Data Protection Statement

Responsible Authority
MAK – Austrian Museum of Applied Arts / Contemporary Art

represented by DDr. Christoph Thun-Hohenstein and Mag. Teresa Mitterlehner-Marchesani
Stubenring 5
1010 Vienna

Legal Basis
At the MAK – Austrian Museum of Applied Arts / Contemporary Art (hereinafter “the MAK”), the security and strictly confidential handling of your data has absolute priority. For this reason, we employ the most up-to-date security standards in protecting your data.
Personal data are collected, processed, and utilized by the MAK only under strict observation of current Austrian data protection legislation (the Data Protection Act of 2000, the Data Protection Regulatory Act of 2018, and the General Data Protection Regulation GDPR).


The following information explains what data are collected during your visit to our website and for what purpose they are used.

Access Data
During your visit to our website, the webspace provider of the MAK collects data on accesses to the site and stores these in the form of server logfiles. The following data are logged: date and time of retrieval, transferred data volume, notification of successful retrieval, user’s operating system, referrer (URL of previously visited page), IP address, and requesting provider.

Collected Data and Reason for Processing
We collect and process your data in order to cater optimally to your needs as user of the MAK website, to process your bookings and orders quickly and to your satisfaction, and to inform you about our program, our services, and our products.
Personal data will be processed by the MAK only to the extent necessary to complete the contract in question (for instance to purchase products in the online shop, to deliver services, to answer inquiries, and to provide information on MAK programs). We categorically use your data only for the purpose for which they were collected.
Data is processed for other purposes only to the extent that the user has previously agreed to the data’s use for such purposes, whereby permission may be rescinded at any time.

Cooperation with Contract Processors and Third Parties
Insofar as the MAK discloses data to other persons and companies, transfers data to these, or otherwise grants such parties access to data, this shall take place solely on a basis established in law (permission from you the user, legal obligation, legitimate interest on the part of the MAK—for instance processing of data by contract processors on the basis of a contract processing agreement—or a contractual performance-related requirement).

Your Rights as User of the Website
As a user you have at all times the right to information on your personal data stored by the MAK, the origin and recipients of such data, and the purpose for which the data are processed.
Further, you have the right to rectify, transmit, delete, and restrict the processing of such data. You may at any time rescind permission to collect and store your personal data. Please direct related requests to .
If you believe that processing of your data is not in line with data protection legislation, or that your rights under data protection legislation are otherwise not being respected, you have the option of lodging a complaint with the data protection authorities.

Deletion of Data
Insofar as deletion is not prevented by a statutory retention period, the data stored with us will be deleted as soon as they are no longer needed for the purpose for which they were collected.

Use of Cookies
We also hereby inform you that cookies are used when visiting our website. Cookies are small files or other form of information storage transmitted by our webserver or by third party webservers to users’ web browsers and stored there for later retrieval. The cookies used by us are session cookies and are deleted from your hard drive when your browser is closed. In addition, we use cookies to statistically analyze use of our website within the framework of the web analysis service Google Analytics (see below). These data are collected on the basis of Art. 6 par. 1 lit. f GDPR.
Insofar as you have previously given your permission, on the basis of Art. 6 par. 1 lit. a GDPR, within the framework of your visit to our website cookies from third-party providers are used to survey and analyze your usage behavior. Agreement to the use of such cookies is granted through insertion of a banner on which the cookies’ use is briefly explained, and you have the opportunity to approve their use.

Functional Limitation without Cookies
We use cookies to make our offerings user-friendly. Some cookies remain stored on your terminal device until you delete them. They permit us to recognize your browser on your next visit. If you do not wish this, you can program your browser so that you are informed when cookies are being installed and can allow their installation on a case-by-case basis. 
Nevertheless, we must inform you that deactivating cookies may restrict the functionality of our website.

Newsletter
When you register separately for our Newsletter and thus give us relevant permission on the basis of Art. 6 par. 1 lit. a GDPR, we process your name and e-mail address for the sole purpose of sending our Newsletter. Your e-mail address is then stored until you unsubscribe from the Newsletter or until you withdraw your permission. You may at any time withdraw your permission or cancel the Newsletter by sending a message to or by clicking on the Unsubscribe button at the bottom of every Newsletter— or informing us in any other way.

Newsletter Distribution Service Provider
The Newsletter is distributed by the distribution service provider Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany. The distribution service provider is employed on the basis of our legitimate interests according to Art. 6 par. 1 lit.f. GDPR and of a work processing contract according to Art. 28 par. 3 GDPR.
The distribution service provider is entitled to use receivers’ data in pseudonymous form—i.e. without the data’s being assignable to specific users—to optimize or improve its own services, for instance to technically optimize distribution and presentation of the Newsletter or for statistical purposes. The distribution service provider may not, however, use the data of our Newsletter receivers in order to contact these on its own account, nor pass on their data to third parties.

Blog
The blog subscription is distributed by the distribution service provider MailChimp, a newsletter distribution platform of the American service provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. MailChimp is certified under the EU-US Privacy Shield framework, that guarantees compliance with European data protection standards. The distribution service provider is employed on the basis of our legitimate interests according to Art. 6 par. 1 lit.f. GDPR and of a work processing contract. The distribution service provider is entitled to use receivers’ data in pseudonymous form—i.e. without the data’s being assignable to specific users—to optimize or improve its own services, for instance to technically optimize distribution and presentation of the Blog or for statistical purposes. The distribution service provider may not, however, use the data of our Newsletter receivers in order to contact these on its own account, nor pass on their data to third parties.

Social Plug-ins
This website uses social media plug-ins from facebook.com, twitter.com, instagram.com, plus.google.com, pinterest.com, youtube.com, and vimeo.com. This is indicated by the relevant logo.
When visiting a page on which such a logo appears, the browser automatically connects with the server of the social media service in question.  The latter thus receives a range of data and learns which specific page the user is visiting. The website operator has no influence on what data are passed on to the platform in question. This data transfer also takes place independently of whether the user clicks on the plug-in.
If the user is simultaneously logged into Facebook, Twitter, Instagram, Google Plus, Pinterest, YouTube, or Vimeo, the plug-in can set up a direct link to the user’s account. If the user writes a comment on the website or “likes” the website via the plug-in, the plug-in communicates this information to Facebook and associates the information with the user’s account. If you do not wish this to happen, you must first log out of your social media account.
In addition, you should also be aware of the data protection policy of Facebook, Twitter, Instagram, Vimeo, Pinterest, YouTube, and Google Plus. You also have the option of installing an add-on that blocks social media plug-ins and thus prevents such data transfer.

Google Analytics
We use Google Analytics, a web analysis service of Google LLC (“Google”), 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Within the framework of Google Analytics, cookies are placed on your computer to allow a statistical analysis of your use of our website. To this end, we have concluded a contract data processing agreement with Google.
The data on your use of this website (to include your IP address) generated by these cookies are rendered anonymous before being stored on Google’s servers, such that they can no longer be linked to a specific computer. Only in exceptional cases is a complete IP address communicated to a Google server in the USA where it is abbreviated. Google uses this information to analyze your use of the website, to compile reports on website activity for the website operators, and to provide other services connected with the use of the website and the Internet. The IP address provided by your browser within the framework of Google Analytics is not merged with other Google data. More information on the handling of user data by Google Analytics may be found in Google’s data protection statement.
You can prevent collection of data generated by the cookies on your use of the website, as well as processing of anonymized data by Google, by downloading and installing a browser plug-in from the following link: https://tools.google.com/dlpage/gaoptout?hl=de. However, we hereby inform you that if you do so you may not be able to use all of this website’s functions to their full extent.

The Facebook Pixel
Within the framework of our online offerings, based on our legitimate interest in analyzing, optimizing, and efficiently operating our online offerings, we make use of the Facebook Pixel from the social network Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).
The Facebook Pixel firstly enables Facebook to determine the suitability of visitors to our online offerings for targeting by Facebook ads. We thus use the Facebook Pixel in order to show Facebook ads placed by us only to those Facebook users who have shown an interest in our online offerings, or who reveal certain attributes (such as interest in certain topics or products determined by websites visited) that we pass on to Facebook. With the help of the Facebook Pixel, we also seek to ensure that our Facebook ads harmonize with users’ potential interests and are not a source of annoyance.

Google AdWords
Based on our legitimate interest in analyzing, optimizing, and efficiently operating our online offerings, we use the services of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”).
We use the online marketing system Google AdWords to place advertisements in the Google advertising network (for instance in search results, in videos, on websites, etc.) so that they are shown to users who have a presumed interest in the advertisements. This allows us more precisely to place advertisements for and within our online offerings so that users are shown only those advertisements that potentially meet their interests.

Google Fonts
We incorporate the fonts (“Google Fonts”) of the provider Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
Opt-out: https://adssettings.google.com/authenticated.

SSL Encryption
For security reasons and to protect the transmission of confidential information, for example inquiries you send us, this page uses an SSL encryption. You can recognize an encrypted connection by the fact that the address line of the browser switches from “http://” to “https://” and by the lock symbol in your browser address line.
When the SSL encryption is activated, the data you send to us cannot be accessed by a third party.

Contact
Should you wish to exercise one or more of your rights as user of our website, please contact us by e-mail at or by post at MAK – Austrian Museum of Applied Arts / Contemporary Art, Attn. Data Protection Officers, Stubenring 5, 1010 Vienna.