Privacy Policy

Contact Information

If you have questions about data protection or the processing of personal data, you will find below the contact details of the controller according to Article 4(7) of the EU General Data Protection Regulation (GDPR):
Verein zur Förderung internationaler Kirchenmusik
Erzherzog-Karl-Straße 15B
1220 Vienna

Email: rejoice@kirchenmusikwoche.at
Phone: +43 664 916 23 11
Legal Notice: https://kirchenmusikwoche.at/impressum/

Storage Duration

The fact that we only store personal data for as long as is absolutely necessary for the provision of our services and products applies as a general criterion for us. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose ceases to exist, for example for accounting purposes.

Should you wish to have your data deleted or withdraw your consent to data processing, the data will be deleted as quickly as possible and as long as there is no obligation to store it. We will inform you about the specific duration of the respective data processing below, if we have further information about this.

Rights under the General Data Protection Regulation

According to Articles 13, 14 GDPR, we inform you about the following rights that you are entitled to, so that fair and transparent processing of data takes place:

• According to Article 15 GDPR, you have a right of access to whether we process data about you. If this is the case, you have the right to receive a copy of the data and to learn the following information:
  • for what purpose we carry out the processing;
  • the categories, i.e., the types of data that are processed;
  • who receives this data and if the data is transmitted to third countries, how security can be guaranteed;
  • how long the data is stored;
  • the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
  • that you can complain to a supervisory authority (links to these authorities can be found below);
  • the origin of the data if we did not collect it from you;
  • whether profiling is carried out, i.e., whether data is automatically evaluated to arrive at a personal profile of you.
• According to Article 16 GDPR, you have a right to rectification of data, which means that we must correct data if you find errors.
• According to Article 17 GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you may demand the deletion of your data.
• According to Article 18 GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.
• According to Article 20 GDPR, you have the right to data portability, which means that we will provide you with your data in a common format upon request.
• According to Article 21 GDPR, you have a right to object, which after enforcement brings about a change in processing.
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then check as quickly as possible whether we can legally comply with this objection.
  • If data is used to conduct direct marketing, you can object to this type of data processing at any time. We may then no longer use your data for direct marketing.
  • If data is used to conduct profiling, you can object to this type of data processing at any time. We may then no longer use your data for profiling.
• According to Article 22 GDPR, under certain circumstances you have the right not to be subject to a decision based solely on automated processing (for example profiling).
• According to Article 77 GDPR, you have the right to complain. This means you can complain to the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

Data Transfer to Third Countries

We only transfer or process data to countries outside the scope of the GDPR (third countries) if you consent to this processing or other legal permission exists. This applies in particular if the processing is legally required or necessary to fulfill a contractual relationship and in any case only insofar as this is generally permitted. Your consent is in most cases the most important reason that we have data processed in third countries. The processing of personal data in third countries such as the USA, where many software manufacturers offer services and have their server locations, may mean that personal data is processed and stored in unexpected ways.

We expressly point out that, in the opinion of the European Court of Justice, there is currently only an adequate level of protection for data transfer to the USA if a US company that processes personal data of EU citizens in the USA is an active participant in the EU-US Data Privacy Framework. More information can be found at: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Data processing by US services that are not active participants in the EU-US Data Privacy Framework may result in data possibly not being processed and stored in anonymized form. Furthermore, US government authorities may possibly access individual data. In addition, it may happen that collected data is linked with data from other services of the same provider, if you have a corresponding user account. We try to use server locations within the EU whenever possible, if this is offered. We inform you more precisely about data transfer to third countries at the appropriate places in this privacy policy, if this applies.

Cookies

What are Cookies?

Our website uses HTTP cookies to store user-specific data. In the following, we explain what cookies are and why they are used, so that you can better understand the following privacy policy.

Whenever you surf the Internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: Cookies are really useful helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for other areas of application. HTTP cookies are small files that are stored by our website on your computer. These cookie files are automatically placed in the cookie folder, virtually the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data from you, such as language or personal page settings. When you visit our site again, your browser transmits the “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, in others such as Firefox, all cookies are stored in a single file.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other “malware”. Cookies also cannot access information on your PC.

For example, cookie data can look like this:

Name: _ga
Value: GA1.2.1326744211.152113061272-9
Purpose: Distinguishing website visitors
Expiry date: after 2 years

A browser should be able to support these minimum sizes:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

What types of cookies are there?

The question of which cookies we use specifically depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

There are 4 types of cookies:

Essential Cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user puts a product in the shopping cart, then continues surfing on other pages and only later goes to checkout. These cookies ensure that the shopping cart is not deleted, even if the user closes their browser window.

Functional Cookies
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies also measure the loading time and behavior of the website with different browsers.

Targeting Cookies
These cookies provide better user-friendliness. For example, entered locations, font sizes or form data are stored.

Advertising Cookies
These cookies are also called targeting cookies. They serve to deliver individually tailored advertising to the user. This can be very practical, but also very annoying.

Usually, when you visit a website for the first time, you are asked which of these cookie types you want to allow. And of course, this decision is also stored in a cookie.

If you want to know more about cookies and don’t mind technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.

Purpose of processing via cookies

The purpose ultimately depends on the respective cookie. You can find more details below or from the manufacturer of the software that sets the cookie.

What data is processed?

Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalize what data is stored in cookies, but we will inform you about the processed or stored data within the framework of the following privacy policy.

Storage duration of cookies

The storage duration depends on the respective cookie and is specified further below. Some cookies are deleted after less than an hour, others can be stored on a computer for several years. You also have control over the storage duration yourself. You can manually delete all cookies at any time via your browser (see also “Right of objection” below). Furthermore, cookies that are based on consent will be deleted at the latest after withdrawal of your consent, whereby the lawfulness of storage until then remains unaffected.

Right of objection – how can I delete cookies?

You decide for yourself how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, deactivate or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have placed on your computer

Internet Explorer: Delete and manage cookies Microsoft Edge: Delete and manage cookies

If you generally don’t want cookies, you can set up your browser so that it always informs you when a cookie is to be set. This way you can decide for each individual cookie whether you allow it or not. The procedure varies depending on the browser. It’s best to search for instructions on Google with the search term “delete cookies Chrome” or “disable cookies Chrome” in the case of a Chrome browser.

Legal basis

Since 2009, there have been so-called “Cookie Directives”. These state that storing cookies requires consent (Article 6(1)(a) GDPR) from you. However, within EU countries, there are still very different reactions to these directives. In Austria, however, this directive was implemented in § 165(3) of the Telecommunications Act (2021). In Germany, the Cookie Directives were not implemented as national law. Instead, this directive was largely implemented in § 15(3) of the Telemedia Act (TMG), which has been replaced by the Digital Services Act (DDG) since May 2024.

For absolutely necessary cookies, even if no consent is given, there are legitimate interests (Article 6(1)(f) GDPR), which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience and certain cookies are often absolutely necessary for this. Insofar as cookies that are not absolutely necessary are used, this only happens in the case of your consent. The legal basis in this respect is Art. 6(1)(a) GDPR. In the following sections, you will be informed in more detail about the use of cookies, provided that the software used uses cookies.

Web Hosting

Why do we process personal data?

The purposes of data processing are:

1. Professional hosting of the website and securing operations
2. to maintain operational and IT security
3. Anonymous evaluation of access behavior to improve our offer and possibly for criminal prosecution or pursuit of claims

What data is processed?

Even while you are visiting our website right now, our web server, which is the computer on which this website is stored, usually automatically stores data such as

• the complete internet address (URL) of the accessed webpage
• browser and browser version (e.g., Chrome 87)
• the operating system used (e.g., Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e.g., https://www.beispielquellsite.de/vondabinichgekommen/)
• the hostname and IP address of the device from which access is made (e.g., COMPUTERNAME and 194.23.43.121)
• date and time
• in files called web server log files

How long is data stored?

As a rule, the above-mentioned data is stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot exclude that this data may be viewed by authorities in the event of illegal behavior.

Legal basis

The lawfulness of processing personal data in the context of web hosting results from Art. 6(1)(f) GDPR (safeguarding legitimate interests), because the use of professional hosting with a provider is necessary to present the company on the Internet securely and user-friendly and to be able to pursue attacks and claims arising from this if necessary. There is usually a contract for data processing in accordance with Art. 28 et seq. GDPR between us and the hosting provider, which ensures compliance with data protection and guarantees data security.

Web Hosting Provider

Below you will find the contact details of our external hosting provider, where you can learn more about data processing in addition to the information above: Resonanz Digital GmbH Rotenturmstraße 27/2, 1010 Vienna You can learn more about data processing by this provider in the privacy policy.

Contact and Registration Forms

We offer various forms on our website: contact forms for general inquiries and registration forms for participation in our Church Music Week. Through these, you can send us digital messages or register for our events. The forms make it easier for you to contact us as well as register for our events. At the same time, we can process inquiries and registrations in a structured manner and efficiently handle the registration process for the Church Music Week.

Duration of data processing

• Contact inquiries: The data will be deleted as soon as your inquiry has been completely processed.
• Registrations: The data will be deleted after completion of the Church Music Week, unless there are legal retention obligations. Booking documents and payment-related data may be retained for up to 7 years due to legal requirements.

Right of objection

You have the right to withdraw your consent to data processing at any time. For registrations already made, withdrawal may have consequences for your participation.

Legal basis

Data processing is based, depending on the purpose, on:

• Your consent (Art. 6(1)(a) GDPR) for contact inquiries
• Contract fulfillment (Art. 6(1)(b) GDPR) for registrations to the Church Music Week
• Our legitimate interest (Art. 6(1)(f) GDPR) in processing inquiries and organizing our events

Cookie Consent Management Platform: Borlabs Cookie

What is a Cookie Consent Management Platform?

We use Consent Management Platform (CMP) software on our website, which makes it easier for us and you to handle scripts and cookies correctly and safely. The software automatically creates a cookie popup, scans and controls all scripts and cookies, offers a data protection-legally necessary cookie consent for you and helps us and you keep track of all cookies. With most cookie consent management tools, all existing cookies are identified and categorized. As a website visitor, you then decide for yourself whether and which scripts and cookies you allow or do not allow. The following graphic shows the relationship between browser, web server and CMP.

Why do we use a cookie management tool?

Our goal is to offer you the best possible transparency in the area of data protection. In addition, we are also legally obliged to do so. We want to educate you as best as possible about all tools and all cookies that can store and process data from you. It is also your right to decide for yourself which cookies you accept and which you do not. To grant you this right, we must first know exactly which cookies have landed on our website at all. Thanks to a cookie management tool, which regularly scans the website for all existing cookies, we know about all cookies and can provide you with GDPR-compliant information about them. You can then accept or reject cookies via the consent system.

What data is processed?

Within the framework of our cookie management tool, you can manage each individual cookie yourself and have complete control over the storage and processing of your data. Your consent declaration is stored so that we do not have to ask you again on every new visit to our website and so that we can also prove your consent if legally necessary. This is stored either in an opt-in cookie or on a server. Depending on the provider of the cookie management tool, the storage duration of your cookie consent varies. Usually, this data (such as pseudonymous user ID, consent time, detailed information about cookie categories or tools, browser, device information) is stored for up to two years.

Duration of data processing

We inform you about the duration of data processing below, if we have further information about this. Generally, we only process personal data for as long as it is absolutely necessary for the provision of our services and products. Data stored in cookies is stored for different lengths of time. Some cookies are deleted after leaving the website, others can be stored in your browser for several years. The exact duration of data processing depends on the tool used, mostly you should expect a storage duration of several years. In the respective privacy policies of the individual providers, you will usually receive precise information about the duration of data processing.

Right of objection

You also have the right and the possibility to withdraw your consent to the use of cookies at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating or deleting cookies in your browser. Information about special cookie management tools can be found – if available – in the following sections.

Legal basis

If you agree to cookies, personal data from you is processed and stored via these cookies. If we may use cookies through your consent (Article 6(1)(a) GDPR), this consent is also the legal basis for the use of cookies or the processing of your data. In order to be able to manage consent to cookies and to enable you to give consent, cookie consent management platform software is used. The use of this software enables us to operate the website in a legally compliant manner in an efficient way, which represents a legitimate interest (Article 6(1)(f) GDPR).

BorlabsCookie Privacy Policy

We use BorlabsCookie on our website, which is, among other things, a tool for storing your cookie consent. The service provider is the German company Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany. You can learn more about the data processed through the use of BorlabsCookie in the Privacy Policy at https://de.borlabs.io/datenschutz/.

Payment Provider: Stripe

What is a payment provider?

We use online payment systems on our website that enable us and you to have a secure and smooth payment process. Among other things, personal data can also be sent to the respective payment provider, stored and processed there. Payment providers are online payment systems that enable you to place an order via online banking. Payment processing is carried out by the payment provider you have chosen. We then receive information about the payment made. This method can be used by any user who has an active online banking account with PIN and TAN. There are hardly any banks left that do not offer or accept such payment methods.

Why do we use payment providers on our website?

We naturally want to offer the best possible service with our website and our integrated online shop so that you feel comfortable on our site and use our offers. We know that your time is valuable and that payment processing in particular must work quickly and smoothly. For these reasons, we offer you various payment providers. You can choose your preferred payment provider and pay in the usual way.

What data is processed?

Which data is processed exactly naturally depends on the respective payment provider. But basically, data such as name, address, bank data (account number, credit card number, passwords, TANs, etc.) are stored. This is necessary data to be able to carry out a transaction at all. In addition, any contract data and user data, such as when you visit our website, what content you are interested in or which subpages you click on, can also be stored. Your IP address and information about your computer used are also stored by most payment providers. The data is usually stored and processed on the servers of the payment providers. We as website operators do not receive this data. We are only informed whether the payment worked or not. For identity and credit checks, it may happen that payment providers pass on data to the appropriate place. The business and data protection principles of the respective provider always apply to all payment transactions. Therefore, please always look at the general terms and conditions and the privacy policy of the payment provider. You also have the right to have data deleted or corrected, for example. Please contact the respective service provider regarding your rights (right of withdrawal, right of access and right of data subjects).

Duration of data processing

We inform you about the duration of data processing below if we have further information about this. Generally, we only process personal data for as long as it is absolutely necessary for the provision of our services and products. If it is legally prescribed, as in the case of accounting, for example, this storage period can also be exceeded. Thus, we keep accounting documents belonging to a contract (invoices, contract documents, account statements, etc.) for 10 years (§ 147 AO) as well as other relevant business documents for 6 years (§ 247 HGB) after they arise.

Right of objection

You always have the right to information, correction and deletion of your personal data. If you have questions, you can also contact those responsible for the payment provider used at any time. You can find contact details either in our specific privacy policy or on the website of the corresponding payment provider. You can delete, deactivate or manage cookies that payment providers use for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that the payment process may then no longer work.

Legal basis

So we offer other payment service providers in addition to the conventional banking/credit institutions for the processing of contractual or legal relationships (Art. 6(1)(b) GDPR). The privacy policies of the individual payment providers (such as Amazon Payments, Apple Pay or Discover) provide you with a detailed overview of data processing and data storage. In addition, you can always contact those responsible if you have questions about data protection-relevant topics.

Stripe Privacy Policy

We use the payment service provider Stripe on our website. The service provider is the American company Stripe Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, USA. Stripe also processes data from you in the USA, among other places. Stripe is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure data transfer of personal data from EU citizens to the USA.

You can learn more about data processing at Stripe in the privacy policy at https://stripe.com/de/privacy.

Online Map Service: Google Maps

What is Google Maps?

We use Google Maps from Google Inc. on our website. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With Google Maps, we can show you locations better and thus adapt our service to your needs. By using Google Maps, data is transferred to Google and stored on Google servers. Here we want to go into more detail about what Google Maps is, why we use this Google service, what data is stored and how you can prevent this.

Google Maps is an internet map service from Google. With Google Maps, you can search online via a PC, tablet or app for exact locations of cities, sights, accommodations or companies. If companies are represented on Google My Business, additional information about the company is displayed in addition to the location. To display the route options, map sections of a location can be embedded in a website using HTML code. Google Maps shows the earth’s surface as a street map or as an aerial or satellite image. Thanks to the Street View images and high-quality satellite images, very precise representations are possible.

Why do we use Google Maps on our website?

All our efforts on this page pursue the goal of providing you with a useful and meaningful time on our website. By integrating Google Maps, we can provide you with the most important information about various locations. You can see at a glance where our company headquarters are located. The directions always show you the best or fastest way to us. You can call up the route for routes by car, public transport, on foot or by bike. For us, providing Google Maps is part of our customer service.

What data is stored by Google Maps?

In order for Google Maps to be able to fully offer its service, the company must record and store data from you. This includes, among other things, the search terms entered, your IP address and also the latitude and longitude coordinates. If you use the route planner function, the entered starting address is also stored. However, this data storage happens on the Google Maps web pages. We can only inform you about this, but cannot influence it. Since we have integrated Google Maps into our website, Google sets at least one cookie (name: NID) in your browser. This cookie stores data about your user behavior. Google primarily uses this data to optimize its own services and provide individual, personalized advertising for you.

The following cookie is set in your browser due to the integration of Google Maps:

Name: NID
Value: 188=h26c1Ktha7fCQTx8rXgLyATyITJ113061272-5
Purpose: NID is used by Google to adapt advertisements to your Google search. With the help of the cookie, Google “remembers” your most frequently entered search queries or your previous interaction with advertisements. So you always get tailor-made advertisements. The cookie contains a unique ID that Google uses to collect your personal settings for advertising purposes.
Expiry date: after 6 months

Note: We cannot guarantee completeness of the information about stored data. Changes can never be ruled out, especially when using cookies. In order to identify the NID cookie, a separate test page was created where only Google Maps was integrated.

How long and where is the data stored?

The Google servers are located in data centers around the world. However, most servers are located in America. For this reason, your data is also increasingly stored in the USA. Here you can read exactly where the Google data centers are located: https://datacenters.google/

Google distributes the data on different data carriers. This makes the data faster to retrieve and better protected from any manipulation attempts. Each data center also has special emergency programs. If there are problems with Google hardware or if a natural disaster paralyzes the servers, the data remains fairly safely protected.

Google stores some data for a set period of time. For other data, Google only offers the possibility to delete it manually. Furthermore, the company also anonymizes information (such as advertising data) in server logs by deleting part of the IP address and cookie information after 9 or 18 months.

How can I delete my data or prevent data storage?

With the automatic deletion function for location and activity data introduced in 2019, information for location determination and web/app activity – depending on your decision – is stored for either 3 or 18 months and then deleted. You can also delete this data manually from the history at any time via the Google account. If you want to completely prevent your location tracking, you must pause the “Web & App Activity” section in the Google account. Click “Data and Personalization” and then on the “Activity Settings” option. Here you can switch the activities on or off.

In your browser, you can also deactivate, delete or manage individual cookies. Depending on which browser you use, this always works a little differently. Under the “Cookies” section you will find the corresponding links to the respective instructions for the best-known browsers.

If you generally don’t want any cookies, you can set up your browser so that it always informs you when a cookie is to be set. This way you can decide for each individual cookie whether you allow it or not.

Legal basis

If you have consented to the use of Google Maps, the legal basis for the corresponding data processing is this consent. This consent represents according to Art. 6(1)(a) GDPR (Consent) the legal basis for the processing of personal data as it may occur when collected by Google Maps.

On our part, there is also a legitimate interest in using Google Maps to optimize our online service. The corresponding legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). However, we only use Google Maps insofar as you have given your consent.

Google also processes data from you in the USA, among other places. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure data transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCC) are template forms provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and through the Standard Contractual Clauses, Google commits to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

If you want to learn more about Google’s data processing, we recommend the company’s own privacy policy at https://policies.google.com/privacy?hl=de.

All texts are copyrighted.

Source: Privacy Policy created with the Privacy Policy Generator for Austria by AdSimple