Privacy Policy

Type and extent of data processing:

You can visit our Website without providing any personal information. When you access our Website, only certain access data are processed automatically in so-called server logfiles. In particular, the following data are processed in this context:

• name of visited website
• browser type/version used
• operating system of the user
• previously visited website (referrer URL)
• time of the server request
• data volume transferred
• host name of the accessing computer (IP address used)

This information does not allow us to identify you personally; however, IP addresses are considered personal data within the meaning of the GDPR. As a mere website visitor, you can inform yourself about our offers and activities without any obligation and without the possibility for us to link such data to your person.

Legal basis and purpose:

The purpose of this data processing operation is to establish and maintain technical security in regards of our Website, to improve the Website’s quality and to generate non-personal statistical information. The processing is based on our legitimate interest (Art 6 para 1 lit f GDPR) in achieving the mentioned purposes.

Type and extent of data processing:

When contacting us via the contact information provided in the course of this Data Protection Declaration respectively on our Website, we will use your data as indicated in order to process your contact request and deal with it. The data processing involved is necessary to issue a response in respect of your request, as we would otherwise not be able to contact you.

Legal basis and purpose:

Purpose of the data processing is to enable us an exchange with users of the Website. We answer your request on the basis of our legitimate interest (Art 6 para 1 lit f GDPR) in maintaining a properly functioning contact system, which is a prerequisite for the provision of any services. In case of repeated contact requests, we may also store your data for the purpose of cultivating existing/returning contacts, which you will be informed of in accordance with the requirements of data protection law.

Storage period:

We delete your requests as well as your contact data if the request has been answered conclusively. Your data are, in general, stored for a period of twelve months (12) months and subsequently erased if we do not receive follow-up requests and if the data must not be further processed for different purposes.

Transfer of data:

We may forward your request to the Belvedere Museum (Österreichische Galerie Belvedere, Wissenschaftliche Anstalt öffentlichen Rechts, Prinz-Eugen-Straße 27, 1030 Wien; www.belvedere.at) in case your inquiry relates to services offered by the Belvedere Museum.

Type and extent of data processing:

Should you have decided to purchase one or more Honorary Kiss Patron Packages on our Website, you will be required to provide certain information for the execution of the contract. You must provide the following personal data:

• full name
• email address
• payment information
• billing address

Legal basis and purpose:

We process your data for the purpose of conducting our business activity and to be able to provide our services as offered. The processing is necessary to fulfil the purchase contract concluded with you and is, thus, based on Art 6 para 1 lit b GDPR.

Storage period:

Data collected in the course of orders are stored for the period of one (1) year and will be erased thereafter, as long as follow-up contact has not been established in the meantime. Longer storage periods may be the result of legal storage obligations or in case legal claims are assumed. This, in particular, concerns your settlement data which we have to store for seven (7) years due to tax based and entrepreneurial retention and documentation periods following the Austrian Federal Fiscal Code as well as the Austrian Commercial Code.

Transfer of data:

Some of the items contained in the Packages are directly offered by the Belvedere Museum (Österreichische Galerie Belvedere, Wissenschaftliche Anstalt öffentlichen Rechts, Prinz-Eugen-Straße 27, 1030 Wien; www.belvedere.at). We will forward your personal data – e.g. name, email address, wallet identifier – to the Belvedere Museum to the extent necessary for the museum to fulfill its contractual obligations (Art 6 para 1 lit b GDPR). The privacy policy of the Belvedere Museum belvedere.at) applies to the processing of your data by the Belvedere museum.

Type and extent of data processing:

Even after an active customer relationship with us ceases to exist, we may not be allowed to delete all of your data due to legal requirements. Within this context, different types of data are affected to a varying extent. This concerns, in particular, your settlement data which are to be stored on the basis of safekeeping and documentation obligations pursuant to the Austrian Federal Fiscal Code (BAO) as well as the Austrian Corporate Code (UGB).

Legal basis and purpose:

We process your data in this context on the basis of Art 6 para 1 lit c GDPR (legal obligation). Said processing of your data is conducted for the purpose of complying with our own statutory duties.

Storage period:

Due to legal safekeeping and documentation obligations, your settlement data are generally stored for a period of seven (7) years. In case the data in question are relevant for a pending (tax) proceeding, they might be stored for longer periods.

1.5.1 Cookies

If you give us your express consent pursuant to Art 6 para 1 lit a GDPR, so-called “cookies” are used on our Website (you may withdraw you previously given consent at any time [see “right to withdraw” under point 4]); in case you decline to provide us with your consent, we shall limit our use of cookies to those cookies being technically necessary and essential for the proper functioning of our Website (see below) and process your data on the basis of our accompanying legitimate interest (Art 6 Abs 1 lit f GDPR), as far as personal data are involved.

Cookies are small data sets that are stored on your end device. They help us to make our offer more user-friendly. They are placed by a web server and sent back to it as soon as a new connection is established in order to recognize the user and his or her settings. In this sense, a cookie is a small local text file that assigns a specific identity consisting of numbers and letters to your end device.

In most cases, cookies do not contain personal data. Furthermore, cookies cannot access or interact with data stored locally on your device under any circumstances. For example, cookies can enable you to access and navigate websites faster and more efficiently. Cookies help to maintain the functionality of websites with regard to state-of-the-art functions and user experience; on the other hand, they are also used for targeted and cost-saving marketing measures.

Most browsers automatically accept cookies. However, you have the option to customize your browser settings so that cookies are either generally declined or only allowed in certain ways (eg, limiting refusal to third party cookies). However, if you change your browser’s cookie settings, some websites may no longer be fully usable. The setting options for the most common browsers can be found under the following links:

• Internet Explorer™: support.microsoft.com
• Edge™: support.microsoft.com
• Safari™: support.apple.com
• Chrome™: support.google.com
• Firefox™ support.mozilla.org
• Opera™: help.opera.com

With regard to the storage period cookies can be further differentiated into session cookies and persistent cookies. Furthermore, cookies may be differentiated into first-party cookies and third-party cookies depending on their subject of attribution.

1.5.2 Local Storage

If you have given us your explicit prior consent according to § 165 para 3 TKG 2021 in conjunction with Art 6 para 1 lit a GDPR after accessing our Website, we use storage capacity of your browser software in order to enhance the usability of our Website, its user-friendliness and our service in general (for example to save your language settings). Therefore, we use the so-called Local Storage to store certain data on your end device, whereby your browser software maintains a separate Local Storage for each domain. Besides yourself, only we are able to access the data we are processing in this context.

Please be aware that Local Storage data have no expiry date and will remain on your end device even after you have closed your browser session. If you want to clear your Local Storage, you may clear the cache of your browser software acting as a temporary storage. As Local Storage needs JavaScript to function, disabling JavaScript can also prevent websites from accessing it and storing data in that way.

The setting options for the most common browsers can be found under the following links: Microsoft Edge™ clear-my-cache.com Apple Safari™ clear-my-cache.com Google Chrome™ support.google.com Mozilla Firefox™ support.mozilla.org Opera™ clear-my-cache.com JavaScript settings for the most common browsers can be found under kb.iu.edu

We use the following third-party services to provide our services to you. They help us to extend the website functionality for our users and/or to perform evaluations regarding our offerings/services. Such implementation requires the processing of no less than your IP address. As these third-party services use cookies, they are only fully functional if you have given us your explicit prior consent in accordance with § 165 para 3 TKG in conjunction with Art 6 para 1 lit a GDPR. Any data processing caused by these services which is not carried out by storing information on the end device of the user respectively by accessing such information, is based on our legitimate interest in creating cost-efficient website access statistics that are easy to use as well as in improving our own offer by making use of information generated by said services (Art 6 para 1 lit f GDPR).

Some of the services we use (e.g., Auth0, Alibaba Cloud, Vercel) may process data outside the European Economic Area. When transferring personal data to these service providers, an adequate level of data protection is ensured by the respective EU standard contractual clauses and/or by the service provider’s certification in accordance with the requirements of the EU-US Data Privacy Framework.

On our Website we use links to the websites of third parties. These are, in particular, reference links leading to our permanent partners. If you click on one of these links, you will be forwarded directly to the respective page. For the website operators it is only evident that you have accessed our Website. Accordingly, we refer you, in general, to the separate privacy policies of these websites.