
Use of Instagram
On our websites we use plugins from the Instagram social network, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA. The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”. An overview of the Instagram plugins and their appearance can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.
When you visit our website, your browser establishes a direct connection to the Instagram servers. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the website. This integration informs Instagram that your browser has called up the appropriate page of our website, even if you do not have an Instagram profile or are not logged in. This information (including your IP address) is transmitted by your browser directly to an Instagram server in the USA and stored there.
If you are logged in to Instagram, Instagram can immediately associate your visit to our website with your Instagram account. If you interact with the plugin, e.g. click the "Instagram" button, this information is also transmitted directly to an Instagram server and stored there. The information is also published to your Instagram account and displayed to your contacts.
Use of Youtube
We have also included YouTube plugins on our websites, which redirect to the Vienna Symphony Orchestra channel at www.youtube.com when the plugin button is pressed.
When you press the YouTube button, YouTube cookies are stored on your computer and data is transferred to Google, Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, as YouTube operator. The following personal data is transferred to Google, Inc.: IP address and cookie ID, the specific address of the page called up on our websites, language setting of the browser, system date and time of the call and identification of your browser. The data transfer is carried out regardless of whether you are registered and logged in at Google. If you are logged in, this data is directly assigned to your account.
If you do not want the assignment to your profile, please log out before activating the button. YouTube or Google, Inc. stores this data as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its websites. Such an evaluation is carried out in particular (also for users who are not logged in) to provide advertising tailored to the needs of our customers and to inform other users about your activities on our website. You have a right to object to the creation of these user profiles, whereby you must contact Google Inc. as operator of YouTube in order to exercise this right. For more information about the purpose and extent of data collection and processing by Google, Inc., please visit http://www.google.at/intl/de/policies/privacy/. We do not process the personal data collected when the YouTube video is accessed.
b.Facebook Custom Audience
Google Remarketing (Google Ads)
Provided you give us the appropriate consent, we will use Google Remarketing technology, a service provided by Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, United States. This feature allows us to analyze data from Google Ads and the double-click cookie for statistical purposes and to help us serve and manage ads on the web. When you visit a website and view or click on an ad served through Google ad network sites, a double-click cookie may be placed in your browser. The double-click cookie identifier assigned to your browser is the same one that is used when you visit websites that use Double-Click advertising programs. If your browser already has a Double-Click cookie, you should not place another Double-Click cookie. The information generated by the cookie is transferred to a Google server, stored there and can be evaluated by us in the context of statistics and used to create interest-related advertisements. Google may transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google.
If you do not wish this, you can deactivate this via the Ads Preferences Manager (https://support.google.com/ads/answer/2662922?hl=de).
c. Shopping Cart Cookies
In order to register the reservations in the shopping cart across all pages, we use the cookies that are required for technical reasons. This allows you to move freely on the website with your browser without losing your data. The cookies set are not stored permanently on your computer, but are deleted when you close your browser. These cookies cannot be deactivated.
Provided you give us the appropriate consent, we use Hotjar (http://www.hotjar.com, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe) to optimise and improve the usability of our website. Hotjar enables us to measure and evaluate user behaviour (mouse movements, clicks, scroll height etc.) on our website. For this purpose, Hotjar sets cookies on users' end devices and may store user data such as browser information, operating system, time spent on the site, etc. For more information about data processing by Hotjar, please visit www.hotjar.com/privacy.
6. How long do we store your data?
Personal data is stored until the expiry of the statutory and contractual retention, guarantee, warranty and limitation periods. Beyond these periods, personal data is only stored as long as it is necessary for the assertion, exercise or defense of legal claims. If you have registered as a user, we store your order history for 10 years in the account provided. If you are not registered with us, we will only store your order history for 10 years after you have given your consent. If you have only registered for newsletters and the receipt of advertising information and are not a customer of ours, we will store your data until you revoke your consent and for a maximum of three years after the last contact.
7. How do we protect your data?
We take appropriate technical and organisational security measures in accordance with Art 5 Paragraph 1 lit f or Art 32 GDPR to protect your personal data against accidental or unlawful destruction, alteration, damage or loss and against unauthorised disclosure or access. We also conclude confidentiality agreements in accordance with § 6 DPA with all our employees who have access to your personal data to safeguard your data secrecy. We also take numerous precautions on our website:
a. Encryption on the website
Your data is safe on wienersymphoniker.at. The Vienna Symphony Orchestra uses the SSL (Secure Socket Layer) protocol throughout its entire website. This protocol encrypts the data during transmission between the user and the Vienna Symphony Orchestra server so that it cannot be read by third parties.
- Data is transmitted using an SSL (Secure Socket Layer, -256 Bit) connection with at least 128 Bit encryption.
- Secure protocols TLS 1.0, 1.1 and 1.2 are used. The Protocols SSL 2.0 and 3.0 are deactivated.
- Encrypted transmission ensures the greatest possible security of your data against viewing and/or manipulation by unauthorized persons. Furthermore, the SSL connection guarantees that you establish and maintain a connection exclusively with the Symphoniker server.
- The Symphony Server was certified by GeoTrust Inc.
- How can you tell whether the website is secure? The address (URL) starts with https:// and a lock or key is visible in the status bar.
- The security certificate belongs to the Vienna Symphony Orchestra, was issued by GeoTrust Inc. and is valid. By clicking on the GeoTrust Inc. icon in your browser (lock or key in the status bar), you can view detailed information about the security certificate
8. Your rights as a data subject
You have the right to receive information in a clear, transparent and easily understandable way about how we process personal data and about your rights as a data subject (Art 13 ff GDPR):
Right to information in accordance with Art 15 GDPR
You have the right to request that the Vienna Symphony Orchestra provide you with a copy of any personal data we hold about you (subject to certain limitations).
Right of rectification pursuant to Art 16 GDPR
You have the right to request the Vienna Symphony Orchestra to correct your personal data if it is inaccurate or no longer current, and/or to have any missing information added.
Right to deletion/forgetting according to Art 17 GDPR
You have the right to demand that the Vienna Symphony Orchestra delete your personal data immediately. Please note that this is not an absolute right, as there may be legal or legitimate reasons to retain your personal data.
Right to limit processing in accordance with Art18 GDPR
You have the right to request the Vienna Symphony Orchestra to restrict processing if one of the conditions set forth in Art 18 GDPR is met.
Notification duties in connection with the correction or deletion of personal data or the restriction of processing pursuant to Art 19 GDPR
The Vienna Symphony Orchestra will notify all affected persons of any correction or deletion of personal data or any limitation of processing pursuant to Articles 16, 17, paragraph 1 and 18, unless this proves impossible or involves an unreasonable effort.
Right to data transferability pursuant to Art. 20 DPA
You have the right to receive personal data concerning you from the Vienna Symphony Orchestra in a structured, common and machine-readable format, and any person has the right to transfer this data to another responsible person without hindrance from us. This applies exclusively to data that you have provided, where processing is based on a contract or your consent, or where processing is carried out automatically.
Right to object to direct marketing, including profiling, and to any consent given to data processing in accordance with Art 21 et seqq. GDPR
If the processing serves to protect the legitimate interests of the Vienna Symphony Orchestra, you have the right to object to such processing at any time for reasons arising from your particular situation. However, compelling reasons of the Vienna Symphony Orchestra worthy of protection may prevail. In this case, the Vienna Symphony Orchestra may continue to process the data.
In addition, you have the right to object to the processing of your data at any time if the processing is for the purpose of direct marketing.
Right to appeal to a supervisory authority pursuant to Art 77 GDPR
You also have the right to lodge a complaint with the data protection authority if you believe that the processing of personal data concerning you is in breach of the GDPR or the DPA. The competent data protection supervisory authority is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna.
9. Final provisions
The further development of the Internet, our Internet offering and our service portfolio may also have an impact on the handling of personal data. We therefore reserve the right to change this data protection declaration in the future within the framework of data protection regulations. You should therefore regularly call up these data protection provisions to keep yourself informed of the current status.