Privacy Policy

1. General information

We respect your privacy Protecting your personal information is very important to us. We process your personal data exclusively on the basis of the statutory provisions (GDPR, Austrian Data Protection Act (DSG), Austrian Telecommunications Act (TKG) 2021).

For the provision of our website and provide our services, we process information about you, known as “personal data” or abbreviated to “data” below. The term “processing” means any handling of data, such as the collection, storage, use, or deletion of personal data. In this privacy policy we inform you about the processing of your personal data and your rights arising from data protection laws.

We hereby declare our compliance with the legal provisions for data protection and data security. In particular, data will be used exclusively for the purposes stated below, and measures will be taken to ensure data security by ensuring that data is used properly and not made accessible to unauthorized persons. Clients, service providers and their employees are obliged to maintain confidentiality and secrecy with regard to the data we disclose, unless there is a legally permissible reason for transmitting or disclosing the data that has been entrusted or made accessible.

If you have any complaints, questions or suggestions regarding data protection, please address them to the contact information provided above. We are happy to help!

The Data Controller responsible for data processing is:

KRW Kultur Raum Wien GmbH
Südtiroler Platz 5/25
1040 Vienna, Austria

P +43 676 33 68 379
E office@kulturraumwien.at

2. Data processing for our website and online services

2.1. General information

The web server that we use to operate our website is provided by:

die Komplizinnen OG
Zollergasse 37/10
1070 Vienna, Austria

2.2. Data processing for the operation and security of our website / online services (server logs)

Purpose of processing

When you visit our website, the web server collects usage data (so- called server logs). It is necessary to collect this data so we can establish a connection to our server and technically enable use of the website. This data is also used to ward off and analyse cyber attacks.

The following server logs are collected

The IP address of the querying device, together with the date, time, query, the file that was queried (name and URL), the quantity of data transferred to you, a notification as to whether the query was successful, data identifying the used browser and operating system as well as the website from which our website was accessed (if our website was accessed through a link).

Legal grounds for processing

The processing of your personal data is based on our legitimate interest in ensuring our online services and system security.

Data recipients

The data is sent to die Komplizinnen OG & hosttech GmbH

Storage duration

The server logs are stored for a maximum period of one month

2.3. Use of cookies

Our website uses cookies. Cookies are small text files that are stored locally in the cache of the browser used. If a user accesses our website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. Cookies do not become part of the PC system, cannot execute programmes and cannot contain viruses.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change. The use of cookies may be technically necessary or for other purposes. Various cookies are used on our websites, the type and function of which differ.

Session cookies and persistent cookies

A session cookie is a form of cookie that is deleted as soon as the user closes the browser after their current session.

Persistent cookies are stored on the user’s device in order to provide login information, settings or preferences the next time the user visits the website. They are used to enable a more convenient and faster use of the website. The storage of these cookies is limited to a certain period of time, after which they are automatically deleted. Please note that the storage period may vary depending on the cookie. You can also delete these cookies from your system prematurely by using the usual functionality of your browser.

Technically necessary cookies

We only use technically necessary cookies on our website. These serve to ensure the functionality of the website by enabling basic functions such as page navigation and access to the website. Our website cannot function properly without these cookies. The legal basis for the use of technically necessary cookies is Art. 6 para. 1 lit. f GDPR.

2.4. Contact form

Scope of the processing of personal data

There are contact forms on our websites that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. The following data may be collected via the contact forms

• First name
• Surname
• E-mail address
• Details of the enquiry

This information is provided on a voluntary basis and is initiated by you. If the data you provide is used to contact you, we will use these channels to contact you in accordance with your request. Your consent is obtained for the processing of the data as part of the sending process and reference is made to this privacy policy. Alternatively, you can contact us via the email address provided. In this case, the personal data of the user transmitted with the e-mail will be stored. The data will only be used to process your request or for the purpose of contacting you.

Purpose of data processing

The purpose of data processing is to provide the option of contacting us via the contact form.

Storage period

The data will be deleted as soon as the purpose of the processing has been achieved and provided that no other statutory retention period prevents this. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. In this context, the data will not be passed on to third parties without your consent.

Legal basis for the processing of personal data

The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

2.5 Newsletter

Scope of the processing of personal data and description of the double opt-in procedure

You can subscribe to a free newsletter on our website. When you register for the newsletter, your email address from the input screen is transmitted to us. Registration for our e-mail newsletter is carried out using the double opt-in procedure. We will then send you a confirmation e-mail to the e-mail address you have provided, in which we ask you to confirm your subscription to the newsletter again. You can finalise your subscription to the newsletter by clicking on the confirmation link you receive. With the help of the double opt-in procedure, we can ensure that this is your e-mail address and that you wish to receive our e-mail newsletter.

Furthermore, the following data is processed at the time of subscription:

• IP address
• Date / time of registration for the newsletter
• Time of your confirmation of the confirm link

To send our newsletter, we use the services of:
rapidmail GmbH
Wentzingerstraße 21
79106 Freiburg im Breisgau, Germany

Purpose of data processing

The purpose of collecting the user’s email address when registering for the newsletter is to deliver the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.

Storage period

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. The user’s e-mail address is therefore stored for as long as the subscription to the newsletter is active. If the confirmation link is not confirmed within 24 hours, the transmitted information is blocked and automatically deleted after one month at the latest.

Legal basis for the processing of personal data

The legal basis for the processing of data after registration to receive the newsletter by the user is Art. 6 para. 1 lit. a GDPR if the user has given consent.

Revocation of consent

You can withdraw your consent to the processing of your email address for the purpose of receiving the newsletter at any time by clicking directly on the unsubscribe link contained in the newsletter. This does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

2.6. Hyperlinks to external websites

On our websites, we use so-called hyperlinks to the websites of other providers. When you activate these hyperlinks, you will be redirected from one of our websites directly to the website(s) of other providers. One of the ways you can recognize this is by a change of the URL. We cannot take responsibility for the confidential handling of your data on third-party websites, as we have no influence on whether those companies comply with data protection regulations. Please refer to their websites directly for information on how such companies handle your personal data.

2.7. Data security

We are committed to protecting your privacy and treating your personal data confidentially. To prevent manipulation, loss or misuse of the data that you store with us, we take extensive technical and organizational security precautions that are regularly reviewed and adapted to any technological progress that has been made.

However, we would like to point out that, due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by some other persons or institutions that are not within the scope of our responsibility. In particular, unencrypted data – e.g. if this is transferred by e-mail – can be read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data provided by him/her against misuse by means of encryption or other measures.

3. Data processing for the purpose of direct marketing

Purpose and legal basis of the processing

If we have received your contact data in connection with a sale or service, we also process this data in order to send you (advertising) information by post, emails (including newsletters) and text messages about our own similar products and services, on the basis of our legitimate interest.

Further information

We process your data on the basis of our legitimate interest until the end of the third year after the last contact with you or until you object to the data processing – whichever occurs first.

4. Data processing in the course of business

4.1. Contacting us

Purpose for processing

When you initiate contact with us (e.g. by e-mail, contact form or telephone), we process the personal data provided by you as part of the contact initiation only to the extent necessary for processing and handling your request.

Legal grounds for processing

Your personal data is processed for the purpose of conducting pre-contractual measures or to perform a contractual relation or is based on our legitimate interest, namely for organising a reply to a request.

Data recipients

These data are only transmitted under the condition that the transmission is required for replying to the request.

Further information

We process your data as long as is necessary to process the request, for a maximum of 7 years.

4.2. Data processing for the organisation of events

Purpose for processing

If you register for an event with us, we process your data (first name, last name, email, phone number, number of participants) for the purpose of processing the registration, organising and holding the event, answering questions that you ask us regarding your registration, and for formally handling business transactions that we manage as part of a business relationship. Photos are also taken for documentation purposes.

Legal basis for the processing

We will process your data in order to fulfil a contractual relationship or on a legal basis in the context of a business relationship (or to manage it).

Data recipients

If it is necessary to transfer the data in a case defined by the purpose with a legal basis or on the basis of our legitimate interest, the data will be transferred to the following categories of recipients:

• Contractual partners;
• Insurance providers.

Further information

We only process your data for as long as is necessary for fulfilling the contractual relationship or on the basis of legal obligations (for example, following the retention obligations under tax and corporate law). As a rule, we keep data for seven years.

Please note that we may in certain cases take photographs and video recordings during the event for the purpose of documenting the event and for media coverage of the event (for example in magazines, journals, publications or on websites and social media platforms).

Processing of the visual recordings is based on our legitimate interest. Our legitimate interest exists in the documentation and presentation of our activities. When publishing such visual recordings, care is taken to ensure that no legitimate interests of the persons depicted therein are violated.

4.3. Data processing for supplier management

We organise and process data from suppliers, including correspondence between suppliers and our employees, to improve the processing of business transactions and in order to select suppliers efficiently.

Legal basis

Your data is processed on the basis of the performance of a contract.

Data recipients

This data is not transferred to third parties. If it becomes necessary to transfer the data, your separate consent would be required.

Storage duration

We only process your data for as long as is necessary to perform the contract or to comply with statutory obligations (such as retention obligations under tax and company law). As a rule, we keep data for seven years.

4.4. Data processing for bookkeeping and accounting

We process data relating to the business relationship with customers and suppliers for our financial bookkeeping and accounting systems. This includes budgeting and cost accounting data.

Legal basis

Your data is processed on the basis of compliance with a legal obligation.

Data recipients

If it is necessary to transfer your data relevant in the applicable specific case on a legal basis, it is transferred to the following categories of recipients:

• Landlord of premises for events;
• Banks;
• Legal representatives;
• Chartered accountants, auditors and tax consultants;
• Courts;
• Responsible administrative authorities;
• Contract and business partners;
• Insurance providers.

Storage duration

We only process your data for as long as is necessary to comply with statutory obligations (such as retention obligations under tax and company law). As a rule, we keep data for seven years.

4.5. File management and office automation

We process your data as part of the formal handling of the business cases to be managed for the client. This includes, for example:

• Storage of generated documents;
• Inventory management;
• Management of fixed and current assets.

Legal basis

Your data is processed on the basis of our legitimate interest in smooth business dealings.

Data recipients

The data is not transferred to third parties.

Storage duration

The data is stored for the duration of the employment relationship and for a further seven years after the end of the employment relationship, on the basis of the mandatory statutory retention period.

5. Your rights

5.1. Right to information on your personal data stored by us pursuant to Art. 15 GDPR

You have the right to request information as to whether we process your personal data. If we do, you have a right to information about the nature of this personal data and about additional information related to the processing.

5.2. Right to rectification of incorrect data pursuant to Art. 16 GDPR

In the event that your personal data that we process is not (or no longer) correct or complete, you may request its rectification and, if necessary, ask that it be completed.

5.3. Right to deletion pursuant to Art. 17 GDPR

If the legal conditions are met, you may request the deletion of your personal data.

5.4. Right to restriction of data pursuant to Art. 18 GDPR

If the legal conditions are met, you may request the restriction of the processing of your personal data.

5.5. Right to notification

If you have exercised your right to rectify, erase or restrict the processing of your personal data, the person responsible is obliged to notify all receiving parties to whom the personal data concerning you has been disclosed of this rectification, erasure or restriction, unless this proves impossible or involves a disproportionate effort. You have the right to request the person responsible to inform you about these receiving parties.

5.6. Right to data portability pursuant to Art. 20 GDPR

If the legal conditions are met, you may request that your data be transmitted to you in a structured, commonly used and machine-readable format.

5.7. Right to object to unreasonable data processing pursuant to Art. 21 GDPR

You may object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that we conduct based on a legitimate interest in accordance with Art. 6 para. 1(f) GDPR.

5.8. Right to revoke consent

If processing takes place on the basis of a declaration of consent, you have the opportunity to withdraw this consent at any time, without affecting the lawfulness of the processing carried out on the basis of the consent before its withdrawal.

5.9. Right to submit a complaint to the data protection authority

If you believe that our processing of your personal data has violated existing data protection law, or that your data protection rights were otherwise violated, you have the option of lodging a complaint with the competent authority (Austrian Data Protection Authority). The address is as follows:

Austrian Data Protection Authority (Österreichische Datenschutzbehörde)
Barichgasse 40-42
1030 Vienna, Austria
Phone: +43 1 52 152-0
E-mail: dsb@dsb.gv.at

6. Further information

The data that we ask you to give us is required to provide our services as part of a contractual relation, to answer a request, or to send our newsletter or other information. If you do not make the data available, we cannot perform these services. There is no automated decision-making, including profiling. Should we process your personal data for a purpose other than that for which we collected the data, we will notify you of thisfact and inform you of this other purpose.