Menu
Data Protection

The Data Protection Declaration of the ALBERTINA Museum

Protecting your personal data is an important concern of the ALBERTINA, and we comply fully with the General Data Protection Regulation of the EU. In this document, we would like to inform you about how we collect and process personal and non-personal data.

1. YOUR RIGHTS

The data protection rules now in force accord you, the data subject, the following rights:

  • You may at any time, upon providing proof of your identity, request information about the data pertaining to your person that we process (initial requests are free of charge, whereas follow-up requests may entail an obligatory fee to cover costs in certain cases).
  • You may at any time request the correction of out-of-date or incorrect information pertaining to your person and/or demand that your data be deleted.
  • You may at any time object to the use of your personal information on account of special personal interests for the protection of which confidentiality is warranted.
  • You may request that your information be transferred to another data controller insofar as this is compatible with applicable data protection laws.

Should you desire to exercise one or more of these rights, please contact us

by e-mail:

You can also contact us by physical mail: ALBERTINA, attn. Datenschutzbeauftragter, Albertinaplatz 1, 1010 Vienna

 

2. DATA PROCESSING

Our website enables you to purchase tickets, services, and various products online as well as download images from the ALBERTINA’s online collections or the press area of the ALBERTINA website. When you place an order, we use your information (name, telephone number, e-mail address, street address, and [if applicable] age) in connection with your person. We collect, process, and store this information for the purpose of processing and facilitating delivery of your order. We neither reveal nor sell or lease your personal data to third parties. We transfer your data to third parties only in cases where doing so is necessary for the fulfilment of your contract with us. It is for this purpose that we transfer your data to our technology partners (PEACH Kommunikationsagentur GmbH, Gumpendorferstraße 43, 1060 Vienna; Luchs.at, Weyringergasse 30A/Top 10, 1040 Vienna) as well as—when purchasing tickets from our online shop—to our payment services providers (Unzer Austria GmbH, Grüngasse 16, 1050 Vienna; Computop GmbH, Schwarzenbergstr. 4, D-96050 Bamberg) and our technical partner (dynamic commerce GmbH, Von-Linde-Str. 11, D-95326 Kulmbach), to our delivery agents and/or shippers (such as Österreichische Post AG) in order to send the products you have purchased and—should you download images—to CIT Collections Information Technology, Rapenburg 8, 2311 EV Leiden, Netherlands in order to transmit to you the images you have requested, as well as—if you take part in our visitor survey—to our survey data processor MANOVA GmbH, Wipplingerstraße 23/23, 1010 Vienna. When purchasing membership in the Friends of the Albertina Museum, your data is transmitted to the Verein der Freunde der Albertina (ALBERTINA, Albertinaplatz 1, 1010 Vienna) for the purpose of membership administration.

Please note that when purchasing tickets online using PayPal, the data protection declaration of PayPal (which you can read here) also applies.

Should you abort your placement of an order before completing it, none of the data that you have entered will be saved by us. If a contract is concluded, however, we will save all data pertaining to this contractual relationship for a period of ten years, at which time the legal obligation to retain this data expires.

We process your personal information for advertising purposes (such as sending out the ALBERTINA Newsletter) only after having received your explicit consent for us to do so. To send out our newsletter, we work together with Eyepin GmbH, 1190 Vienna, Billrothstraße 52 as our processor. You can find further information relating to our newsletter under Point 9.

Data processing takes place in conformance with legal requirements (TKG, DSGVO, DSG/2018).

 

3. DATA SECURITY

Our website uses an SSL (secure socket layer) certificate in order to encrypt the transfer of your personal data.

In general, we have implemented the most extensive possible technical and organizational measures for the protection of your personal data. Despite all of these precautions, however, no transfer of data via the Internet can be regarded as totally secure. Although we adhere to the legally mandated security standards, please be aware that we cannot guarantee the security of personal information transferred via the Internet.

 

4. COOKIES

“Cookies” are text files that are stored on your computer or smartphone. Some of these facilitate analysis of how you use our website. Our website also employs cookies that are essential to its usability. This useability includes basic functions such as site navigation. Without these cookies, our website cannot function correctly. Consequently, the following cookies are used:

Name: CookieConsent
Provider: www.cookiebot.com 
Type: HTTP cookie
Expiry: 1 year
Purpose: This cookie from the service CookieBot stores the user’s cookie consent state for the current domain.

Name: jctr_sid
Provider: www.jentis.com
Type: HTTP cookie
Expiry: 30 minutes
Purpose: Saves the JENTIS session ID.

Name: plyr
Provider: www.albertina.at
Type: HTML
Expiry: persistent
Purpose: Necessary for the implementation of video content on the website.

Name: wires
Provider: www.albertina.at
Type: HTTP
Expiry: session
Purpose: Necessary for secure log-ins and for detecting spam or abuse of the website.

Name: AWSALB
Provider: www.siteimprove.com/privacy/
Type: HTTP
Expiry: 7 days
Purpose: Registers which server cluster is serving the visitor. This helps to optimize user experience in connection with load balancing.

Name: AWSALBCORS
Provider: www.siteimprove.com/privacy/
Type: HTTP
Expiry: 6 days
Purpose: Registers which server cluster is serving the visitor. This helps to optimize user experience in connection with load balancing.

Name: CONSENT [x2]
Providers: Google, YouTube (https://policies.google.com/privacy)
Type: HTTP
Expiry: 2 years
Purpose: Used in order to determine whether visitors have accepted the marketing category in the cookie banner. This cookie is needed in order for the website to conform to the GDPR.

Name: __cf_bm
Provider: Vimeo (https://vimeo.com/privacy)
Type: HTTP
Expiry: 1 day
Purpose: This cookie is used in order to tell the difference between human users and bots, which benefits the website in terms of its ability to generate valid site usage reports.

Optionally and only with your consent, we also employ further cookies about which you can read in the sections 5. Web Analytics & Conversion Tracking and 7. Social Media Plug-ins.

 

5. WEB ANALYTICS & CONVERSION TRACKING

5.1. GOOGLE ANALYTICS & JENTIS

In order to analyze the behavior of our website’s visitors and continually improve our website, we use the web analysis service Google Analytics, which is provided by Google Ireland Limited, Gordon House, Barrow St., Dublin 4, Ireland. While Google Analytics does use cookies, only anonymized personal data is made available to Google. In combination with Google Analytics, we also use the services of JENTIS GmbH (Schönbrunner Strasse 231, 1120 Vienna). This service provider therefore receives access to web analysis data, which is measured, stored, and made available to us by the utilized analysis tools and JENTIS®.

For purposes of analysis, data is transmitted to JENTIS GmbH while JENTIS® also independently collects data relating to visitors’ browser environments and/or behavior on our behalf. JENTIS GmbH only processes data that JENTIS GmbH cannot trace back to an individual person. IDs set by JENTIS® are randomly generated and used for anonymous recognition. Prior to its storage, your IP address will be truncated so that it no longer pertains to you personally.

Jentis employs the following cookies and pixels on our website:

Name: jctr_sid
Provider: www.jentis.com
Type: HTTP
Expiry: 30 minutes
Purpose: Saves the JENTIS session ID.

Name: jentis.consent.data
Provider: www.jentis.com
Type: HTML, browser storage object
Expiry: persistent
Purpose: Storage of consent-vendors and JENTIS consent-ID settings.

Name: jentis.core.tracker.rawdata-controller
Provider: www.jentis.com
Type: HTML, browser storage object
Expiry: persistent
Purpose: Storage of the ID-relation between the different collected document types.

 

5.2. SITEIMPROVE

For the analysis and ongoing improvement of our website, we use Siteimprove Analytics, a web analytics service provided by Siteimprove GmbH, Burggasse 117/9, 1070 Vienna. Siteimprove Analytics employs cookies. The information on your use of the website that we receive from these cookies is saved and processed by Siteimprove on servers in Denmark. IP addresses are completely anonymized before the collected data is made available to us for viewing via the Siteimprove Suite. This anonymization of IP addresses cannot be reversed, nor is it possible to attribute IP addresses to the collected data.

We process the information generated by Siteimprove in order to evaluate how users interact with our website, compile site usage reports, and continually improve our users’ website experience. 

Siteimprove employs the following cookies and pixels on our website:

Name: nmstat
Provider: www.siteimprove.com/privacy/
Type: HTTP
Expiry: 399 days
Purpose: This cookie contains an ID string pertaining to the current session that consists of non-personal information on the subpages requested by the visitor. This information is used to optimize the visitor’s experience.

Name: AWSALB
Provider: www.siteimprove.com/privacy/
Type: HTTP
Expiry: 7 days
Purpose: Registers which server cluster is serving the visitor. This helps to optimize user experience in connection with load balancing.

Name: AWSALBCORS
Provider: www.siteimprove.com/privacy/
Type: HTTP
Expiry: 6 days
Purpose: Registers which server cluster is serving the visitor. This helps to optimize user experience in connection with load balancing.

Name: image.aspx
Provider: www.siteimprove.com/privacy/
Type: pixel
Expiry: session
Purpose: Registers statistical data concerning users’ behavior on the website that is used for internal analytics by the website operator.

 

5.3. MICROSOFT CLARITY

We also use Microsoft Clarity, an analysis tool that provides website usage statistics, user activity monitoring, and heatmaps. To this end, the following cookies are employed:

Name: _clck
Provider: Microsoft (https://privacy.microsoft.com/en-us/privacystatement)
Type: HTTP
Expiry: 1 year
Purpose: Gathers data on navigation and user behavior on the website that is used to generate statistical reports and heatmaps for the website owner.

Name: _clsk
Provider: Microsoft (https://privacy.microsoft.com/en-us/privacystatement)
Type: HTTP
Expiry: 1 day
Purpose: Registers statistical data on users’ behavior while on the website. Used by the website operator for internal analyses.

Name: _cltk
Provider: Microsoft (https://privacy.microsoft.com/en-us/privacystatement)
Type: HTML
Expiry: session
Purpose: Registers statistical data on users’ behavior while on the website. Used by the website operator for internal analyses.

Name: c.gif
Provider: Microsoft (https://privacy.microsoft.com/en-us/privacystatement)
Type: pixel
Expiry: session
Purpose: Gathers data on navigation and user behavior on the website that is used to generate statistical reports and heatmaps for the website owner.

Name: CLID
Provider: Microsoft (https://privacy.microsoft.com/en-us/privacystatement)
Type: HTTP
Expiry: 1 year
Purpose: Gathers data on navigation and user behavior on the website that is used to generate statistical reports and heatmaps for the website owner.

Name: SRM_B
Provider: Microsoft (https://privacy.microsoft.com/en-us/privacystatement)
Type: HTTP
Expiry: 1 year
Purpose: Used in order to track the user’s interaction with the website’s search bar function. This data can be used to offer the user relevant products or services.

Name: ANONCHK
Provider: Microsoft (https://privacy.microsoft.com/en-us/privacystatement)
Type: HTTP
Expiry: 1 day
Purpose: Registers data on visitors from multiple visits and on multiple websites. This information is used to gauge the efficacy of advertisements on websites.

Name: SM
Provider: Microsoft (https://privacy.microsoft.com/en-us/privacystatement)
Type: HTTP
Expiry: session
Purpose: Registers a unique ID that identifies the user’s device on repeat visits to websites that use the same advertising network. This ID is used to facilitate targeted advertising.

Name: MUID [x2]
Provider: Microsoft (https://privacy.microsoft.com/en-us/privacystatement)
Type: HTTP
Expiry: 1 year
Purpose: Used widely by Microsoft as a unique user ID. This cookie enables user tracking by synchronizing the ID across many Microsoft domains.

Name: MR [x2]
Provider: Microsoft (https://privacy.microsoft.com/en-us/privacystatement)
Type: HTTP
Expiry: 6 days
Purpose: Used to track visitors across multiple websites in order to present relevant advertising based on user preferences.

 

5.4. CONVERSION TRACKING

We use Google AdWords in order to place advertisements and measure the performance of these advertising measures. In doing so, we employ Google AdWords Conversion Tracking. In order to optimize the advertisements that we show, Google Analytics is used.

If you do a Google search and arrive at our website by clicking on a Google AdWords advertisement, we will be able to tell via which advertising measure you reached our site. This process does not cause any personal data about you to be saved. All we receive is an advertising ID.

You can configure your browser so that it will refuse cookie placement. Alternatively, you can configure your browser so that it will notify you before a cookie is placed. Certain services require the placement of cookies; should you decide to refuse such cookies, our website will be unable to provide certain aspects of these services. The various commonly used browsers offer a range of different configuration options. You can find more detailed information on setting up your browser and on ways in which your browser can deactivate cookies by referring to its documentation.

For the purpose of conversion tracking, the following cookies are used:

Name: _ga
Provider: Google (https://policies.google.com/privacy)
Type: HTTP
Expiry: 399 days
Purpose: Registers a unique ID that is used in generating statistical data on how visitors use the website.

Name: _ga_#
Provider: Google (https://policies.google.com/privacy)
Type: HTTP
Expiry: 399 days
Purpose: Gathers data on how often a user has visited a website as well as data on their first and most recent visits. Used by Google Analytics.

Name: _gat
Provider: Google (https://policies.google.com/privacy)
Type: HTTP
Expiry: 1 day
Purpose: Used by Google Analytics to throttle the request rate.

Name: _gid
Provider: Google (https://policies.google.com/privacy)
Type: HTTP
Expiry: 1 day
Purpose: Registers a unique ID that is used in generating statistical data on how visitors use the website.

 

6. LOG FILES

The ALBERTINA saves all website requests in so-called server log files. This data pertaining to your accessing of our website is transferred to us by your browser. Such data includes the following: date and time of access, name of the viewed page, IP address, the URL of the site from which you came to our site, the volume of transferred data, and information on your browser (type and version). We need this information in order to optimize the service provided by our website, to fix any errors, and to protect our website from threats such as DDOS attacks.

 

7. SOCIAL MEDIA

7.1. PLUG-INS

On the ALBERTINA website, you’ll find social media plug-ins from Instagram, Facebook, TikTok, YouTube, X, Pinterest, and Tripadvisor. These seven plug-ins are represented by miniature logos of their respective providers. Whenever you access a page on our website that includes such a logo, a connection is automatically made to the server of the social media provider in question. This social media provider then receives information on the pages that you visit. The ALBERTINA has no way of influencing what data is transferred to the respective providers, and the transfer of this data takes place even if you do not click on any of the plug-in symbols. If you are logged in on Facebook or X parallel to your visit to the ALBERTINA website, these plug-ins can also connect with your accounts on the respective social media networks. So if you “like” something or leave a comment by way of such a plug-in, the plug-in will transfer this information to the social media provider and associate it with your existing account on their network. If you do not consent to this taking place, you must log out of your social media account before clicking on the associated plug-in or install an add-on to the software that you are using that blocks social media plug-ins.

Furthermore, the ALBERTINA uses a YouTube plug-in in order to be able to present you videos and/or content in connection with its exhibition program. As soon as you access a page on our website that contains a YouTube video, a connection with the YouTube server is automatically made. YouTube then receives information on the pages that you visit. If you are logged in on YouTube parallel to your visit to the ALBERTINA website, this plug-in can also connect with your YouTube account and associate with it the videos that you have watched. If you would like to prevent this from occurring, please log out of your YouTube account. In this context, please also take note of YouTube's privacy policy.

Please note that for social media plug-ins, the privacy policies of the respective providers (Facebook, X, or YouTube) with respect to personal data likewise apply.

 

7.2. SOCIAL MEDIA COOKIES & PIXELS

Name: _fbp
Provider: Meta Platforms, Inc. (https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0)
Type: HTTP
Expiry: 3 months
Purpose: Used by Facebook in order to show a variety of advertising products such as real-time offers by third-party advertisers.

Name: fr
Provider: Meta Platforms, Inc. (https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0)
Type: HTTP
Expiry: 3 months
Purpose: Used by Facebook in order to show a variety of advertising products such as real-time offers by third-party advertisers.

Name: VISITOR_INFO1_LIVE
Provider: YouTube (https://policies.google.com/privacy)
Type: HTTP
Expiry: 179 days
Purpose: Attempts to assess the range of users on pages with integrated YouTube videos.

Name: YSC
Provider: YouTube (https://policies.google.com/privacy)
Type: HTTP
Expiry: session
Purpose: Registers a unique ID in order to retain statistics on the YouTube videos that the user has viewed.

Name: ytidb::LAST_RESULT_ENTRY_KEY
Provider: YouTube (https://policies.google.com/privacy)
Type: HTML
Expiry: persistent
Purpose: Saves user settings when a YouTube video integrated into other websites is accessed.

Name: yt-remote-cast-available
Provider: YouTube (https://policies.google.com/privacy)
Type: HTML
Expiry: session
Purpose: Saves user settings when a YouTube video integrated into other websites is accessed.

Name: yt-remote-cast-installed
Provider: YouTube (https://policies.google.com/privacy)
Type: HTML
Expiry: session
Purpose: Saves user settings when a YouTube video integrated into other websites is accessed.

Name: yt-remote-connected-devices
Provider: YouTube (https://policies.google.com/privacy)
Type: HTML
Expiry: persistent
Purpose: Saves user settings when a YouTube video integrated into other websites is accessed.

Name: yt-remote-device-id
Provider: YouTube (https://policies.google.com/privacy)
Type: HTML
Expiry: persistent
Purpose: Saves user settings when a YouTube video integrated into other websites is accessed.

Name: yt-remote-fast-check-period
Provider: YouTube (https://policies.google.com/privacy)
Type: HTML
Expiry: session
Purpose: Saves user settings when a YouTube video integrated into other websites is accessed.

Name: yt-remote-session-app
Provider: YouTube (https://policies.google.com/privacy)
Type: HTML
Expiry: session
Purpose: Saves user settings when a YouTube video integrated into other websites is accessed.

Name: yt-remote-session-name
Provider: YouTube (https://policies.google.com/privacy)
Type: HTML
Expiry: session
Purpose: Saves user settings when a YouTube video integrated into other websites is accessed.

Name: loglevel
Provider: Spotify (https://www.spotify.com/uk/legal/privacy-policy/) 
Type: HTML
Expiry: persistent
Purpose: Retains settings and outputs if the Developer Tools Console is used in the current session.

Name: sp_landing
Provider: Spotify (https://www.spotify.com/uk/legal/privacy-policy/) 
Type: HTTP
Expiry: 1 day
Purpose: Used in order to implement audio content from Spotify on the website. Can also be used in order to register user interactions and preferences in conjunction with audio content; this can serve statistical and marketing purposes.

Name: sp_t
Provider: Spotify (https://www.spotify.com/uk/legal/privacy-policy/) 
Type: HTTP
Expiry: 1 year
Purpose: Used in order to implement audio content from Spotify on the website. Can also be used in order to register user interactions and preferences in conjunction with audio content; this can serve statistical and marketing purposes.

Name: sentryReplaySession
Provider: Spotify (https://www.spotify.com/uk/legal/privacy-policy/) 
Type: HTML
Expiry: session
Purpose: Registers data on users’ website behavior. This is used for internal analyses and website optimization.

8. CHANGES TO AND/OR REVOCATION OF YOUR COOKIE SETTINGS

You have the option to change or revoke your consent to the use of cookies on our website at any time.
You can do so using the following links:

Change settings | Change consent

9. NEWSLETTER

Newsletter registration is possible at numerous places throughout our website. We document your e-mail address as well as your name and gender in order to address you personally in e-mail communications. You can also voluntarily let us know your special interests; these help us tailor the newsletter to your personal preferences.

In order to ensure that it was actually you who requested that we send you our newsletter, we employ a double opt-in process. Upon registering, you will immediately receive a confirmation e-mail at the address that you have indicated. Clicking on the link in this e-mail confirms your desire to receive the ALBERTINA Newsletter in the future. You may cancel your subscription to our newsletter at any time. Every newsletter includes an unsubscribe link in the footer. You can also contact us directly with your request to unsubscribe, in which case we will immediately delete your e-mail address from our mailing list. To do so, please e-mail us to this effect at .

 

10. DIGITAL COLLECTIONS

10.1. 360° INTERACTIVE TOUR VR

360° Interactive Tour VR uses cookies in order to enhance user experience, guarantee security, and make available certain functions. It also processes personal data needed to provide and ensure the functionality of certain services. In the following, we explain which cookies are used, which personal data is processed, for which purposes such data is processed, and how long cookies remain stored on your device.
 

10.1.1 ESSENTIAL COOKIES

Name: next-auth.csrf-token
Type: HTTP cookie
Expiry: retained for the duration of the user’s session
Purpose: This cookie serves to protect users from cross-site request forgery (CSRF) attacks. Its use ensures that requests within a given session come from the actual user and not from a third party. This cookie saves a unique token that is checked in conjunction with every form transmission or similar request to the server in order to verify the authenticity of the request.

Name: next-auth.callback-url
Type: HTTP cookie
Expiry: retained for the duration of the user’s session
Purpose: This cookie stores the URL to which a user is redirected following successful authentication. It enables seamless redirection of the user back to the last-requested or last-chosen page after authentication has been completed.

Name: next-auth.session-token
Type: HTTP cookie
Expiry: remains active for as long as the user remains logged in but for a maximum of one month after the most recent verification
Purpose: This cookie is used in order to manage and maintain the user’s login session. It includes a secure session token that is employed for the duration of a user’s session and maintains the user’s logged-in status across different page requests and multiple browser sessions.