Skip to main content

Responsible institution, contact

Responsible for data processing:
Museum der Moderne – Rupertinum Betriebsgesellschaft mbH
Mönchsberg 32
5020 Salzburg
(hereinafter referred to as "MdMS")

For questions regarding data protection or the assertion of rights, please contact personal(at)

Data collection

Every time you access the MdMS website, your browser automatically transmits the following data to MdMS web servers for technical reasons. The data is stored exclusively for statistical and technical purposes:

  • Request (file name of the requested file)
  • Browser type and browser version
  • Operating system used
  • Referrer URL, i.e. the website from which you visit the MdMS website
  • IP address
  • Date and time of your visit
  • The web pages visited within the MdM website

The MdMS collects this data based on its legitimate interest (see Art. 6 para. 1 lit. f. DSGVO) and stores it as log files on the server of its website. These server log files are stored for a maximum of one week and then deleted. If data must be retained for evidentiary reasons, e.g. to clarify security breaches, they are exempt from deletion until the incident has been finally clarified.

For the technical and organizational implementation of its Internet presence and newsletter dispatch, the MdMS uses external service providers or data processors who are contractually obligated to treat your personal data confidentially and to process it only within the scope of service provision in accordance with the instructions of the MdMS. The data processing takes place exclusively within the EU.

Data security

The security of your data is of great concern to the MdMS, therefore all necessary technical and organizational security measures are taken to protect your personal data. Access to the website of the MdMS is secured via HTTPS, if your browser supports SSL. Therefore it is encrypted between your terminal device and the servers of the MdMS. The content of e-mails, on the other hand, can be viewed by third parties due to their technical design, unless special technical security measures are taken. To ensure adequate information and system security and to detect malware, the MdMS stores log data on e-mail traffic, in particular: e-mail and IP address of the recipient and the sender, number of recipients, subject, date and time of receipt by the server, file name of any attachments, size of the message, risk classification for spam and delivery status. In a first step, e-mails are checked automatically; individual e-mails are only checked manually if there is a suspected threat to IT system security.

Use of Google Analytics, Google Conversion Tracking and Google Remarketing

This Web site uses Google Analytics, Google Conversion Tracking and Google Remarketing. These are services of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google").

Google uses "cookies", and therefore text data files, that are stored on your computer and that makes possible the analysis of our Internet offering. The information gathered by the cookies regarding your usage of this Web site (including your IP address) is then sent to a Google server in the USA and stored there. Google observes the data protection provisions of the „EU-US Privacy Shield“ agreement, Google uses this information to evaluate your use of the Web site in order to create reports for us about your Web site activities and, in addition, about your use of services related to the Web site and Internet use. Third-party providers, including Google, place ads on Internet Web sites. Third-party providers, including Google, use stored cookies to provide ads on our Web site on the basis of previous visits by a user.

Google will, if necessary, also transmit this information to third parties, if such transmission is required by statute or if third parties process this data on behalf of Google. Google will never associate your IP address with other Google data. You can prevent the installation of cookies by adjusting the settings on your browser software. However, we wish to inform you that if you do so it is possible that you will not be able to fully use all of the functions of this Web site. By using this Web site you declare that you are in agreement with the processing by Google of the data collected about you in the manner described above and for the purposes put forth above.

You can opt out at any time from data collection and storage with future effect. You can deactivate the application of cookies by using Google to call up the page for deactivating Google advertising. In the alternative users can deactivate the use of cookies by third-party providers by calling up the deactivation page of the Network Advertising Initiative.

Social media plugins

Social media plugins from Instagram, Facebook, Twitter, YouTube and LinkedIn are used on the MdMS website, as can be seen from the logos of the providers shown accordingly. A connection is automatically established with the respective server of the provider as soon as you visit a page on which such a logo appears; this means that the provider learns which specific page you are visiting. The MdMS has no influence on which data is transmitted to the respective provider. This data transmission takes place independently of an active click on the plugin. If you are logged in to one of the aforementioned providers in parallel, the plugin can establish a connection with your account. If you share or „like“ a section of the MdMS website via the „share“ function on a website of the named providers, the plugin transmits this information to the provider and links it to your account. You can prevent this by logging out of your account beforehand. For social media plugins, the respective privacy statements of the providers apply.

Online presence in social media

The MdMS maintains presences in the social media Instagram, Facebook, Twitter, YouTube and LinkedIn. The processing of personal data of users is based on the legitimate interests of the MdMS in effective information of users and communication with users pursuant to Art. 6 para. 1 lit. f. DSGVO. If the users are asked by the respective providers for consent to the prescribed data processing, the legal basis of the processing is Art. 6 para. 1 lit. a., Art. 7 DSGVO. The MdMS does not make any decisions regarding the processing of user data and all other information resulting from Art. 13 DSGVO, including legal basis, identity of the responsible party and storage period of cookies on user terminals; rather, these are determined by the providers on their own responsibility. The MdMS points out that user data may be processed outside the EU. This may result in risks for users (for example, that of more difficult enforcement of rights). US providers certified under the Privacy Shield undertake to comply with EU data protection standards. As a rule, user data is also processed by the providers for market research and advertising purposes. For example, usage profiles can be created from usage behavior and the resulting interests; these in turn can be used to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behavior and interests of the users are stored. Furthermore, data independent of the devices used by the users may also be stored in the usage profiles, especially if the users are members of the respective platforms and are logged in to them. For a detailed presentation of the respective processing and the options to object (opt-out), the MdMS refers to the respective information provided by the providers.

Mediation programs

The MdMS processes your personal data for the purpose of registration, participation, organization, implementation and billing of mediation programs such as guided tours, workshops and the like. This is done on the basis of the underlying contractual relationship pursuant to Article 6 (1) lit. b DSGVO. In addition, the MdMS may collect health data for the purpose of proper care and consideration of special needs based on your consent pursuant to Article 6 (1) a DSGVO. Without the provision of the data, participation in the placement programs cannot take place. Settlement data will be stored for a period of seven years in accordance with the retention obligations under tax law (§132 BAO, §§ 190, 212 UGB). Other data will be deleted three years after the end of the placement program (§ 1489 AGBG). In the event of cancellation without prior payment flow, the data provided by you will be stored for three years (§ 1489 AGBG).


In order to carry out events, the MdMS processes your master and contact data, acceptances and cancellations, invitation and participation history as well as information provided voluntarily. The legal basis for the data processing is Article 6 para 1 lit. a (your consent) and Art 6 para 1 lit. f (legitimate interests of the responsible party) DSGVO. The legitimate interests of MdMS lie in the timely and demand-oriented organization, holding and follow-up of the event, fulfillment of corresponding participant requests as well as in the orientation of marketing strategies for the purpose of customer acquisition with the aim of entering into a (pre-)contractual contractual relationship. Special categories of personal data (e.g. physical limitations) are processed exclusively on the basis of your voluntary consent. Failure to give consent means that special participant requests may not be taken into account. You can revoke your consent at any time by sending an e-mail to the contact specified above. Your data will be stored for a maximum of three years after the last contact. Your data may be transferred to contracted service providers (e.g. catering, event management, participation registration, security); these are obliged to comply with data protection regulations and to delete the data after the contractual service has been performed. Data processing takes place exclusively within the EU or the EEA.

Photo, sound and video recordings

The MdMS points out that photos as well as sound and video recordings made by visitors in the course of events may be used by the MdMS for an unlimited time and place for the purpose of documentation, information and reporting and may be published for these purposes in printed matter and in digital media. Furthermore, these recordings can be passed on to third parties, in particular the media, for the purpose of information and reporting. The data will not be passed on by the MdMS to such recipients who pursue their own purposes with these data. In the case of social media channels, however, it is possible that the respective provider receives exploitation rights to the published data. The processing, publication and disclosure is based on the legitimate interest of MdMS within the meaning of Art. 6 para. 1 lit. f DSGVO as well as §§ 12, 13 DSG. There is the right to object to the processing; this can be geschenen to the responsible persons or photographers on site or to the very person mentioned above. The MdMS takes care to protect the rights and freedoms of the data subjects when making and using recordings. If the rights and freedoms of a person depicted have been violated, the MdMS will refrain from further processing by taking appropriate measures. It is not possible to make images unrecognizable in print media that have already been printed; deletion in digital media will take place within the scope of technical possibilities.


For the purpose of processing applications to the MdMS and handling the application process, the MdMS processes the personal data you provide (e.g. name, title, address, telephone number, date of birth, education, work experience, salary expectations, pictures, data from enclosures); this is done on the basis of (pre-)contractual measures pursuant to Art. 6 (1) lit. b DSGVO. As a matter of principle, your data will only be used within the company and will not be passed on to third parties. The MdMS points out that you may be contacted by employees by telephone and/or e-mail in order to ensure a smooth application process. You affirm that all information provided is true and correct. False statements, even after possible employment, may result in dismissal. In the event that a contract of employment is concluded, your submitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no contract is concluded, the application documents will be deleted six months after notification and receipt of the rejection decision, unless there is consent pursuant to Art. 6 (1) lit. a DSGVO for record keeping. This consent will be obtained separately. Your consent can be revoked at any time without giving reasons to the contact indicated at the very top.

COVID-19, Contact Tracing

Due to the current COVID-19 situation, your data will be reported to the Austrian health hotline 1450 when a suspected case or infection occurs. This is done on the basis of the legitimate interest (Art. 6 para. 1 lit f DSGVO) of the person responsible and the participants in health protection and rapid clarification. Furthermore, in the event of a COVID 19 case (case of infection, suspected case), the data will be transmitted to the health authorities upon request in accordance with Art. 6 Para. 1 lit c DSGVO in conjunction with §5 Para. 3 Epidemic Act 1950. Beyond that, no data will be passed on to third parties.

Your rights

With regard to the processing of your data, you have the right to information, correction, deletion, restriction, data portability, revocation and objection. The right of revocation exists for data processing based on your consent. The right to object exists for data processing based on the legitimate interests of the controller or a third party. If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been violated in some way, you can complain to the supervisory authority; in Austria, this is the data protection authority. If you wish to exercise any of these rights, you can contact the MdMS using the contact details provided above.

Third party data

It is your responsibility to ensure that you inform third parties whose data you disclose to the MdMS about the processing of their personal data by the MdMS, as well as to obtain any necessary consent, for example if you purchase a personalized product such as an annual pass as a gift.

Direct advertising (postal and electronic)

The MdMS uses personal data obtained through you, authorized address publishers or from public sources to send you information about its own products and services as well as events for the purpose of direct mail or electronic advertising. The carrying out of direct advertising is a legitimate interest according to Art. 6 para 1 lit f DSGVO of MdMS, in order to reach customers, interested parties and partners in the best possible way and to align the marketing strategies accordingly, as well as for the purpose of customer recovery and thus a post-contractual use of the data with the aim of thereby re-entering into a (pre-)contractual contractual relationship. Unless you object to the use of your data for this purpose, your data will be deleted after seven years from your last contact with the responsible party or earlier in the case of an objection. Your data will not be disclosed to third parties for their own purposes without your consent. For the purpose of sending electronic mail in accordance with § 107 Abs 3 TKG, those data will be processed that the responsible party has from the contractual relationship, provided that you do not object at the time of collection of the sending. When using this data, the responsible party complies with the provisions of communications law, in particular § 107 TKG.


You have the possibility to register on the website of the MdMS for its e-mail newsletter. For this purpose, your e-mail address, name, salutation and newsletter preferences are recorded. After your registration, you will receive an e-mail with a link to confirm your registration. Only after confirmation will you receive the newsletter (double opt-in); if no confirmation is received, the data will be deleted. You can revoke your consent at any time, either by using the unsubscribe link in each newsletter or by sending an e-mail to newsletter(at) The technical processing of the e-mail newsletter is carried out by the software service provider rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg im Breisgau, Germany,


Use of AccessWidget

The Museum der Moderne - Rupertinum Betriebsgesellschaft mbH uses the services of AccessiWay GmbH, based in Vienna, Austria, to create a website that is as digitally accessible as possible. In order to make the website technically accessible, purely technical data is transmitted to the server of AccessiBe Ltd, Israel (GDPR compliant by adequacy decision), with EU server location Brussels / Belgium (GDPR compliant and additional SCC, Standard Contractual Clause). This data is SSL3 encrypted and deleted immediately after accessing the barrier-free, technical information. There is no data storage. Only the IP address, user agent (web browser) are transmitted. Refer Website. No cookies are set or stored; the data transfer is purely technical in nature and serves the technical creation of an accessible website.

Cookie Settings

Here you can adjust or revoke your cookie settings. To remove cookies that have already been set, please delete your cookies. You can find the instructions on the help pages of your browser.