Data protection
Protection of your privacy is very important to Spanische Hofreitschule – Lipizzanergestüt Piber Gesellschaft öffentlichen Rechts (“SRS-LGP”). In the following, we would like to explain what we do to protect your data and which data we collect. Therefore, we provide information in terms of Art. 13 GDPR (General Data Protection Regulation) on the extent and purpose of personal data processing on our websites. For questions as to the terms, please refer to Art. 4 GDPR.
Generally, we process data in compliance with the General Data Protection Regulation (GDPR) and the Datenschutzgesetz [Austrian Data Protection Act].
We undertake to protect data from website visitors; we provide third parties with data we collected only in the way described in this Privacy Policy. It goes without saying that we transfer no personal data to advertising companies.
1. General information
SRS-LGP processes personal user data only pursuant to Austrian data protection law (DSG).
In the following, we provide information on the type, scope and purpose of personal data collection, processing and use for our web presence.
SRS-LGP diligently stores user data provided; however, we accept no liability for hacker attacks.
2. Automated data collection
For technical reasons, usage data collected and transferred by the users’ browsers to SRS-LGP includes the following, without being limited to this:
- browser type/version;
- operating system used;
- referrer URLs from which users are forwarded to www.srs.at, www.piber.com and www.fete-imperiale.at;
- websites which users visit;
- date and time of the access;
- internet protocol (IP) address of the users’ computers.
This data is stored separately from other user data possibly provided (name; address; telephone number/email address; language – for more details, please refer to sec. 3) and will be evaluated for statistical purposes to optimise the web presence and the offers on our websites (see also sec. 5 of this Privacy Policy).
3. Data usage
During the ordering process, you must provide the below personal data:
name; address; telephone number; email address; language; age (adult, senior, student or children’s tickets); relationship with a family/group (for family, student or group tickets). With press accreditations, you must also provide the medium, working title and a short project description.
Personal data provided during the ordering process is automatically used for contract processing; payment information is protected through encrypted procedures and will be used for payments only.
When using the contact form on our website and when participating in prize draws, we collect the below information:
name; email address; telephone number (possibly); postal address (possibly). This data will only be used to react to enquiries and to execute the relevant prize draws.
When subscribing to newsletters and magazines, we collect the below data:
name; email address; postal address. This data will only be used for sending the newsletters/magazines requested (see also sec. 8).
4. Cookies
SRS-LGP uses cookies to provide their services. Cookies are small text files which the user’s browser places and stores on the computer. This enables SRS-LGP to see whether users visit our web offers several times. Users can prevent the installation of such cookies by accordingly changing their browser software settings; however, SRS-LGP would like to draw your attention to the fact that, in this case, it might not be possible to use all functions of the website to the fullest extent.
Cookie names and storage periods:
- cookiesAccepted * stored for 1 year * it's information that page visitor accept using cookies
- fe_typo_user * this is added by TYPO3 and it expires on session end (browser close)
- _ga * 2 years * Used to distinguish users. * Used for Google Analytics
- _gid * 24 hours * Used to distinguish users. * Used for Google Analytics
- _gat * 1 minute * Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>. * Used for Google Analytics
- AMP_TOKEN * 30 seconds to 1 year * Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service. * Used for Google Analytics
- _gac_<property-id> * 90 days * Contains campaign related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out. Learn more. * Used for Google Analytics
5. Web presence analysis
Based on their legitimate interests (i.e. interests in analyses, optimisation and economic operation of our on-line offers in terms of point (f) of Art. 6(1) GDPR), SRS-LGP uses Google Analytics, a web analysis service provided by Google, Inc. (“Google”). Google uses cookies. Information created by such cookies on on-line offer usage by users is generally transferred to and stored on Google servers based in the US.
Google is certified under the Privacy Shield Agreement and guarantees to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to evaluate on-line offer use by users, to prepare reports on activities within this on-line offer and to provide other services for us related to on-line offer and internet use. In this context, processed data may be used for creating pseudonymised user profiles.
We use Google Analytics only with IP anonymisation enabled which means that Google shortens the users’ IP address within the Member States of the European Union or other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The user’s IP address which the browser transmits will not be connected with other data collected by Google. Users may prevent cookies from being stored by accordingly changing their browser settings. Users can also prevent data created by cookies and related to their on-line offer use from being transferred to and processed by Google by downloading and installing a browser plug-in available under the below link: http://tools.google.com/dlpage/gaoptout?hl=de.
Additional information on data usage by Google, on settings and your rights to object is available on the Google websites: https://www.google.com/intl/de/policies/privacy/partners (“Data use by Google when using our partners’ websites/apps”), http://www.google.com/policies/technologies/ads (“Data use for advertising”), http://www.google.de/settings/ads (“Managing information which Google uses to show advertisements to you”).
6. Facebook social plug-ins
Based on their legitimate interests (i.e. an interest in analyses, optimisation and economic operation of our on-line offer in terms of point (f) of Art. 6(1) GDPR), SRS-LGP uses social plug-ins (“plug-in”) provided by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). These plug-ins may represent interaction elements or contents (e.g. videos; graphics; texts) and can be recognised through the Facebook logo (a white “f” on a blue tile; the terms “Like”, “I like”; or the “Thumb up” symbol) or they are identified as “Facebook social plug-in”. For a list and the design of Facebook social plug-ins, please refer to: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield Agreement and guarantees to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
If users access on-line offer functions which contain such plug-ins, their device directly establishes a connection with Facebook’s servers. The plug-in contents are then directly transferred to the users’ device and integrated into the page by Facebook. In this context, processed data may be used for creating user profiles. Therefore, we have no influence on the scope of data which Facebook collects through these plug-ins, which is why we provide users with any information we have ourselves.
By embedding plug-ins, Facebook is informed about a user having accessed the relevant on-line offer page. If such user is logged on to Facebook at this time, Facebook is able to allocate the visit to his/her Facebook account. Should users interact with the plug-ins, e.g. by activating the “Like” button or by posting a comment, your device directly transmits to and stores the relevant information on a Facebook server. Even if users have no Facebook account, it is still possible that Facebook has access to and stores their IP address. According to Facebook, they only store anonymised IP addresses in Austria.
For more information on the data collection purpose and scope, the processing and the use of data by Facebook, your rights and possible settings to protect your privacy, please refer to the Facebook privacy policy at: https://www.facebook.com/about/privacy/.
If users are Facebook members and want to prevent Facebook from both collecting data on them via this on-line offer and connecting this data with membership data stored by Facebook, they must log off from Facebook prior to using our on-line offer and delete their cookies. For more information on settings and objections to data use for advertising purposes, please refer to the Facebook profile settings at https://www.facebook.com/settings?tab=ads, to the US page at http://www.aboutads.info/choices/ or to the EU page at http://www.youronlinechoices.com/. These settings will be made regardless of the platform, that is, they will be applied to all devices, e.g. computers or mobile devices.
7. YouTube
SRS-LGP embedded YouTube videos on the website which are stored at www.youtube.com and which can be directly played on our website. All videos are embedded under the “extended data protection mode”, i.e., no data on you will be transmitted to YouTube if you do not play the videos. Only when playing the videos will YouTube cookies by stored on your computer and data be transferred to Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, as the YouTube operator. Data transmission is independent of whether you have a Google account to which you are logged on or whether you have no user account. When being logged on, this data is directly linked to your account. If you do not wish for data to be linked to your profile, you must log off before clicking on the button. YouTube and/or Google, Inc. saves this data as a user profile and uses it for advertisement, market research and/or needs-oriented design of its website. The particular objectives of such analysis (also for users not logged on) include the provision of appropriate advertisement and informing other users of your activities on our website. You have a right to object to such user profiles being created, whereby you must refer to Google, Inc., the YouTube provider, to execute this right. For more information on data collection purposes and scopes and the processing by Google, Inc., please refer to www.google.at/intl/de/policies/privacy. By playing YouTube videos you agree to Google, Inc. processing your data. We, however, do not process the relevant data.
8. Newsletter
You can consent to subscribe to our newsletter, which provides you with information about our current offers. Goods and services on offer will be listed in the declaration of consent for this newsletter.
We use the so-called double opt-in procedure for the subscription to our newsletter. This means that after your registration, we will send an e-mail to the specified e-mail address in which we ask you to confirm that you want to receive the newsletter. If you fail to confirm subscription within 24 hours, your data will be blocked and automatically erased after a month. Furthermore, we will always store the IP addresses used and the time of the registration and confirmation. This serves as a means of proof of your subscription and, if applicable, to solve any potential misuse of your personal data.
Mandatory information for sending the newsletter is your e-mail address. More, separately marked data can be specified voluntarily and will only be used to address you personally. After your confirmation, we will store your email address for the purpose of sending the newsletter. The legal basis is point (a) of sent. 1 of Art. 6(1) GDPR.
You may withdraw your consent to the transmission of the newsletter and unsubscribe at any time. You can submit your withdrawal by clicking on the link provided in each newsletter, by sending an email to datenschutz@srs.at or by sending a message to the contact details specified in the Legal Notice.
We hereby inform you that we evaluate your usage behaviour when delivering newsletters. For evaluation purposes, emails include “web beacons” and/or tracking pixels representing single-pixel image files which we store on our website. We link both this data and the web beacons to your email address and an individual ID. The data will be exclusively collected in pseudonymised form, i.e. the IDs will not be assigned to your other personal data and cannot be directly linked to a particular individual. You may object to these tracking activities at any time by clicking on the separate link provided in each newsletter or by contacting us in any other way. This information is stored for so long as you are subscribed to the newsletter. Following unsubscription, we store such data only for statistical purposes on an anonymous basis.
Newsletters provider:
CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede, Germany
www.cleverreach.com/de/datenschutz/
9. Using our web shop
If you want to place orders in our web shop, contract conclusion requires the provision of your personal data which we need to have to process your order. Data required for contract execution are indicated separately, additional information is provided on a voluntary basis. We process any data you provide to process your order and we may transmit your payment data to our bank. The legal basis is point (b) of sent. 1 of Art. 6(1) GDPR. You are free to open a customer account in which we store your data for subsequent purchases. When creating such account under “My account”, we revocably store the data you provided. You will be able to always erase any other data at the customer area, including your user account.
Due to regulations under commercial and tax law, we are obliged to save your address, payment and order details for a period of seven years. We will, however, restrict processing after two years, i.e. your data will only be used to comply with legal obligations.
In order to prevent unauthorised third-party access to your personal data, especially financial details, the order process is encrypted using TLS technology.
10. Data protection provisions when using external payment service providers
Regarding the web shop use, we provide several payment methods and commission different payment service providers for this. Depending on the payment method, different sets of data will be transmitted to the relevant provider. The legal basis of transmission is point (a) of sent. 1 of Art. 6(1) GDPR. In the following, you will find a list of our payment service providers:
- SIX Payment Services (Austria) GmbH
If you want to pay by credit card, we transmit your personal data to SIX Payment Services. Data transmission is legally based on point (a) of Art. 6(1) GDPR (Consent) and point (b) of Art. 6(1) GDPR (Processing for Contract Fulfilment).
Payment service provider:
SIX Payment Services (Austria) GmbH
Marxergasse 1B, A-1030 Vienna
Registered office: Vienna; commercial register: Commercial Court of Vienna; FN 54531
Tel.: +43 1 71701-6318
Fax: +43 1 71701-6314
www.six-payment-services.com
www.paymentforyou.com
www.payunity.com
In this context, SIX Payment Services (Austria) GmbH collects the below data:
-
- name; title; invoicing/delivery address; email address;
- information on ordered products;
- location-related information;
- IP address
11. Provision of information
Upon request, we provide users with information on stored data relating to them as a person or to their user name, whereby this information can also be provided by electronic means. In this case, please refer to:
Spanische Hofreitschule – Lipizzanergestüt Piber Gesellschaft öffentlichen Rechts
Michaelerplatz 1
1010 Vienna
Tel.: +43/1/533 90 31
Email: datenschutz@srs.at