DATA PROTECTION POLICY OF THE CITY OF SALZBURG

The protection of your personal data is of particular concern to us. We therefore process your data exclusively on the basis of the legal regulations (GDPR 2018, TKG 2003). This data protection policy informs what personal data are processed and what rights you have with regard to the processing. Personal data are all data that are relevant about your person. Further information on how data is handled in the magistrate of the state capital of Salzburg can be found on the website of the City of Salzburg under www.stadt-salzburg.at/dataprotection.

INFORMATION ON THE GATHERING OF PERSONAL DATA

Responsible according to Art 4 Z 7 EU General Data Protection Regulation (GDPR)

Magistrate of the state capital of Salzburg
Mirabellplatz 4, 5020 Salzburg
verantwortlicher@stadt-salzburg.at

The data protection officer can be reached at

datenschutzbeauftragter@stadt-salzburg.at or at the postal address:

To the
Data protection officer
c/o Magistrate of the state capital of Salzburg
Mirabellplatz 4, 5020 Salzburg

Purpose of processing

Data is processed for the purposes of processing of sovereign and private sector affairs.

The categories of personal data used (address, name, date of birth, owner information, company information and business information) are processed from the electronic file system and open registries such as the commercial register, land register, register of business associations, club registers or census registers.

The legal bases for processing are the legal mandate, the legal requirements, the consent of the persons concerned, as well as the contractual agreements.

You have the right to revoke your consent at any time in the case of a consent. However, the legality of the processing on the basis of consent remains unaffected until revocation

You may be required to provide your persona data due to a legal contractual agreement. The consequences of non-provision are a limited fulfilment of the agreement or contract, a partial completion in the absence of participation or a non-processing or limited processing of the entry.

Recipients (categories) of personal data are:

• as third parties (other persons responsible): Jurisdiction, other authorities which are entitled to obtain the data on the basis of legal provisions and third parties involved in proceedings, the public (insofar as legally, contractually or by consent intended)
• in some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly inspected.
• to the extent that we process and pass on data to recipients for special purposes, we inform you about this in our specialist data protection statements.
• if a transfer should be made to a third country (outside EU/EEA), we would inform you separately.

Basically, we process personal data only for as long as necessary to fulfil the above purpose/purposes and delete them thereafter as soon as possible. Often, we are however legally obliged to keep your personal data for a longer period. In this case, we will not delete your personal data until after the statutory retention requirements have expired.

Your Rights

With regard to the processing of your personal data (within the framework of the legal requirements), you have the following rights as data subject:

• Right to information
• Right to correction or deletion
• Right to limitation of processing (within the framework of the legal requirements)
• Right to object to the processing (within the framework of the legal requirements)
• Right to transfer of data in matters pertaining to the private sector administration (within the framework of the legal requirements)

For any relevant questions please contact: verantwortlicher@stadt-salzburg.at

If you believe that the processing of your personal data violates data protection law, you can file a complaint with the Data Protection Authority (www.dsb.gv.at).

USE OF COOKIES

Description and scope of data processing

Our website uses cookies. Cookies are small text files within the web-browser or stored by the web-browser on the user’s computer system. If a user visits a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be clearly identified when revisiting the website.

We use cookies to make our website more user-friendly. Some elements of our website require that the requesting browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

• Session ID
• Session related information (e.g. device and resolution, shopping cart items, language, font size, application state)
• Log-in information

Permanently stored cookies serve a better user experience, here the following data are stored and delivered:

• Message reading status
• User settings
• Log-in information

We also use cookies on our website which enable analysis of the user’s browsing behaviour. You can find more information in the Web Analytics chapter.

Legal basis for data processing

The legal basis for the processing of personal data by using cookies in connection with application forms is Art. 6 Para. 1 lit. f GDPR.

Purpose of data processing

The purpose of using technically necessary cookies is to make it easier for users to use websites. Some features of our website cannot be offered without the use of cookies. For these, it is necessary that the browser be recognised even after a page change.

The user data collected by technically necessary cookies are not used to create user profiles.

The use of analysis cookies is for the purpose of improving the quality of our website and its contents according to Art. 6 Para. 1 lit. f GDPR. Through the analysis cookies, we learn how the website is used and are able to continuously optimise our offering. In connection with these analysis cookies, no IP addresses are stored, so it is not possible to draw conclusions about computers or persons (see Web Analysis chapter).

Duration of storage, possibility of objection and disposal

Cookies are stored on the user’s computer and transmitted from there to our website. Therefore, as a user you have full control over the use of cookies. By changing the settings in your Internet Browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, you may no longer be able to use all the functions of the website to the full.

Management of cookies

In your internet browser menu, you’ll find settings for the use of cookies. Normally, an internet browser has the following settings:

• View cookies
• Allow cookies
• Disable all or selected cookies
• Disable all cookies when closing the browser
• Block cookies
• Notify when a cookie is to be set
• Opposition to tracking web analysis

For the following browsers, you will find the instructions for disabling cookies on the manufacturer websites. If you block our cookies in your browser, you will not be able to use some areas of our website.

• Firefox
• Internet Explorer
• Chrome (Windows) / Chrome (Mac) / Chrome für iOS / Chrome für Android
• Safari
• Safari (iOS)

NEWSLETTER

You have the option to subscribe to a free newsletter on our website. In doing so, the data from the input form are transmitted to us during registration for the newsletter. These data include, aside from the email address, specifically name, the areas of interest, and the preferred delivery format.

The following data are also collected upon registration:

• IP address of the requesting computer
• Date and time of registration

Through the so-called Double Opt-In process (see https://en.wikipedia.org/wiki/Opt-in_email) during the registration procedure, we ensure that you are the owner of the used email address.

During the registrations process, your consent is obtained for processing data and reference is made to this data protection policy.

If you access our website or use our services on our website and provide us with your email address, we may subsequently use it to send you a newsletter. In such a case, only direct advertising for own similar goods or services will be sent via the newsletter.

No data is disclosed to third parties in connection with the data processing for sending newsletters. The data will only be used to send the newsletter.

In order to improve our newsletter, we also set up newsletter tracking according to Art. 6 Para. 1 lit. f GDPR.

Legal basis for data processing

The legal basis for processing data after the user registers for the newsletter, if the user’s consent to this has been obtained, is Art. 6 Para. 1 lit. a GDPR. The legal basis for sending the newsletter as a result of the sale of goods or services is § 7 Para. 3 UWG.

Purpose of data processing

The purpose of collecting the user’s email address is to deliver the newsletter. The collection of other personal data as part of the registration process ensures the prevention of misuse of the services or of the used email address.

Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. The user’s email address will therefore be stored for as long as the subscription to the newsletter is active.

Possibility of opposition and disposal

The subscription to the newsletter can be cancelled by the affected user at any time. To this end, there is a corresponding link in each newsletter.

WEB ANALYSIS TOOLS

We expressly inform you that we do not use any analysis toolson this website to evaluate your behaviour (e.g. Google Analytics).

STORAGE OF IP ADDRESSES

Logfiles store, among other things, the IP address, the browser used, the time and date, and the system used by a website visitor. Through our hosting partner, Hetzner, only pseudonymised IP addresses of visitors to the site are stored. At the web server level, this is achieved by storing in the logfile, for example, instead of the actual IP address of the visitor (e.g. 123.123.123.123), an IP address such as 123.123.123.XXX, with XXX being a random value between 1 and 254. The production of a personal reference is thus no longer possible. With mail server logs, the retention time is 7 days. Backups are kept in encrypted form for 14 days. Data processing is carried out on the basis of the legal requirements of § 96 Para. 3 TKG as well as Art. 6 Para.1 lit a (consent) and/or lit f (legitimate interest) of the GDPR. Our concern in the sense of the GDPR (legitimate interest) is to improve our offer and our website. Since the privacy of our users is important to us, the user data is pseudonymised.

 

INTEGRATION OF YOUTUBE VIDEOS

Disable integration of YouTube videos

We have integrated YouTube videos into our online offer, which are stored on http://www.YouTube.com and can be played directly from our website. By visiting our website, YouTube receives the information that you have accessed the corresponding sub-page of our website. This takes place regardless of whether YouTube makes available a user account via which you are logged in or if no user account exists. If you are logged in to your Google account, the information will be directly associated with your account. If you do not wish to be associated with your YouTube profile, you must first log out before activating the button. YouTube stores your data as usage profiles and uses it for the purposes of advertising, market research and/or requirements-oriented design of its website. Such an evaluation also takes place (even for users who are not logged in) for the purposes of providing customised advertising and to inform other social network users about activities on their website. You have the right to object to the formation of these user profiles, however you must direct yourself to YouTube to exercise it.

For more information about the purpose and scope of data collection and its processing by YouTube, please refer to the data protection policy. There you will also find further information on your corresponding rights and settings options for protecting your privacy: https://www.google.de/intl/en/policies/privacy. Google also processes your personal data in the United States and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

INTEGRATION OF GOOGLE MAPS

Disable integration of Google Maps

On this website, we use Google Maps functionality. This allows us to show you interactive maps directly in the website and allows you to use the map function conveniently. By visiting our website, Google receives the information that you have accessed the corresponding sub-page of our website. This takes place regardless of whether Google makes available a user account via which you are logged in or if no user account exists. If you are logged in to your Google account, the information will be directly associated with your account. If you do not wish to be associated with your Google profile, you must first log out before activating the button. Google stores your data as usage profiles and uses it for the purposes of advertising, market research and/or requirements-oriented design of its website. Such an evaluation also takes place (even for users who are not logged in) for the purposes of providing customised advertising and to inform other social network users about activities on their website. You have the right to object to the formation of these user profiles, however you must direct yourself to Google to exercise it.

For more information about the purpose and scope of data collection and its processing by the plug-in provider, please refer to the plugin provider’s data protection policy. There you will also find further information on your corresponding rights and settings options for protecting your privacy: https://www.google.de/intl/en/policies/privacy. Google also processes your personal data in the United States and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

USE OF WEBFONTS

Disable integration of web fonts

This website uses external fonts – Google Fonts. Google Fonts is a service of Google Inc. (“Google”). These web fonts are integrated by a server request, usually a Google server located in the United States. Hereby, information is transmitted to the server as to which of our website pages you have visited. The IP address of the browser on the visitor’s device is also stored by Google. For more information, see Google’s privacy policy, which you can access here:
www.google.com/fonts#AboutPlace:about
www.google.com/policies/privacy/

SSL AND TLS ENCRYPTION

This website uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as orders or enquiries you send to us as site operator. You can recognise an encrypted connection in the browser’s address line by switching from “http://” to “https://” and at the padlock icon in your browser line. When the SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

PLUGINS

We use the WordPress Content Management System (CMS) on this website. In addition, on this website we use so-called plugins, which are necessary to provide our offer. We exclusively use only plug-ins that guarantee 100% adherence to the GDPR or which have a legitimate interest on the basis of Art. 6 Para. 1 lit. f GDPR. We use the following plugins:

• Limit Login Attempts:Storage according to Art. 6 Para. 1 lit. f GDPR (legitimate interest).
• Duplicate Post:Runs only locally and does not store any personal data.
• All-in-One WP Migration: Storage according to Art. 6 Para. 1 lit. f GDPR (legitimate interest).
• The Events Calendar: Runs only locally and does not store any personal data.
• ResponsiveVoice Text to Speach: Storage according to Art. 6 Para. 1 lit. f GDPR (legitimate interest).
• WP Accessibility: Runs only locally and does not store any personal data.
• Really Simple SSL by Rogier Lankhorst:Runs only locally and does not store any personal data.
• WPSuperCache by Automattic: Runs locally only and does not store any personal data.
• WPML Multilingual CMS: Runs only locally and does not store any personal data.