Disclosure and legal notice under § 5 Austrian E-Commerce Act, § 14 Austrian Commercial Code (Unternehmensgesetzbuch), § 25 Austrian Media Act (Mediengesetz) and §63 Austrian Trade Act (Gewerbeordnung):
Non-profit company organising events dedicated to the LGBTIQ community
Object of the company: Organisation of events
VAT number: ATU71743768
Company register: FN 463534 v
Court of registry: Handelsgericht Wien (Commercial Court, Vienna)
Registered seat: Heumühlgasse 14/1, 1040 Vienna
Tel.: +43 660 243 40 06
Competent Chamber: Austrian Federal Economic Chamber (Wirtschaftskammer Österreich)
Applicable Rules: Austrian Trade Act: www.ris.bka.gv.at
Supervisory authority: Magistratisches Bezirksamt des IV. Bezirkes
Homosexuelle Initiative (HOSI) Wien 100%
Alternative Dispute Resolution
Information according to § 19 Abs 3 AStG: If we cannot resolve a dispute with customers, we have to inform them about the competent authority for alternative dispute resolution (hereinafter referred to as the AS office) on paper or another durable data carrier (e.g. e-mail). We also must state whether we will participate in such proceedings.
The AS offices designated for us:
- Internet Ombudsman – https://ombudsmann.at/
- Consumer Arbitration Service – https://www.verbraucherschlichtung.at/
We will not participate in such dispute resolutions.
We are constantly developing the content of this website and endeavour to provide correct and up-to-date information. Unfortunately, we cannot assume any liability for the correctness of all content on this website, especially for those provided by third parties. If you notice any problematic or illegal content, please contact us immediately.
Our website contains links to other websites. According to § 17 ECG we cannot be held responsible for the content of those websites. If you notice links to illegal content, please contact us immediately.
All contents of this website (pictures, graphics, photos, texts, videos) are subject to copyright. Commercial use is prohibited. With the exception of the images listed the use of the content for information purposes (advertising, media reports) about Vienna Pride and its individual events is permitted. If necessary, we will prosecute the unauthorized use of parts of the content of our site.
The use of the following images is prohibited. We will be happy to put you in touch with the copyright holders.
The protection and security of your data when browsing our website are of utmost importance to us. For this reason, we would like to take the opportunity to inform you which of your personal data are recorded when visiting our website and for which purposes these data are used.
Since legislative changes or changes to our internal processes can necessitate adaptions to this data protection declaration, we kindly ask you to consult it regularly.
§ 1 Responsible Body and Scope
The responsible body for the purpose of the General Data Protection Regulation (GDPR) and other national Data Protection Acts of member states as well as other statutory provisions regarding data protection laws is:
This data protection declaration applies to all websites of the Stonewall GmbH available under the domain viennapride.at (henceforth “our website” or “web presence”).
§ 2 Data Protection Supervisor and Contact Persons
Data protection supervisors authorised by the responsible body are:
In case rights of data subjects according to § 11 of this data protection declaration (e.g. right to information, right to erasure, etc.) are asserted, corresponding applications or requests must be sent to firstname.lastname@example.org or via mail to:
attn. Data Protection Supervisor
§ 3 What are Personal Data?
Personal data are particulars concerning personal or material characteristics of an identified or identifiable person (data subject). These include, for instance, information like your name, your address, your telephone number, your date of birth, and your e-mail address. Information that cannot be linked to you personally (or only under disproportionate effort), such as anonymised information, do not count as personal data.
§ 4 General Remarks on Data Processing
As a basic principle, we only collect and use personal data of our users to the extent that is necessary for providing operational websites as well as our content and services. We use your personal data to provide information and desired services, to answer your questions and operate and improve our website.
We will only collect and use personal data of our users on the grounds of appropriate legal basis in compliance with the GDPR, e.g. with the user’s consent. Further details regarding specific given declarations of consent can be found under § 5 of this data protection declaration under the respective processing operation.
There will be no other form of utilisation of your personal data. Your personal data will not be transferred to third parties and your data will not be utilised for promotional purposes without your consent, other than in the cases specified below, unless we are required to disclose any data pursuant to applicable law.
b) Legal Basis
Provided that we obtain a data subject’s consent for processing operations of personal data, Article 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) forms the legal basis for the processing of personal data. When processing personal data serves the performance of a contract whose contracting party is the data subject, Article 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for implementing pre-contractual measures. As far as the processing of personal data serves the performance of a legal obligation to which the Stonewall GmbH is subject, Article 6 para. 1 lit. c GDPR serves as the legal basis.
In case an interest that is essential for the life of the data subject or that of another natural person necessitates the processing of personal data, Article 6 para. 1 lit. d GDPR serves as the legal basis. Where the processing is necessary to safeguard a legitimate interest of the Stonewall GmbH or a third party, and where the interests, basic rights, and fundamental freedoms of the data subject do not outweigh the former interest, Article 6 para. 1 lit. f GDPR serves as legal basis for processing.
c) Data Erasure and Storage Period
Personal data of the data subject will be erased or blocked as soon as the purpose of storing ceases to exist. Furthermore, data may also be recorded if specified by the European or national legislative authority in Union law regulations, laws, or other rules to which the responsible body is subject. Data will also be subject to blocking or erasure when the storage period stipulated by one of the norms listed above expires, unless a necessity exists to further store those data for the purpose of the conclusion or execution of a contract.
§ 5 Different Processing Operations
In case you wish to use services provided within our web presence, such as subscription to a newsletter etc., you are required to provide further data. For further details see the description of specific data processing operations below. In particular, personal data will be used as follows:
a) Providing website and creating logfiles
With every visit to our websites, our system automatically records data and information of the system of the requesting device. The following data will be collected here:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the requested file
- Volume of data transmitted
- Message whether the request was successful
- Identification data of the accessing browser as well as operating system
- Website from which access was initiated
The logfiles contain IP addresses or other data that allow for linking to a specific user. This could be the case, for instance, when the link to the website from which the user is accessing the website or the link to the website to which the user is switching contains personal data.
These data are also recorded in the logfiles of our system. These data are not stored together with other personal data of the user.
Legal basis for temporarily storing data and logfiles is Article 6 para. 1 lit. f GDPR.
Storage in the logfiles is necessary to ensure the operability of the website. Furthermore, these data help us optimise the website and guarantee security of our information technology systems. We do not analyse any data for marketing purposes.
These purposes also define our legitimate interest in data processing in accordance with Article 6 para. 1 lit. f GDPR.
Data will be erased as soon as their collection no longer serves the fulfilment of their purpose, at the latest after 2 months. Collection of these data for the provision of the website is essential for operating the website. The user does not have the possibility to dissent.
It is possible to subscribe to a newsletter on our website that is free of charge. When subscribing to the newsletter, the data entered into the input mask are transmitted to us. To register for our newsletter service, next to your consent we minimally require your e-mail address to which the newsletter should be sent. The disclosure of any possible further information is optional; this information is used to address you personally and to personalise the contents of the newsletter. It is entirely up to you whether you wish to disclose these data or not.
Furthermore, the following data are collected upon registration:
- IP address of the requesting device
- Date and time of subscription
- URL at which you subscribed
If you contact us via a contact form on our website, provide your e-mail address and furthermore consent to receiving our newsletter, this e-mail address can subsequently be used for sending a newsletter.
The processing of personal data is based on the following given consent according to Article 6 para. 1 lit. a GDPR:
I consent that the Stonewall GmbH collects, records, and processes my personal data for the purpose of sending a newsletter. My data will be deleted as soon as the purpose of processing is fulfilled and provided that this is not opposed by any other legal retention period. I hereby declare that this consent is given voluntarily. I have been informed that I can withdraw my consent at any time with future effect without adverse consequences. I can withdraw my consent from the newsletter by clicking on the unsubscribe link in the footer of each newsletter. Alternatively, I can address my withdrawal of consent to email@example.com. In the case of my withdrawal, my data will be deleted by the Stonewall GmbH.
For sending the newsletter, we use a so-called double opt-in procedure, i.e. we will only send you the newsletter once you have confirmed your registration via a link provided in the confirmation e-mail sent to you for this purpose. With this, we want to guarantee that only you as the owner of the given e-mail address can subscribe to the newsletter. Your confirmation regarding this matter must follow promptly upon receiving the confirmation e-mail since otherwise your newsletter registration is deleted automatically from our database. In this context, we store the date and time of the confirmation as well as the IP address from which the confirmation is made.
Collecting the user’s e-mail address serves the purpose of delivering the newsletter.
When registering for the respective newsletter, your e-mail address will be used for our own (marketing) purposes and to inform you about our partners until you unsubscribe from the newsletter.
Other personal data collected in the course of the registration process are used to prevent abuse of services or the used e-mail address.
Data will be deleted as soon as their collection no longer serves the fulfilment of their purpose, Accordingly, your data will be stored as long as the subscription to the newsletter is active.
In connection with data processing for sending newsletters, no data will be disclosed to third parties. Data will be used strictly for sending the respective newsletter.
When receiving/opening our newsletter, the following data is collected:
- IP address
- Browser type
- E-mail programme.
In addition, we store newsletter openings and link clicks on the user level. These data give us information about the performance of our newsletter. If a so-called do-not-track header – a request to not record users’ activities – is sent when you receive/open the newsletter, we respect this request – openings and link clicks are not collected.
In connection with the use of offers and services of the Stonewall GmbH, mailings may be sent that do not require active consent of the data subject and therefore do not constitute newsletters according to § 5.b) of this data protection declaration.
In any case, the e-mail address will be processed as personal data for such mailings. Other personal data are processed according to type and legal basis of the mailing.
For mailings that are required in connection with the execution of contractual or pre-contractual measures, Article 6 para. 1 lit. b GDPR constitutes the legal basis.
Provided personal data are not subject to other legal retention periods, they will be erased as soon as the purpose of data processing is fulfilled.
Your data will be deleted after retention periods related to fiscal and corporate law have expired, provided that you did not explicitly consent to the further use of your data.
Overriding legitimate interest of the Stonewall GmbH
Where the mailing is necessary to safeguard a legitimate interest of the Stonewall GmbH or a third party, and where the interests, basic rights, and fundamental freedoms of the data subject do not outweigh the former interest, Article 6 para. 1 lit. f GDPR serves as legal basis for processing.
Objection can be raised against such processing. Provided no separate contact address is given for processing, this objection can be sent via e-mail to firstname.lastname@example.org or via mail to:
attn. Data Protection Supervisor
Personal data will be erased as soon as the legitimate interest of the Stonewall GmbH ceases to exist.
Provided personal data are not subject to other legal retention periods, they will be erased as soon as the purpose of data processing is fulfilled.
Disclosure of personal data to third parties
As a basic principle, we only transmit personal data to third parties in the course of mailings where this is necessary for (pre-)contractual measures or where it is in the overriding legitimate interest of the Stonewall GmbH.
Should a transmission to third parties be indicated, this will be pointed out in connection with the corresponding mailing.
Our website provide forms that can be used for initiating contact electronically, etc.. If a user makes use of this option, the data entered into the input mask will be transmitted to and recorded by us.
The following data will be recorded additionally:
- IP address of the requesting device
- Date and time the form is sent
- Website from which the form was sent
To process data, your consent is obtained in the course of the sending process and our data protection declaration will be brought to your attention. Alternatively, you can contact us via the provided e-mail address. In this case, the user’s personal data transmitted with the e-mail will be recorded.
No data will be disclosed to third parties in this context unless otherwise stated. The relevant data will only be used for processing the respective matter.
Legal basis for the processing of data where the user’s consent has been obtained is Article 6 para. 1 lit. a GDPR. Users grant the following declaration of consent:
I consent that the Stonewall GmbH collects, records, and processes my personal data that I entered into the form above for the purpose of processing my concern. My data will be deleted after 2 years provided that this is not opposed by any other legal retention period. I hereby declare that this consent is given voluntarily. I have been informed that I can withdraw my consent with future effect at any time without adverse consequences. I can address my withdrawal of consent to email@example.com. In the case of my withdrawal, my data will be deleted by the Stonewall GmbH.
Legal basis for the processing of data that are transmitted in the course of the consignment of an e-mail is Article 6 para. 1 lit. f GDPR. Where the e-mail contact aims at the conclusion of a contract, additional legal basis for the processing is Article 6 para. 1 lit. b GDPR.
If contact is necessary to fulfil a legal obligation, additional legal basis of the data processing is Article 6 para. 1 lit. c GDPR.
The processing of personal data from the input mask serves the sole purpose of processing your concern. If contact is initiated via e-mail, the required legitimate interest in processing the data is evident.
Other personal data processed during the sending process serve the prevention of abuse of the form and guarantee the security of our information technology systems.
Data will be deleted after a period of 2 years provided it can be inferred from circumstances that the relevant state of affairs has been conclusively resolved.
We use so-called cookies. Cookies are small text files that are sent from our webserver to your browser when accessing our websites and held available on your computer for later retrieval. Cookies contain a characteristic string that allows for a clear identification of the browser the next time the website is accessed.
a) Settings cookies
The following cookies are used:
- Expiration: 6 month
- Possible value: true
- Expiration: 1 year
- Purpose: Storage of language preference
- Possible values: de, en
- Expiration: December 31st, 2099
- Purpose: Storage of Google Analytics opt-out
- Possible value: true
These cookies do not allow for any conclusions regarding the user.
b) Google Analytics
We use Google Analytics from Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to analyse user data. The following cookies are used for this purpose:
- Expiration: 2 years
- Purpose: Distinguish unique users
- Exemplary value: GA1.2.358929226.1552220730
- Expiration: 24 hors
- Purpose: Distinguish unique users
- Exemplary value: GA1.2.1432401080.1552220730
- Expiration: 1 minute
- Purpose: Throttle the request rate
- Exemplary value: 1
In particular, the used cookies serve the purpose of analysing the frequency of use and the number of visits to our websites. Furthermore, they are used to continue to identify your computer during a visit on our website when surfing from one page to the next, and to establish the end of your visit.
Legal basis for the processing of personal data when using cookies is Article 6 para. 1 lit. a GDPR.
Since the privacy of our users is important to us, the user data is anonymised. The IP anonymisation/masking takes place as soon as data is received by the Analytics Collection Network, before any storage or processing takes place.
More information on IP anonymisation can be found at https://support.google.com/analytics/answer/2763052
User level and event level data is stored on the servers of Google Analytics for 26 month.
Google Analytics Opt-out Browser Add-on
If you want to opt-out, download and install the add-on for your web browser. Please find the plugin at https://tools.google.com/dlpage/gaoptout
Google Analytics Opt-out Cookie
You can opt-out from Analytics tracking for this website by clicking on this link:
c) View cookie settings and delete cookies
If you want to find out which cookies have been stored in your browser, change cookie settings or delete cookies, you can find this in your browser settings.
If you want to the storage of cookies, you can set your browser so to ask you whether to set a cookie on a case by case basis. You can delete or deactivate cookies that are already stored in your browser at any time.
The procedure for this varies according to the browser. Please consult your browser help for information on this.
§ 7 Security measures for protecting stored data
We commit ourselves to protecting your privacy and treating your data as confidential. To prevent manipulation, loss, or abuse of the data stored by us, we implement extensive technical and organisational safety precautions that are reviewed on a regular basis and updated in accordance with technological developments, such as, among other things, the use of recognised encryption methods (TLS). However, we would like to point out that due to the nature of the internet it is possible that other persons or institutions outside of our control do not abide by the rules of data protection and the abovementioned security precautions. In particular, data that are revealed without encryption – e.g. where data are transmitted via e-mail – can be read by third parties. Technically, we have no influence on this. It is in the user’s responsibility to protect the provided data against abuse by means of encryption or other measures.
§ 8 Hyperlinks to Third-Party Websites
On our website, we place so-called hyperlinks to websites of other providers. Activating these hyperlinks will forward you from one of our pages directly to the website(s) of the other provider. You can recognize this for instance by the URL changing. We cannot assume any responsibility for the confidential handling of your data on such websites of third parties since it is beyond our control whether these third parties abide by data protection regulations. Concerning the handling of your personal data by these third parties, please consult the respective provider’s website(s) directly.
§ 9 Participation in Affiliate Partner Programs
Within our websites, we use customary tracking measures on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our websites) pursuant to Art. 6 Para. 1 lit. f DSGVO, insofar as these are necessary for the operation of the affiliate system.
The services offered by our contractual partners can also be advertised and linked on other websites (so-called affiliate links or after-buy systems if, for example, links or services of third parties are offered after a contract has been concluded). The operators of the respective websites receive a commission if users follow the affiliate links and then take advantage of the offers.
It is necessary that we can track whether users who are interested in affiliate links and/or the offers available from us subsequently perceive the offers at the instigation of the affiliate links or our online platform. For this purpose, the affiliate links and our offers are supplemented by certain values that can be set as part of the link or otherwise, e.g. in a cookie. The values include in particular the source website (referrer), time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, an online identifier of the user, as well as tracking specific values such as advertising material ID, partner ID and categorizations.
The online user IDs used by us are pseudonymous values. This means that the online identifiers themselves do not contain any personal data such as names or e-mail addresses. They only help us to determine whether the same user, who clicked on an affiliate link or was interested in an offer via our online offer, perceived the offer, e.g. concluded a contract with the provider. However, the online identifier is personal to the extent that the partner company.
a) Booking.com Affiliate Program
b) TradeDoubler GmbH
We participate in the partner program of TradeDoubler GmbH. This is a service for the integration of advertisements. To correctly record sales and/or leads, TradeDoubler sets a cookie on the visitor’s computer. TradeDoubler cookies do not store any personal data, but only the ID of the referring partner and the order number of the advertising medium clicked on by the site visitor (banner, text link, etc.). When a transaction is concluded, the partner ID serves to assign the commission payable to the referring partner to this partner. The TradeDoubler also uses cross-device tracking. For more information on cross-device tracking, click here.
As a user of this website, you can deactivate tracking by TradeDoubler GmbH. Please click here for an opt-out cookie. Note: The opt-out cookie is set per browser and device. If you visit our website with different end devices or with different browsers, you must activate the opt-out cookie in the different browsers or on the different end devices.
Further information is available at https://www.tradedoubler.com/en/privacy-policy/.
§ 10 Objection
Concerning the processing of your personal data based on legitimate interests corresponding to Article 6 para. 1 lit. f GDPR you have the right to enter an objection against processing of your personal data based on Article 21 GDPR provided there are reasons relating to your particular situation, or in case the objection is directed towards direct advertising. In the case of direct advertising, you have a general right to object that we will enforce without requiring a particular situation or reason. Please contact firstname.lastname@example.org or the e-mail address indicated along with the respective processing.
§ 11 Your Rights as a Data Subject
The following rights arise from the GDPR for you as the subject of processing of personal data:
- According to Article 15 GDPR, you have the right to demand information on your personal data processed by us. In particular, you can demand information on processing purposes, the categories of personal data, categories of recipients to whom your data were or are disclosed, planned storage periods, the existence of the right to rectification, erasure, restriction of processing or objection, the existence of the right to lodge a complaint, the source of your data provided they have not been collected by us, the transfer of data to third countries or international organisations, as well as the existence of automated decision-making and profiling and, if applicable, meaningful and significant information on their details.
- According to Article 16 GDPR, you have the right to demand the rectification of incorrect personal data or the completion of incomplete personal data stored by us without any undue delay.
- According to Article 17 GDPR, you have the right to demand the erasure of personal data stored by us provided that the processing is not imperative for exercising the right to freedom of speech and information, for compliance with a legal obligation, for reasons of public interest, or for the assertion, exercise, or defence of legal claims.
- According to Article 18 GDPR, you have the right to demand the restriction of the processing of your personal data provided that you deny the correctness of data, the processing is unlawful, we do not require the data in question anymore and you object to their erasure because you need them for the assertion, exercise, or defence of legal claims. The right arising from Article 18 GDPR remains in force even if you objected to processing in accordance with Article 21 GDPR.
- According to Article 20 GDPR, you have the right to obtain personal data that you provided to us in a structured, common, and machine-processable format, or you can demand the transmission to another responsible body.
- According to Article 7 para. 3 GDPR, you have the right to withdraw your consent that you once granted us at all times. This implicates that, with future effect, we may no longer pursue the data processing that was based on this consent.
- According to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can consult the supervisory authority of your usual residence, your workplace, or our place of business. In Austria, the responsible supervisory authority is the Austrian Data Protection Authority, Wickenburggasse 8, 1080 Vienna, telephone: +43 1 52 152-0, e-mail: email@example.com, website: dsb.gv.at.
Last updated on May 1st, 2019.