1. General
2. What is personal data?
3. Display, improvement and security of the website
3.1. Categories of data; Purposes and legal bases
3.2. Storage period; Duration of processing
4. Contact form
4.1. Categories of data; Purposes and legal bases
4.2. Storage period; Duration of processing
5. Online shop (sale of tickets and vouchers)
5.1. Categories of data; Purposes and legal bases
5.2. Storage period; Duration of processing
6. Issue and administration of annual passes
6.1. Categories of data; Purposes and legal bases
6.2. Storage period; Duration of processing
7. Registration and bookings
7.1. Categories of data; Purposes and legal bases
8. Events
8.1. Categories of data; Purposes and legal bases
8.2. Storage period; Duration of processing
9. Prize draws
9.1. Categories of data; Purposes and legal bases
9.2. Storage period; Duration of processing
10. Press and public relations, including social media presence
10.1. Categories of data; Purposes and legal bases
10.2. Storage period; Duration of processing
11. Electronic direct marketing on the basis of Section 174(4) TKG
11.1. Categories of data; Purposes and legal bases
11.2. Storage period; Duration of processing
12. CCTV surveillance
12.1. Categories of data; Purposes and legal bases
12.2. Storage period; Duration of processing
13. Data processing for the establishment, exercise or defence of legal claims, proceedings before public authorities (including courts)
13.1. Categories of data; Purposes and legal bases
13.2. Storage period; Duration of processing
14. Recipients of data
15. Cookies on our website
15.1. Use of essential cookies
15.2. Use of non-essential cookies
16. Automated decision-making
17. What rights do you have with respect to data processing
Your personal data ("data") is safe with us, Haus des Meeres Aqua Terra Zoo GmbH and Haus des Meeres Betriebs GmbH (hereinafter: "we"). We are required to protect your data and take this requirement very seriously. Please take the time to read this Data Privacy Policy and find out why we collect your data when you visit our website and how we will process it. This text is for your information and does not establish any contractual rights or duties.
Personal data means any information relating to an identified or identifiable natural person (e.g. name, contact details, invoice data, IP address).
When you visit our website, the following data will be processed to display the website to you. Data will be processed to provide you with a service expressly requested by you, namely our website (Section 165(3) of the Austrian Telecommunications Act [Telekommunikationsgesetz], hereinafter: TKG):
Provision of the data listed above is neither prescribed by law or contract nor required for concluding a contract. You are under no obligation to provide this data. Please bear in mind that we will not be able to display the website to you if you do not provide the relevant data.
We create log files where we will store the data stated above and link them to other data for three (3) months. The purpose of log files is to identify or track cyberattacks or other unauthorised access. We will process this data on the basis of our legitimate interest in the security of our website (Article 6(1)(f) GDPR).
Data will be processed to display our website for the duration of your visit to our website. Data stored in log files will be processed by us for a period of three (3) years from entry into the log file to identify or track cyberattacks or other unauthorised access.
For the option of a longer processing period for purposes of establishing, exercising or defending legal claims and for proceedings before public authorities (including courts) please refer to Clause 13.
When you send a request via the contact form on our website, the following data will be processed for you to be able to use the contact form and submit your request to us. Data will be processed to provide you with a service expressly requested by you, namely our contact form (Section 165(3) TKG):
Provision of the data listed above is neither prescribed by law or contract nor required for concluding a contract. You are under no obligation to provide this data. Please bear in mind that the contact form will not work and we will not be able to process your request if you do not provide the relevant data.
For the option of a longer processing period for purposes of establishing, exercising or defending legal claims and for proceedings before public authorities (including courts) please refer to Clause 13.
When you buy tickets or vouchers in our online shop, we will process your data on a (pre-)contractual basis (Article 6(1)(b) GDPR), namely for the purposes of starting, maintaining and handling the business relationship. The following categories of data will be processed in connection with our business relationships with customers for the above-mentioned purposes, unless you represent a legal entity or other person having a legal personality:
Provision of the above data is not prescribed by law. It is, however, necessary for concluding a contract. If you maintain a contract with us, you will be required to provide such data for us to handle the contractual relationship, i.e. the provision of data is required under the contract insofar. Please bear in mind that we will not be able to process transactions if the necessary above-mentioned personal data is not available to us.
If you provide additional data, we will process the same to safeguard our legitimate interests (Article 6(1)(f) GDPR) in improving the quality of our contractual relationship and our performance.
In order to perform the contract we will process your data until performance of the contract by both parties.
We will process your data for our bookkeeping to fulfil our business-law and tax-law obligations to safeguard our legitimate interest in fulfilling our bookkeeping requirements defined in Section 190 of the Austrian Business Code [Unternehmensgesetzbuch/UGB] (Article 6(1)(f) GDPR) and the duty to file VAT returns. For reasons of business law (Section 212 UGB) and tax law (Section 132 of the Austrian Federal Tax Code [Bundesabgabenordnung/BAO]) we retain our bookkeeping records for seven (7) years from the end of the financial year in which the relevant transaction took place.
For establishing, exercising or defending legal claims we will retain data regarding gift voucher purchases or unused tickets which are converted into vouchers for a period of 30 years due to the 30-year period of statutory limitation. For processing for purposes of establishing, exercising or defending legal claims and for proceedings before public authorities (including courts) please refer to Clause 13.
We will process your personal data listed below for issuing and managing annual passes on a (pre-)contractual basis (Article 6(1)(b) GDPR), namely for starting, maintaining and handling the business relationship.
In order to perform the contract we will process your data until performance of the contract by both parties. Data regarding card payments will be stored by us for ten (10) days.
We will process your data for our bookkeeping to fulfil our business-law and tax-law obligations to safeguard our legitimate interest in fulfilling our bookkeeping requirements defined in Section 190 UGB (Article 6(1)(f) GDPR) and the duty to file VAT returns. For reasons of business law (Section 212 UGB) and tax law (Section 132 BAO) we retain our bookkeeping records for seven (7) years from the end of the financial year in which the relevant transaction took place.
For processing for purposes of establishing, exercising or defending legal claims and for proceedings before public authorities (including courts) please refer to Clause 13.
We will process your data listed below for processing your booking and for registration in connection with your visit to the zoo and/or restaurant. Processing will occur on a (pre-)contractual basis (Article 6(1)(b) GDPR), namely to handle the booking and registration of your visit.
If you book an event with us, we will process your personal data on a (pre-)contractual basis (Article 6(1)(b) GDPR), namely for the purposes of starting, maintaining and handling the business relationship. The following categories of data will be processed in connection with our business relationship for the above-mentioned purposes, unless you represent a legal entity or other person having a legal personality:
If you book tickets for a Kultur und Me(e)hr event, please refer to Clause 5.
In order to perform the contract we will process your data until performance of the contract by both parties. Data regarding card payments will be stored by us for ten (10) days.
We will process your data for our bookkeeping to fulfil our business-law and tax-law obligations to safeguard our legitimate interest in fulfilling our bookkeeping requirements defined in Section 190 UGB (Article 6(1)(f) GDPR) and the duty to file VAT returns. For reasons of business law (Section 212 UGB) and tax law (Section 132 BAO) we retain our bookkeeping records for seven (7) years from the end of the financial year in which the relevant transaction took place.
For processing for purposes of establishing, exercising or defending legal claims and for proceedings before public authorities (including courts) please refer to Clause 13.
If you participate in one of our prize draws, we will process your data listed below for handling the prize draw and relating correspondence. Processing will occur on a (pre-)contractual basis (Article 6(1)(b) GDPR), namely to handle the prize draw and awarding the prize.
We will process your above-mentioned data until conclusion of the prize draw. If you have won, we will process your data until the prize has been awarded. For the option of a longer processing period for purposes of establishing, exercising or defending legal claims and for proceedings before public authorities (including courts) in the case that you win please refer to Clause 13.
Upon your consent (for the purposes of Article 6(1)(a) GDPR) we will process your data stated below to periodically inform you through a newsletter via Brevo and about upcoming events.
For analysing the newsletters sent, the following data about you will be collected and processed when you read the newsletter:
If you do not wish to provide those details, please do not subscribe to the newsletter. You may unsubscribe from the newsletter at any time by sending an email using the subject "Unsubscribe Newsletter" to the mailbox office@haus-des-meeres.at or by clicking on the relevant link contained in every newsletter sent and thus withdraw your consent.
Upon your consent (as defined in Article 6(1)(a) GDPR) we will process photos and videos, including publication of the same on the website and via social media channels and print media, in particular for public relations, to raise the awareness of Haus des Meeres.
Provision of the data listed above is neither prescribed by law or contract nor required for concluding a contract. You are under no obligation to provide this data. Where we process your data based on your consent, you have the right to withdraw your consent at any time by sending an email to office@haus-des-meeres.at or a letter to Fritz-Grünbaum-Platz 1, 1060 Vienna. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal (Article 7(3) GDPR).
We will process the above-mentioned data until you withdraw your consent.
We expressly point out that on the conditions of Section 174(4) TKG we may be authorised to send you the newsletter even without your prior express consent (see Clause 11). Any withdrawal of your consent to receipt of the newsletter described herein will also be considered by us as withdrawal for the purposes of Section 174(4) TKG.
For the option of a longer processing period for purposes of establishing, exercising or defending legal claims and for proceedings before public authorities (including courts) please refer to Clause 13.
We process our customers' data for purposes of electronic direct marketing by way of emails (sending newsletters about our own similar products/services, satisfaction surveys, congratulation letters, statistical analyses).
The following data will be processed for direct marketing by email:
We would like to expressly inform you that you may object to processing of your data for the purposes of electronic direct marketing at the time we collect your electronic contact details and with any transmission by email to office@haus-des-meeres.at or sending a letter to Fritz-Grünbaum-Platz 1, 1060 Vienna.
We will process your data for the purpose of direct marketing pursuant to Section 174(4) TKG only until you object to such data processing. If you do not object, we will process your data for that purpose for three (3) years from the last contact. Retention of your data for the purpose of future direct marketing serves the purpose of safeguarding our legitimate interest in keeping records of contacts for sending direct marketing emails (Article 6(1)(f) GDPR).
For the option of a longer processing period for purposes of establishing, exercising or defending legal claims and for proceedings before public authorities (including courts) please refer to Clause 13.
For the purposes of protecting ourselves (protection of property and staff) and complying with our responsibilities (discharge of the duty to maintain safety, contractual liability vis-à-vis visitors, etc.) and for the purposes of preventing, containing and clearing up criminal conduct we will process your data in connection with CCTV surveillance. The legal basis of processing is our legitimate interests in protecting ourselves and complying with our responsibilities (Article 6(1)(f) GDPR, Article 10 GDPR in conjunction with Section 4(3) No. 2 of the Austrian Data Protection Act [Datenschutzgesetz/DSG]. Data will be analysed exclusively in cases defined by the purpose. The following categories of data will be processed for that purpose:
CCTV surveillance data will be stored for 72 hours and then erased. For the option of a longer processing period for purposes of establishing, exercising or defending legal claims and for proceedings before public authorities (including courts) please refer to Clause 13.
Where applicable, we may process data also for the purposes of establishing, exercising or defending legal claims or handling proceedings before public authorities (including courts) on the basis of our legitimate interest (Article 6(1)(f) GDPR). Our legitimate interest lies in enforcing existing claims and defending non-existing claims and handling proceedings before public authorities (including courts) to protect our legal position.
For establishing, exercising or defending legal claims and for handling proceedings before public authorities (including courts) we will process all data categories that are necessary for that purpose. Potentially they are all categories of data of you which we already process for other purposes.
We will process data that is required to establish, exercise or defend legal claims for that purpose even up to 30 years after termination of the business relationship.
If data subjects claim rights under the GDPR (for details see Clause 17), we will store the relevant data for three (3) years from the last contact in connection with claiming of rights by a data subject.
In the case of proceedings before public authorities or the courts we will store your data for the duration of the proceedings and, depending on the subject matter and outcome of the proceedings, in addition for 30 years from final/non-appealable conclusion of the same.
For the above purposes we are required to disclose your data to the following recipients for the following purposes. Such disclosure may occur by way of transmission, transfer, dissemination or any other form of provision. The recipients:
Recipient | Data categories | Purpose | Legal basis |
---|---|---|---|
incert eTourismus GmbH & Co KG |
All data as per Clauses 3, 4, 5, 7, 8, 10, 11 |
Ensuring the availability, security and efficiency of our online shop |
No legal basis necessary due to the data processing agreement |
Amepheas AG |
All data as per Clause 5 |
Ticket administration |
No legal basis necessary due to the data processing agreement |
Techtime GmbH |
All data categories |
Support and remote maintenance of our IT |
No legal basis necessary due to the data processing agreement |
PAYONE GmbH |
Card payment data |
Card payment management |
Contractual basis (Article 6(1)(b) GDPR): payment processing upon request |
Lawyers and tax advisors |
All data categories |
Evaluation and bringing about compliance with legal obligations |
Legitimate interests (Article 6(1)(f) GDPR): compliance with the legal obligations to which we are subject |
Public authorities (including courts) |
All data categories |
Handling proceedings and legal disputes |
Legal obligations (Article 6(1)(c) GDPR); |
Recipient | incert eTourismus GmbH & Co KG |
---|---|
Data categories | All data as per Clauses 3, 4, 5, 7, 8, 10, 11 |
Purpose | Ensuring the availability, security and efficiency of our online shop |
Legal basis | No legal basis necessary due to the data processing agreement |
Recipient | Amepheas AG |
Data categories | All data as per Clause 5 |
Purpose | Ticket administration |
Legal basis | No legal basis necessary due to the data processing agreement |
Recipient | Techtime GmbH |
Data categories | All data categories |
Purpose | Support and remote maintenance of our IT |
Legal basis | No legal basis necessary due to the data processing agreement |
Recipient | PAYONE GmbH |
Data categories | Card payment data |
Purpose | Card payment management |
Legal basis | Contractual basis (Article 6(1)(b) GDPR): payment processing upon request |
Recipient | Lawyers and tax advisors |
Data categories | All data categories |
Purpose | Evaluation and bringing about compliance with legal obligations |
Legal basis | Legitimate interests (Article 6(1)(f) GDPR): compliance with the legal obligations to which we are subject |
Recipient | Public authorities (including courts) |
Data categories | All data categories |
Purpose | Handling proceedings and legal disputes |
Legal basis | Legal obligations (Article 6(1)(c) GDPR); |
Cookies are text files stored on your computer or mobile terminal device, independent of whether they concern personal data or not. They serve the purpose of recognising the website user and storing temporary information. Without your consent we will exclusively use cookies that are essential for displaying the website. We will use non-essential cookies for other purposes only upon your consent.
To enable interaction with us via our website it is necessary to store the cookies listed in the table below on your terminal device (e.g. computer, mobile phone or tablet) for the duration and for the purposes stated in the table and to read out such data. Cookies will be stored on your terminal device on the legal basis of Section 165(3) TKG for the purpose of displaying the website as it is a service expressly requested by you as defined in Section 165(3) TKG.
The following essential cookies are used on our website:
Description | Recipient | Data categories | Purpose | Legal basis for transfers to third countries | Storage period |
---|---|---|---|---|---|
data_privacy_settings |
Haus des Meeres Betriebs GmbH |
IP address, dwell time |
Storage of cookie and data privacy settings |
Not necessary because the recipient is situated within the EEA. |
One year |
Description | data_privacy_settings |
---|---|
Recipient | Haus des Meeres Betriebs GmbH |
Data categories | IP address, dwell time |
Purpose | Storage of cookie and data privacy settings |
Legal basis for transfers to third countries | Not necessary because the recipient is situated within the EEA. |
Storage period | One year |
Provision of the data listed in the table is neither prescribed by law or contract nor required for concluding a contract. You are under no obligation to provide this data. If you do not consent to these cookies being set or read out, we will not be able to display the website to you.
Non-essential cookies will be stored based on your voluntary consent, which you may give via the cookie banner, and then used accordingly.
They allow us, for example, to merge your "browsing behaviour" beyond the limits of our website with data from other websites. Thus, we will be able to offer you products and services tailored to your needs. You may object to such data processing at any time with effect for the future.
We also use cookies which may be set or read out by recipients of data. In that case those recipients will receive your data. For the relevant details please see the table on non-essential cookies further below.
Storage and use of the non-essential cookies described in the table below will exclusively be effected on the basis of your consent pursuant to Section 165 TKG 2021 in conjunction with Article 6(1)(a) GDPR.
You may withdraw your consent at any time. You may do so by changing the cookie settings (by refusing all non-essential cookies) of the website www.haus-des-meeres.at by clicking on the "Cookie Settings" menu item in the footer.
You may also contact us by phone on +43 1 587 14 17, by email office@haus-des-meeres.at or by letter to Fritz-Grünbaum-Platz 1, 1060 Vienna. If you contact us by phone or letter, we will unfortunately not be able to fully comply with your withdrawal of consent remotely for technical reasons because removal of cookies that have been set before may, for example, concern a configuration which is only possible via access to your device. We are happy to provide you with detailed instructions on how to remove set cookies. However, due to withdrawal of your consent we will in any case erase all data in our sphere of control which we have processed on the basis of your consent and refrain from any future data processing for which your consent would be required.
Withdrawal of your consent shall not affect the lawfulness of processing based on consent before its withdrawal (Article 7(3) GDPR).
The following non-essential cookies will be used on our website only upon your consent:
Description | Recipient | Data categories | Purpose | Legal basis for transfers to third countries | Storage period |
---|---|---|---|---|---|
Google Tag Manager |
Google Ireland Ltd. (Irland); Google LLC (USA) |
IP address, dwell time, origin of visitors |
Interactions on the website will be collected and forwarded to the linked tools. Tag Manager analysis is not possible. |
Adequacy decision of the European Commission: The recipient is certified under the EU-U.S. Data Protection Framework. |
One year |
Google Maps |
Google Ireland Ltd. (Ireland); Google LLC (USA) |
IP address, dwell time, origin of visitors |
Embedding of the map |
Adequacy decision of the European Commission: The recipient is certified under the EU-U.S. Data Protection Framework. |
One year |
YouTube (Google) |
Google Ireland Ltd. (Ireland); Google LLC (USA) |
IP address, retrieved website, dwell time |
Embedding of videos via YouTube |
Adequacy decision of the European Commission: The recipient is certified under the EU-U.S. Data Protection Framework. |
|
Clicky |
Roxr Software, Ltd (USA) |
IP address, date, time, retrieved site, browser information, data regarding website use and click logging |
Analysis of user behaviour and optimisation of the website |
Adequacy decision of the European Commission: The recipient is certified under the EU-U.S. Data Protection Framework. |
One year |
Description | Google Tag Manager |
---|---|
Recipient | Google Ireland Ltd. (Irland); Google LLC (USA) |
Data categories | IP address, dwell time, origin of visitors |
Purpose | Interactions on the website will be collected and forwarded to the linked tools. Tag Manager analysis is not possible. |
Legal basis for transfers to third countries | Adequacy decision of the European Commission: The recipient is certified under the EU-U.S. Data Protection Framework. |
Storage period | One year |
Description | Google Maps |
Recipient | Google Ireland Ltd. (Ireland); Google LLC (USA) |
Data categories | IP address, dwell time, origin of visitors |
Purpose | Embedding of the map |
Legal basis for transfers to third countries | Adequacy decision of the European Commission: The recipient is certified under the EU-U.S. Data Protection Framework. |
Storage period | One year |
Description | YouTube (Google) |
Recipient | Google Ireland Ltd. (Ireland); Google LLC (USA) |
Data categories | IP address, retrieved website, dwell time |
Purpose | Embedding of videos via YouTube |
Legal basis for transfers to third countries | Adequacy decision of the European Commission: The recipient is certified under the EU-U.S. Data Protection Framework. |
Storage period | |
Description | Clicky |
Recipient | Roxr Software, Ltd (USA) |
Data categories | IP address, date, time, retrieved site, browser information, data regarding website use and click logging |
Purpose | Analysis of user behaviour and optimisation of the website |
Legal basis for transfers to third countries | Adequacy decision of the European Commission: The recipient is certified under the EU-U.S. Data Protection Framework. |
Storage period | One year |
Provision of the data listed above is neither prescribed by law or contract nor required for concluding a contract. You are under no obligation to provide this data.
We would like to inform you that no data processing as defined in Article 22 GDPR will take place. This means: we will make no decisions based on exclusively automated processing (including profiling) that would become legally effective vis-à-vis you or would significantly affect you detrimentally in a similar way; any decision having such an effect will be made by a natural person.
We would like to inform you that you have the right
You may claim any of the above rights either by sending an email to office@haus-des-meeres.at or a letter to Fritz-Grünbaum-Platz 1, 1060 Vienna.
Where we process your data based on your consent, you have the right to withdraw your consent at any time by sending an email to office@haus-des-meeres.at or a letter to Fritz-Grünbaum-Platz 1, 1060 Vienna. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal (Article 7(3) GDPR).
If despite our obligation to lawfully process your data you should unexpectedly be of the opinion that your personal data is not being lawfully processed, please contact us by letter or email (see the contact details below) to let us know your concerns for us to address the same. You may also lodge a complaint with the Austrian Data Protection Authority or another data protection regulator within the EU, in particular at your place of residence or work.
We hope that this information provides clarity as to the way in which and the purposes for which we will process your personal data. If you have any questions on the processing of your personal data, please contact us by sending an email to office@haus-des-meeres.at or a letter to Fritz-Grünbaum-Platz 1, 1060 Vienna.
Haus des Meeres Betriebs GmbH
Fritz-Grünbaum-Platz 1
1060 Vienna
Phone: +43 1 587 14 17 (you can reach us Monday to Friday from 9 a.m. to 4 p.m.)
office@haus-des-meeres.at
www.haus-des-meeres.at
VAT number: ATU 63511603