-Data protection notice
This notice provides you with information on how your personal data are processed when you visit our website (www.acv.at).
It may be necessary to amend this notice due to development of the website or legal changes. The version published at www.acv.at/en/legal-notice/data-protection-notice/ applies.
Contents
1. Controller
2. Provision of the website and logfiles
2.1. Scope of data processing
2.2. Purposes
2.3. Legal basis
2.4. Recipient
3. Cookies
3.1. Essential cookies
3.1.1. Purposes
3.1.2. Legal basis
3.1.3. Cookies used
3.2. Marketing cookies
3.2.1. Purposes
3.2.2. Legal basis
3.2.3. Cookies used
3.3. Analytics and statistics cookies (performance cookies)
3.3.1. Purposes
3.3.2. Legal basis
3.3.3. Cookies used
4. Newsletter
4.1. Scope and purposes of data processing
4.2. Legal bases
4.3. Recipient
4.4. Retention period
5. Contact form and e-mail contact
6. Affiliate partners
7. Storage of lost property
8. Guest and visitor WLAN
9. General information
10. Your rights
1. Controller
Internationales Amtssitz- und Konferenzzentrum Wien, AG (IAKW-AG)
Bruno-Kreisky-Platz 1
A-1220 Vienna
Tel. +43 (1) 26069-0
Fax: +43 (1) 26069 303
E-mail: [email protected]
You can contact our Data Protection Officer at [email protected].
2. Provision of the website and logfiles
2.1. Scope of data processing
Every time a user visits our website, our system automatically records data and information from the computer on which the website is viewed.
The following data are collected and stored in the logfiles in our system:
- The device’s IP address
- Date/time of access
- Type of device (PC, smartphone, etc.)
- User’s operating system
- Name of the internet provider
- Name of the browser used
- Browser software language
- Type of request made by the user (name of requested file)
- Quantity of data transferred
- Access status (file transferred, file not found, etc.)
- Contents of form
2.2. Purposes
Temporary storage of the IP address by the system is necessary in order to provide access to the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of their visit. Data are stored in logfiles in order to ensure the proper functioning of the website. The data also enable us to optimise the website and safeguard the security of our IT systems.
2.3. Legal basis
The legal basis for the collection of these data and their temporary storage in logfiles is our legitimate interest in accordance with Article 6(1)(f) General Data Protection Regulation (GDPR). Data processing is based on our legitimate interest in achieving the purposes specified in section 2.2 above.
2.4. Recipient
We use an IT service provider for the provision of our website, namely functn gmbh, Schellinggasse 3/8, A-1010 Vienna (the processor), as well as Internex GmbH, Lagerstrasse 15, A-3950 Gmünd. The processor processes the collected data in order to resolve technical problems.
3. Cookies
Cookies are small text files saved on your device (PC/laptop, tablet or smartphone). These text files are downloaded by your browser when you first visit our website. If you visit this website again using the same device and browser, the cookie and the information saved in it will either be sent back to the website that created the cookie (first-party cookie) or to a different website which it belongs to (third-party cookie). In this way, the website recognises the returning user and adapts the website content accordingly. Cookies “remember” your preferences, provide information on how you use a page, and in some cases personalise the content displayed.
Our website uses cookies and similar tools (collectively referred to below as “cookies”). These cookies enable us to ensure that the website functions properly (essential cookies), analyse the way in which our website is used (performance cookies) and optimise our marketing activities, in particular by displaying personalised advertisements (marketing cookies). We only use performance and marketing cookies with your consent.
3.1. Essential cookies
3.1.1. Purposes
We use essential cookies in order to enable basic website functions, ensure the security of our website and temporarily store your cookie settings.
Details of the specific purposes of the various cookies are provided in section 3.1.3.
3.1.2. Legal basis
The legal basis for processing your data using essential cookies is our legitimate interest in providing a fully functional website, safeguarding the security of our website and temporarily storing your cookie settings (in accordance with Article 6[1][f] GDPR and section 96[3] Austrian Telekommunikationsgesetz [Telecommunications Act]).
3.1.3. Cookies used
Our website uses the following essential cookies:
a) __cfduid
Type of data
The user’s IP address
Purposes
The __cfduid cookie is loaded when you visit our website. The cookie is used by service provider Cloudflare in order to identify trusted internet traffic, manage load balancing and enhance the security of our website. The stored information is anonymised and encrypted.
Retention period
7 days
Recipient
Cloudflare, Inc.
101 Townsend St
San Francisco, CA 94107
USA
Transfer to a third country
Transfer to the USA on the basis of standard contractual clauses.
b) Usercentrics
Types of data
The (personal) data collected by this service or as a result of its use are listed below:
- Browser information
- Opt-in and opt-out data
- Requests for website URLs
- Website page path
- Geographical location
- Date and time of visit
- Device information
Purposes
The purposes of data collection and processing are listed below. Your consent only applies with regard to the purposes specified. The collected data may not be used or stored for purposes other than those listed below.
- Compliance with statutory obligations
- Storing consent
Retention period
The retention period is the length of time for which the collected data are stored for processing. The data must be deleted as soon as they are no longer required for the specified purposes of processing.
Consent data (giving and withdrawing consent) are stored for three years. After this period, the data are deleted immediately, or transferred on request in the form of a data export to the person who gave their consent.
Recipient
Usercentrics GmbH
Sendlinger Strasse 7, 80331 Munich, Germany
c) Algolia
Types of data
The (personal) data collected by this service or as a result of its use are listed below:
- Search terms
- Browser information
- IP address
Purposes
- Search function
Retention period
The retention period is the length of time for which the collected data are stored for processing. The data must be deleted as soon as they are no longer required for the specified purposes of processing.
The data are deleted as soon as they are no longer needed for the purposes of data processing.
Recipient
Algolia Inc., 301 Howard Street, Suite 300 San Francisco, CA 94105, United States of America
The processor’s data protection officer can be contacted by e-mail at [email protected] .
Transmission to third countries
This service can transfer collected data to a different country. Please note that this service can transfer data outside the European Union and the European Economic Area, to a country which does not have adequate data protection standards. If the data are transferred to the USA, there is a risk that your data may be processed by US authorities for monitoring or surveillance purposes, possibly without you having any forms of legal redress. A list of the countries to which data are transferred is provided below. This may take place for various reasons, including storage or processing.
United States of America
d) measureUnit
Type of data
Unit of measurement
Purposes
When the unit of measurement is changed from metres to feet, the measureUnit cookie is created to ensure that the unit of measurement you selected is displayed when you view the website in future.
Retention period
1 year
e) OptinMonster
Types of data
The following types of personal data are collected:
- Data provided in forms on the website
- Data on user interaction
Purposes
OptinMonster’s service is designed to convert and monetise website traffic. Data are collected for the following purposes:
- Analysis
- Functionality
- Optimisation
The provider is Retyp LLC, 5127 NW 24th Dr, Gainesville, FL 32605, USA (Retyp). For further information on optinmonster Retyp visit this website.
Legal basis
Article 6(1)(f) GDPR
Retention period
3 days
Recipient
Retyp LLC
5127 NW 24th Dr, Gainesville
FL 32605
USA
Here you can contact Retyp LLC’s data protection officer.
Transfer to a third country
Transfer to the USA on the basis of a data processing agreement.
3.2. Marketing cookies
3.2.1. Purposes
If you have given us your consent, we use marketing cookies in order to show you personalised online advertising and for the purpose of remarketing.
Information on how your personal data are processed in this regard is provided below.
3.2.2. Legal basis
The legal basis for processing your data by means of marketing cookies is your consent obtained in accordance with Article 6(1)(a) GDPR in conjunction with section 96(3) Austrian Telecommunications Act.
You can change your cookie settings at any time by clicking on the “Cookie settings” button and adjusting your preferences using the slider – visit
Cookie settings
If you subsequently withdraw your consent for the use of certain cookies, they will no longer be used when you visit our website in future. However, please note that for technical reasons we cannot delete cookies stored previously in your system on the basis of your consent, so these cookies may remain on your device. We recommend that you delete these cookies manually in your web browser settings or using corresponding browser add-ons.
You have the option of preventing the storage of cookies and use of the analytics service by selecting the appropriate browser settings. You can also configure your browser so that cookies are not stored or cookies stored previously are deleted. All commonly used browsers allow you to block the storage of all cookies or those from third parties.
3.2.3. Cookies used
a) LinkedIn insight data
Types of data
IP address, time stamp, website activity (pages viewed), device and browser properties
These data are encrypted and anonymised. These anonymised data are deleted within 90 days. LinkedIn does not share any personal data with us, but we can obtain anonymised data via reports from LinkedIn (reporting). We can also carry out retargeting via LinkedIn, but again we do not process any personal data, and make use of anonymised data from LinkedIn.
Purposes
Our website uses functions of the social media network LinkedIn, operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. When you view pages that use such functions, data (IP address, device and browser information, time stamp, referrer URL) are transferred to LinkedIn, stored and evaluated. If you have a LinkedIn account and are logged into it, these data will be associated with your account and the data saved there. LinkedIn’s data protection policy, and details of the types of information that LinkedIn collects and how it uses this information can be found here. With your consent, we use the LinkedIn Insight Tag, a small piece of JavaScript code which is added to the website to enable the production of detailed campaign reports and gain insights into the website user experience. We use the Insight Tag in order to track conversions, retarget website users, gain information about advertisements, and reach out to individuals on LinkedIn who are similar to members of the target group.
LinkedIn encrypts and anonymises the data it collects. LinkedIn does not share any personal data with us, and we only receive reports on anonymised data (reporting). Although we use LinkedIn for retargeting activities, we only use anonymised data from LinkedIn.
Retention period
Up to 2 years
Recipient
LinkedIn Corporation
2029 Stierlin Court Mountain View
CA 94043
USA
Transfer to a third country
We only use cookies from third parties domiciled in the USA (US providers) if you give us your consent to do so. In this case, your personal data will be transferred to the USA and processed there. In the opinion of the European Court of Justice, the USA does not have adequate data protection standards. If your data are transferred to the USA, there is a risk that US authorities will access your data in the course of surveillance programmes against which you will have no legally enforceable rights or effective forms of legal redress.
You can withdraw your consent at any time and/or subsequently change your cookie preferences by clicking on the “Cookie settings” button and adjusting your preferences using the slider – visit
Cookie settings.
If you subsequently withdraw your consent for the transfer of your data to the USA, these cookies will no longer be saved on your device. However, please note that for technical reasons we cannot delete cookies stored previously in your system on the basis of your consent, so these cookies may remain on your device. We recommend that you delete these cookies manually in your web browser settings or using corresponding browser add-ons.
b) Google remarketing
Types of data
The (personal) data collected by this service or as a result of its use are listed below:
- Click path
- IP address
- Information on cookies
- Browser information
- Device ID
- Internet service provider
- Demographic data
- Date and time of visit
- Pages viewed
- Providing domains
- Hardware/software type
- Location details
- Search history
- Interaction data
- Advertisements viewed
Purposes
We use the ‘new interactions’ or ‘similar target groups’ remarketing features to enable us to show you interest-based, personalised advertisements for IAKW-AG (Austria Center Vienna) within the Google Display Network when you use the internet after having visited our website. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google). After you give your consent, Google saves cookies on your device in order to analyse your behaviour when using the website. Google pseudonymises the data and does not associate it with other data.
Retention period
1 year
Recipient
Google Inc.
1600 Amphitheatre Parkway, Mountain View
CA 94043
USA
Here you can contact Google’s data protection officer.
Transfer to a third country
We only use cookies from third parties domiciled in the USA (US providers) if you give us your consent to do so. In this case, your personal data will be transferred to the USA and processed there. In the opinion of the European Court of Justice, the USA does not have adequate data protection standards. If your data are transferred to the USA, there is a risk that US authorities will access your data in the course of surveillance programmes against which you will have no legally enforceable rights or effective forms of legal redress.
You can withdraw your consent at any time and/or subsequently change your cookie preferences by clicking on the “Cookie settings” button and adjusting your preferences using the slider – visit
Cookie settings.
If you subsequently withdraw your consent for the transfer of your data to the USA, these cookies will no longer be saved on your device. However, please note that for technical reasons we cannot delete cookies stored previously in your system on the basis of your consent, so these cookies may remain on your device. We recommend that you delete these cookies manually in your web browser settings or using corresponding browser add-ons.
c) Podigee
Types of data
IP address, device and browser information.
Purposes
Our website uses functions supplied by the podcast hosting provider Podigee. These are operated by Podigee GmbH, Schlesische Strasse 20, 10997 Berlin, Germany. These services are used to activate downloads and analyse the behaviour of the respective user of the podcast.
Retention period
The data will be stored for as long as is necessary to fulfil the purposes of data collection. The cookies used are session cookies.
Recipient
The recipient of the data collected is:
Podigee GmbH, Schlesische Strasse 20, 10997 Berlin, Germany. For details of Podigee´s privacy policy visit this website.
Transfer to a third country
Data are not transferred to third countries.
d) Facebook Custom Audience pixel (Meta)
Types of data
The personal data collected by this service or as a result of its use are listed below:
- Advertisements viewed
- Content viewed
- Device information (device ID, browser type, operating system)
- Geographical location
- http header
- Interaction with advertisements, services and products
- IP address
- Elements clicked on
- Marketing information
- Pages viewed
- Pixel ID
- Referrer URL
- Usage data
- User behaviour
- Facebook cookie information
- Facebook user ID
- Usage/click behaviour
- Browser information
- Operating system
- Device ID
- User agent
- Browser type
Purposes
In connection with the technologies described below, we use the Facebook pixel provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Facebook (by Meta)” or “Meta Platforms Ireland“). The Facebook pixel is used to automatically collect and store data (IP address, time of visit, device and browser information, and information regarding your use of the website based on events specified by us, e.g. visit to a particular page or registration for a newsletter), which are then used to create pseudonymised usage profiles. In addition, information is collected and stored in hashed form for comparative purposes, as part of what is called extended data reconciliation. This information can be used to identify specific individuals (e.g. name, e-mail addresses and telephone numbers). When you visit our website, the Facebook pixel places a cookie which automatically recognises your browser when you visit another website by means of a pseudonymised cookie ID. Facebook (by Meta) merges this information with other data from your Facebook account and uses the information to generate reports about website activity and to enable provision of other services associated with use of the website, in particular personalised and group-based advertising.
Facebook analysis
With Meta Business Tools, the data collected by the Facebook pixel regarding your use of our website are used to generate statistics about visitor activity on our site. Data processing is carried out on the basis of a processing agreement with Facebook (by Meta). Facebook (by Meta)’s analysis supports the optimal presentation and marketing of our website.
Facebook Ads Manager
We use Facebook Ads to advertise our website on Facebook (by Meta) and other platforms. We set the parameters for each advertising campaign. Facebook (by Meta) is responsible for the detailed implementation, in particular decisions on the placement of advertisements for individual users. Unless otherwise specified for the various different technologies, data are processed on the basis of an agreement between joint controllers in accordance with Article 26 General Data Protection Regulation (GDPR). Joint controllership only applies to the collection of data and their transfer to Meta Platforms Ireland. It does not apply to data processing by Meta Platforms Ireland. We carry out group-based advertising on Facebook (by Meta) using Facebook Custom Audience by determining the characteristics of the various target groups based on statistics generated by the Facebook pixel regarding visitor activity on our website https://www.acv.at/. Facebook (by Meta) operates as our processor when performing extended data reconciliation (see above) in order to determine the various target groups. We carry out personalised advertising by means of Facebook pixel remarketing using the pseudonymised cookie ID placed by the Facebook pixel, as well as the data collected with regard to your user behaviour on our website.
If you reach our website via a Facebook Ads advertisement, we use the Facebook pixel to measure conversions for the purpose of website analysis and to track events in your subsequent user behaviour. Data processing is carried out on the basis of a processing agreement with Facebook (by Meta).
Retention period
Information on the respective retention periods for the cookies used can be found here:
Here can you find the Meta Cookies Policy. Here can you find the Meta Privacy Policy.
Recipient
The recipients of the data collected are:
Meta Platforms Ireland Ltd., Meta Platforms Inc.
The information collected automatically by Facebook (by Meta) about your use of our website is generally transmitted to a server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA and stored there.
For details of Meta´s Privacy Policy visit this website.
For details of Meta’s Cookies Policy, visit this website.
Transfer to a third country
The European Commission has not adopted an adequacy decision in respect of the USA. In the view of the European Court of Justice, the USA does not afford an adequate level of protection of personal data by EU standards. The lack of an adequacy decision and appropriate guarantees means there is a risk that your data may be processed by US authorities for monitoring or surveillance purposes, possibly without you having any forms of legal redress. Please note that at present we cannot provide any appropriate guarantees regarding the protection of data transferred to the USA.
Further information on data processing by Facebook can be found in the Meta Privacy Policy.
e) Youtube
Types of data
The (personal) data collected by this service or as a result of its use are listed below:
- Device information
- IP address
- Referrer URL
- Videos viewed
Purposes
Our website uses services provided by YouTube, a video sharing platform, in order to display videos on our website.
Processor:
Google Ireland Limited
Google Building, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Retention period
Information on the respective retention periods for Youtube cookies used can be found here.
PREF
This cookie stores your preferences and other information, in particular the preferred language, the number of search results to be displayed on a page, and whether you would like to activate the Google SafeSearch filter.
Type: cookie
Retention period: 10 years
VISITOR_INFO1_LIVE
This cookie measures the bandwidth of your internet connection, in order to determine whether the new or old player interface will be displayed.
Type: cookie
Retention period: 6 months
use_hitbox
This cookie increases the number of views on the counter of the YouTube video.
Type: cookie
Retention period: session
YSC
This cookie is set on pages with embedded YouTube videos.
Type: cookie
Retention period: session
Recipient
The recipients of the data collected are:
- Alphabet Inc.
- Google LLC
- Google Ireland Limited
For details of Youtube´s Privacy Policy.
For details of Youtube´s Cookies Policy.
To withdraw your consent to processing on all of the processor’s domains, go to this website.
Transfer to a third country
This service can transfer collected data to a different country. Please note that this service can transfer data to a country which does not have adequate data protection standards. If the data are transferred to the USA, there is a risk that your data may be processed by US authorities for monitoring or surveillance purposes, possibly without you having any forms of legal redress. A list of the countries to which data are transferred is provided below. You can find further information on security guarantees in the website provider’s privacy policy, or alternatively you can contact the website provider directly.
f) Booking.com
Types of data
The (personal) data collected by this service or as a result of its use are listed below:
- Contact details
- Name
- Payment information
- IP address
- Browser language
- Date and time of visit
- Hardware/software type
- Browser information
- Device’s operating system
- Name and version of services used
- Usage data
Purposes
Our website uses services provided by Booking.com B.V. Herengracht 597, 1017 CE Amsterdam, The Netherlands. This travel search engine enables users to book flights, hotels, rental cars and other travel-related services. We use Booking.com’s services in order to improve our website’s functionality, to integrate advertising, prepare targeted information and communications, and for market research purposes.
Retention period
The data are deleted as soon as they are no longer needed for the purposes of data processing.
Recipient
Booking.com B.V. Herengracht 597, 1017 CE Amsterdam, The Netherlands.
The Privacy Statement of Booking.com can be found on this website.
Subservices
All of the subservices of this service are described below. Your current consent status applies to all subservices.
I) Google Maps (Subservice)
Description of service
This is a web mapping platform and consumer application.
Processor
Google Building, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Purposes
The purpose of data collection and processing is listed below.
Displaying maps
Data collected
The (personal) data collected by this service or as a result of its use are listed below:
- Date and time of visit
- Location details
- IP address
- URL
- Usage data
Place of processing
European Union: this is the primary location where the collected data are processed. You will be informed separately if your data are also processed in other countries.
Retention period
The retention period is the length of time for which the collected data are stored for processing. The data must be deleted as soon as they are no longer required for the specified purposes of processing.
The data are deleted as soon as they are no longer needed for the purposes of data processing.
Transmission to third countries
This service may transfer collected data to another country (USA, Singapore, Taiwan or Chile). Please note that this service can transfer data to a country which does not have adequate data protection standards. If the data are transferred to the USA, there is a risk that your data may be processed by US authorities for monitoring or surveillance purposes, possibly without you having any forms of legal redress. A list of the countries to which data are transferred is provided below. You can find further information on security guarantees in the website provider’s privacy policy, or alternatively you can contact the website provider directly.
Data recipients
The recipients of the data collected are:
Google Ireland Limited
Google LLC
Alphabet Inc
For details of Google Maps´s Privacy Policy, visit this website.
For details of Google Maps´s Cookies Policy, visit this website.
To withdraw your consent to processing on all of the processor’s domains, go to this website.
Retention periods
The longest possible retention periods for cookies stored on a device and for other methods are as follows:
- Maximum retention period for cookies: 6 months
- Non-cookie storage: not used
Stored information
This service stores information on the user’s device in various ways, as described below.
NID
This cookie stores details of the user’s settings and information for Google Maps.
Type: cookie
Retention period: 6 months
II) gstatic.com (Subservice)
Description of service
This is a domain used by Google to transfer static content to another domain name in order to reduce bandwidth use and enhance network performance for end users.
Processor
Alphabet Inc.
1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, United States of America
Processor’s data protection officer
gstatic.com´s data protection officer can be contacted using the form.
Purposes
The purposes of data collection and processing are listed below:
- Improving network performance
- Reducing bandwidth use
Data collected
The (personal) data collected by this service or as a result of its use are listed below:
- Images
- Cascading Style Sheets (CSS)
Retention periods
The retention period is the length of time for which the collected data are stored for processing. The data must be deleted as soon as they are no longer required for the specified purposes of processing.
Queries for CSS assets are cached for one day and font files are cached for one year. Some information is stored until it is deleted by the user, some expires after a certain time and some is stored until the user’s Google account is deleted.
The longest possible retention periods for cookies stored on a device and for other methods are as follows:
- Maximum retention period for cookies: session
- Non-cookie storage: not used
Data recipient
The recipient of the data collected is:
Alphabet Inc.
For details of gstatic.com´s Privacy Policy, visit this website.
For details of gstatic.com´s Cookies Policy, visit this website.
To withdraw your consent to processing on all of the processor’s domains, go to this website.
Transmission to third countries
This service can transfer collected data to another country anywhere in the world. Please note that this service can transfer data to a country which does not have adequate data protection standards. If the data are transferred to the USA, there is a risk that your data may be processed by US authorities for monitoring or surveillance purposes, possibly without you having any forms of legal redress. A list of the countries to which data are transferred is provided below. You can find further information on security guarantees in the website provider’s privacy policy, or alternatively you can contact the website provider directly.
3.3. Analytics and statistics cookies (performance cookies)
3.3.1. Purposes
If you give us your consent, we use analytics and statistics cookies in order to analyse use of the website, generate usage statistics and, in turn, improve our website (performance cookies).
3.3.2. Legal basis
The legal basis for processing your data by means of analytics and statistics cookies is your consent obtained in accordance with Article 6(1)(a) GDPR in conjunction with section 96(3) Austrian Telecommunications Act.
You can change your cookie settings at any time by clicking on the “Cookie settings” button and adjusting your preferences using the slider – visit
Cookie settings.
If you subsequently withdraw your consent for the use of certain cookies, they will no longer be used when you visit our website in future. However, please note that for technical reasons we cannot delete cookies stored previously in your system on the basis of your consent, so these cookies may remain on your device. We recommend that you delete these cookies manually in your web browser settings or using corresponding browser add-ons.
You can also configure your browser so that cookies are not stored or cookies stored previously are deleted. All commonly used browsers allow you to block the storage of all cookies or those from third parties.
On our website, we use the web analytics service “Google Signals” from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA , to obtain reports on cross-device user numbers, as well as on different user groups based on different device combinations (so-called cross-device tracking). In the process, user data is collected if the user has activated the “personalized advertising” option in his Google account settings. A defined threshold for the reporting data ensures that, in principle, no conclusions can be drawn about the identity of an individual user.
We only process your personal data where this is necessary in order to fulfil the purpose for which they were collected (in this case, generating and evaluating statistics).
3.3.3. Cookies used
a) Google Analytics 4
Types of data
The (personal) data collected by this service or as a result of its use are listed below:
- Account data
- Gender
- Age
- Interests
- Anonymised IP address
- Bounce rates
- Browser information
- Click path
- Date and time of visit
- Device information
- Downloads
- Duration of visit
- Location details
- Internet service provider
- Mouse movements
- Screen resolution
- Behaviour data
- Referrer URL
- App updates
Purposes
This service enables us to analyse and constantly improve the use of our website.
Processor:
Google Ireland Limited
Google Building, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Retention period
Information on the cookies used and their respective retention periods is provided below.
This service stores information on the user’s device in various ways, as described below.
Google
Used to distinguish between visitors.
Type: cookie
Retention period: 2 years
Google
Used to distinguish between visitors.
Type: cookie
Retention period: 1 day
Google
Used to maintain the session status.
Type: cookie
Retention period: 2 years
Google
Contains campaign-related information. If you have linked your Google Analytics and Google Ads accounts, the Google Ads website conversion tags read this cookie, provided you do not log out.
Type: cookie
Retention period: 2 months, 29 days
Recipient
The recipients of the data collected are:
Alphabet Inc., Google LLC, Google Ireland Limited
For details of Google Analytics´ Privacy Policy, visit this website.
For details of Google Analytics´ Cookies Policy, visit this website.
To withdraw your consent to processing on all of the processor’s domains, go to this website.
Transfer to a third country
This service may transfer collected data to another country (USA, Singapore, Taiwan or Chile). Please note that this service can transfer data to a country which does not have adequate data protection standards. If the data are transferred to the USA, there is a risk that your data may be processed by US authorities for monitoring or surveillance purposes, possibly without you having any forms of legal redress. A list of the countries to which data are transferred is provided below. You can find further information on security guarantees in the website provider’s privacy policy, or alternatively you can contact the website provider directly.
b) Google Tag Manager
This website uses Google Tag Manager, which allows for management of website tags via an interface. Tag Manager, which adds the tags, functions without cookies and does not collect any personal data. Tag Manager fires other tags, which may collect data under some circumstances. Descriptions of the third parties concerned are provided in this data protection notice. However, Google Tag Manager does not use these data.
Here can you find the Google Tag Manager Terms of Service.
c) Google Consent Mode
We use Google Consent Mode, in which completely anonymized data is collected and processed for purely statistical purposes and for so-called data modeling. The following data is processed as part of this analysis:
Function-related information (such as headers added passively by the browser):
- timestamp
- User Agent
- Reference URL
Aggregated, non-personal data:
- Indication of whether the current page or a previous page in the user’s navigation history on the website contains ad click information in the URL.
- Boolean information about consent status
- Random number generated when the respective page is loaded.
In this way, we can track visitor flows on our website, but not individual usage behavior. Additionally, this allows Consent Mode to compare opt-in to opt-out rates. This information is then used to model conversions from page visitors who declined the cookie banner. The IP address is not processed or stored, it is only used for data transmission within the European Union.
Here you can find more information on the consent mode.
4. Newsletter
4.1. Scope and purposes of data processing
When you register for our newsletter, we process your personal data for the purpose of sending you the newsletter. For this purpose, we require the e-mail address that the newsletter will be sent to, your preferred form of address, and your first and last name. You also have the option of receiving the newsletter in a particular language. For this purpose, we use a service provider (processor), namely Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. You can choose which newsletter(s) you would like to subscribe to. You can select one or more of the following options:
The Austria Center Vienna newsletter – a monthly look at all the latest news on the venue and our innovative services and offerings.
Podcast newsletter – I understand! The science talk from the Austria Center Vienna. Podcast host Mari Lang looks at topics that affect us all.
Local residents newsletter – do you live close to the conference centre? We aim to give you all the latest details about upcoming major events or building work.
When you subscribe to our newsletter(s) using the online form, we record the following data (mandatory fields are marked ‘*’):
- Title*
- First name*
- Last name*
- E-mail*
- Language*
In the course of distributing the newsletters, we collect statistical data with a view to optimising our newsletter service. Newsletter tracking enables us to analyse the use of our newsletters. For instance, we can see whether a newsletter e-mail has been opened and which links have been clicked on. This allows us to analyse and improve our newsletter campaigns.
We also use newsletter tracking to monitor which links in a newsletter e-mail have been clicked on, so that we can optimise distribution of the newsletter and align the content of future newsletters more closely with your interests.
These data are not transferred to third parties. Data subjects can withdraw their declaration of consent provided separately through the double opt-in procedure at any time by unsubscribing from the newsletter. After you have withdrawn your consent, no further data will be collected and you will no longer receive any newsletters. It is possible to subscribe to our newsletters again.
We use the double opt-in procedure for newsletter subscriptions. After registering for the newsletter, we will send you an e-mail. We will only send you the newsletter if you confirm your e-mail address using the link included in the e-mail within 30 days This ensures that only you are able to subscribe for the newsletter using your e-mail address. You must confirm your address promptly after receiving the e-mail, otherwise your registration and e-mail address will be deleted from our database.
You can unsubscribe from the newsletter at any time either using the link at the end of every newsletter or by contacting us using the contact details contained in section 1 Controller, above.
4.2. Legal bases
The legal basis for processing your personal data related to distribution of our newsletter, including newsletter tracking, is your consent obtained in accordance with Article 6(1)(a) GDPR.
4.3. Recipient
Data recorded when you subscribe to our newsletters will not be transferred to external service providers or third parties.
4.4. Retention period
We store your contact details until you unsubscribe from the newsletter. When you do so, your decision is automatically recorded. This ensures that you no longer receive the newsletter from the time you unsubscribe. You also have the option of having your data deleted from our servers. If you wish to do so, please contact us at [email protected]. For statistical purposes, data are retained after erasure in anonymised form that cannot be associated with the data subject.
5. Contact form and e-mail contact
5.1. Scope and purposes of data processing
Our website contains contact forms that can be used to contact us electronically. If you use such a form, the data you enter will be transmitted to us and stored. When you contact us using the contact form, the following data may be collected; please note that fields marked with an asterisk (*) must be completed.
- Reason for contacting us
- First name*
- Last name*
- Company*
- Position
- Telephone number
- E-mail*
- Country
- Website
You provide these details voluntarily and on your own initiative. If the data you provide are for the purpose of contacting us, we will use these channels in order to contact you and address the matter you have raised. When you submit the form, you will be asked to give your consent to processing of your data and referred to this data protection notice. Alternatively, you can write to us using the e-mail address provided on our website. In this case, the personal data provided in the e-mail will be stored. The data will only be used to handle your query or deal with the matter you have contacted us about. If you contact us in this way, your personal data will not be transferred to third parties without your prior consent.
5.2. Retention period
If circumstances indicate that the matter in question has been resolved and the purpose of data processing has been achieved, your data will be deleted, provided that deletion is not in breach of any other statutory retention period.
5.3. Legal bases
If consent has been provided, the legal basis for data processing is Article 6(1)(a) GDPR.
The legal basis for processing data provided in the course of sending an e-mail is Article 6(1)(f) GDPR.
If an e-mail is sent with a view to entering into a contract, the legal basis for data processing is Article 6(1)(b) GDPR.
6. Affiliate partners
On our website, we use links for affiliate programs (e.g., Vienna City Card). These links lead to external websites operated by our partners. When you click on such a link, you will be directly redirected to the partner’s website. Please note that the privacy policies of these external websites apply once you enter our partner’s site. We have no influence over the data processing by these external websites and therefore recommend that you carefully read the privacy policies of the visited sites
7. Storage of lost property
Why and how your data are processed:
If an item of lost property that allows us to identify you (e.g. an official ID) is handed in to us at the Austria Center Vienna, we will process your personal data.
Processing is carried out for administrative purposes and in connection with the storage and return of the lost property. We will process data that can be obtained from the lost property, and which are necessary for the return of the lost property to the owner, or for the transfer of the item to the City of Vienna’s lost property office.
Legal basis: Safeguarding your and our legitimate interests regarding our ability to return lost property to you on site (Article 6[1][f] GDPR). The transfer of lost property to the City of Vienna’s lost property office is necessary for compliance with a legal obligation (Article 6[1][c] GDPR in conjunction with sections 390 and 391 Allgemeines Bürgerliches Gesetzbuch [Austrian Civil Code]).
How we store your data:
Lost property is transferred to the City of Vienna’s lost property office once a week. As a result, your personal data will be stored for up to one week and then immediately deleted.
Who receives your data:
ACV staff responsible for handling lost property internally. If the lost property is not collected from us: the City of Vienna’s lost property office.
8. Guest and visitor WLAN
Why and how your data are processed:
When a mobile device (smartphone, tablet, laptop, etc.) is connected to the WiFi network provided by IAKW-AG for visitors and guests, the following data relating to this device are processed:
- The device’s MAC address
- Operating system/manufacturer
- Connection quality/strength/bandwidth
- Movement data (when the mobile device moves within the IAKW-AG site)
- Host name (name of the mobile device)
- IP address (this is assigned to the device for the use of the WiFi network)
- WLAN SSID (the WiFi network the device is connected to)
- Access point name and MAC address (access point to which the device is connected)
- Session traffic (amount of data generated by the device during a session – bytes transmitted and received).
Processing is carried out for the purpose of providing the WLAN as a voluntary service offered by IAKW-AG for guests and visitors. In doing so, the MAC address of the mobile device is required to establish the connection to the WLAN. Data relating to the operating system and the manufacturer of the mobile device, and data on the connection quality/strength/bandwidth are processed in order to optimise the quality and coverage of the WLAN. Movement data is processed for the purpose of optimising the general IAKW-AG infrastructure, e.g. to better direct visitor flows in the future. The evaluation of the movement data is not automated, but only performed as required. Only anonymised data is processed, exclusively for statistical purposes.
Legal basis:
Data required to establish the connection to the WLAN are used for the performance of a contract (Art 6[1][b] GDPR). Additional data is processed to protect our legitimate interest in optimising our services (WiFi coverage, WLAN quality, optimisation of visitor flows; Art 6 [1][f] GDPR).
How we store your data:
Depending on the number of devices connected to the WLAN and the resulting data volume, the data is stored between 7 and 30 days.
Who receives your data:
For the provision of the WLAN, we use a service provider (processor), namely H82 medientechnik GmbH, Tech Gate Vienna, Donau-City-Strasse 1, 1220 Vienna, Austria (H82). H82 processes the data specified above for the purpose of WiFi provision. However, H82 does not use the data for its own purposes, nor does it transfer such personal data to third parties. Anonymised statistical evaluations are made available internally to qualified persons at IAKW-AG as required.
9. General information
Unless otherwise stated in this data protection notice, we (or our processors) obtain your personal data directly from you and not from third parties.
We appreciate how important your data are and we therefore do not transfer them to third countries or international organisations. However, if some processing involves transferring your data to a third country, we will explicitly notify you of this in this data protection notice and inform you of the measures taken in order to ensure that your data are adequately protected.
You are not under any obligation to provide us with your personal data. In case of a statutory or contractual obligation to disclose your personal data, or if disclosure is required in order to conclude a contract with us, this is expressly stated in this data protection notice. In this case, we will also inform you of the potential consequences of not disclosing your data.
We do not use any form of automated decision-making including profiling in the meaning of Article 13(2)(f) and Article 14(2)(g) GDPR.
Your personal data will only be processed for the purpose for which they were collected. However, if processing of certain types of data involves processing for other purposes, we will inform you in this data protection notice.
10. Your rights
As a data subject, you have the following rights with regard to processing of your personal data:
Right to withdraw consent
If we process your data on the basis of your consent, you have the right to withdraw your consent at any time. The data will no longer be processed when we receive notification of withdrawal of your consent. Withdrawing your consent does not affect the lawfulness of processing of your data carried out prior to withdrawal.
Right of access
You can demand information on the origins and categories of the data we process in connection with you and your transactions, the retention period, the recipients to which we disclose/have disclosed your personal data, as well as the purpose and form of such processing.
Please note that under section 4(6) Austrian Datenschutzgesetz (Data Protection Act) 2018, no information can be provided if this endangers business or trade secrets.
Right to rectification and erasure
If we process personal data that are inaccurate or incomplete, you can demand rectification or completion of the data. You can also demand that unlawfully processed data be deleted. Please note that this only applies to inaccurate, incomplete and unlawfully processed data.
These rights are mutually complementary, meaning that you can only demand either the rectification or completion, or the erasure of your data.
Right to restriction of processing
If it is unclear whether your processed personal data are inaccurate or incomplete, or have been unlawfully processed, you can demand that processing of your data be restricted until the matter is finally clarified.
Right to object
If your personal data are accurate and complete and are being lawfully processed by us, you can submit a reasoned objection to processing of the data in certain cases. You can also submit an objection if you receive direct advertising from us and no longer wish to receive it in future.
Right to data portability
If we process personal data that you have provided, under certain circumstances you have the right to demand that these data are transferred to you in a machine-readable format. You can also request that we transfer these data directly to a third party selected by you, provided this is technically feasible.
Right to lodge a complaint with a supervisory authority
Although we make every effort to ensure the protection and integrity of your data, differences of opinion may still arise regarding the ways in which we use your data. If you believe that we are using your data in a prohibited manner, you can contact us directly, but you are also entitled to lodge a complaint with the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, tel. +43 (0)1 52152-0, e-mail: [email protected].
If you have any questions regarding data protection in general or the exercise of your rights, you can contact us using the contact details provided in section 2 Controller, above. If there are reasonable doubts regarding your identity, please send us a copy of an official photo ID so we can ensure that personal data are not being disclosed to an unauthorised third party.
October 2024