Data Protection Statement of the MAK

Responsible Authority
MAK – Museum of Applied Arts
represented by Mag. Lilli Hollein and Mag. Teresa Mitterlehner-Marchesani
Stubenring 5
1010 Vienna
 
Legal Basis
At the MAK – Museum of Applied Arts (hereinafter “the MAK”), the security and strictly confidential handling of your data has absolute priority. For this reason, we employ the most up-to-date security standards in protecting your data.
Personal data are collected, processed, and utilized by the MAK only under strict observation of current Austrian data protection legislation (the Data Protection Act of 2000, the Data Protection Regulatory Act of 2018, and the General Data Protection Regulation GDPR).
 
The cookie settings can be adjusted at any time using the following link: adjust cookie settings
 
The following information explains what data are collected during your visit to our website and for what purpose they are used.
 
Access Data
During your visit to our website, the webspace provider of the MAK collects data on accesses to the site and stores these in the form of server logfiles. The following data are logged: date and time of retrieval, transferred data volume, notification of successful retrieval, user’s operating system, referrer (URL of previously visited page), IP address, and requesting provider.
 
Collected Data and Reason for Processing
We collect and process your data in order to cater optimally to your needs as user of the MAK website, to process your bookings and orders quickly and to your satisfaction, and to inform you about our program, our services, and our products.
Personal data will be processed by the MAK only to the extent necessary to complete the contract in question (for instance to purchase products in the online shop, to deliver services, to answer inquiries, and to provide information on MAK programs). We categorically use your data only for the purpose for which they were collected. Data is processed for other purposes only to the extent that the user has previously agreed to the data’s use for such purposes, whereby permission may be rescinded at any time.
 
Cooperation with Contract Processors and Third Parties
Insofar as the MAK discloses data to other persons and companies, transfers data to these, or otherwise grants such parties access to data, this shall take place solely on a basis established in law (permission from you the user, legal obligation, legitimate interest on the part of the MAK-for instance processing of data by contract processors on the basis of a contract processing agreement-or a contractual performance-related requirement).
 
Your Rights as User of the Website
As a user you have at all times the right to information on your personal data stored by the MAK, the origin and recipients of such data, and the purpose for which the data are processed.
Further, you have the right to rectify, transmit, delete, and restrict the processing of such data. You may at any time rescind permission to collect and store your personal data. Please direct related requests to datenschutz@MAK.at.
 
If you believe that processing of your data is not in line with data protection legislation, or that your rights under data protection legislation are otherwise not being respected, you have the option of lodging a complaint with the data protection authorities.
 
Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Vienna
Telephone: +43 1 521 52-25 69
 
Deletion of Data
Insofar as deletion is not prevented by a statutory retention period, the data stored with us will be deleted as soon as they are no longer needed for the purpose for which they were collected.
 
Use of Cookies
We also hereby inform you that cookies are used when visiting our website. Cookies are small files or other form of information storage transmitted by our webserver or by third party webservers to users’ web browsers and stored there for later retrieval. The cookies used by us are session cookies and are deleted from your hard drive when your browser is closed. In addition, we use cookies to statistically analyze use of our website within the framework of the web analysis service Matomo (see below). These data are collected on the basis of Art. 6 par. 1 lit. f GDPR.
 
Insofar as you have previously given your permission, on the basis of Art. 6 par. 1 lit. a GDPR, within the framework of your visit to our website cookies from third-party providers are used to survey and analyze your usage behavior. Agreement to the use of such cookies is granted through insertion of a banner on which the cookies’ use is briefly explained, and you have the opportunity to approve their use.
 
Functional Limitation without Cookies
We use cookies to make our offerings user-friendly. Some cookies remain stored on your terminal device until you delete them. They permit us to recognize your browser on your next visit. If you do not wish this, you can program your browser so that you are informed when cookies are being installed and can allow their installation on a case-by-case basis. Nevertheless, we must inform you that deactivating cookies may restrict the functionality of our website.
 
Newsletter
When you register separately for our Newsletter and thus give us relevant permission on the basis of Art. 6 par. 1 lit. a GDPR, we process your name and e-mail address for the sole purpose of sending our Newsletter. Your e-mail address is then stored until you unsubscribe from the Newsletter or until you withdraw your permission. You may at any time withdraw your permission or cancel the Newsletter by sending a message to marketing@MAK.at or by clicking on the Unsubscribe button at the bottom of every Newsletter or informing us in any other way.
 
Newsletter Distribution Service Provider
The Newsletter is distributed by the distribution service provider Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany. The distribution service provider is employed on the basis of our legitimate interests according to Art. 6 par. 1 lit.f. GDPR and of a work processing contract according to Art. 28 par. 3 GDPR.
The distribution service provider is entitled to use receivers’ data in pseudonymous form i.e. without the data’s being assignable to specific users to optimize or improve its own services, for instance to technically optimize distribution and presentation of the Newsletter or for statistical purposes. The distribution service provider may not, however, use the data of our Newsletter receivers in order to contact these on its own account, nor pass on their data to third parties.
 
Blog
The blog subscription is distributed by the distribution service provider MailChimp, a newsletter distribution platform of the American service provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. MailChimp is certified under the EU-US Privacy Shield framework, that guarantees compliance with European data protection standards. The distribution service provider is employed on the basis of our legitimate interests according to Art. 6 par. 1 lit.f. GDPR and of a work processing contract. The distribution service provider is entitled to use receivers’ data in pseudonymous form i.e. without the data’s being assignable to specific users to optimize or improve its own services, for instance to technically optimize distribution and presentation of the Blog or for statistical purposes. The distribution service provider may not, however, use the data of our Newsletter receivers in order to contact these on its own account, nor pass on their data to third parties.
 
Social Plug-ins
This website uses social media plug-ins from facebook.com, twitter.com, instagram.com, google.com, pinterest.com, youtube.com, tiktok.com, soundcloud.com, and vimeo.com. This is indicated by the relevant logo.
 
When visiting a page on which such a logo appears, the browser automatically connects with the server of the social media service in question.  The latter thus receives a range of data and learns which specific page the user is visiting. The website operator has no influence on what data are passed on to the platform in question. This data transfer also takes place independently of whether the user clicks on the plug-in.
 
If the user is simultaneously logged into Facebook, Twitter, Instagram, Pinterest, YouTube, Soundcloud, TikTok or Vimeo, the plug-in can set up a direct link to the user’s account. If the user writes a comment on the website or “likes” the website via the plug-in, the plug-in communicates this information to Facebook and associates the information with the user’s account. If you do not wish this to happen, you must first log out of your social media account.
 
In addition, you should also be aware of the data protection policy of Facebook, Twitter, Instagram, Vimeo, Pinterest, YouTube, Soundcloud, TikTok and Google. You also have the option of installing an add-on that blocks social media plug-ins and thus prevents such data transfer.
 
Matomo
We use Matomo, a service of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769 (“Matomo”), which uses cookie technology, for web analysis. The protection of your data is important to us, which is why we have also configured Matomo such that your IP address is only registered in abbreviated form. We process your personal data anonymized. It is not possible to trace the data back to your person. You can find further information about the conditions of usage of Matomo and the regulations pertaining to data protection law under matomo.org/privacy
 
Google AdWords
Based on our legitimate interest in analyzing, optimizing, and efficiently operating our online offerings, we use the services of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). We use the online marketing system Google AdWords to place advertisements in the Google advertising network (for instance in search results, in videos, on websites, etc.) so that they are shown to users who have a presumed interest in the advertisements. This allows us more precisely to place advertisements for and within our online offerings so that users are shown only those advertisements that potentially meet their interests.
 
SSL Encryption
For security reasons and to protect the transmission of confidential information, for example inquiries you send us, this page uses an SSL encryption. You can recognize an encrypted connection by the fact that the address line of the browser switches from “http://” to “https://” and by the lock symbol in your browser address line. When the SSL encryption is activated, the data you send to us cannot be accessed by a third party.
 
Contact
Should you wish to exercise one or more of your rights as user of our website, please contact us by e-mail at datenschutz@MAK.at or by post at

MAK – Museum of Applied Arts
Attn. Data Protection Officers
Stubenring 5
1010 Vienna