Responsible institution, contact
Responsible for data processing:
Museum der Moderne – Rupertinum Betriebsgesellschaft mbH
(hereinafter referred to as "MdMS")
For questions regarding data protection or the assertion of rights, please contact personal(at)mdmsalzburg.at
Every time you access the MdMS website, your browser automatically transmits the following data to MdMS web servers for technical reasons. The data is stored exclusively for statistical and technical purposes:
- Request (file name of the requested file)
- Browser type and browser version
- Operating system used
- Referrer URL, i.e. the website from which you visit the MdMS website
- IP address
- Date and time of your visit
- The web pages visited within the MdM website
The MdMS collects this data based on its legitimate interest (see Art. 6 para. 1 lit. f. DSGVO) and stores it as log files on the server of its website. These server log files are stored for a maximum of one week and then deleted. If data must be retained for evidentiary reasons, e.g. to clarify security breaches, they are exempt from deletion until the incident has been finally clarified.
For the technical and organizational implementation of its Internet presence and newsletter dispatch, the MdMS uses external service providers or data processors who are contractually obligated to treat your personal data confidentially and to process it only within the scope of service provision in accordance with the instructions of the MdMS. The data processing takes place exclusively within the EU.
The security of your data is of great concern to the MdMS, therefore all necessary technical and organizational security measures are taken to protect your personal data. Access to the website of the MdMS is secured via HTTPS, if your browser supports SSL. Therefore it is encrypted between your terminal device and the servers of the MdMS. The content of e-mails, on the other hand, can be viewed by third parties due to their technical design, unless special technical security measures are taken. To ensure adequate information and system security and to detect malware, the MdMS stores log data on e-mail traffic, in particular: e-mail and IP address of the recipient and the sender, number of recipients, subject, date and time of receipt by the server, file name of any attachments, size of the message, risk classification for spam and delivery status. In a first step, e-mails are checked automatically; individual e-mails are only checked manually if there is a suspected threat to IT system security.
Web analysis, cookies
The MdMS uses the Matomo software on its website to evaluate the surfing behavior of users. This enables the optimization of the online offer. Matomo is installed on the same web server as the website. The user data is anonymized and stored exclusively locally on the web server within the EU. The data is not further processed and not passed on to third parties. For the necessary data recording, a cookie is set starting from the user's own domain. You can find more information about Matomo here: https://matomo.org
Social media plugins
Social media plugins from Instagram, Facebook, Twitter, YouTube and LinkedIn are used on the MdMS website, as can be seen from the logos of the providers shown accordingly. A connection is automatically established with the respective server of the provider as soon as you visit a page on which such a logo appears; this means that the provider learns which specific page you are visiting. The MdMS has no influence on which data is transmitted to the respective provider. This data transmission takes place independently of an active click on the plugin. If you are logged in to one of the aforementioned providers in parallel, the plugin can establish a connection with your account. If you share or „like“ a section of the MdMS website via the „share“ function on a website of the named providers, the plugin transmits this information to the provider and links it to your account. You can prevent this by logging out of your account beforehand. For social media plugins, the respective privacy statements of the providers apply.
Online presence in social media
The MdMS maintains presences in the social media Instagram, Facebook, Twitter, YouTube and LinkedIn. The processing of personal data of users is based on the legitimate interests of the MdMS in effective information of users and communication with users pursuant to Art. 6 para. 1 lit. f. DSGVO. If the users are asked by the respective providers for consent to the prescribed data processing, the legal basis of the processing is Art. 6 para. 1 lit. a., Art. 7 DSGVO. The MdMS does not make any decisions regarding the processing of user data and all other information resulting from Art. 13 DSGVO, including legal basis, identity of the responsible party and storage period of cookies on user terminals; rather, these are determined by the providers on their own responsibility. The MdMS points out that user data may be processed outside the EU. This may result in risks for users (for example, that of more difficult enforcement of rights). US providers certified under the Privacy Shield undertake to comply with EU data protection standards. As a rule, user data is also processed by the providers for market research and advertising purposes. For example, usage profiles can be created from usage behavior and the resulting interests; these in turn can be used to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behavior and interests of the users are stored. Furthermore, data independent of the devices used by the users may also be stored in the usage profiles, especially if the users are members of the respective platforms and are logged in to them. For a detailed presentation of the respective processing and the options to object (opt-out), the MdMS refers to the respective information provided by the providers.
The MdMS processes your personal data for the purpose of registration, participation, organization, implementation and billing of mediation programs such as guided tours, workshops and the like. This is done on the basis of the underlying contractual relationship pursuant to Article 6 (1) lit. b DSGVO. In addition, the MdMS may collect health data for the purpose of proper care and consideration of special needs based on your consent pursuant to Article 6 (1) a DSGVO. Without the provision of the data, participation in the placement programs cannot take place. Settlement data will be stored for a period of seven years in accordance with the retention obligations under tax law (§132 BAO, §§ 190, 212 UGB). Other data will be deleted three years after the end of the placement program (§ 1489 AGBG). In the event of cancellation without prior payment flow, the data provided by you will be stored for three years (§ 1489 AGBG).
In order to carry out events, the MdMS processes your master and contact data, acceptances and cancellations, invitation and participation history as well as information provided voluntarily. The legal basis for the data processing is Article 6 para 1 lit. a (your consent) and Art 6 para 1 lit. f (legitimate interests of the responsible party) DSGVO. The legitimate interests of MdMS lie in the timely and demand-oriented organization, holding and follow-up of the event, fulfillment of corresponding participant requests as well as in the orientation of marketing strategies for the purpose of customer acquisition with the aim of entering into a (pre-)contractual contractual relationship. Special categories of personal data (e.g. physical limitations) are processed exclusively on the basis of your voluntary consent. Failure to give consent means that special participant requests may not be taken into account. You can revoke your consent at any time by sending an e-mail to the contact specified above. Your data will be stored for a maximum of three years after the last contact. Your data may be transferred to contracted service providers (e.g. catering, event management, participation registration, security); these are obliged to comply with data protection regulations and to delete the data after the contractual service has been performed. Data processing takes place exclusively within the EU or the EEA.
Photo, sound and video recordings
The MdMS points out that photos as well as sound and video recordings made by visitors in the course of events may be used by the MdMS for an unlimited time and place for the purpose of documentation, information and reporting and may be published for these purposes in printed matter and in digital media. Furthermore, these recordings can be passed on to third parties, in particular the media, for the purpose of information and reporting. The data will not be passed on by the MdMS to such recipients who pursue their own purposes with these data. In the case of social media channels, however, it is possible that the respective provider receives exploitation rights to the published data. The processing, publication and disclosure is based on the legitimate interest of MdMS within the meaning of Art. 6 para. 1 lit. f DSGVO as well as §§ 12, 13 DSG. There is the right to object to the processing; this can be geschenen to the responsible persons or photographers on site or to the very person mentioned above. The MdMS takes care to protect the rights and freedoms of the data subjects when making and using recordings. If the rights and freedoms of a person depicted have been violated, the MdMS will refrain from further processing by taking appropriate measures. It is not possible to make images unrecognizable in print media that have already been printed; deletion in digital media will take place within the scope of technical possibilities.
For the purpose of processing applications to the MdMS and handling the application process, the MdMS processes the personal data you provide (e.g. name, title, address, telephone number, date of birth, education, work experience, salary expectations, pictures, data from enclosures); this is done on the basis of (pre-)contractual measures pursuant to Art. 6 (1) lit. b DSGVO. As a matter of principle, your data will only be used within the company and will not be passed on to third parties. The MdMS points out that you may be contacted by employees by telephone and/or e-mail in order to ensure a smooth application process. You affirm that all information provided is true and correct. False statements, even after possible employment, may result in dismissal. In the event that a contract of employment is concluded, your submitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no contract is concluded, the application documents will be deleted six months after notification and receipt of the rejection decision, unless there is consent pursuant to Art. 6 (1) lit. a DSGVO for record keeping. This consent will be obtained separately. Your consent can be revoked at any time without giving reasons to the contact indicated at the very top.
COVID-19, Contact Tracing
Due to the current COVID-19 situation, your data will be reported to the Austrian health hotline 1450 when a suspected case or infection occurs. This is done on the basis of the legitimate interest (Art. 6 para. 1 lit f DSGVO) of the person responsible and the participants in health protection and rapid clarification. Furthermore, in the event of a COVID 19 case (case of infection, suspected case), the data will be transmitted to the health authorities upon request in accordance with Art. 6 Para. 1 lit c DSGVO in conjunction with §5 Para. 3 Epidemic Act 1950. Beyond that, no data will be passed on to third parties.
With regard to the processing of your data, you have the right to information, correction, deletion, restriction, data portability, revocation and objection. The right of revocation exists for data processing based on your consent. The right to object exists for data processing based on the legitimate interests of the controller or a third party. If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been violated in some way, you can complain to the supervisory authority; in Austria, this is the data protection authority. If you wish to exercise any of these rights, you can contact the MdMS using the contact details provided above.
Third party data
It is your responsibility to ensure that you inform third parties whose data you disclose to the MdMS about the processing of their personal data by the MdMS, as well as to obtain any necessary consent, for example if you purchase a personalized product such as an annual pass as a gift.
Direct advertising (postal and electronic)
The MdMS uses personal data obtained through you, authorized address publishers or from public sources to send you information about its own products and services as well as events for the purpose of direct mail or electronic advertising. The carrying out of direct advertising is a legitimate interest according to Art. 6 para 1 lit f DSGVO of MdMS, in order to reach customers, interested parties and partners in the best possible way and to align the marketing strategies accordingly, as well as for the purpose of customer recovery and thus a post-contractual use of the data with the aim of thereby re-entering into a (pre-)contractual contractual relationship. Unless you object to the use of your data for this purpose, your data will be deleted after seven years from your last contact with the responsible party or earlier in the case of an objection. Your data will not be disclosed to third parties for their own purposes without your consent. For the purpose of sending electronic mail in accordance with § 107 Abs 3 TKG, those data will be processed that the responsible party has from the contractual relationship, provided that you do not object at the time of collection of the sending. When using this data, the responsible party complies with the provisions of communications law, in particular § 107 TKG.
You have the possibility to register on the website of the MdMS for its e-mail newsletter. For this purpose, your e-mail address, name, salutation and newsletter preferences are recorded. After your registration, you will receive an e-mail with a link to confirm your registration. Only after confirmation will you receive the newsletter (double opt-in); if no confirmation is received, the data will be deleted. You can revoke your consent at any time, either by using the unsubscribe link in each newsletter or by sending an e-mail to newsletter(at)mdmsalzburg.at The technical processing of the e-mail newsletter is carried out by the software service provider rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg im Breisgau, Germany, www.rapidmail.de