Imprint & Data Protection

Responsible for Content / Mandatory Information under the Austrian E-Commerce Act (ECG)

Walfischgasse Musik GmbH

Taborstraße 10/2/Top 6, 
1020 Wien, 
Österreich

Tel.: 069911199363
Fax: –
E-Mail: office@remassuri.at

Company Register Number: 638525h
Commercial Court: Vienna
Registered Office: 1020 Vienna, Austria
Business Purpose: Planning, design, development, and realization of music theatre concepts

Supervisory Authority:
District Municipal Authority of the 2nd District, Vienna
Karmelitergasse 9, 1020 Vienna, Austria
Website: https://www.wien.gv.at

Berufsbezeichnung: Musiktheater
Verleihungsstaat: Österreich

General Manager: Emanuel Rudas

Datenschutz Verantwortlicher
Emanuel Rudas, Adresse siehe oben
E-Mail: office@remassuri.at
Tel.: wie oben.
Impressum: https://remassuri.at/impressum/
Vertretungsberechtigter: –

EU Online Dispute Resolution

In accordance with the Regulation on Online Dispute Resolution in Consumer Matters (ODR Regulation), we would like to inform you about the European Commission’s Online Dispute Resolution (ODR) platform.
Consumers have the option to submit complaints to the ODR platform of the European Commission at:
https://ec.europa.eu/consumers/odr

The necessary contact details can be found above in our imprint.

However, we would like to point out that we are neither willing nor obligated to participate in dispute resolution proceedings before a consumer arbitration board.

All texts are protected by copyright.

Source: Created with the Imprint Generator Austria by AdSimple.

Privacy Policy
Introduction and Overview

We have written this Privacy Policy (version 05.11.2024-122902775) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter referred to simply as “data”) we – as the data controller – and our commissioned data processors (e.g. hosting providers) process, will process in the future, and what lawful options you have regarding this.

All terms used are intended to be gender-neutral.

In short: We aim to give you clear and comprehensive information about the personal data we process about you.

Privacy policies often sound very technical and use legal terminology. This Privacy Policy, however, is intended to explain the most important aspects to you as clearly and transparently as possible.

Where helpful for transparency, we explain technical terms in plain language, provide links to further information, and use graphics to support understanding.

Our goal is to inform you in clear and simple terms that we only process personal data in the course of our business activities when a corresponding legal basis exists. That’s something we can’t achieve by offering short, vague, and overly technical explanations – the kind often found online when it comes to privacy.

We hope you find the following information interesting and informative – and perhaps even discover something you didn’t know before.

If you still have questions, please don’t hesitate to contact the responsible office listed below or in our imprint. You are also welcome to follow the provided links or consult third-party websites for more information.
Our contact details can of course also be found in the imprint.

Scope

This Privacy Policy applies to all personal data processed by our company, as well as to all personal data processed by companies commissioned by us (data processors).

By personal data, we mean information as defined in Article 4(1) of the GDPR – such as a person’s name, email address, or postal address.

The processing of personal data enables us to offer and bill for our services and products, whether online or offline.

This Privacy Policy applies to:

• all online platforms we operate (websites, online shops)

• our social media presences and email communication

• mobile apps for smartphones and other devices

In short: This Privacy Policy applies to all areas in which personal data is processed in a structured manner within our company through the channels mentioned above.

If we enter into a legal relationship with you outside of these channels, we will inform you separately where necessary.

Legal Basis for Data Processing

In the following Privacy Policy, we provide you with transparent information about the legal principles and regulations – i.e. the legal bases of the General Data Protection Regulation (GDPR) – that allow us to process personal data.

As far as EU law is concerned, we refer to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
You can of course read this EU General Data Protection Regulation online on EUR-Lex, the official access point to EU law:
https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6(1)(a) GDPR):
   You have given us your consent to process data for a specific purpose.
   An example would be the storage of data you enter in a contact form.

   2. Contract (Article 6(1)(b) GDPR):
   We process your data in order to fulfill a contract or pre-contractual obligations.
   For instance, if you enter into a purchase agreement with us, we require personal information in advance.

   3. Legal Obligation (Article 6(1)(c) GDPR):
   If we are subject to a legal obligation, we process your data accordingly.
   For example, we are legally required to retain invoices for accounting purposes, which usually contain personal data.

   4. Legitimate Interests (Article 6(1)(f) GDPR):
   In cases of legitimate interest that do not override your fundamental rights, we reserve the right to process personal data.
   For example, we may need to process certain data to operate our website securely and efficiently. This processing constitutes a legitimate interest.

Other legal bases, such as processing in the public interest or in the exercise of official authority, as well as the protection of vital interests, generally do not apply to our activities.
Should such a legal basis become relevant, it will be clearly indicated at the appropriate point.

In addition to the EU Regulation, national laws also apply:

• In Austria, this is the Federal Act concerning the Protection of Personal Data (Datenschutzgesetz, or DSG).
• In Germany, the applicable law is the Federal Data Protection Act, known as the BDSG.

If other regional or national laws apply, we will inform you about them in the following sections.

Contact Details of the Data Controller

Contact Details of the Data Controller

If you have any questions about data protection or the processing of personal data, please find the contact details of the responsible person or entity below:
Emanuel Rudas, address as listed above
Authorized representative: –
Email: office@remassuri.at
Phone: see above
Imprint: https://remassuri.at/impressum/

Storage Duration

As a general rule, we only store personal data for as long as is absolutely necessary to provide our services and products. This means that we delete personal data as soon as the purpose for processing it no longer applies.

In some cases, however, we are legally required to retain certain data even after the original purpose has ceased to exist – for example, for accounting and bookkeeping purposes.

If you wish to have your data deleted or withdraw your consent to data processing, your data will be deleted as quickly as possible, provided there is no legal obligation to retain it.

We will inform you about the specific duration of each data processing activity further below, provided we have additional information available.

Your Rights under the GDPR

In accordance with Articles 13 and 14 of the GDPR, we inform you of the following rights to ensure fair and transparent data processing:

• According to Articles 13 and 14 of the GDPR, we inform you of the following rights to ensure fair and transparent data processing:

  Right of access (Article 15 GDPR):
  You have the right to know whether we process personal data concerning you. If this is the case, you are entitled to receive a copy of the data and the following information:

  • the purposes for which we process the data;

  • the categories (types) of data being processed;

  • the recipients of the data and, if transferred to third countries, how data security is ensured;

  • the storage duration of the data;

  • the existence of your right to rectification, erasure, or restriction of processing and your right to object to the processing;

  • that you have the right to lodge a complaint with a supervisory authority (links to these authorities are provided below);

  • the source of the data, if not collected directly from you;

  • whether automated decision-making, including profiling, is used to create a personal profile about you.

  Right to rectification (Article 16 GDPR):
  You have the right to have incorrect data corrected.

  Right to erasure (Article 17 GDPR – “right to be forgotten”):
  You have the right to request the deletion of your data.

  Right to restriction of processing (Article 18 GDPR):
  You have the right to request that we store your data but no longer use it.

  Right to data portability (Article 20 GDPR):
  You have the right to receive your data in a commonly used format and to transmit it to another controller upon request.

  Right to object (Article 21 GDPR):
  You have the right to object to data processing, which may result in us changing how we process your data.

  If your data is processed based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interests), you may object to the processing. We will then assess as quickly as possible whether we are legally required to comply with your objection.

  If your data is used for direct marketing, you may object to this type of processing at any time. In that case, we will no longer use your data for direct advertising.

  If your data is used for profiling, you may object to this at any time. In that case, we will no longer use your data for profiling purposes.

  Right not to be subject to automated decision-making (Article 22 GDPR):
  You have the right not to be subject to a decision based solely on automated processing, including profiling, if this produces legal effects concerning you or significantly affects you in a similar way.

  Right to lodge a complaint (Article 77 GDPR):
  You have the right to lodge a complaint with a data protection authority at any time if you believe that the processing of your personal data violates the GDPR.

In short: You have rights – don’t hesitate to contact the responsible office listed above!

If you believe that the processing of your personal data violates data protection law or that your data protection rights have been infringed in any other way, you may lodge a complaint with the supervisory authority.

In Austria, this is the Data Protection Authority, which you can find online at https://www.dsb.gv.at.
In Germany, each federal state has its own data protection officer. For more detailed information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

The following local data protection authority is responsible for our company:

Österreich Datenschutzbehörde

Responsible: Dr. Matthias Schmidl
Adress: Barichgasse 40-42, 1030 Wien
Phone.: +43 1 52 152-0
E-Mail: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Cookies

Legal Basis

Since 2009, there have been the so-called “cookie guidelines,” which state that storing cookies requires your consent(Article 6(1)(a) GDPR).

However, responses to these guidelines vary across EU countries. In Austria, the directive was implemented in Section 165(3) of the Telecommunications Act (2021).

In Germany, the cookie guidelines were not transposed into national law in the same way. Instead, they were largely implemented through Section 15(3) of the Telemedia Act (TMG), which has since been replaced by the Digital Services Act (DDG) in May 2024.

For strictly necessary cookies, legitimate interests (Article 6(1)(f) GDPR) apply even without consent. In most cases, these interests are of an economic nature.

Our aim is to provide visitors to our website with a smooth and pleasant user experience – and certain cookies are essential to make that possible.

If non-essential cookies are used, this only happens with your explicit consent. The legal basis in this case is Article 6(1)(a) GDPR.

In the following sections, you will find more detailed information about the use of cookies, provided the software in use sets cookies.

Explanation of Terms Used

We always strive to make our Privacy Policy as clear and understandable as possible. However, this can be challenging when it comes to technical and legal topics.

In many cases, it makes sense to use legal terms (such as personal data) or specific technical terms (such as cookies or IP address). Nevertheless, we don’t want to use these terms without explanation.

Below, you’ll find an alphabetical list of important terms used throughout this Privacy Policy, which may not have been fully explained yet.

If the terms are taken from the GDPR and are defined there, we will also provide the corresponding GDPR wording along with our own explanations, where appropriate.

Data Processor (Auftragsverarbeiter)

Begriffsbestimmung nach Artikel 4 der DSGVO

A data processor is a natural or legal person, authority, institution, or other body that processes personal data on behalf of the data controller.

According to Article 4(8) of the GDPR, a processor is not responsible for deciding why or how personal data is processed but acts strictly on the instructions of the controller.

Typical examples of data processors include IT service providers, hosting companies, or newsletter platforms.

Consent (Einwilligung)

Consent means that the data subject has voluntarily, specifically, and unambiguously agreed to the processing of their personal data – after having been clearly informed about the nature, purpose, and scope of the processing.

According to Article 4(11) of the GDPR, consent is defined as:

“any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”

In practice, this means:
You must actively give your permission – for example, by checking a box or clicking a confirmation button – for us to process your data for a particular purpose.

Personal Data (Personenbezogene Daten)

Personal data refers to any information that relates to an identified or identifiable natural person (the data subject).

According to Article 4(1) of the GDPR, personal data is defined as:

“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

Examples of personal data include:

• your name

• email address

• phone number

• IP address

• location data

• or even a customer number that can be linked back to you

If such data can be clearly assigned to you as a person, it is considered personal data.

Profiling

Profiling refers to any form of automated processing of personal data that evaluates certain personal aspects of a natural person – particularly to analyze or predict characteristics such as performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

According to Article 4(4) of the GDPR, profiling is defined as:

“any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person…”

In practice, profiling often occurs in areas such as online advertising, credit scoring, or personalized recommendations (e.g. on streaming platforms or in online shops).

Important to know: If profiling has legal effects or significantly affects individuals (e.g. automated rejection of a loan), Article 22 GDPR grants the right not to be subject to such automated decisions.

Verantwortlicher

The controller is the person or organization that decides why and how personal data is processed. In other words, the controller determines the purposes and means of the data processing.

According to Article 4(7) of the GDPR, a controller is defined as:

“the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.”

In practice, this means:
If you provide your data on our website – for example via a contact form – we (as the operator of the website) are the controller, because we determine what happens with your data.

Processing

According to Article 4(2) of the GDPR, processing is defined as:

“any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means…”

Examples of processing activities include:

• collecting data via online forms

• storing customer information in a database

• sending newsletters

• analyzing website behavior

• deleting outdated contact records

In short: Almost anything you do with personal data counts as processing.

All texts are protected by copyright.