Privacy

Personal data is collected, processed, and used by mumok only in accordance with the provisions of the Austrian Data Protection Act and the General Data Protection Regulation. The following information explains which data is collected in the context of a contract, during your visit to mumok, on the website, and when forms are submitted, as well as how this data is used.

We hereby inform you about which of your data is processed. The classification is organized by groups of individuals so that you can orient yourself using the following sections.

(Pre-)Contractual Partners of mumok

Legal Basis for Processing

If you are in a (pre-)contractual relationship with mumok, the personal data of our contact persons as well as the contact details of the individuals concluding the contract are processed.

This includes: first name, last name, email address, postal address, telephone number, bank account details, as well as billing and/or delivery address.

Purpose

Processing and transmission of data within the context of a business relationship (or for its execution) with customers and suppliers, including text documents created and archived with automated support (e.g., correspondence) in these matters. This also includes: accounts payable and receivable management, budgeting, and cost accounting.

If you have also registered for a mumok newsletter, your contact details will be used for this purpose. However, this only occurs with your consent and independent registration via a web form on our website.

Recipients

The data is processed internally within the organization and entered into the central accounting program for financial processing. There is no transfer to a third country.

Retention Period

Due to the statutory retention obligations under the Federal Fiscal Code and the Court of Audit Act, mumok is obliged to retain accounting documents. After the statutory retention periods have expired, the data will be deleted by mumok.

Visitors

When you visit mumok, you can do so using an annual pass, a Bundesmuseen Card, or a day ticket purchased online or on-site with cash. If you purchase tickets or other products through our webshop or directly at the museum counter, your data (name, address, phone number, email address) may be collected as necessary to fulfill the purchase agreement. This data is processed for the purposes of ordering and order fulfillment,

personalization of products, and delivery, and is stored until the statutory retention period expires. We will neither disclose, sell, nor rent your personal data to third parties. Your data will only be shared with third parties if required to fulfill the contract.

Thus, your data may be shared with our technical partner MBIT Solutions GmbH (Ortsstraße 2, 3492 Diendorf am Kamp). For ticket purchases from the online shop, your data may also be shared with our payment system providers (Stripe Payments Europe, Ltd., The One Building, 1 Grand Canal Street Lower, D02 H210 Dublin Irland), shipping providers or carriers (such as Österreichische Post AG) for the delivery of purchased products. In the case of participation in visitor surveys, your personal data will be processed on behalf of mumok by MANOVA GmbH (Wipplingerstraße 23/23, 1010 Vienna, Austria).

Please note that online ticket purchases using PayPal are also subject to PayPal's privacy policy, which you can review here.

If you visit mumok using an annual pass, a Bundesmuseen Card, or an online ticket purchased from the mumok webshop, your visit will be recorded via our scanner. If you visit mumok using a ticket purchased at the counter or through a sales partner, no data processing takes place. If you visit mumok as part of an event booked through our art education programs (such as programs for schools, universities, or children's birthday parties), a list will be provided to the ticket counter staff to verify the group. This list is destroyed after the event ends. If you attend mumok as part of an event booked through our website (such as workshops or guided tours), your visit will also be recorded via our scanner. If you visit mumok as a guest of a staff member, your visit will be reported to the security center, which will provide you with a visitor badge for the duration of your stay. This visit is recorded in a visitor logbook for one year. This serves mumok's legitimate security interest to identify external visitors with access to non-public exhibition areas in case of security-related incidents.

If you visit mumok with a ticket purchased with cash or through a ticket sales platform, no personal data is processed. For annual passes, online tickets from the mumok webshop, or Bundesmuseen Cards purchased from the mumok webshop, the date and time of your visit are recorded in your user profile. The legal basis for this is the contract and mumok's legitimate economic interest in continually improving your visit experience and verifying the validity of your card and identity. By purchasing an online ticket, annual pass, or Bundesmuseen Card from the mumok webshop, you also consent to this data processing for these purposes.

The legal basis for the processing is Article 6(1)(b) of the GDPR. Without the provision of this data, we cannot fulfill the contract.

Personal data is stored as long as necessary for the purposes for which it is processed, as well as for the duration of statutory retention obligations or if necessary to assert, exercise, or defend legal claims.

Your Rights

You have the right to information, correction, deletion, restriction of data processing, data portability, revocation and objection.
If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can complain to the supervisory authority. In Austria, this is the Austrian Data Protection Authority (www.dsb.gv.at).
You can also contact us at any time at datenschutz@mumok.at
Data Protection Officer: Laura Hamid

Website

Legal Basis and Purposes of Processing

Form data (from newsletter registration, contact forms, and when purchasing a mumok annual pass or mumok membership) is stored. In addition to the visible form fields such as first name, last name, etc., the time of storage and the current IP address are also saved.

The website uses cookies with your explicit consent. For the form fields, the data you voluntarily enter is processed only with your agreement to the consent declaration.

Recipients

On this website, data is collected and stored for marketing and optimization purposes using the open-source web analytics software Matomo (www.matomo.org).

Personal data is only collected, processed, and used by mumok in accordance with the provisions of the Austrian Data Protection Act and General Data Protection Regulation. The following information explains which data is collected when you visit our website.

1. Personal Data

Data entered into online forms when registering for the mumok Newsletter, the donation form as well as with the purchase of a mumok annual pass or a mumok Friends membership is stored. In addition to the visible fields in the forms, such as your e-mail address, first name and surname, the time of storage and the current IP address are also recorded.

2. The Use of Cookies

On this website mumok uses cookies to optimize our service.

a. What are cookies?

Cookies are small files with configuration settings that help mumok to ascertain frequency of use and the kind of use of the website. Cookies are also used to implement certain user functions. The main purpose of a cookie is therefore the recognition of the visitors of the website and thus it is possible to present each visitor a more individual and personalized website tailored to their needs.

Cookies may contain the following files:

• the name of the server that wrote the data package
• a one-time ID number
• sometimes an end date

b. The following cookies are saved after active use of the site has terminated:

• Session cookies:
• These are temporary cookies and they are deleted by closing the browser.
• adaptive  image: Saves the current resolution to play the appropriate image size
• has_js: saves information on whether the user’s browser has JavaScript as to provide specific functions or display formats
• cookie_agreed: checks if the user has accepted the cookie popup to decide whether to show the notice again or not.
• Web analysis cookies:

This website uses the open source web analysis service software Matomo (www.matomo.org) to collect and store data for marketing and optimization purposes.

This data is used to create user profiles under a pseudonym; cookies are used for this purpose (for details see point 1 "Cookies").  For this purpose, the usage information is sent, whereby your IP address is immediately anonymized, therefore no personalized data is stored for statistical evaluations.

The data collected (including your anonymized IP address) is transmitted exclusively to our server and stored for usage analysis purposes, which serves to optimize our website. Information on the cookies used by Matomo can be found here matomo.org/privacy-policy/.

The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. a GDPR.

The data is deleted as soon as it is no longer required for recording purposes.

Cookies are stored on the user's computer and transmitted by it to our website. You therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

By using this website you agree to the use of cookies to read, process, transfer, and save information.
By using this website, you consent to the processing of data about you by web analysis services in the manner and for the purposes described above.

c. Activating and Deactivating Cookies:

Most browsers accept cookies automatically. Cookies can be managed and deleted in your browser settings. When a setting prevents cookies from being stored, not all functions of the website may be able to be used in full.

d. Third Party Cookies

This website also integrates content from third parties. These third parties may also deploy cookies during your visit to our website, for example providing them with information that you have visited one of our websites. For further information on third-party use of cookies, please visit the website of the third party.

e. jStorage:

Information is stored identifying whether a user has seen a popup overlay and which contents he or she has seen. A popup overlay can be activated via the splashify module; there are various configurations available in the footer of this website.

3. Social Plugins

This website uses social media plugins from facebook.com, twitter.com, Instagram.com, and youtube.com. This can be recognized by the corresponding logo.
When visiting a page on which such a logo appears, the browser automatically connects to the respective server of the social media service. The connected social media service receives various data including which website the user is currently visiting. The operator of the website has no influence on which data is transmitted to the respective platform. This data transfer is also independent of whether the user clicks on the plug-in.
If the user is logged into Facebook, Twitter, Instagram, or YouTube.com at the same time as our website, the plugin may set up a concrete connection with the account of the user. If the user writes a comment on the website or likes it via the plugin, then the plugin sends information to Facebook etc. and links this with the user’s account. To prevent this, the user must logout from the social media account.
In addition to this information, users should also observe the privacy policy of Facebook, Twitter, Instagram and YouTube. There is also the option to install an add-on that blocks the social media plugin, so data transfer can be prevented.

Data Security

Your data security is our highest priority. Our declared aim is to take all necessary technical and organisational measures to ensure the security of data processing and to process your personal data in such a way that they are protected from access by unauthorised third parties. Through the use of state-of-the-art security software, coding and encryption methods our IT infrastructure meets the highest international security standards. For the transmission and storage of personal data, encryption procedures and access control systems of the applicable standards are used in order to protect these from unauthorized access as best as possible.

Your Rights

You have the right to information, correction, deletion, restriction of data processing, data portability, revocation and objection.
If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can complain to the supervisory authority. In Austria, this is the Austrian Data Protection Authority (www.dsb.gv.at).
You can also contact us at any time at datenschutz@mumok.at
Data Protection Officer: Laura Hamid