The protection of your personal data is of particular concern to the Volksoper Wien GmbH, Währinger Straße 78, 1090 Wien ("Volksoper", "we", "us"). The Volksoper complies with the applicable legal provisions on the protection, lawful handling and confidentiality of personal data, as well as on data security, in particular the Austrian Data Protection Act ("DSG"), the EU General Data Protection Regulation ("GDPR") and the Austrian Telecommunications Act ("TKG").
In the following, we would like to inform you about the type, scope and purpose of the collection and use of your personal data as well as your rights.
1. Personenbezogene Daten
According to the GDPR, personal data is any information relating to an identified or identifiable natural person, such as name, email address, customer number, etc. The following of your personal data may be collected and processed by us:
- Master data
As master data we process salutation, title, name, address, date of birth, gender, language, e-mail address, telephone number, bank details (account holder, IBAN, BIC, bank name) and data for the use of special offers (e.g., proof of eligibility for discounts or booking of certain cards). This applies to legal entities if data can be traced back to a natural person (e.g., name, telephone number, e-mail address of a contact person in the company). We receive master data from you when you actively contact us (e.g., by purchasing a ticket), or from cooperation partners (e.g., to process cooperation events).
In the event that tickets are issued on a personalized basis, we also process the names and contact details (telephone number and/or e-mail address) of the event visitors as master data.
- Payment and sales data
In addition to the master data, in the case of orders and purchases we process the specific payment processing data (bank connection data, credit card data) and general sales data (e.g., selected event or product, card and delivery method). Credit card data is only processed by our certified payment service providers; we only store the credit card number in masked form (e.g.,454818********11).
- Customer relationship data
We process data that arises in the course of our communication and customer relations, such as correspondence data (e.g., e-mail traffic), type and duration of memberships (e.g., Official Circle of Friends), data concerning print media (e.g., subscription to program previews) or data of contact persons (e.g., of schools).
- Image data
When attending events, photo and/or video recordings of you may be made (e.g., as part of television broadcasts).
2. Purposes and legal bases of data processing
In the following, we would like to inform you about the purposes for which we process your personal data. We process your personal data according to Art. 6 and Art. 9 GDPR in any case only,
- if you have given us your consent (pursuant to Art. 6 para. 1 item a or Art. 9 item a GDPR) to process data for one or more specific purposes,
- if we need your data for the fulfillment of a contract or for the implementation of pre-contractual measures (pursuant to Art. 6 para. 1 item b GDPR),
- if the processing is necessary for compliance with a legal obligation (pursuant to Art. 6 para. 1 item c GDPR), or
- if there is a legitimate interest (according to Art. 6 para. 1 item f GDPR) on our part.
2.1. Ticket purchase
General information about buying tickets
Information that you provide in the context of purchasing tickets for events (this also applies to the purchase of subscriptions, cycles, vouchers, ticket orders, etc.), we use for the implementation and processing of the contractual service in accordance with Art. 6 para 1 lit. b DSGVO and to maintain the customer relationship (see separate point).
In order to claim special discounts based on a disabled person's passport or to book wheelchair places, we process personal data relating to physical or mental health and from which information about the state of health is obtained. The data processing is based on your explicit and voluntary consent pursuant to Art. 9 para 2 item a GDPR. If you do not give your consent to data processing, you will not be able to obtain tickets at reduced or special conditions.
We process your master data together with other companies of the Bundestheater Group (Wiener Staatsoper, Burgtheater and Bundestheater-Holding) in a joint database. The legal basis is the fulfillment of our (pre-) contractual obligations pursuant to Art. 6 para 1 item b GDPR as well as our legitimate interests pursuant to Art. 6 para 1 item f GDPR. The data processing serves, among other things, the handling of cross-stage offers (e.g., mixing cycles) as well as the guarantee to be able to keep your data correct, up to date as well as consistent in order to offer you a corresponding convenience when purchasing tickets. If your master data also contains sensitive data (e.g., for the use of reduced-price tickets due to a disabled pass), the processing is carried out exclusively on the basis of your express consent pursuant to Art. 9 para. 2 item a GDPR. Together with the Wiener Staatsoper GmbH, Burgtheater GmbH and Bundestheater-Holding GmbH, we are thus joint controllers within the meaning of Art. 26 GDPR. Accordingly, we have concluded an agreement with the Wiener Staatsoper GmbH, Burgtheater GmbH and Bundestheater-Holding GmbH pursuant to Art. 26 GDPR ("Joint Controller Agreement"), which regulates the distribution of tasks and duties under data protection law. As joint controllers, we are equally responsible for compliance with the legal provisions, in particular for the lawfulness of data processing. You may address questions regarding data processing in connection with your ticket purchase to any of the joint controllers. In addition, you have the right to assert your claims against any controller regardless of the Joint Controller Agreement. In addition to this joint responsibility, Bundestheater-Holding also has access to the payment and sales data for internal administrative purposes (such as for the control of internal group requirements).
If you order or purchase tickets on behalf of or in the name of others, please make sure that you are allowed to provide us with their personal information.
Online card purchase & webshop
To purchase tickets online (website or app) and to purchase products and services in our webshop, you must first register. You can also use your account later for other orders. You can view or change your personal data at any time after logging in again.
For registration, we require an email address, the title, your first and last name, your postal address and information in the context of the respective payment procedure. The legal basis for data processing is the fulfillment of our (pre-)contractual obligations pursuant to Art. 6 para 1 item b GDPR.
This data is used to identify you when you log in to your account, to issue and, if necessary, send tickets, and to process payment. Other voluntary information (such as your telephone number) helps us to provide the desired service as optimally as possible for you.
If you no longer need your account, you can simply inform us by sending an email to email@example.com and your account will be deleted - taking into account any open business cases. In case of deletion, we will only keep the legally required data for a period of 7 years.
2.2. Cultivation of the customer relationship
We process your non-sensitive master data, payment and sales data, and customer relationship data in order to provide customer advice and support, such as e-mail information on booked performances, the sending of print media (e.g., program previews), support within the framework of memberships (e.g., Official Circle of Friends, BundestheaterCard), satisfaction surveys, event invitations, birthday greetings, and other forms of customer relationship management. We also process this data for the purpose of internal market research and statistical analysis.
As part of the customer relationship, we will send you information and offers about our ideas and products by post and digitally.
The legal basis for postal mailings is our legitimate interest in maintaining our customer relations. If you do not wish this, you can object to the data processing at any time (for example, by sending us a message).
In addition, we process your personal data for electronic marketing mailings about products or services that are similar to the products or services you have already purchased. The legal basis for this data processing is our legitimate interests in direct marketing according to Art. 6 para. 1 item f GDPR. We will inform you of your right to object both when you receive your personal data and in each marketing mailing. You can easily object to the data processing, e.g., via the link in the digital mailing or by e-mail to firstname.lastname@example.org.
If you contact us via the contact forms on our website (e.g., ticket order, registration for the Official Circle of Friends...), by e-mail, by telephone or by other means of communication, your personal data and information that you provide to us in the course of contacting us will be used to process your request. The legal basis for data processing is the fulfillment of our (pre-)contractual obligations pursuant to Art. 6 para 1 item b GDPR.
Our free newsletters inform you regularly about the schedule, offers and services.
Based on your consent pursuant to Art. 6 para 1 item a GDPR to receive our newsletter, we will process your voluntarily provided data (email address and optionally name) for the purpose of sending the newsletter. In order to improve our offer for you, we record the opening and click behavior in relation to the newsletter for statistical purposes.
You can revoke your consent at any time and without giving reasons. The revocation can be done, for example, simply via a link in each newsletter itself or by e-mail to email@example.com.
If you register for a newsletter with an e-mail address that you already use for a customer account with us (or vice versa), we merge these data records.
2.5. Photo and video recording
We use photographs and video recordings made in the course of our events exclusively in consideration of your personal rights. First and foremost, these recordings are used for internal documentation. In addition, we also use these recordings for TV broadcasts, streaming and for recording the performances on DVD. In exceptional cases, we also use photos of people to announce and promote our events and activities in both digital and print media, which basically makes them known to the general public. The legal basis is our overriding legitimate interests pursuant to Art. 6 para 1 item f GDPR (i) for internal documentation and (ii) for internal and external reporting on the events and activities.
If we cannot base the use of images on legitimate interests, we will obtain your consent separately in accordance with Art. 6 Para. 1 item a GDPR. We will only process photographs and video recordings in which children or other persons requiring special protection are identifiable with the consent of the persons depicted or their legal representatives.
2.6. Video surveillance
In addition, we process video recordings exclusively for the preventive protection of persons and property and to assist in the investigation of criminal acts (e.g., damage to property, vandalism, burglary) and the protection of house rights as well as for the fulfillment of legal duties of care, including the preservation of evidence. For this purpose, we have installed video cameras in the entrance foyer as well as in the cashier area. This data processing is based on our legitimate interest according to Art. 6 para. 1 item f GDPR in conjunction with Art. 12 of the Austrian Data Protection Act, 353 ff of the Austrian Civil Code (property protection) and Art. 80 of the Austrian Code of Criminal Procedure as well as for the fulfillment of legal obligations according to Art. 6 para. 1 item c GDPR. If you are in the video-monitored area, we process your image data (appearance, behavior), location of image recording (premises, location of the camera) and time of image recording (date, time, start/end of image recording). In the event of a crime, for example, we also process your identity, if identifiable, and your role (e.g., perpetrator, victim, witness).
Only a few selected employees have documented access to the video surveillance recordings. This access only takes place in the event of an incident, in particular for the purpose of investigating criminal offences. If there is a suspicion of a criminal act, the data can also be passed on to our insurance company and to state authorities.
In addition, we process video recordings for theatrical or security purposes and thus on the basis of our legitimate interests according to Art. 6 para. 1 item f GDPR. Primarily, parts of the ensemble are filmed in order to be able to optimally handle the performance (e.g., live transmission of the conductor for musicians and stagehands who cannot otherwise see him/her from their location). Due to the orientation of the cameras, it is possible that individual visitors may be visible on the recordings. However, the video recordings are not stored permanently and are deleted immediately after the performance.
3. Data sharing
As a matter of principle, your personal data will not be passed on to third parties unless you have given your express consent to do so, or we are legally obliged to do so, or the passing on of data is necessary for the fulfillment of our obligations. For example, payment and sales data are transferred to the Bundestheater-Holding for internal administrative purposes (e.g., for the control of internal group requirements).
In order to perform certain tasks, we use selected service providers who act as order processors for us and may have access to your data to the extent required in each case. This concerns, for example, areas such as ticket sales (e.g., ART for ART Theaterservice GmbH), marketing tools, software solutions, IT services, postal dispatch and similar services. All our order processors process your data only on our behalf and on the basis of our instructions for the purposes outlined above. Furthermore, we ensure through contractual obligations that our processors comply with the legal provisions on data protection in the same way as we do.
If personal data is transferred to recipients in third countries outside the EU and there is no EU Commission adequacy decision pursuant to Art. 45 GDPR for the third country in question, the transfer will take place on a case-by-case basis subject to appropriate safeguards pursuant to Art. 46 GDPR or, if applicable, by consent for specific purposes.
4. Data security
In addition to compliance with the principles of data protection and the obligation of our employees to maintain data confidentiality, we take appropriate technical and organizational measures to permanently ensure the security of data processing, i.e., the confidentiality, integrity, availability, resilience and rapid recoverability of the systems and services used.
5. Retention period
We retain your data for a period of time in accordance with legal requirements. To this end, we generally store your personal data only for as long as is necessary for the purposes for which it is processed. This is usually the duration of the customer relationship. A longer storage period may result primarily from legal storage obligations (usually 7 years) or for the assertion of legal claims. In this case, we store your personal data as long as legal claims arising from the relationship between you and us can be asserted or until final clarification of a specific incident or legal dispute. This longer retention is done to protect our legitimate interests in the assertion, clarification and defense of legal claims.
We retain data that we process with your consent or on the basis of our legitimate interests in direct marketing until you revoke your consent or object. Unless you have given your revocation or objected, we will process your data for direct marketing purposes in accordance with the Austrian Telecommunications Act for a maximum period of 4 years after you last contacted us.
The video surveillance recordings are automatically deleted after 72 hours unless the data is required for the prosecution of a crime and the settlement of claims with our insurance company.
6. Your rights
Right to information
You have the right to obtain information about the personal data we process about you.
Right to rectification
You have the right to have your personal data corrected if it is out of date, incomplete or inaccurate.
Right to erasure ("right to be forgotten")
You have the right to have your personal data deleted unless there are legal or legitimate reasons (such as tax retention obligations) to keep it.
Right to restriction of data processing
You have the right to request the restriction of the processing of your personal data if one of the conditions listed in Art. 18 GDPR is met.
Right to data portability
You have the right to receive the personal data you have provided in a structured, common and machine-readable format.
Right of objection
If we process your personal data on the basis of a legitimate interest, you have the right to object to this processing at any time on grounds relating to your particular situation. If necessary, compelling reasons worthy of protection by the Volksoper Wien may prevail, which is why we may continue to process your personal data. In addition, you have the right to object at any time and without giving reasons to the processing of your data if the processing is carried out for the purpose of direct marketing.
Right to withdraw consent
You have the right to withdraw your consent to the processing of personal data at any time and without giving reasons with effect for the future if the processing is based on your consent. A revocation can be made, for example, by e-mail to firstname.lastname@example.org.
Question and complaint options
If you have any questions regarding your personal data, please contact us at email@example.com. You can also contact the Data Protection Officer of the Austrian Federal Theaters, Silvia Schauer MSc MBA, at firstname.lastname@example.org or by mail at: Data Protection Officer of the Austrian Federal Theatres, Goethegasse 1, 1010 Vienna.
You also have the option of submitting a complaint to a data protection supervisory authority. The data protection supervisory authority responsible for us is the Austrian Data Protection Authority.
7. Final provisions
Status: June 2023