Privacy policy

Updated:  27-6-2024

The protection of  personal data is very important to us, so we would like to list here all the information about the processing and storage of your data when you visit our website and in our companies in general.

To be able to use all the functions and services of our site, it is necessary to collect your personal data. However, the processing and storage is only carried out in accordance with the legal guidelines and requirements of the General Data Protection Regulation (GDPR) and the Austrian Telecommunications Act (TKG 2021).

JOINT CONTROLLERS

Stift Klosterneuburg, Stiftsplatz 1, 3400 Klosterneuburg jointly responsible for processing within the meaning of Article 26 GDPR with

1. Winery Stift Klosterneuburg GmbH, FN 124327i, Stiftsplatz 1, 3400 Klosterneuburg
2. Stiftskellerei Klosterneuburg GmbH, FN 382298d, Stiftsplatz 1, 3400 Klosterneuburg
3. “Hofkirchner” Weinvertriebs GmbH, FN 128655z, Rathausplatz 20, 3400 Klosterneuburg
4. A home for street children Social project Stift Klosterneuburg, ZVR number149159583, Stiftsplatz 1,3400 Klosterneuburg

You can find more information in the imprint.

All companies can be reached at
Tel.: +43 2243 411 – 0
E-mail: info@stift-klosterneuburg.at

Within the meaning of Article 26 of the GDPR, the above-mentioned controllers jointly determine the purposes of and the means for processing personal data.

Stift Klosterneuburg, Stiftsplatz 1, 3400 Klosterneuburg, as the parent company, also fulfils all obligations under the GDPR for the above-mentioned subsidiaries, in particular with regard to the exercise of the rights of the data subject and complies with the information obligations under Articles 13 and 14.

Pursuant to Article 26(3) GDPR, regardless of the internal organization between the joint controllers, data subjects may exercise their rights under the GDPR with and against each of the controllers.

All employees are obliged to maintain confidentiality and to handle your data properly and to enter it correctly into our data processing systems.

DATA PROTECTION OFFICER

Data Protection Officer: Mag.^a iur. Elisa Drescher
E-mail: datenschutz@stift-klosterneuburg.at

COLLECTION AND PROCESSING OF PERSONAL DATA ON THIS WEBSITE

Note: To protect your data as comprehensively as possible from unwanted access, we take so-called technical and organizational measures and use an encryption process on our website. Your data is transmitted over the Internet from your computer to our computer and vice versa using so-called TLS encryption. TLS means “Transport Layer Security” and is an encryption protocol for data transmission on the Internet. You can usually recognize “TLS” by the fact that the lock symbol in the status bar of your browser is closed and the address begins with https://.

1. COLLECTION OF ACCESS AND LOG DATA

This website automatically collects and stores server log file information that your browser sends to us.

These are

• IP address of the user,
• Date and time of access,
• Type of request,
• Customer information such as type and version,
• Operating system of the user (device, OS version of the device),
• Referrer information (i.e. the source of the access)

The legal basis for this data processing is the legitimate interest according to Art. 6 para. 1 lit. f) GDPR. The legitimate interest is based on being able to identify indications of illegal use of our website (e.g. defense against hacker attacks) and to ensure a smooth connection.

We have concluded an order processing contract with the provider of this website, digimagical GmbH, based in Austria, in accordance with Art. 28 GDPR. This is a contract required by data protection law, which ensures that digimagical GmbH only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR. In addition, we have concluded an order processing contract with medani GmbH based in Austria in accordance with Art. 28 GDPR.

The collected data is stored in server log files, which your browser automatically transmits to us in encrypted form. We only save the server log files in the event of attacks on our server infrastructure or other legal violations. This longer storage period is based on our legitimate interest according to Art. 6 para. 1 lit. f) GDPR and only serves to preserve evidence.

2. ENQUIRIES VIA THE CONTACT FORM, E-MAIL, AND TELEPHONE

Any personal information that you provide to us on a voluntary basis will of course be treated confidentially. We use the personal data you provide exclusively to process and respond to your enquiry. The legal basis for data processing is our legitimate interest according to Art. 6 Para. 1 lit. f) GDPR. This results from our interest in answering enquiries from our customers, business partners and interested parties and in promoting or maintaining customer satisfaction. Another legal basis for natural persons is the initiation or fulfilment of a contract according to Art. 6 Para. 1 lit. b) GDPR.

All personal data that you transmit to us with your enquiry will be deleted or anonymized by us no later than 2 years after the final reply to you, unless a contract is concluded. The retention period of 2 years is because it may occasionally happen that you contact us again about the same matter after a reply and refer to the previous correspondence. Experience has shown that after 2 years no further queries follow our replies.

3. REGISTRATION FOR THE “WILLKOMMEN IM STIFT” AND “AUSSTICH” WINERY NEWSPAPERS

You can subscribe via our website either to our abbey newspaper “Willkommen im Stift” or to the newspaper of the winery “Ausstich”. The Chorherrenstift Klosterneuburg is responsible for sending out the abbey newspaper and the Weingut Stift Klosterneuburg GmbH is responsible for the newspaper “Ausstich”. Dispatch is free of charge. We have noted the successful registration in our customer database for verification purposes.

When registering, it is mandatory to provide your first and last name, your address (street, postcode, city, country). You can enter your e-mail address and telephone number voluntarily. Your data will only be passed on to the contracted printing company for dispatch. We have concluded a contract with the printing company in accordance with Art. 28 GDPR.

The legal basis for sending the newspapers is the legitimate interest according to Art. 6 para. 1 lit. f) GDPR. The legitimate interest is direct advertising.

You can object to the data processing at any time in accordance with Art. 21 GDPR.

4. SENDING NEWSLETTERS

On our website you can subscribe to various newsletters. The Chorherrenstift Klosterneuburg is responsible for sending the newsletter. If you select “Wine”, the Weingut Stift Klosterneuburg GmbH is the responsible party within the meaning of the GDPR. We send out a newsletter a maximum of once a month.

Our newsletters contain information about the abbey and its cultural offerings. The newsletter of Weingut Stift Klosterneuburg GmbH also contains information on offers or promotions. When you subscribe to the newsletter, we collect and store the data you enter in the input mask. You are only required to enter your e-mail address. All other details, such as title, first name, surname, are provided on a voluntary basis. After sending the registration form, you will receive an e-mail from us with a confirmation link. As soon as you click on the link contained therein, you give us your consent to receive our newsletter and have successfully registered for it. You will be informed of this by a further e-mail. You also give us your consent to process your e-mail address and, if applicable, your other data. This ensures that no third party or unauthorised person registers for our newsletter (compliance with the double opt-in procedure).

You can stop receiving the newsletter at any time by clicking on the “Unsubscribe” link at the end of each newsletter. If you revoke your consent, your data will be deleted immediately, and we will store the proof of revocation for a further three years so that we can fulfil our accountability obligation in accordance with Art. 5 para. 2) GDPR. This storage is based on our legitimate interest according to Art. 6 para. 1 lit. f) GDPR. The legal basis for the confirmation email is our legitimate interest according to Art. 6 para. 1 lit. f) GDPR, which is based on being able to prove that you have given your consent. The duty of proof for the responsible party is set out in Art. 5 para. 2) GDPR.

The legal basis for sending the newsletter is your consent in accordance with Art. 6 Para. 1 lit. a) GDPR and § 174 Para. 3 TKG 2021.

We exclude the transfer of data to third parties. The newsletter is sent by our processor CampaignMonitor by the company Iris Holdings L.P./Marigold based in the USA and agencylife innovative GmbH based in Vienna, Austria. An adequacy decision exists for the USA. The transfer of data to the USA is based on the standard contractual clauses.

Newsletter of the Stiftsmusik

The Stiftsmusik newsletter is sent by the processor Brevo of the company sendinblue GmbH based in Germany. We have concluded a contract for order processing in accordance with Art. 28 GDPR. Furthermore, sendinblue GmbH may pass on personal data to subcontractors (assets.brevo.com and sibforms.com) in order to fulfill its services. If transfers are made to third countries without an adequacy decision, these are covered by standard contractual clauses concluded by sendinblue GmbH.

Measuring the success of newsletters

The success of newsletters is measured using a so-called “web beacon”, a small file that sends information to the server when the newsletter is opened. Technical data such as browser type, system information, IP address and retrieval time are recorded. This data helps to technically improve the service and to analyze the reading behavior of the target group, for example based on access times.

Statistics also record whether and when newsletters are opened and whether and which links were clicked on. Although this information can technically be assigned to individual recipients, it is neither our aim nor that of the mailing service provider to observe individual users. Instead, these evaluations are used to tailor the content to the reading habits of the users and to send different content depending on their interests.

A separate revocation of the performance measurement is not possible; if you do not agree, the entire newsletter subscription must be canceled.

5. VISITOR SURVEY

If you participate in our visitor survey, this is done on a purely voluntary basis. In these anonymous surveys, no information is stored that allows conclusions to be drawn about participants in the surveys. You can use free text fields to specify your information. When using the free text fields, please refrain from providing us with personal data about yourself or other persons. Any personal information you provide in surveys is considered voluntarily provided and will be stored in accordance with the GDPR.

The legal basis for participation in surveys is your consent in accordance with Art. 6 Para. 1 lit. a) GDPR. If you have given further consent in the context of a survey, you have the option of revoking this consent at any time with effect for the future. In these cases, more details are regulated in the special data protection principles of the respective survey.

The results of our surveys are only used for internal evaluations. We do not pass on personal data to third parties unless you have expressly consented to this. We use the services of Kondeor GmbH, based in Eugendorf (Austria), to evaluate the anonymous survey data.

The storage period of any personal data collected in the context of customer surveys will be communicated in advance in the context of the specific customer survey.

6. ORGANISING COMPETIONS

You can participate in competitions on our website, via our newsletter or through other means. Unless otherwise stipulated in the respective competition or you have given us further express consent, the personal data you pass on to us as part of your participation in the competition will be used exclusively for the purpose of processing the competition (e.g. determining the winner, notifying the winner, sending the prize).

The legal basis for data processing in the context of sweepstakes is the fulfilment of the contract pursuant to Art. 6 para. 1) lit. b) GDPR. In the event of the submission of a declaration of consent in the context of a competition, Art. 6 para. 1) a) GDPR is the legal basis for the data processing based on the consent. If you have given your consent in the context of a competition, you have the option of revoking this consent at any time with effect for the future.

The information will only be passed on to third parties if this is necessary for the processing of the competition (e.g. sending the prize via a logistics company).

After the end of the competition and the announcement of the winners, the personal data of the participants will be deleted. If prizes in kind are offered, we store personal data of the winners for the duration of the respective statutory warranty period to arrange for rectification or replacement in the event of a defect.

7. USE OF WEB ANALYTICS TOOLS AND COOKIES

We use cookies to facilitate and improve the use of our website. Cookies are small pieces of text information that can be stored on your computer or smartphone via the browser when you visit a website. This is used to recognize the website visitor. Cookies can also provide us with information about how you use our website so that we can continually improve the design of the website.

Cookies themselves do not contain any personal data about users, they only serve to uniquely identify what our customers find interesting and useful on our website. We also use “web beacons” (small graphic images, also known as “pixel tags” or “clear GIFs”) on our website. They are used together with cookies to track general user behavior on the website.

The legal basis for the processing of personal data using cookies and other technologies is your consent pursuant to Art. 6 para. 1) lit. a) GDPR, which you give us via the so-called “Consent Banner” as soon as you access our website for the first time.

We use cookies for the following purposes:

• Technically necessary: These are cookies and similar methods without which you cannot use our services, for example to display our website correctly or to use functions you have requested.
• Comfort: These techniques allow us to consider your actual or presumed preferences for the comfortable use of our website. For example, we may display our website in a language that suits you based on your preferences.
• Statistics: These techniques allow us to compile anonymous statistics on the use of our services. This allows us to determine, for example, how we can better adapt our website to the habits of our users.
• Marketing: This enables us to show you advertising content tailored to you based on the analysis of your usage behavior. Your usage behavior can also be tracked across different websites, browsers or end devices using a user ID (unique identifier).

The data processed by necessary cookies are required for the purposes listed below to protect our legitimate interests and those of third parties in accordance with Art. 6 para. 1 lit. f) GDPR.

Any use of cookies that is not absolutely technically necessary constitutes data processing that is only permitted with your explicit and active consent pursuant to Art. 6 para. 1)lit.  a) GDPR. Via our so-called “Cookie Consent Tool”, you can set yourself which cookie categories you wish to consent to when visiting our website.

We may use specialized service providers, in particular from the online marketing sector, as part of data processing (using cookies and similar techniques to process usage data). These process your data on our behalf as processors, are carefully selected in each case and are contractually bound in accordance with Article 28 GDPR. All of the above providers act as processors for us.

Consent Management via Borlabs 

We use the cookie consent technology of Borlabs Cookies to obtain your consent under data protection law for the storage of certain cookies on your end device or for the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is Borlabs – Benjamin A. Bornschein (“Borlabs”) with its registered office in Germany.

Borlabs sets a technically necessary cookie to store your data protection consents. The following information is stored in the Borlabs cookie:

• Cookie Runtime
• Cookie version
• Domain and path of the website
• Consents
• UID (randomly generated ID, which according to Borlabs is not personally identifiable)

No data is transferred to Borlabs.

Borlabs is used to obtain the legally required consent for the use of cookies. The legal basis for this is our legitimate interest according to Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the legally secure documentation and verifiability of consents (Art. 6 para. 1 lit. c) GDPR), for the fulfilment of our accountability according to Art. 5 para. 2 GDPR.

Use of Google Analytics 

This website uses Google Analytics if you give your consent within the meaning of Art. 6 para. 1) a) and Art. 49 para. 1) a) GDPR. This is a service provided by Google Ireland Limited (“Google”), a company incorporated and operated under the laws of Ireland (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC (USA) (“Google”).

Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of the use of the website by the user. The information acquired through the cookies about your usage behavior of this website is usually transferred to a Google server in the USA and stored there. The data processing is also essentially carried out by Google. An adequacy decision exists for the USA, so that the data transfer can take place without further measures. You can view Google’s certification here.

We have made the setting that your IP address is anonymized. The IP addresses are anonymized by Google, but within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator.

The anonymized IP address transmitted by your browser as part of Google Analytics is linked to other data about you, such as search history, personal accounts, usage data from other devices and any other data Google may have about you.

You can view the cookies that are set in connection with Google Analytics in the list above.

You can revoke your consent at any time by making the appropriate settings directly via our banner. The user and event data will be deleted after 14 months. The “Reset user data on new activity” function is enabled. This means that if you visit again before the retention period expires, your data will not be deleted.

Google Ads (Google Doubleclick)

We use Google Ads with your consent in accordance with Art. 6 para. 1)lit. a) GDPR in order to be able to show you advertisements on websites of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) and other third-party providers.

Our purpose is to show you advertising that is of interest to you and to make our website more interesting for you. With conversion tracking, we can determine how successful the individual advertising measures are. To do this, we use cookies that can be used to measure certain parameters for measuring reach, such as the display of ads or clicks by users. If users access our website via a Google ad, a cookie is stored by Google Ads on the corresponding end device. We only receive aggregated evaluations of user behavior, on the basis of which we can determine which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media.

You can find more information about cookies in the cookie list above.

For more information on the privacy of Google services, please visit: https://policies.google.com/privacy?hl=de

Google Consent Mode V2 Basic

We use Google Consent Mode V2, also known as consent mode, in basic mode. If you do not give your consent in accordance with Art. 6 para. 1 lit. a) GDPR via the cookie banner (so-called Consent Management Platform), no new cookies or similar technology will be set by our partners. If you give your consent, you can select these for specific individual purposes via the cookie banner. This means that Google products used on our website and integrated tags from third-party providers can only be processed to the desired extent. The consequence of not giving your consent is that you will receive less personalized content.

Google Tag Manager

We use the Google Tag Manager of the provider Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland.

Through Google Tag Manager, website tags are managed through one interface. This allows us as marketers to manage website tags through one interface. Tags are small sections of code that, for example, record (track) your activities on our website. The Google Tag Manager itself does not set cookies, but ensures that other tags are activated, which in turn may collect data, such as Google Analytics. Google Analytics itself sets cookies. You can find more information on this in the chapter “Web tracking measures”.

By implementing the Google Tag Manager, your IP address is transferred anonymously to Google. This may also result in data being transferred to Google servers in the USA. We have concluded an order processing contract with Google in accordance with Art. 28 GDPR.  An adequacy decision exists for the USA, so that the data transfer can take place without further measures. You can view Google’s certification here.

In the Tag Manager account settings, we have not allowed Google to receive anonymized data from us.

The storage period of the integrated tracking tools, such as Google Analytics, depends on the respective tool used, which is loaded via the Google Tag Manager.

Integration of YouTube Videos and Map Services

On our websites, we embed videos and map services that are not stored on our servers. To ensure that calling up our websites with embedded videos and maps does not automatically lead to content from the third-party provider being reloaded, we only display locally stored preview images of the maps in a first step. This does not provide the third-party provider with any information.

Only after clicking on the preview image or granting consent via the cookie consent banner will content from the third-party provider be reloaded. This provides the third-party provider with the information that you have accessed our site as well as the usage data technically required in this context. We have no influence on the further data processing by the third-party provider. By clicking on the preview image, you give us your consent to reload content from the third-party provider. The embedding is based on your consent pursuant to Art. 6 para. 1 lit. a) GDPR, provided that you have previously given your consent by clicking on the preview image. An adequacy decision exists for the USA, so that the data transfer can take place without further measures. You can view Google’s certification here.

Video service provider:

Google Ireland Limited/Google LLC (USA) (“YouTube” and “Google Maps”)

Revocation of consent

If you have clicked on a preview image, the content of the third-party provider will be reloaded immediately. If you do not want such reloading on other pages, please stop clicking on the thumbnails or revoke your consent for reloading via the cookie consent banner.

8. EMBEDDING FONTS – GOOGLE FONTS LOCAL

Our website uses Google Fonts for uniform display, which we have stored locally on our server. This means that no data is transmitted to Google Inc. servers in the USA.

9. SALE OF TICKETS FOR CONCERTS, GUIDED TOURS AND OTHER OFFERS OF THE ABBEY OF KLOSTERNEUBURG

We use the software solution “bookingkit” from the company bookingkit GmbH, based in Berlin, Germany, to sell and process bookings for tickets for concerts, guided tours and other offers from the monastery. For this purpose, we embed a booking mask on our website using bookingkit widgets. In addition, the following personal data is processed when the widget is called up IP address for identification when the contract is concluded, timestamp, login data. Content from bookingkit and Google Analytics is only reloaded after clicking on the preview image or giving consent via the cookie consent banner. As a result, the third-party providers receive the information that you have accessed our site and the usage data technically required in this context in accordance with Art. 6 para. 1 lit. b) GDPR. The cookies set in connection with the bookingkit widget and further information can be found under “7. USE OF WEB ANALYSIS TOOLS AND COOKIES”. The embedding of bookingkit is based on your consent in accordance with Art. 6 para. 1 lit. a) GDPR, provided that you have previously given your consent by clicking on the preview image or our cookie consent banner. You can change your cookie settings at any time.

Booking: We collect the following personal data as part of the booking process: Date and time of your booked offer, your first and last name and your e-mail address. The legal basis for this data processing is the fulfillment of the contract in accordance with Art. 6 para. 1 lit. b) GDPR. There is a contract with the service provider bookingkit GmbH for order processing in accordance with Art. 28 GDPR. If it is not possible to process bookings via bookingkit GmbH, we offer an alternative booking method.

Payment processing: You can select various payment methods such as Visa/Mastercard/instant bank transfer and Giropay. Payment processing is carried out by „STRIPE“ Processing via the payment provider is neither legally nor contractually required. Without the transmission of your personal data, we cannot process a payment via this payment provider. Further information on data processing in connection with the use of STRIPE can be found on the Stripe-website here.

Sale of tickets through resellers: We cooperate with selected resellers. If a purchase is made via resellers, we receive your name and information about the booked offer from bookingkit. We process your personal data exclusively in the context of verifying the granting of admission. The legal basis for data processing is the fulfillment of the contract in accordance with Art. 6 para. 1 lit. b) GDPR. Further information on data processing can be found in the reseller’s privacy policy.

Storage period: We store your data as part of the booking for the duration of the fulfillment of retention periods according to the Federal Fiscal Code.

10. ONLINE SHOP

Weingut Stift Klosterneuburg GmbH is responsible for the online shop.

To place orders via the online shop, you can either create a customer account or place an order as a guest.

Registration and creation of a user account: For the registration and creation of your user account, we collect your e-mail address, title, first name and surname as well as your birthday. You will receive a link to create a new password by e-mail. The legal basis for this data processing is Art. 6 para. 1 lit. b) GDPR. Your data is therefore processed for the purpose of fulfilling contractual obligations. The legal basis for requesting the date of birth is the fulfilment of legal obligations to be able to carry out age verification within the framework of the laws for the protection of minors. We process your date of birth exclusively for age verification purposes.

Ordering as a “guest”: When ordering as a guest, we only collect the data required to carry out the delivery. The legal basis for this data processing is Art. 6 para. 1 lit. b) GDPR, you provide this data as part of your contractual relationship.

Commissioned consignment of goods: If the delivery address differs from the billing address, personal data of persons who do not order directly in our shop may also be processed. Experience has shown that these orders often serve as gifts. We have received your address from a person who gives you our products as a gift. Your address data therefore does not come from publicly accessible sources (Art. 14 para. 2 lit. f) GDPR). The legal basis for this data processing is the fulfilment of the contract according to Art. 6 para. 1 lit. b) GDPR.

Processing your order: Before checkout (payment), you have the option of entering “Notes on the order” in a free text field. We request that you do not enter any personal data here. We collect your data for invoicing and for processing the shipment. The legal basis for this data processing is the fulfilment of the contract according to Art. 6 para. 1 lit. b) GDPR.

Payment options: You can pay by credit card (VISA, MasterCard), EPS or SOFORT banking (Klarna). You will be redirected to the website of the selected payment service provider. You can enter your payment details there and finally process the order. For this purpose, the specific payment amount is transmitted to the service provider used. You can find further information on the data processing carried out in the information texts on the input mask/website of the service providers. You will also find further contact information there. Payment processing takes place directly via the selected payment service provider.

Further information about PayPal: PayPal (PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449, Luxembourg. Data protection at PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

More information about Apple Pay: Apple Distribution International (Apple) based in Cork, Ireland. Data protection at Apple Pay: https://support.apple.com/de-de/HT203027

Further information about Mollie: Mollie B.V. with registered office at Keizersgracht 126, 1015CW Amsterdam, Netherlands. Data protection at Mollie B.V. https://www.mollie.com/at/privacy

The legal basis for this is Article 6(1)(b) GDPR, i.e. you provide us with the data on the basis of the contractual relationship between you and us.

Storage period: We store your data until your user account is deleted. This does not affect the fulfilment of retention obligations such as under the Federal Tax Code.

11. REGISTRATION FOR EVENTS

If you register for events via our website, we require the information marked as mandatory in the booking mask. This is regularly your name so that we can enter you on the guest list. If you come to our events with an accompanying person, we also collect the name of the accompanying person. Please make sure that you are authorized to enter the name.

The information you provide for the booking will be processed by us exclusively for the purpose of implementing the events. The legal basis for this data processing is the fulfilment of the contract according to Art. 6 para. 1 lit b) GDPR.

Your registration data will not be passed on to third parties. We store the data of participants of events, as far as necessary, for the duration of the legal storage obligations. After that and in all other cases, the data will be deleted.

12. INTEGRATION OF THE PODCAST

We use the podcast hosting service “Simplecast” from the provider Audios Ventures Inc. based in New York, USA. Podcasts that have already been published can be downloaded directly from “Simplecast” or transferred via “Simplecast” via our website. The integration of the “Simplecast” service is based on our legitimate interests according to Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the provision of the podcast as well as in the optimisation of our podcast offer through analyses. There is an order processing contract with “Simplecast” in accordance with Art. 28 GDPR. The transfer of data to the USA takes place on the basis of standard contractual clauses. Further information and objection options can be found in the Simplecast privacy policy: https://simplecast.com/privacy/ 

13. PROCESSING OPERATIONS IN CONNECTION WITH THE EXERCISE OF DATA PROTECTION RIGHTS

Insofar as your data has been provided on the basis of consent pursuant to Art. 6 para. 1) a), Art. 9 para. 2)lit. a) or Art. 49 para. 1) lit. a) GDPR, we will process your data exclusively for the intended purpose and after separate information to be able to prove, within the scope of the accountability incumbent upon us pursuant to Art. 5 (2) GDPR, that you have consented to the data processing in question. If you withdraw your consent, your data will be deleted within the legally prescribed period – please note, however, that data that fall under the tax law or other retention obligations must be stored for at least seven years and, if necessary, extended by the duration of proceedings by the (tax) authority. The legal basis for data processing is Art. 6 para. 1 lit. c) GDPR.

Insofar as you assert data subject rights against us pursuant to Art. 15 to 21 of the GDPR, we also process and store your data in order to be able to prove within the scope of accountability pursuant to Art. 5 (2) of the GDPR that we have complied with the GDPR when processing your request. The legal basis for this processing is Article 6 (1) (c) of the GDPR in conjunction with the asserted data subject right(s).

14. DATA PROCESSING IN THE CONTEXT OF APPLICATION PROCEDURES OF THE ABBEY KLOSTERNEUBURG

The responsible body within Klosterneuburg Abbey is the company advertising the vacancy. Further information below under joint responsibility according to Art. 26 GDPR.

In order to receive and manage the application and thus for the purpose of (possibly) establishing an employment relationship, you can send us your application documents by e-mail. The legal basis for this data processing is Art. 6 para. 1 lit. b) GDPR. Within the scope of the application process, we only collect the data from you that is required to establish the employment relationship with us.

Within our company, only those people who are involved in the decision-making process will have access to your personal data.

In the event of a successful application, your personal data will be stored for the duration of your employment relationship. In addition, after its termination, your tax-relevant data will be archived within the framework of the statutory retention periods. In the event of an unsuccessful application, your personal data will be deleted 7 months after the rejection.

We are happy to keep your application documents on file at your request and ask you to give us your express consent in writing. By doing so, you give us your voluntary consent to continue to store your applicant data and to be able to consider and contact you for future vacancies. In this case, we will store your data for a maximum of 1.5 years from the date of your consent or until you withdraw your consent. Your data will be deleted automatically after 1.5 years.

If you have been recommended via the “Employees recruit employees” program, we will process your first and last name and your date of joining in order to settle the advertising bonus with the employee who recommended you. The legal basis for this is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The legitimate interest in this processing lies in the fulfillment of the contract with the referring employee, the implementation of the “Employees recruit employees” program and the increase in the potential pool of applicants and the level of awareness of us as an employer for a variety of job opportunities.

15. JOINT RESPONSIBILITY (Art. 26 GDPR)

Klosterneuburg Abbey works together with other companies of Klosterneuburg Abbey within the framework of joint controllership. It is jointly determined how and why personal data is processed.

Klosterneuburg Abbey is jointly responsible with the following companies for the processing of personal data in connection with the decision to establish the employment relationship:

• Stift Klosterneuburg Holding GmbH,
• Weingut Stift Klosterneuburg GmbH,
• Stiftskellerei Klosterneuburg GmbH, or
• “Hofkirchner” WeinvertriebsGmbH

Since Klosterneuburg Abbey and the aforementioned companies under a. to d. are each responsible for the process and carry it out jointly, they are jointly responsible for the protection of your personal data (Art. 26 GDPR).

As part of the joint responsibility, the aforementioned companies have agreed who fulfills which obligations under the GDPR. This applies in particular to the fulfillment of the rights of the data subjects and the information obligations pursuant to Art. 13 and 14 GDPR. Even if there is joint responsibility, the parties fulfill the data protection obligations in accordance with their respective responsibilities for the individual process stages as follows:

Process section of data processing/obligation	Fulfillment of obligations through
Determination of purposes and means	all
Information obligations pursuant to Art. 13, 14 in conjunction with. Art. 26 para. 2 sentence 2 GDPR	Klosterneuburg Abbey and the respective employer
Collection, storage, transmission, use, modification, blocking, deletion	all
Fulfillment of the rights of data subjects (Art. 15 to 21 GDPR)	all
Determination of technical and organizational measures in accordance with Art. 24, 25 and 32 GDPR	all
Commissioning of processors in accordance with Art. 28 GDPR	all
Notification of data protection incidents in accordance with Art. 33 f. GDPR	all
Carrying out the data protection impact assessment, if necessary (Art. 35 f. GDPR)	all

Datenschutzrechte können bei allen beteiligten Gesellschaften geltend gemacht werden.

16. OPERATING SOCIAL MEDIA PRESENCES 

Klosterneuburg Abbey maintains the following social media presences:

Weingut Stift Klosterneuburg GmbH maintains the following social media presences:

Instagram and Facebook are products of Meta Platforms Inc (formerly Facebook Inc): facebook.com/help/1561485474074139/? helpref=related

DATA PROCESSING BY US

a. Maintenance of the above-mentioned social media pages and placement of ads

The personal data entered on social media sites, such as comments, videos, pictures, likes, public messages, etc. are published by the respective social media platform. We reserve the right to delete content should this be necessary. Where appropriate, we share content on our site and contact you via the social media platform, for example via the messengers offered. In addition, we regularly place advertisements (“ads”) via our social media pages. The legal basis for this data processing is the legitimate interest according to Art. 6 para. 1 lit. f) GDPR, which is in the interest of our public relations and communication.

b. Page Insights

The social media platforms provide anonymised statistics and insights that help us gain knowledge about the types of actions people take on our site (called “page insights”). These page insights are created based on certain information about people who have visited our site.

The legal basis for this data processing is our legitimate interest according to Art. 6 para. 1 lit. f) GDPR, which is based on obtaining information about the actions as well as visitors to our pages.

This processing of personal data is carried out by the social media platform and us as so-called joint controllers according to Art. 26 GDPR. In the event of joint responsibility, a separate agreement must be concluded.

LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum
Instagram and Facebook: https://www.facebook.com/legal/terms/page_controller_addendum 

If you wish to object to certain data processing over which we have control (e.g. deletion of comments), please contact us using the contact details above.

Note: The provision of your data is neither legally nor contractually required or necessary for the conclusion of a contract. You are not obliged to provide your personal data. The consequence of not providing it is that you will not be able to communicate or interact with us via our social media pages or participate in the competition. To contact us, please use the above-mentioned e-mail address.

DATA PROCESSING BY THE OPERATOR OF THE SOCIAL MEDIA PLATFORM:

In addition to us, there is also the operator of the social media platforms themselves. From a data protection point of view, this operator is also considered to be another responsible party that carries out its own data processing. This means that the operator is also a separate responsible entity according to the GDPR. However, we have only limited influence on the data processing by the operator. At the points where we can exert influence (e.g. through parameterisation), we work towards data protection-compliant handling by the operator of the social media platform within the scope of our possibilities. In many places, however, we cannot influence the data processing by the operator of the social media platform and also do not know exactly what data they process. The respective operator will inform you about the processing of personal data in its own data protection declaration:

 

In the context of platform use, your personal data is usually also processed by the respective platform operator on servers in third countries, in particular in the USA. Certain third countries are granted a so-called adequacy decision by the European Commission. This means that the legal situation for the protection of privacy in these countries is comparable with that in the EU or the EEA. More information about the current countries with adequacy decision can be found here. Meta Platforms Inc (Facebook, Instagram) and Google (YouTube) are certified in accordance with the adequacy decision for the USA, the Data Privacy Framework. In all other cases, we conclude so-called standard contractual clauses with the platform operators for the transfer of personal data to third countries.

Note: The operator of the social media platform uses web tracking methods. The web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already explained, we can unfortunately hardly influence the web tracking methods of the social media platform. For example, we cannot switch this off. Please be aware of this: It cannot be ruled out that the provider of the social media platform uses your profile and behavioural data, for example, to evaluate your habits or personal relationships and preferences, etc. We have no influence on the processing of your data by the provider of the social media platform.

17. DATA PROTECTION INFORMATION FOR PARTICIPATION IN THE ST. LEOPOLD PEACE PRIZE

The protection of personal data are of great importance in today’s world. With this data protection notice, we fulfil our duty to provide information in accordance with Art. 13 GDPR and provide you with transparent and comprehensive information about the processing of your data.

Controller: Stift Klosterneuburg, Stiftsplatz 1, 3400 Klosterneuburg, info@stift-klosterneuburg.at

Contact the Data Protection Officer: datenschutz@stift-klosterneuburg.at

Legal basis and data processing: You can apply to participate in the Leopold Peace Prize via a web form. You have the opportunity to receive financial support on the basis of the submission- and processing modalities. All data marked with * is required for the fulfilment of the call for applications. You can provide us with all other information voluntarily. Your data will also be transmitted to external jury members to determine the winners.

The legal basis for data processing is the fulfilment of the submission- and processing modalities in accordance with Art. 6 para. 1 lit. b) GDPR.

We store your data for 7 years to fulfil tax law requirements.

You have the right to information, data transfer, deletion, correction or restriction of processing as well as the right to lodge a complaint with the Austrian data protection supervisory authority (www.dsb.gv.at) at any time.  The consequence of not providing your data is that you will not be able to participate in the Peace Prize.

We do not use automated decision-making, including profiling.

18. DATA SUBJECTS’ RIGHTS

YOUR RIGHTS AS A DATA SUBJECT

In accordance with Art. 15 (1) GDPR, you have the right to request information free of charge about the personal data stored about you. Furthermore, if the legal requirements are met, you have the right to rectification (Art. 16 of the GDPR), deletion (Art. 17 of the GDPR) and restriction of processing (Art. 18 of the GDPR) of your personal data. If you have provided the processed data yourself, you have a right to data transfer according to Art. 20 GDPR.

If the data processing is based on Art. 6 para. 1) lit. e) or f) GDPR, you have the right to object pursuant to Art. 21 GDPR. If you object to data processing, this will not take place in the future unless the controller can demonstrate compelling legitimate grounds for further processing that outweigh the interest of the data subject in objecting.

If the data processing is based on consent pursuant to Art. 6 para. 1 lit. a), Art. 9 para. 2 lit. a) or Art. 49 para. 1 lit. a) GDPR, you can revoke your consent at any time with effect for the future without affecting the legality of the previous processing.

You also have the right to lodge a complaint with a data protection supervisory authority. In particular, the complaint may be lodged with a supervisory authority in the EU Member State of your place of residence, place of work or place of the alleged infringement.

Contact details of the competent data protection authority: Wickenburggasse 8, 1080 Vienna, dsb@dsb.gv.at

19. NO AUTOMATED DECISION MAKING

---

WEITERE DETAILBEREICHE DES DATENSCHUTZES

Datenschutzinformation der Immobilienverwaltung des Stiftes Klosterneuburg (German)

Datenschutzinformation für die Videoüberwachung nach Art. 13 Datenschutz-Grundverordnung (German)