2. What personal data do we collect?
We collect the following personal data:
Cash desk: postcode, first and second name and date of birth to create annual tickets
Card payment: purchase amount, date, bank details (encrypted)
Photographs: photographs in the context of events and at press events/conferences
Reservations (e.g. zoo registrations, events, restaurant): first and second name, e-mail address/telephone number
Prize draws: first and second name, postal address, e-mail address, telephone number if necessary
3. For what purposes do we use your personal data?
We process your personal data
to arrange registrations and reservations for you,
to create online tickets for you,
to make you an annual ticket,
to contact you when processing your order if an event is cancelled or postponed, or if you are the winner of a prize draw,
to be able to send you a newsletter,
to assert our interests in the course of prosecution,
to pursue our press-related purposes, carry out public relations work and present our activities and thereby increase our popularity (publication of photos/film footage on the internet [website, social media presence] and in the press).
4. Which legal basis allows us to process your personal data?
Haus des Meeres processes your personal data on the following legal bases:
Contract [Art. 6(1) lit. b GDPR]
Consent to certain processing methods for a specific purpose (e.g. a consent is necessary for sending promotional material electronically, such as texts (SMS), MMS and e-mails as well as for processing photos/film recordings) [Art. 6(1) lit. a GDPR]
Fulfilling statutory obligations, e.g. statutory safekeeping obligations under commercial law [Art. 6(1) lit. c GDPR]
Compelling legitimate interests of Haus des Meeres, provided that your rights and freedoms are not overridden; e.g. transfer of personal data between Haus des Meeres order processors for internal and administrative purposes [Art. 6(1) lit. f GDPR]; for publicising photographs of events the legal bases are the paragraphs 22 and 23 of the Artistic Copyright Act (Kunsturhebergesetz, KUG).
5. On what infrastructure and for how long do we store your personal data?
Your personal data is stored on paper and/or computers (servers, applications).
Haus des Meeres stores your personal data only for the period required for the purposes for which they were collected. Haus des Meeres therefore stores the data for the following periods:
Cash desk: up to the end of contract fulfilment, 1 (one) year maximum
Card payment: at Haus des Meeres 10 (ten) days maximum, at credit card institute: 13 months
Online shop: until fulfilment of the contract obligation or until the product liability period (10 years) has expired
E-mail address for promotion purposes: until customer revokes or requests deletion of their data
Event reservations/entry tickets for prize draw: 5 (five) working days after the end of the event or prize draw (determination of winners)
Photos/film recordings: unless the customer’s consent is revoked, for a specific purpose for an indefinite period of time
6. What types of cookies do we use?
While you use the website, so-called session cookies are stored in your browser, which are deleted again after you close your browser window. You can avoid the storage of cookies by appropriately adjusting your browser software; however we would like to make you aware of the fact that in this case you might not be able to make full use of all the functions of this website.
If you consent to these cookies, this website will use Clicky, a web analysis service of Roxr Software, Ltd (“Roxr”). Clicky uses so-called cookies, text files that are stored on your computer and enable an analysis of your website usage. The information generated by the cookie on your usage of this website (including your IP address in anonymised form) is generally transferred to a Roxr server in the U.S. where it is stored. Roxr uses this information on behalf of the operator of this website to evaluate your usage of the website, to compile reports on website activities and to provide further services related to website and Internet usage for the website operator. If required, Roxr will pass on such information to third parties, provided that this is legally required or if third parties process this information on behalf of Roxr. The anonymised IP address transferred from your browser in the context of Clicky will not be merged with other Roxr data. The stored information is only accessible to the operator and the relevant technical provider; an evaluation of the data is exclusively performed internally in order to maintain and improve the operation of this website and the related services. You can avoid the storage of cookies by appropriately adjusting your browser software; however we would like to make you aware of the fact that in this case you might not be able to make full use of all the functions of this website. In addition, you can prevent the collection of data generated by the cookie and relating to your website usage (incl. your IP address) by Roxr and the processing of this data by installing a corresponding browser plug-in. By using this website you agree to the processing of the data collected on your activities by Roxr in the way and for the purpose described above.
Google Analytics cookies
If you consent to this, this website will use Google Analytics, a web analysis service of Google. Google Analytics uses so-called cookies, text files that are stored on your computer and enable an analysis of your website usage. The information generated by cookies on your usage of this website (including your IP address in anonymised form) is generally transferred to a server in the U.S. where it is stored. Google uses this information on behalf of the operator of this website to evaluate your usage of the website, to compile reports on website activities and to provide further services related to website and Internet usage for the website operator. If required, Google will pass on such information to third parties, provided that this is legally required or if third parties process this information on behalf of Google. The anonymised IP address transferred from your browser in the context of Google will not be merged with other Google data. The stored information is only accessible to the operator and the relevant technical provider; an evaluation of the data is exclusively performed internally in order to maintain and improve the operation of this website and the related services. You can avoid the storage of cookies by appropriately adjusting your browser software; however we would like to make you aware of the fact that in this case you might not be able to make full use of all the functions of this website. In addition, you can prevent the collection of data generated by the cookie and relating to your website usage (incl. your IP address) by Google and the processing of this data by installing a corresponding browser plug-in. By using this website you agree to the processing of the data collected on your activities by Google in the way and for the purpose described above.
7. What is the legal basis for video surveillance at the Haus des Meeres?
The purpose of the data application is to protect the monitored object and/or the fulfilment of statutory due diligence obligations, in each case including the preservation of evidence, with evaluation exclusively in cases defined by the specified purpose, provided that certain facts justify the assumption that the monitored object might become the target or location for a dangerous attack.
§ 80 Code of Criminal Procedure (Strafprozessordnung, StPO)
8. Who do we forward your personal data to?
We limit access to your personal data to the staff required to provide services to you.
Cash desk staff
We make our staff aware of the importance of confidentiality and undertake to adopt adequate disciplinary measures in order to ensure that our staff meet the data protection obligations.
We additionally forward your information to external companies which work on our behalf:
Various service providers or partner companies that support us with order processing, providing customers with information and supplying other services (order processing pursuant to Art. 28 GDPR). These companies are in turn required to comply with the data protection regulations. For order data processing, particularly strict data protection regulations apply; in particular, such companies must use the data exclusively to fulfil the tasks we have instructed them to do. Haus des Meeres shall be responsible to ensure that these enterprises comply with the data protection regulations and has concluded corresponding order processing contracts with such service providers.
Where card payment is concerned (direct debit/girocard/credit cards) we work together with PAYONE GmbH (Austria), Am Belvedere 10 1100 Wien. If you have any questions about data processing at PAYONE GmbH (Austria) SA or about how to assert your rights, please get in touch with the data protection officer, who you can contact under the mentioned address. Data protection regulations – PAYONE | PAYONE
Photos and/or film recordings are forwarded to third parties (e.g. sponsors, cooperation partners, others in the context of creating and issuing [print] publications) in order to be able to improve public relations and the presentation of our activities and increase their visibility. Uploading data to the Internet is also a form of forwarding to third parties.
We only forward your information to third parties without your consent if exceptional circumstances make this necessary, i.e. if health or safety is at risk, or if it is required by the applicable law and/or by the instances supervisory authority, court, public prosecutor’s office or the police.
Unless you revoke, we can also forward your information to family members or other people who are responsible for your health care. If you are not capable of giving your consent or revoking it, we will exercise professional judgement to check whether the forwarding is in your best interest.
9. What are your rights and how can they be exercised?
With regard to any form of processing of your personal data you can exercise the following rights:
Right of access: You have the right to receive a copy of your personal data, which is possessed and processed by the Haus des Meeres;
Right to rectification: You have the right to request a rectification of the documents with your personal data kept by Haus des Meeres if they are incorrect;
Right to file a complaint with the supervisory authority: You have the right to file a complaint with the relevant data protection authority if you have any concerns regarding the way in which your personal data is processed by Haus des Meeres.
Under certain circumstances, you can also exercise the following rights:
Right to erasure: You can request Haus des Meeres to delete your personal data;
Right to withdraw consent: You have the right to withdraw your consent to a processing activity for which you previously gave us your consent;
Right to object to a processing activity: You can request Haus des Meeres to stop processing your personal data;
Right to object to a processing for direct marketing purposes: You can request Haus des Meeres at all times to stop sending you advertising materials;
Right to object to a decision based on automated processing: You can demand that decisions that concern you be not solely based on automated processing (e.g. profiling);
Right to restrict processing: You can request Haus des Meeres to subject the processing of your personal data to certain restrictions;
Right to data portability: You can exercise your right to data portability and obtain your data in a structured and machine-readable format or have the data transmitted to another data controller in such a format.
10. Do I have an obligation to provide data?
The processing of your data is required to complete and/or fulfil a contract you concluded with us. If you do not provide us with this data, we will basically have to decline concluding the contract with you; also, we will not be able to fulfil an already existing contract and will consequently have to terminate it. However, with regard to any data that is not relevant for contract fulfilment or is legally not required, you have no obligation to give us your consent to data processing.
We take technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorised access. All of our staff and any service providers working for us have the duty to comply with the applicable data protection laws.
12. How to contact us
If you have any questions or wish to exercise your rights defined under (9), please get in touch with us as follows:
Haus des Meeres Betriebs GmbH, Fritz-Grünbaum-Platz 1,1060 Wien, tel.: 01 5871417 (available: Monday to Friday, 9:00 am to 4:00 pm), firstname.lastname@example.org
We hereby undertake to respond to you within one month. If, for whatever reason, we are unable to comply with your request, Haus des Meeres will deliver an explanation. If you do not allow us to process your personal data, it may make fulfilling the processing purposes much more difficult or impossible. Unfortunately we will then no longer be able to offer you certain services.