Explanation regarding the obligation to provide information about the online ticket Store of the
Roman Catholic Metropolitan and Parish Church of St. Stephan in Vienna
(Privacy policy, version 01.04.2019)

Protecting your personal data is very important to the Roman Catholic Metropolitan and Parish Church of St. Stephen in Vienna. We therefore process your data exclusively on the basis of the statutory provisions (General Data Protection Regulation or “GDPR”, Austrian Data Protection Act, Austrian Telecommunications Act or “TKG” (Telekommunikationsgesetz)). In this privacy notice, we aim to provide you information about the most important aspects of data processing on our website.

Customers who do not wish to order their tickets online can still purchase tickets at the ticket offices of St. Stephen’s Cathedral in Vienna.


If you want to get in touch with us via email or by using the contact form on the website, the data you provide will be stored by us for six months for the purpose of processing the enquiry and in the event of any follow-up questions. We will not pass this data on to third parties without your consent. Depending on the content of your enquiry, we process your data where necessary for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6 para. 1 b GDPR) or based on our legitimate interest (Art. 6 para. 1 f GDPR) in responding to customer enquiries and those of prospective customers.

Online Store – ticket sale

If you purchase tickets online, the data you provide when creating an account and ordering tickets, such as the purchaser’s name, contact information and transaction data, the cardholder’s name and date of birth, order information, etc., will be processed for the purpose of processing the contract. We cannot conclude a contract with you without the data you provide. Data processing is therefore based on the legal basis of the performance of a contract or of taking steps prior to entering into a contract (Art. 6 para. 1 f GDPR).

Payment data is transmitted to the processing bank/payment service providers for the purpose of debiting the purchase price, and to our tax consultant to fulfil our tax obligations. We also use the IT service provider SOFTMAX - Czanitz, Ferdinandstraße 28/10, 1020 Vienna, for the operation of the online Store. Like all our service providers, this company has been carefully selected and is obligated to maintain confidentiality and comply with data protection regulations and is bound by our instructions.

In the event the purchase process is cancelled, the data that was entered by you up to that point and stored by us will be deleted within a period of 24 months. If a contract is concluded, all data from the contractual relationship will be stored until the end of the tax and accounting retention period (7 years). Your user account data will be stored until you delete it.

Log files

Each time you visit our website, our system automatically collects certain information from your computer system, such as the language and version of the browser software, the user's IP address, the date and time our website was accessed, the amount of data transferred, and the access status/HTTP status code. The data is stored in the log files of our system. This information does not allow us to draw any conclusions about the identity of the user.

Temporarily storing the IP address through the system during the session is technically necessary to enable delivery of the website to the user's computer. The data are deleted or anonymised at the end of each session. Other information is logged in order to ensure the functionality and security of our information technology systems and to optimise the functions of the website. The information is deleted after three days at the latest.

The data processing activities in connection with log files are based on our legitimate interest (Art. 6 para. 1 f GDPR) in achieving the aforementioned purposes.


Our website uses so-called cookies. These are small text files that are stored on your end device with the help of the browser. They are not harmful.

We use cookies to make our website user-friendly. Some cookies are stored on your end device until you delete them. They enable us to recognise your browser on your next visit. If you do not want cookies to be placed, you can set your browser so that it informs you when cookies are placed; that allows you to accept them on a case-by-case basis. If cookies are deactivated, the functionality of our website may be restricted.

The data processing activities carried out through the use of cookies are based on our legitimate interests in providing a fully functional website and the services you request (Sec. 96 para. 3 TKG, Art. 6 para. 1 f GDPR) or on the consent you may have given (Sec. 96 para. 3 TKG, Art. 6 para. 1 a GDPR).

The following functionally necessary cookies are used in the context of the online Store:

Cookies Data type Purpose Storage period
true / false Managing the declaration of consent
on the use of cookies
2 months
PrestaShop (random number) Hash (randomly generated
sequence of numbers and digits)
User recognition 20 days

Your rights

Under the General Data Protection Regulation, you are entitled to request confirmation from us as to whether we are processing personal data concerning you, and, where that is the case, to receive access to the personal data and a copy thereof. Moreover, you have the right to request the rectification of any inaccurate data and, under certain conditions (usually if data processing is unlawful or inappropriate), the erasure of such personal data. Under certain circumstances, you also have the right to restriction of data processing. Insofar as we process your data on the basis of your consent, you are also entitled to withdraw such consent, which, however, does not affect the lawfulness of processing conducted before the withdrawal.

You may also, for reasons related to your particular situation, object to data processing activities we carry out on the basis of our legitimate interests; in this case, we may only process the data if we have overriding legitimate interests.

If you believe that the processing of your data violates data protection laws or that your data protection rights have been violated, please contact us at kirchenmeisteramt@stephanskirche.at. In such cases you are also entitled to lodge a complaint with the Austrian Data Protection Authority.

You can reach us at
Roman Catholic Metropolitan and Parish Church of St. Stephan in Vienna

Kirchenmeisteramt (Church Master’s office)
Stephansplatz 3
1010 Vienna

Mon–Fri 8 a.m. – 12 p.m.:

Tel.: (+43 1) 51552 – 3767

Email: kirchenmeisteramt@stephanskirche.at