Privacy notice

 
In accordance with the provisions of the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG), this declaration is intended to explain to you what personal data (now "data") the Natural History Museum Vienna, Scientific Institution under Public Law, Burgring 7, 1010 Vienna, as the controller ("we"), collects from you or about you, how the data is used and the rights you have in this regard.
 
The protection of your data is important to us, thus we comply with the legal requirements and process personal data only in accordance with the legal provisions.
 
We have taken appropriate technical and organisational measures to ensure that all legal requirements under applicable data protection law are observed both by us and by our service providers whom we require in in some areas to process your data (processors).
 
The permanent technical development of the Internet as well as possible changes in the legal framework may make it necessary to adapt our privacy notice from time to time. We therefore reserve the right to adapt this notice accordingly. All changes apply from the time of publication on our website.
 

1. Website / Use of this Internet presence

technical partners

In order to operate our website, we use technical partners who support us in the creation and operation of the website. In some cases these partners need access to data in order to carry out their activities; however, they will not process the data unless necessary. Our current partner is Jart GmbH Graf Starhemberggasse 4/31, 1040 Wien.
 

automatic data storage

To enable correct operation of the website it is technically necessary to process certain information. These data are processed to optimize the website, to correct errors, and to protect the website against attacks; therefore, processing is based on the legitimate interest of the controller in accordance with Art. 6 para. 1 lit. f GDPR.
 
The data collected is:
  • your browser and browser version
  • your operating system
  • the referring URL
  • the host name and IP address of your device
  • date and time of your visit
  • the quantity of data sent (upload/download volume).
Log files containing these data are stored for seven (7) days and are then automatically deleted. We access data only if necessary for the integrity of our website or in case of suspicion of illegal behavior. In this case, the data may be passed on to the relevant authorities.

TLS encryption with https

In order to secure online transmission of data in accordance with the principles of privacy by design and privacy by default, we use TLS (Transport Layer Security), an encryption protocol that strengthens the protection of data. This protection is recognizable by the lock symbol at the left of the Internet address and the use of the https scheme (instead of http).
 

cookies

Our website uses so-called cookies. These are small text files that are stored on your end device through the browser. They do not cause any damage, no personal data such as your name or address is stored and we cannot identify you on the basis of this information.
There are different types of cookies: first-party cookies are created by our website, third-party cookies are created by other websites (e.g. Google Analytics).
Cookies are also classified according to their category, e.g. essential cookies to ensure basic website functions or targeted cookies to improve the user experience.
We use cookies to make our website more user-friendly. Cookies enable us to recognize your browser on your next visit, but we cannot identify you.
 
When you visit our website, we generally ask for your consent in accordance with Art. 6 para. 1 lit. a GDPR to set non-necessary cookies. Please note that the functionality of our website may be impaired if you do not give your consent for the non-necessary cookies. The necessary cookies will be set by us on the basis of the legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR, whereby the legitimate interest is to secure and optimise the web presence. We set the following necessary cookies:
JSESSIONID (session) / Used to distinguish visitors
jart_cookie_consent (180 days) / saves settings for cookies
cookieconsent_status (180 days) / saves settings for cookies
 
You can change your cookie settings, give or revoke your consent at any time by clicking the "Cookies" button in the footer of our website.
You will find detailed information on the above-mentioned third-party cookies in section regarding the respective service immediately afterwards.
 

Integrated services

Regarding the integrated services (YouTube, Vimeo, Google Maps and Analytics), your data will be transmitted on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR, which you provide through the click in our cookie banner. We would like to point out that the US are a non-secure third country in terms of data protection law and that you do not have the same rights with regard to your data as in Europe. The US are not subject to an adequacy finding by the European Commission and there are no suitable guarantees with regard to data transfer. By accepting the setting of cookies, you accept in accordance with Art. 49 para. 1 lit. a GDPR that this transmission will nevertheless be carried out. With your consent, the data will be processed by the respective service provider as controller and will not fall within the control or influence of the NHM Vienna.
 

YouTube

The integration of videos on our website is done through YouTube, a service from YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, US.
YouTube processes data when you access the YouTube videos on our website. If you have a YouTube account, the data generated in this way can be associated with your personal account. For more information about YouTube's data processing, please visit https://www.google.com/intl/de/policies/privacy/.
 
YouTube sets the following cookies (if you have permitted them):
APISID (2 years)
CONSENT (20 years 1 month)
HSID (2 years)
LOGIN_INFO (2 years)
PREF (8 months)
SAPISID (2 years)
SIDCC (3 months)
SID (2 years)
SSID (2 years)
VISITOR_INFO1_LIVE (8 months)
YSC (session)
 

Vimeo

The integration of videos on our website is done through Vimeo, a service from Vimeo Inc. 555 West 18th Street, 10011 New York US.
Vimeo processes data when you view Vimeo videos on our website. If you have a Vimeo account, the data generated in this way can be associated with your personal account. For more information about how Vimeo processes data, please visit https://vimeo.com/privacy. Vimeo sets the following cookies (if you have permitted them):
player (1 year)
vuid (2 years)
 

Google

We use the services of Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, listed below in detail. Depending on the service, various data are collected and processed on Google's servers in the US. Depending on whether you have a Google account and are logged in with it, or not, Google may or may not assign the data collected within the scope of our website to your person. You can find more information about data processing by Google on https://policies.google.com/privacy?hl=de
 

Google Maps

To show you our location, we use Google Maps. For this purpose, Google Maps sets the following cookies (if you have permitted this):
CONSENT (20 years 1 month)
HSID (2 years)
NID (1 year)
SAPISID (2 years)
SEARCH_SAMESITE (1 year)
SIDCC (1 year 3 months)
SID (2 years)
SNID (1 year)
SSID (2 years)
 

Google Analytics

We use Google Analytics to obtain visitor statistics. For this purpose, Google Analytics uses target-oriented cookies to evaluate your usage behavior on our website.
In order to better protect your privacy, the collected user data is pseudonymised by deleting the last bits of the IP address, which makes it impossible to assign the data to a specific user without additional data.
Furthermore, by clicking on the opt-out link, you have the option of preventing the data collection by Google Analytics on this website.
Google Analytics sets the following cookies (if you have permitted this):
ga (2 years) / Used to distinguish visitors
gid (1 day) / Used to distinguish visitors. The aim is to collect data on how the user moves between pages on the website.
gat (1 minute) / Used to throttle the request rate
 

Forwarding services

For the forwarding services (Facebook, Twitter, Instagram and Google Maps as well as Google Arts & Culture) no data is processed by us. We only offer you the possibility to call up the respective page of the NHM Vienna faster and directly by clicking on the respective button. However, this is a simple link through which no data is processed by us. Your data will be processed directly by the service provder.
We would like to point out that the US are a non-secure third country in terms of data protection law and that you do not have the same rights with regard to your data as in Europe. The US are not subject to an adequacy finding by the European Commission and there are no suitable guarantees with regard to data transfer. By accepting the setting of cookies, you accept in accordance with Art. 49 para. 1 lit. a GDPR that this transmission will nevertheless be carried out. With your consent, the data will be processed by the respective service provider as controller and will not fall within the control or influence of the NHM Vienna.
 

Facebook

If you use the Facebook button on our website, you will be redirected to the website of Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) and if you have a Facebook account, Facebook will be able to associate the information with your personal account. The Facebook Privacy Policy, can be found at https://www.facebook.com/policy.php.
 

Twitter

If you use the Twitter button on our website, you will be redirected to the website of Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland) where the data you provide will be processed and, if you have a Twitter account, the data generated in this way can be associated with your account. The Twitter Privacy Policy can be found at https://twitter.com/de/privacy.
 

Instagram

If you use the Instagram button on our website, you will be redirected to the website of Instagram (Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA a subsidiary of Facebook Ltd.) where the data provided by you will be processed and, if you have an Instagram account, can be associated with your account.
The Instagram Privacy Policy can be found at https://help.instagram.com/519522125107875.
 

Google Arts & Culture

If you use the Google Arts & Culture button on our website, you will be directed to the website of Google Arts & Culture, a service of Google LLC (Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) where the data provided by you will be processed and, if you have a Google Account, can be associated with your account.
The Google Arts & Culture Privacy Policy can be found at https://policies.google.com/privacy?hl=de
 

Google Maps

If you want to use functions of the integrated maps (e.g. route planner), you will be forwarded to Google Maps, a service of Google LLC (Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) where the data provided by you will be processed and, if you have a Google Account, can be associated with your account.
The Google Maps Privacy Policy can be found at https://policies.google.com/privacy?hl=de
 

2. Storage of personal data when contacting us

Data you transmit electronically in order to contact us, such as name, e-mail address, address, telephone number or, if relevant, group type and age or other personal details to the extent relevant for the processing of the enquiry, as well as data contained in the transmission of an e-mail, will only be used by us for the purpose stated in each case, in particular to answer your enquiry.
We use your personal data only to process your communication on the basis of your enquiry (legitimate interest according to Art. 6 para. 1 lit. f GDPR whereby the legitimate interest is communication with customers). We will not pass on your personal data without your consent, except if this is necessary for the processing of your inquiry. Furthermore, in the event of illegal behavior, the data may be made available for inspection. Your data may be passed on to transporters (e.g. the Austrian Post) if this is necessary for the fulfillment of the contract with you.
 
In a (pre-)contractual relationship with the Natural History Museum, e.g. for individual events, the data of contact persons and contractual partners are processed. For this purpose we process name, address, e-mail address and telephone number, on the basis of Art. 6 para. 1 lit. b GDPR for the fulfillment of the contract or, after completion of the contract in accordance with Art. 6 para. 1 lit. c GDPR on the basis of the compliance with legal provisions such as storage obligations.   
The data from the contractual relationship are processed until the fulfillment of the contract and beyond this until the expiry of the statutory retention period.
 
We would like to point out that the transmission of information via the Internet involves risks which we cannot influence or reduce. If you send us data by e-mail, we cannot guarantee secure transmission and the protection of your data. We recommend that you never send confidential data by e-mail without encryption. You are aware of this risk and we are not liable for any loss or unauthorized access outside our sphere.
 

3. Newsletter

You have the possibility to subscribe to our newsletter on current topics, exhibitions, events or advertising of the NHM Vienna via our website. This requires your name, e-mail address and the information that your agreement to receive the newsletter. We process this data on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. As soon as you have registered for the newsletter, we will send you an e-mail confirming your registration.
 
If you register for the teachers' newsletter in the course of an appointment request for teachers, in addition to the above-mentioned data we process the information provided in the course of the appointment request regarding name, school type, school address, telephone number and age of the target group.
 
You can unsubscribe from the newsletter at any time by sending an e-mail to newslettermp@nhm-wien.ac.at or using the link in each newsletter. After receiving your cancellation, we will not send you any further information about current topics, exhibitions, events or advertising of the NHM, unless you send us a new request.
 
Newsletters concerning educational programs for teachers as well as events and news of the NHM Vienna will be sent by e-mail without the involvement of a newsletter mailing service.
 
For the dispatch of the newsletter for press contacts (press spokespersons or accredited press contacts), we use the provider CleverReach, to whom your data is transmitted for this purpose.
 

CleverReach

The CleverReach GmbH & Co. KG, located at Schafjückenweg 2, 26180 Rastede, Germany, offers services for the distribution of newsletters. We process your data (name, e-mail address and institution) on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR provided upon your registration for the newsletter. According to Art. 7 GDPR and Sec. 107 Austrian Act on telecommunications (TKG) you have the possibility to unsubscribe from our newsletter at any time. You will then no longer receive e-mails from us. Your data will be processed by us for a period of 2 months from the date of unsubscription and then automatically deleted. The web beacons integrated in the newsletter can be used to determine whether the e-mail has been opened or links have been visited, but the relevant evaluations are immediately anonymised and are only available to us in statistical form. A interference to you or your opening/clicking behavior is not possible. In accordance with Art. 28 GDPR, we have concluded a precessing contract with CleverReach.
 

4. Data storage Webshop

In order to facilitate online purchases we process the IP address of the connection owner, as well as name, address, and email address of the customer.
Furthermore, we process payment method, payment status, date of purchase, and purchased goods. These data are necessary for pre-contractual arrangements and the fulfillment of the contract. Your payment details (i.e., depending on means of payment either, name and credit card number or name and bank details) are processed by the payment service provider, mPAY24 GmbH, Grüngasse 16, 1050 Vienna. Data are transmitted to the relevant payment institution for the purpose of debiting the purchase price; these data are not processed by us.
In case the purchase process is aborted, data are deleted immediately. If a contract is concluded, all data from the contractual relationship will be stored until the contract is fulfilled and beyond that time for the duration of the statutory retention periods. The legal basis for the processing is the performance of the contract and the compliance with legal requirements. Your data may be passed on to carriers (e.g., the Austrian Post) if this is necessary for the fulfillment of the contract with you.
 

5. Job application

In the course of your application, we typically receive your name, your contact details (e-mail, telephone number, and address), your curriculum vitae including the data contained therein and possibly training and job certificates. From receipt of your application, we process your data for the purpose of initiating a contract in accordance with Art. 6 para. 1 lit. b GDPR.
 
In the event of employment, the data will be processed within the scope of the employment relationship and you will be informed separately in detail.
 
From the time of a rejection, we process your data for a period of 7 months in accordance with Art. 6 para. 1 lit. f GDPR in our legitimate interest to defend ourselves in case of proceedings.
 
 

6. Contractual relationship with customers and suppliers

We process your data (name, address, contact information, contract and payment data) in accordance with Art. 6 para. 1 lit. b GDPR for the duration of the contractual relationship and furthermore in accordance with Art. 6 para. 1 lit. c GDPR for the fulfillment of legal requirements, e.g. obligations to retain records.
 

7. Processing for scientific purposes

According to Art. 89 GDPR in conjunction with the Austrian Federal Museums Act (BMusG) and the Austrian Research Organisation Act (FOG), your data may be processed by the scientific departments of NHM Vienna. You will receive specific information about the respective applicable processing by the departments at the latest at the time of data collection.
 

8. Your Rights

In accordance with Articles 15-18, 20, and 21 GDPR, you have the right of access, rectification, erasure, restriction of processing, portability and objection against the processing of your data. However, these rights are excluded in accordance with Sec. 2d para. 6 of the Austrian Research Organization Act if the processing is carried out for purposes in accordance with Art. 89 para. 1 GDPR (processing for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes) and if this purpose is rendered impossible or seriously impaired by the exercise of your rights.
 

9. Contact

If you wish to exercise one or more of these rights, please contact us via email at or by mail to: Natural History Museum Vienna, attn. Data Protection Officer, Burgring 7, 1010 Vienna. If you believe that the processing of your data violates applicable law or that your rights/interests have been infringed, you can launch a complaint with the Austrian Data Protection Authority.
  
Online-Tickets