In accordance with the requirements of the General Data Protection Regulation (“GDPR”) and the Austrian Data Protection Act (“DSG”) this statement explains, which personal data (furthermore “data”) the Natural History Museum Vienna ("we" or “NHM”) as controller collects from you or about you, how we use these data, and which options you have when visiting this website. We comply with all legal requirements and process data only in accordance with the provisions of the relevant regulations. If you have any questions about this statement or our data processing activities, please contact .
In accordance with Articles 15-18, 20, and 21 GDPR, you have the right of access, rectification, erasure, restriction of processing, portability and objection against the processing of your data. However, these rights are excluded in accordance with Section 2d para. 6 of the Austrian Research Organization Act (Forschungsorganisationsgesetz) if the processing is carried out for purposes in accordance with Art. 89 para. 1 GDPR (processing for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes) and if this purpose is rendered impossible or seriously impaired by the exercise of your rights.
If you wish to exercise one or more of these rights, please contact us via email at or by mail to: Natural History Museum Vienna, attn. Data Protection Officer, Burgring 7, 1010 Vienna. If you believe that the processing of your data violates applicable law or that your rights/interests have been infringed, you can launch a complaint with the Austrian Data Protection Authority.
In order to operate our website, we use technical partners who support us in the creation and operation of the website. In some cases these partners need access to data in order to carry out their activities; however, they will not process the data unless necessary. Our current partner is JART IT GmbH, Schönbrunnerstraße 31/1/19.
Automatic data storage
To enable correct operation of the website it is technically necessary to process certain information. These data are processed to optimize the website, to correct errors, and to protect the website against attacks; therefore, processing is based on the legitimate interest of the controller.
The data collected is:
- your browser and browser version
- your operating system
- the referring URL
- the host name and IP address of your device
- date and time of your visit
- the quantity of data sent (upload/download volume).
Log files containing these data are stored for seven (7) days and are then automatically deleted. We access data only if necessary for the integrity of our website or in case of suspicion of illegal behavior. In this case, the data may be passed on to the relevant authorities.
TLS encryption with https
In order to secure online transmission of data in accordance with the principles of privacy by design and privacy by default, we use TLS (Transport Layer Security), an encryption protocol that strengthens the protection of data. This protection is recognizable by the lock symbol at the left of the Internet address and the use of the https scheme (instead of http).
Storage of personal data when contacting us
When you contact us you transmit data such as name, email address, address, telephone number, and, if relevant, group type and age or other relevant personal details in the context of your request. We use these data to handle your request and to communicate with you on the basis of your inquiry (thus your request is your consent in accordance with Art. 6 para. 1 lit a GDPR). We will not pass your personal data on to third parties without your consent, unless this is necessary for the handling of your request. Your data may also be accessed in case of suspicion of illegal behavior. You can revoke this consent at any time via the channels mentioned above, but in any case by sending an email to . In this case we will discontinue further processing unless processing is necessary for compliance with legal or regulatory retention requirement, e.g. establishment of a (pre-)contractual relationship.
In a (pre-)contractual relationship with the Natural History Museum, e.g., for the organization of individual events, we process the data of contact persons and contractual partners, especially name, address, email address, and telephone number on the legal basis of the performance of the contract or compliance with statutory provisions.
The data are processed until the contract is fulfilled and furthermore for the duration of the statutory retention periods.
We would like to point out that the transmission of information via the Internet involves risks outside our scope of influence. If you transmit data by email, we cannot guarantee the secure transmission and protection of your data. We recommend that you do not transmit confidential data unencrypted by email. You are aware of these risks and we are not liable for any loss or unauthorized access of data outside our control.
data storage webshop
In order to facilitate online purchases we process the IP address of the connection owner, as well as name, address, and email address of the customer.
Furthermore, we process payment method, payment status, date of purchase, and purchased goods. These data are necessary for pre-contractual arrangements and the fulfilment of the contract. Your payment details (i.e., depending on means of payment either, name and credit card number or name and bank details) are processed by the payment service provider, mPAY24 GmbH, Grüngasse 16, 1050 Vienna. Data are transmitted to the relevant payment institution for the purpose of debiting the purchase price; these data are not processed by us.
In case the purchase process is aborted, data are deleted immediately. If a contract is concluded, all data from the contractual relationship will be stored until the contract is fulfilled and beyond that time for the duration of the statutory retention periods. The legal basis for the processing is the performance of the contract and the compliance with legal requirements. Your data may be passed on to carriers (e.g., the Austrian Post) if this is necessary for the fulfilment of the contract with you.
There are different types and categories of cookies: first-party cookies are created by our website, whereas third-party cookies are created by other websites (e.g., Google Analytics); necessary cookies ensure basic functions of the website and target-oriented cookies improve the user experience.
You can set up your browser to inform and ask you in every instance cookies are installed. You can deactivate cookies in your browser settings. Please note that this may impair the functionality of our website.
You have the option to subscribe to our newsletter on current topics, exhibitions, events, and general news about the NHM Vienna. For this purpose, we need your email address and your consent to receive the newsletter. As soon as you have registered for the newsletter, we will send you an email confirming your registration.
When registering for programs for teachers, we process the information provided in the course of the registration, i.e., name, type of school, school address, telephone number and age of the target group.
You can unsubscribe from the newsletter at any time by sending an email to firstname.lastname@example.org or using the link in each newsletter. After receiving your unsubscription, we will not send you any further information on current topics, exhibitions, events or news of the NHM, unless you send us a new request. To provide our newsletter, we use the services of MailChimp, to whom your data will be sent for this purpose, as described in the following paragraphs.
MailChimp belongs to The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 United States.
MailChimp collects information such as IP address, browser type and email program and through the web beacons embedded in the newsletters MailChimp can assess among others if the email was opened or links were visited.
MailChimp is an active participant of the EU-U.S. Privacy Shield Framework, which legitimizes the transfer of personal data to the United States.
In accordance with Art. 28 GDPR, we have concluded a data processing agreement with MailChimp. Additional information regarding the data processing activities of MailChimp is available at https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts.
In order to improve the usability of our website, we use the services of Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, United States, as listed below. Google LLC is an active participant in the EU-U.S. Privacy Shield Framework, which legitimizes the transfer of personal information to the United States. Depending on the service, Google processes various data on Google's servers in the United States. Depending on whether you have a Google Account and are logged in or not, Google may connect the data collected on our website to your person. Additional information regarding the data processing activities of Google is available at https://www.google.com/intl/de/policies/privacy/. Data processing is carried out on the basis of our legitimate interest or if you have made the appropriate settings and accepted cookies, on the basis of your consent, which may be revoked at any time. In accordance with Art. 28 GDPR, we have concluded a data processing agreement with Google.
We use Google Maps to show you our location and to offer you routing information. If you use the functions of the map, you are directed to Google Maps and transmit the data you enter directly to Google.
To improve the usability of our website, we use Google Analytics to obtain visitor statistics. For this purpose, Google Analytics uses target-oriented cookies to evaluate your usage behavior on our website.
In order to provide you with better protection of your privacy, we pseudonymise your data by deleting the last bits of the IP address, and thus we cannot allocat the IP address to a specific user without additional information.
Furthermore, by clicking the opt-out-link you can prevent the data collection by Google Analytics on this website.
Through the integration of the Facebook Button, we use Facebook features (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).
If you use the Facebook button on our website, you are directed to the Facebook website and if you have a Facebook account, Facebook may associate the information with your personal account. Facebook processes this data as controller on its globally located servers.
Additional information regarding the data processing activities of Facebook is available at https://www.facebook.com/policy.php. We concluded a contract with Facebook regarding the use of its offers and Facebook is controller regarding its data processing.
Through the integration of videos on our website by means of YouTube (YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, United States), YouTube may process your data when you access the video on our website. If you have a YouTube account, the data may be associated with your personal account. YouTube LLC, as a subsidiary of Google LLC, who is an active participant in the EU-U.S. Privacy Shield Framework, which legitimizes the transfer of personal data to the United States. Additional information regarding the data processing activities of YouTube is available at https://www.google.com/intl/de/policies/privacy/.
By using the Twitter button, functions of Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland) are integrated on our website.
If you use this service on our website, you are directed to Twitter, where the data you provide are processed and, if you have a Twitter account, may be assigned to your account. Twitter is the controller of these data processing activities. Additional information regarding the data processing activities of Twitter is available at https://twitter.com/de/privacy.
By using Instagram's features on our website, you will be directed to the Instagram website (Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, United States, a subsidiary of Facebook Ltd.) and the data you provide will be processed by Instagram as controller and transferred to the United States on the basis of standard EU contractual clauses. The data can also be associated with your Instagram account if you have one.
Additional information regarding the data processing activities of Instagram is available at https://help.instagram.com/519522125107875.
On our website, we use functions of the bookmark service AddThis from Oracle (1900 Oracle Way Reston, VA 20190, United States). AddThis is as a service of Oracle America Inc., a member of the EU-U.S. Privacy Shield, which legitimizes the transfer of personal data to the United States.
These functions allow us to embed social media plug-ins on our website. When you visit sites using AddThis features, AddThis processes your personal information. Additional information regarding the data processing activities of AddThis is available at http://www.addthis.com/privacy/privacy-policy/.
Photography at Events
Please note that photographers will be present at NHM events and pictures of the event will be taken on the basis of the justified interest of the NHM for the purpose of documentation in accordance with Sec. 6 para. 1 lit f GDPR.
The pictures will be presented to the speakers after the event by means of a secured library for a 14 day duration.
If the photographer wishes to take a picture of you personally or as part of a small group, he will ask for your consent in each individual case. If you do not wish to be photographed, please inform the photographer before taking the picture, otherwise the picture will be deemed proof of your consent within the meaning of Sec 6 para. 1 lit a GDPR.