The Belvedere processes personal data strictly according to statutory requirement as set by the GDPR. In the following section, you will learn what kind of data is collected when visiting our website or other services (contact, social media, applications) and how this data is being used.
We reserve the right to adapt this privacy statement to reflect any new technical developments or legal changes and, if necessary, to update it when new services or products become available.
Österreichische Galerie Belvedere
Wissenschaftliche Anstalt öffentlichen Rechts
Prinz Eugen-Strasse 27
1030 Wien
On any matter relating to privacy or the exercise of your rights, you may contact the privacy officer at datenschutz@belvedere.at.
Each time you access our website, your browser automatically transmits, for technical reasons, the data listed below to our web servers. The data is stored exclusively for statistical and technical purposes; for example, to evaluate the frequency of page visits or to detect malfunctions in server operations. The following data is logged and evaluated:
We collect this data in accordance with our legitimate interest (see Article 6(1)(f) GDPR) and store the information in "server log files" on our website server. The server log files are stored for a maximum of one week and are subsequently deleted. If data must be stored to provide evidence, e.g., to clarify security breaches, such is excluded from deletion until the incident is conclusively resolved.
For the technical and organizational implementation of our internet presence as well as newsletter distribution, we make use of selected contracted data processing companies. All contracted data processing companies are contractually obligated to treat your personal data confidentially and to process it only within the scope of the service provision in accordance with our instructions. Data processing is conducted exclusively within the EU or EEA.
If you purchase tickets or other products on our website or directly at the museum locations, your data may be collected (name, address, telephone number, e-mail address) as part of this purchase, insofar as this is necessary to fulfill the purchase contract. This data is collected for the purpose of ordering and order processing, personalization of products and delivery and stored until the expiry of the legal obligation to keep records. Data will only be passed on to third parties if this is necessary for the processing of the contract. As such, data for processing may be disclosed to payment service providers (mPAY24 GmbH, 1050 Vienna, Grüngasse 16, Unzer GmbH, Schöneberger Str. 21 a, 10963 Berlin) and deliverers or carriers for the shipment of the purchased products.
In addition, personal data may be passed on to us when products are purchased via third parties (e.g. booking platforms, travel agencies). This data is necessary for the fulfillment of the contract. For information on data protection, please refer to the respective privacy policy of the provider.
The legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Without the supply of the data, we are not able to fulfill the contract.
Personal data will be stored for as long as it is necessary for the purposes for which it is processed, moreover for as long as there are legal obligations to retain it or for as long as it appears necessary for the assertion, exercise or defense of legal claims.
You agree to inform third parties whose data you provide to the Österreichische Galerie Belvedere about the processing of their personal data by the Österreichische Galerie Belvedere and to obtain any required consent from such third parties. For example, when purchasing an annual ticket as a gift.
The responsible party uses authorized address publishers or public sources for the purposes of sending direct-mail advertising about products, services, and events. According to Article 6(1)(f) GDPR, the act of direct advertising is a legitimate interest of the responsible party for the purpose of efficiently reaching, in alignment with marketing strategies, customers, interested parties, and partners, as well as for the purpose of customer recovery. The use of data at the conclusion of a contract, with the aim of returning to a (pre-)contractual relationship, also falls within the scope of legitimate interest. Unless you object to the use of your data for this purpose, your data will be deleted seven years from the date of your last contact with the responsible party – earlier, in the event of objection. Such data will not be passed on to third parties who might use it for their own purposes without your consent.
For the purpose of sending electronic mail in accordance with Article 107(3) TKG [telecommunications act], the data available to the responsible party resulting from the contractual relationship will be processed unless you object to this at the time of collection. When using this data, the responsible party complies with the provisions of the telecommunications act, in particular with Article 107 TKG.
You are given the opportunity to register for our newsletter directly on our website. During this process, we capture your e-mail address, your name, title, the desired newsletter language, and newsletter preferences.
Immediately after ordering the newsletter, you will receive further information. As soon as you have registered for the newsletter, we will send you a confirmation e-mail with a link to confirm your registration. You will receive the newsletter only once you have confirmed your registration. If no confirmation is received, the data will be deleted.
Of course, you may withdraw your consent at any time, either directly via the unsubscribe link in any of the newsletters or by e-mail to crm@belvedere.at.
To dispatch the newsletter, we work together with Emarsys eMarketing Systems AG, Märzstrasse 1, 1150 Vienna, Austria.
In the course of a raffle, personal data (in particular, name, date of birth, address, e-mail address, telephone number) is collected in order to check compliance with the conditions of participation (e.g. newsletter registration, compliance with minimum age) and to enable contact and the dispatch of a prize after the drawing of the winners, if applicable.
The legal basis for the processing of your data within the raffle participation is your consent pursuant to Art. 6 (1)(a) GDPR. You can revoke your consent at any time without giving reasons.
In the context of newsletter raffles, you will be informed that the newsletter registration also leads to an automatic participation in the raffle. This is based on our legitimate interest according to Art. 6 (1)(f) GDPR in increasing newsletter subscriptions and addressing potential customers in the future, as well as, marketing of products and services. If you do not wish this, you can object to participating in the raffle at any time and you will not be included in the drawing.
Personal data will be stored as long as it is necessary for the purposes for which it is processed, moreover, as long as there are statutory retention obligations or these appear necessary for the assertion, exercise or defense of legal claims.
You can send your revocation or objection to crm@belvedere.at.
When you contact us via the options made available (e.g., contact form, telephone, e-mail, or social media), your information (name, contact data, subject, and inquiry) will be processed to answer your inquiry. We handle your data to fulfill (pre-)contractual obligations or because of our legitimate interest in processing and answering inquiries from customers, interested parties, and partners. Your data will be kept for the duration of the handling process and for a maximum of three years. Such data will not be passed on to third parties without your consent.
To process your inquiry, handle the application process, and fill vacancies within our company, we process the personal data you provide us with, such as your name, title, address, telephone number, date of birth, education, professional experience, salary expectations, and any data and images contained in your cover letter, your curriculum vitae, certificates, or other documents sent. This takes place to fulfill (pre-)contractual obligations (Article 6(1)(b) GDPR. Please note that you may be contacted by our employees either by telephone and/or e-mail to ensure that the application process runs smoothly. You affirm that all information provided is truthful. Incorrect information found after employment has been offered can lead to termination.
As a matter of principle, your data will only be forwarded to those internal offices and competent departments within our company responsible for specific application procedures. Your personal application data will not be passed on to third parties.
If the Österreichische Galerie Belvedere enters into an employment agreement with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with statutory provisions.
If no employment contract is established with the applicant, the application documents will be deleted six months after notification of the refusal decision, unless consent has been given for the storage of records in accordance with Article 6(1)(a) GDPR. This consent is obtained separately. Your consent may be revoked at any time without the need to provide reasons under the aforementioned contact.
The following information is processed from donors and prospective donors: Name, date of birth, address, contact details, donation history, and communication history. The purpose of this data processing is to contact donors and prospective donors and to administer donations made. If your donation is to be processed within the automated tax assessment system, your name and date of birth is a required submission to the tax office. Failure to disclose this information will result in donations being excluded as special expenses for tax purposes. The legal basis for this data processing is the legitimate interest as defined in article 6(1)(f) GDPR for the acquisition of donations by recruiting and retaining donors, the fulfillment of a contract as defined in article 6 (1)(b) GDPR, and the fulfillment of a legal obligation as defined in article 6(1)(c) GDPR (federal fiscal code, museum regulations). Your data will be stored for the duration of the statutory retention period.
Please note that the Österreichische Galerie Belvedere reserves the right, unrestricted to time or place, to use any film, audio, or photo material recorded during an event for the purpose of documentation, information, and reporting on the event and to publish such material in print publications, on the website, in newsletters, and on social media.
In addition, your data will be passed on to internal departments (IT, marketing) and contract processors who, out of necessity, must receive such data for production, processing, and publication tasks. The data will also be shared with third parties (in particular media) for the purpose of providing information and press coverage. The data will not be disclosed to recipients who pursue their own purposes with this data. In the case of social media channels, however, the respective social media service may be granted the right to use the published data.
The processing, publication, and dissemination is based on our legitimate interest to show our activities and conduct public relations work and thus to increase awareness, as defined in Article 6(1)(f) GDPR, as well as in accordance with Sections 12 and 13 DSG [Austrian Privacy Act]. You are entitled to object to processing. The objection can be directed to the responsible persons or photographers on-site or to datenschutz@belvedere.at.
Care is taken for the rights and freedoms of persons depicted in the creation and use of the photos. We make this known specifically upfront by posting a notice in our invitations and directly on-site. We ensure that no legitimate interests of persons depicted are violated. Should, however, the rights and freedoms of a depicted person be violated for reasons particularly worthy of consideration, we will refrain from further processing by means of suitable measures. Images in print media already distributed cannot be made unrecognizable. Deletions on the website or social media channels will be carried out within the scope of technical feasibility.
Österreichische Galerie Belvedere offers a Whistleblowing Reporting Channel at https://hinweis.sagedpw.at/212472_en/. This platform is not intended for handling general inquiries or complaints, but exclusively for reporting specific violations of law pursuant to §3 of the Austrian Whistleblower Protection Act (HSchG).
This Whistleblowing Reporting Channel is technically operated by the processor Sage GmbH, Stella-Klein-Löw-Weg 15, 1020 Vienna, and the content is managed by Jank Weiler Operenyi Rechtsanwälte GmbH (Deloitte Legal), Schottengasse 1, 1010 Vienna. Sage GmbH and Deloitte Legal guarantee the secure, confidential and independent processing of your report, which you can also submit completely anonymously, if you wish. Österreichische Galerie Belvedere will only be informed in the event of a reportable violation, whereby, of course, your identity will remain preserved.
In the context of your report, contact data (optional), the report itself as well as personal data contained in the report (e.g. in the text or in documents) may be processed by the processors.
The legal basis for the processing is Art. 6 (1)(c) GDPR (fulfillment of a legal obligation; providing or processing of the data is expressly permitted under the provisions of § 8 HSchG).
Reports are stored for a period of five years and beyond, insofar as the storage is necessary to carry out administrative or judicial proceedings that have already been initiated or investigative proceedings pursuant to the Austrian Code of Criminal Procedure (StPO).
Safeguarding your data in our systems is a matter of utmost priority. It is our goal to manage your data with the greatest of care, taking all necessary technical and organizational security measures to protect your personal data from loss and misuse.
Access to our website is secured via HTTPS if your browser supports SSL. This means that communication between your terminal device and our servers is encrypted. Should you wish to contact us or our employees by e-mail, we would like to remind you that the confidentiality of the information transmitted cannot be guaranteed. Due to their technical design, the contents of e-mails can be viewed by third parties unless special technical security measures are taken.
To ensure appropriate information and system security and to detect malware, e-mail traffic protocol data is stored. When you send an e-mail to one of our addresses, the following data are logged: e-mail and IP address of both the recipient and the sender, number of recipients, subject, date and time of receipt at the server, file name of any attachments, size of the message, risk classification for spam, and delivery status. In a first step, e-mails are checked purely automatically. Only if there is a suspicion of danger for the security of the IT systems are individual e-mails manually checked by responsible persons.
The website uses technologies such as web analytics and cookies to evaluate and improve the structure and navigation of our web presence and to customize it to suit your needs. You can revoke your consent at any time. Cookies are small data files stored on your device so that you can be automatically re-identified when you return to our website. Cookies can be stored permanently or only during a session. Two types of cookies are being used: strictly necessary cookies, which provide basic functions of the website, and target-oriented cookies, which help us to optimize the structure and navigation of our website and thus improve the quality of service. With both cookie applications, your IP address is immediately shortened and thus made anonymous so that it can no longer be assigned to you. Therefore, no personal data is collected or evaluated, nor is it linked to other such data. You can also prevent the installation of all types of cookies by adjusting your browser settings accordingly.
You may object in principle to the placement of cookies used for online marketing purposes for a variety of services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, you may deactivate the storage of cookies in your browser settings. If you choose such a setting, you may not be able to use all functions of our website to their full extent.
This website uses Google Analytics, a web analysis service offered by Google Inc. (‘Google’). Google Analytics uses cookies – text files placed on your computer – to help the website analyze how users are utilizing the site.
For the collection of data, we rely on your consent pursuant to Article 6 (1) (a) EU GDPR for the corresponding data processing, which you may of course revoke at any time.
The information generated by the cookie tracking your use of the website is generally transmitted to and stored by Google on servers in the United States. The Belvedere website uses IP anonymization. Google, therefore, in accordance with the European Economic Area agreement, will truncate IP addresses within member states of the European Union or other signatory states before transmission to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and subsequently shortened there. On behalf of the website operator, Google will analyze this information to evaluate your use of the website, to compile reports on website activity, and to provide the website operator with other services relating to website usage and internet usage. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of the website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your anonymized IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: (http://tools.google.com/dlpage/gaoptout?hlde).
We use the remarketing or "Similar Audiences" function from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, hereinafter referred to as "Google."
We use this feature to deliver interest-based, personalized advertising to third-party websites that also participate in Google's advertising network.
To facilitate this advertising service, Google stores a cookie containing a sequence of numbers on your end device when you visit our web presence via your internet browser. This cookie records both your visit and the use of our website in an anonymous form. Personal data will not be disclosed to third parties. When you subsequently visit the website of a third party who also uses Google's advertising network, it may be possible that you will see advertisements that are related to our website or to the services we offer on that site.
For the collection of data, we rely on your consent pursuant to Article 6 (1) (a) EU GDPR for the corresponding data processing, which you may of course revoke at any time. Data may be transferred via a third country party into the USA.
To permanently deactivate this function, Google offers a browser plug-in for the most common internet browsers at https://www.google.com/settings/ads/plugin.
Google's cross-device marketing feature may enable tracking your usage behavior across multiple devices so that you may see interest-based, personalized advertising even when you switch devices. However, this presupposes that you have agreed to have your browsing history linked to your existing Google Account.
We also use cookies to make our services as customer-friendly as possible. Cookies are small text files that are stored on your device to allow our website to recognize you [or your browser] each time you use our website. Cookies can be stored permanently or for one session only. Two types of cookies are used: essential cookies that provide basic functions of the website, and targeted cookies, which help us optimize the structure and navigation of our website and thus improve the quality of service. With both cookie applications, your IP address is immediately shortened and made anonymous so that it can no longer be assigned to you. This means that personal data is not recorded or evaluated, nor is it linked to other such data.
In addition, you can prevent the installation of all types of cookies by setting your browser accordingly.
A general objection to the use of cookies for online marketing purposes can be raised for many services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/
or the EU website http://www.youronlinechoices.com/. Furthermore, stored cookies can be deactivated by configuring your browser settings. If you choose such a setting, our website may not be able to fully support all functions.
This website uses social media plug-ins, such as facebook.com, twitter.com, instagram.com, plus.google.com, and youtube.com. You may recognize them by each provider’s corresponding logo.
As soon as you visit a page on which such a logo appears, a connection to the provider’s respective server is established informing the provider as to the specific page you are visiting. The website operator has no influence on what data is transmitted to the respective provider. This data transfer takes place independently from actively clicking the plug-in.
In the case that you are simultaneously logged into Facebook, Twitter, Instagram, or YouTube, the plug-in can generate a material connection with your account. As soon as you leave a comment on the website or submit a “like” to this plug-in, it transfers the information to the provider and associates it with your account. You may prevent this by unsubscribing your account from the provider before using the plug-ins.
For social media plug-ins, the individual provider’s privacy directives apply (see the links in the following section).
Belvedere offers the Web-Based Augmented Reality Game „The Fantastic Palastics“. In order to provide you with the Game, we process the following personal data from you for technical reasons:
- Request (file name of the requested file)
- browser type and browser version
- Operating system used
- IP address
- date and time of your visit
- information related to your use of the website including time spent on the website
- device and session identifiers
We collect this data in accordance with our legitimate interest pursuant to Article 6(1)(f) GDPR in order to enable the usability of the functions provided and to ensure the security and stability of the Web-Based Augmented Reality Game.
The following data will only be accessed or processed on the basis of your consent (Art. 6(1)(a) GDPR) or, if you are under 14 years of age, on the basis of the consent of your legal guardian (Art. 6(1)(a) GDPR in conjunction with Art. 8(1)(a) GDPR)
- GPS data
- Video and sensor data (e.g. from motion sensors of the end device)
You can revoke your consent at any time with effect for the future and without giving reasons by sending an e-mail to datenschutz@belvedere.at.
We store the aforementioned personal data for as long as is necessary to provide the Game for your use, but no longer than until you revoke your consent. We only store the personal data for longer if this is necessary in the event of a prosecution, defence or assertion of legal claims.
We use processors to perform services on our behalf. Accordingly, we use the AR engine and hosting of 8th Wall, Inc. (250 Cambridge Ave 101, Palo AIto CA 94306, USA). More about data protection by 8th Wall, Inc.: https://www.8thwall.com/terms and https://www.8thwall.com/dpa. The processors may only process the data provided to them in accordance with our instructions and to the extent necessary to perform services for us. We contractually oblige these processors to ensure the confidentiality and security of the personal data processed within the scope of the assignment.
The Österreichische Galerie Belvedere processes your personal data for the following purposes: registration, administration, and implementation of afternoon classes/workshops, support for participants, invoicing, attendance lists, and to inform contact persons in the event of an incident (especially medical emergencies). This is done on the basis of the underlying contractual relationship in accordance with Article 6 (1)(b) GDPR. In addition, we collect health data for the purpose of proper care and consideration of special needs, based on your consent in accordance with Article 6 (1) GDPR.
Without the provision of the requested data, participation in afternoon classes/workshops is not possible.
Due to the current COVID-19 situation, the data will be reported to the 1450 Health Hotline if a suspected case or infection occurs. This is based on the legitimate interest (Article 6(1)(f) GDPR) of the responsible party and the participants in health protection and rapid clarification. Furthermore, should a COVID-19 situation (case of infection, suspected case) occur, the data will be transmitted to the health authorities upon their request in accordance with Article 6 (1)(c) GDPR in conjunction with §5 para. 3 of the Epidemic Law 1950. Beyond this, no data will be passed on to third parties.
The billing data is stored for a period of seven years in accordance with tax law storage obligations (§132 BAO [Federal Tax Code], §§ 190, 212 UGB [Austrian Commercial Code]). Other data is deleted three years after the end of the afternoon class/workshop (§ 1489 AGBG [Standard Terms and Conditions of Business Law]). In the event of a possible cancellation without prior receipt of payment, the data provided by you will be stored for three years (§ 1489 AGBG [Standard Terms and Conditions of Business Law]).
For event management purposes we will process, in addition to your master and contact data, your acceptance or cancellation of an event, event participation, invitation and participation history, as well as any information you voluntarily provide regarding your participation (e.g., food preferences, allergies/intolerances, physical limitations). The legal basis for the processing of data is provided by Article 6(1)(a) (your consent) and Article 6(1)(f) (legitimate interests of the responsible party) GDPR. Our legitimate interests lie in the timely and demand-oriented organization, hosting, and follow-up of the event; meeting the participants' respective desires; and aligning marketing strategies for customer acquisition to enter into a (pre-contractual) contractual relationship. Special categories of personal data (e.g., allergies, physical limitations) are processed exclusively on the basis of your voluntary consent. Failure to provide consent may prevent special participant requests from being honored. You can revoke your consent at any time by sending an e-mail to the contact provided in detail below. Your data will be stored for a maximum of 3 years after the last contact. Your data may be transferred to contracted processors for the provision of services (e.g., catering, event management, registration of participants, security). These processors must comply with data protection regulations and delete the data after the contractual service has been performed. Data processing takes place exclusively within the EU or EEA.
Data protection notice: To prevent the (further) spread of COVID-19 in the event of a suspected case, we collect your contact data as per Section 5c paragraph 3 of the Epidemic Act 1950, Federal Law Gazette No. 186/1950 as amended in conjunction with Section 17 of the COVID-19 Opening Ordinance, Federal Law Gazette II No. 214/2021 as amended. Upon request, the collected data will be transmitted exclusively to the competent authorities in accordance with Section 5 paragraph 3 of the Epidemic Act 1950. The collected data will be kept for a period of 28 days and then destroyed. Before the start of the event, proof of low epidemiological risk and, if necessary, data for establishing identity will be determined in accordance with Section 5c paragraph 3 of the Epidemic Act 1950, Federal Law Gazette No. 186/1950 as amended in conjunction with Section 21 of the COVID-19 Opening Ordinance, Federal Law Gazette II No. 214/2021 as amended. This data is not stored. For more information, your rights, and all contact details of the data controller and the data protection officer, please visit www.belvedere.at/en/privacy.
We maintain an online presence on social networks and platforms to communicate and provide information about our services to those customers, interested parties, partners, and users who are active there.
The processing of users' personal data is performed based on our legitimate interests in effectively informing and communicating with our users in accordance with Article 6(1)(f) GDPR. In the event that the respective platform providers ask users for their consent to the aforementioned data processing, Articles 6(1)(a) and 7 of the GDPR provide legal basis.
As the creators of the online presence, please note that we do not make any decisions regarding the processing of user data and all other information pursuant to Article 13 GDPR, including the legal basis, identity of the responsible party, and storage period of cookies placed on user terminals. These are set by providers independently.
Please note that the user’s data may be processed outside of the European Union. This may entail risks for users, e.g., by making it more difficult to enforce users' rights. With respect to US providers certified under the Privacy Shield framework, note they are thereby obligated to comply with EU privacy standards.
Furthermore, user data is, as a rule, processed for the purposes of market research and advertising. For example, based on user behavior, the resulting information on interests may be used to create user profiles. User profiles can then be used, for example, to insert advertising inside and outside platforms that presumably correspond to the interests of the users. For these purposes, cookies storing the usage behavior and interests of the user are cached on the user’s computer. Furthermore, data can also be stored in user profiles independent of the devices employed by the users (particularly if the users are members of the respective platforms and are logged into them).
For a detailed description of the processing and opt-out options of respective platforms, we refer you to the linked information on providers listed below.
For cases of requests for information and the assertion of rights of persons affected, we advise you that these can be pursued in the most effective way directly with the providers. Providers are the only ones who have access to user data and can directly take appropriate measures and provide information. That recommendation notwithstanding, however, please be advised that persons affected can assert their rights against any individual responsible, i.e., against any party.
Facebook, -pages, -groups (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), based on an agreement on the joint processing of personal data
Data privacy statement: https://www.facebook.com/about/privacy/
Data privacy information for pages: https://www.facebook.com/legal/terms/information_about_page_insights_data and https://www.facebook.com/legal/terms/page_controller_addendum
Opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
Google/YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
Data privacy statement: https://policies.google.com/privacy
Opt-out: https://adssettings.google.com/authenticated
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)
Data privacy statement: https://help.instagram.com/155833707900388
Opt-out: http://instagram.com/about/legal/privacy/
Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)
Data privacy statement: https://twitter.com/de/privacy
Opt-out: https://twitter.com/personalization
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active
TripAdvisor (TripAdvisor Inc., 400 1st Avenue, Needham, MA 02494 USA)
Data privacy statement: https://tripadvisor.mediaroom.com/AT-privacy-policy
Opt-out: http://info.evidon.com/pub_info/2719?v=1&nt=0
Regarding the processing of your data, you have the right to: information, correction, deletion, restriction, data transferability, revocation, and objection. The right of revocation applies to data processing that is based on your consent. The right to object exists in the case of data processing that is based on the legitimate interests of the responsible party or a third party. If you believe that the processing of your data violates privacy laws or your privacy claims have otherwise been violated in any way, you may lodge a complaint with the regulatory authority. In Austria, this is the Austrian Data Protection Authority. If you would like to exercise any of the above rights, you can also contact us at any time at datenschutz@belvedere.at or by mail at:
Österreichische Galerie Belvedere
Wissenschaftliche Anstalt öffentlichen Rechts
Prinz Eugen-Strasse 27
1030 Wien
