Protecting your personal data is very important to the Roman Catholic Metropolitan and Parish Church of St. Stephen in Vienna. We therefore process your data exclusively on the basis of the statutory provisions (General Data Protection Regulation or “GDPR”, Austrian Data Protection Act, Austrian Telecommunications Act or “TKG” (Telekommunikationsgesetz)). In this privacy notice, we aim to provide you information about the most important aspects of data processing on our website.
Customers who do not wish to order their tickets online can still purchase tickets at the ticket offices of St. Stephen’s Cathedral in Vienna.
If you want to get in touch with us via email or by using the contact form on the website, the data you provide will be stored by us for six months for the purpose of processing the enquiry and in the event of any follow-up questions. We will not pass this data on to third parties without your consent. Depending on the content of your enquiry, we process your data where necessary for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6 para. 1 b GDPR) or based on our legitimate interest (Art. 6 para. 1 f GDPR) in responding to customer enquiries and those of prospective customers.
If you purchase tickets online, the data you provide when creating an account and ordering tickets, such as the purchaser’s name, contact information and transaction data, the cardholder’s name and date of birth, order information, etc., will be processed for the purpose of processing the contract. We cannot conclude a contract with you without the data you provide. Data processing is therefore based on the legal basis of the performance of a contract or of taking steps prior to entering into a contract (Art. 6 para. 1 f GDPR).
Payment data is transmitted to the processing bank/payment service providers for the purpose of debiting the purchase price, and to our tax consultant to fulfil our tax obligations. We also use the IT service provider SOFTMAX - Czanitz, Ferdinandstraße 28/10, 1020 Vienna, for the operation of the online Store. Like all our service providers, this company has been carefully selected and is obligated to maintain confidentiality and comply with data protection regulations and is bound by our instructions.
In the event the purchase process is cancelled, the data that was entered by you up to that point and stored by us will be deleted within a period of 24 months. If a contract is concluded, all data from the contractual relationship will be stored until the end of the tax and accounting retention period (7 years). Your user account data will be stored until you delete it.
Each time you visit our website, our system automatically collects certain information from your computer system, such as the language and version of the browser software, the user's IP address, the date and time our website was accessed, the amount of data transferred, and the access status/HTTP status code. The data is stored in the log files of our system. This information does not allow us to draw any conclusions about the identity of the user.
Temporarily storing the IP address through the system during the session is technically necessary to enable delivery of the website to the user's computer. The data are deleted or anonymised at the end of each session. Other information is logged in order to ensure the functionality and security of our information technology systems and to optimise the functions of the website. The information is deleted after three days at the latest.
The data processing activities in connection with log files are based on our legitimate interest (Art. 6 para. 1 f GDPR) in achieving the aforementioned purposes.
Our website uses so-called cookies. These are small text files that are stored on your end device with the help of the browser. They are not harmful.
The following functionally necessary cookies are used in the context of the online Store:
|Cookies||Data type||Purpose||Storage period|
|true / false||Managing the declaration of consent
|PrestaShop (random number)||Hash (randomly generated
sequence of numbers and digits)
|User recognition||20 days|
Under the General Data Protection Regulation, you are entitled to request confirmation from us as to whether we are processing personal data concerning you, and, where that is the case, to receive access to the personal data and a copy thereof. Moreover, you have the right to request the rectification of any inaccurate data and, under certain conditions (usually if data processing is unlawful or inappropriate), the erasure of such personal data. Under certain circumstances, you also have the right to restriction of data processing. Insofar as we process your data on the basis of your consent, you are also entitled to withdraw such consent, which, however, does not affect the lawfulness of processing conducted before the withdrawal.
You may also, for reasons related to your particular situation, object to data processing activities we carry out on the basis of our legitimate interests; in this case, we may only process the data if we have overriding legitimate interests.
If you believe that the processing of your data violates data protection laws or that your data protection rights have been violated, please contact us at firstname.lastname@example.org. In such cases you are also entitled to lodge a complaint with the Austrian Data Protection Authority.
Kirchenmeisteramt (Church Master’s office)
Mon–Fri 8 a.m. – 12 p.m.:
Tel.: (+43 1) 51552 – 3767