Privacy Policy
General information
The protection of your personal data is of particular concern to us. We process your personal data exclusively on the basis of the legal provisions (GDPR, DSG, TKG 2021).
When providing the Gustav Klimt Database ("GKDB"), we process information about you, so-called personal data - or "data" in short hereafter. The term "processing" is meant to include any handling of data, such as the collection, storage, use or deletion of personal data.
We are happy to inform you about the processing of your personal data and the claims and rights to which you are entitled according to the data protection regulations within this privacy policy.
The responsible party for the processing of your personal data is:
GUSTAV KLIMT | VIENNA 1900 – PRIVATE FOUNDATION
MQ West Breite Gasse 4
1070 Vienna
E-mail address: office@klimt-foundation.com
Phone no.: +43 1 890 98 18
If you have any complaints, questions or suggestions regarding data protection, please do not hesitate to contact us at any time using the contact details provided.
General information
When you sign up and use the database, we process data that you provide to us (for example, when registering for a user account and when updating your user data), logs (our servers log who makes requests for security reasons) and store cookies and other data (in local storage and session storage) on your device. The data stored on your device may contain information to recognize you.
Data processing in relation to the user account
Scope and purpose of processing: If you register for a user account via the website, we store and process all the data you provide us with in this context (including master data, contact details, research topic). The information marked with an (*) in the registration form is mandatory. If you do not provide us with this data, you will not be able to create a user account.
Legal basis of processing: Your data is processed for the performance of the contract concluded with you. We use your data, for example, to enable you to do research; or also to inform you in mailings about new functions and extensions to the database.
Recipients of the data: If the transfer of your relevant data is necessary in the respective individual case for the performance of the contract or on a legal basis, it will be made to the following categories of recipients:
Rights holders to database content
Technical operators of the database
Legal representatives
Auditors, accountants and tax advisors
Courts
Competent administrative authorities
Further information: We only process your data in personal form for as long as this is necessary for the performance of the contract or due to legal obligations. We generally keep the data of your user account until you delete this account and terminate the contract with us. The obligation to keep certain data according to tax and company law remains unaffected.
Data processing in connection with the use of the database
Scope and purpose of processing: When you search the database and make queries, we process your input and store certain data from it, for example for statistical evaluations of database use (including user ID, search queries performed (search terms, filters, sorting), data records viewed, data sheets generated, data records added to the individual watch list).
Legal basis of processing: Your data is processed for the performance of the contract concluded with you.
Recipients of the data: If the transfer of your relevant data is necessary in the respective individual case for the performance of the contract or on a legal basis, it will be made to the following categories of recipients:
Rights holders to database content
Technical operators of the database
Legal representatives
Auditors, accountants and tax advisors
Courts
Competent administrative authorities
Further information: We only process your data in personal form for as long as this is necessary for the performance of the contract or due to legal obligations. The obligation to keep certain data according to tax and company law remains unaffected.
Data processing in the context of contacting us
Purpose of processing: If you contact us (e.g. by e-mail, contact form or telephone), we process the data you provide when contacting us, insofar as this is necessary to process the enquiry or its handling.
Legal basis of processing: The processing of your data is carried out for the implementation of pre-contractual measures or for the performance of a contract or is based on our legitimate interests, specifically for providing the enquiry response.
Recipients of the data: This data is only transmitted on the condition that the transmission is necessary for answering the enquiry.
Further information: We process your data for as long as it is necessary to process the enquiry and, in addition, for one year after the last contact with you in the event of a follow-up enquiry.
Data processing for the operation and security of the database
Purpose of processing: When you use our database, the following client-server communication data is collected and stored in server-side logs:
Data concerning you/your device
IP address of the requesting device
Operating system
Name and version number of the browser
HTTP version
TLS protocol and cipher
Data related to the requested content
Address/URL
Request metadata
Date and time of the request
Access status/HTTP status code
Amount of data transferred
Duration of the request
Legal basis of processing: Your data is processed on the basis of our legitimate interest in ensuring the operation of the database and system security.
Recipients of the data: The database is technically operated by an IT service provider based in the European Union as a processor. The data from the server logs are only disclosed to courts, public prosecutors' offices and administrative authorities in the cases required by law. Data will not be passed on to third parties beyond this.
Further information: Recorded IP addresses are stored unabbreviated for a maximum of four weeks.
Usage analysis with Matomo:
Scope of processing of personal data: On this website, we use the analysis tool Matomo, an open source web analytics solution. This tool sets a cookie on your terminal device. When you use our website and database, the following data is collected and analyzed:
your IP address, shortened by the last two bytes (anonymized)
the sub-page visited and the time of the visit
the website that brought you to our website (referrer)
which browser with which plugins, which operating system and which screen resolution you are using
the time you spend on our website
the pages you go to from the respective sub-page you visited
Legal basis of processing: We process personal data with Matomo based on our legitimate interest in analysing the use of the database. This enables us to adapt the database to the interests and needs of the users in the best possible way.
Recipients of the data: The usage analysis by Matomo is performed locally on the IT infrastructure used by us within the European Union. Your data will not be passed on to third parties.
Opt-Out: You have the possibility to object to the usage analysis as follows:
a. You can block the storage of cookies in your browser. However, this means that you may no longer be able to use some of the functions on our website.
b. You can activate the "Do-not-track" setting in your browser. We have configured Matomo to take this setting into account.
c. You can deactivate tracking by Matomo directly here.
Data stored on your device (cookies, local storage, session storage)
The website www.klimt-database.com uses the cookies listed in the following table and stores the data listed there in the local/session storage of your Internet browser:
| Name | Domain | Path | Validity | Purpose |
|---|---|---|---|---|
| PHPSESSID | .klimt-database.com | / | Visit |
PHP session:
Enables us to check your login status and to protect you against CSRF with contact forms.
Content: Contains a random string which enables us to identify you for the duration of your visit. |
| _authenticated | .klimt-database.com | / | Visit |
Login status at client side:
Saves your login status and makes it accessible to JavaScript.
Content: Contains a random string which enables us to identify you for the duration of your visit. |
| alc_enc | .klimt-database.com | / | 3 months |
Remember Me (token):
Allows you to stay logged in on a device.
Content: Contains a random string which enables us to identify you for the validity period of the cookie. |
| alc_device | .klimt-database.com | / | 12 months |
Remember Me (device token):
Allows you to stay logged in on a device. This enables us to identify the device.
Content: Contains a random string which enables us to identify your device for the validity period of the cookie. |
| Name | Validity | Purpose |
|---|---|---|
| dpcm | infinite |
Data privacy settings:
Stores the consent to groups and services.
Content: The chosen setting for each service and group as well as the timestamps of the last changes. |
| LazyListContext_* | Visit |
Selected filters:
Enables caching of selected filters in lists
Content: The selected filters. |
| LazyListManager_* | Visit |
Results of filtered lists:
Allows for improved performance and enables caching of results
Content: Parts of filtered data from lists |
| app_member | Visit |
Information on logged-in user:
Enables the correct representation and use of features for logged-in users
Content: Login status, token saved in _authenticated, as well as the complete name of the logged-in user |
| Name | Domain | Path | Validity | Purpose |
|---|---|---|---|---|
| _pk_id.1.* | .klimt-database.com | / | 13 months | Stores details about the visitor such as: the pseudonymous visitor ID, creation timestamp of the cookie, count of vists, time of last user action, time of last visit |
| _pk_ref.1.* | .klimt-database.com | / | 6 months | Stores the so-called attribution information, the referrer initially used to visit the website |
| _pk_ses.1.* | .klimt-database.com | / | 30 mins | Indicates that the user has an active session. |
| _pk_testcookie* | .klimt-database.com | / | 1 sec | Is temporarily created for testing for cookie functionality, will be immediately deleted. |
You can reject some or all cookies or delete cookies that have already been set via your browser settings. Please note that certain features of our platform will not be available if you disable cookies.
Disclosure of data, order processing
Your personal data will be used exclusively by us and will not be disclosed to third parties without your consent, a legal obligation or a judicial or official decision. If we use third parties (" processors ") to carry out orders, we ensure that they use your data exclusively within the scope of the agreement concluded with them, our orders and in compliance with the data protection regulations.
Your rights
Right of access to stored data according to Art 15 GDPR
You have the right to access information about whether we are processing personal data about you. If this is the case, you have the right to be informed about this personal data as well as other information related to the processing.
Right to rectification of inaccurate personal data according to Art 16 GDPR
In the event that personal data that we process about you is not (or is no longer) accurate or incomplete, you may request that this data be corrected and, if necessary, completed.
Right to erasure of data according to Art 17 GDPR
If the legal requirements are met, you can request the erasure of your personal data.
Right to restriction of processing of data according to Art 18 GDPR
If the legal requirements are met, you may request the restriction of processing of the data concerning you.
Right to data portability according to Art 20 GDPR
If the legal requirements are met, you can request the transfer of your data in a structured, common and machine-readable format.
Right to object to unreasonable data processing according to Art 21 GDPR
For reasons arising from your particular situation, you may object at any time to the processing of data relating to you which we process on the basis of a legitimate interest pursuant to Art 6 (1) lit f GDPR.
Right to withdraw consent
If the processing is based on a declaration of consent, you have the opportunity to withdraw such consent at any time without affecting the lawfulness of the processing performed on the basis of the consent until the withdrawal.
Right to complain to the data protection authority
If you are of the opinion that the processing of your personal data by us violates the applicable data protection law or that your data protection rights have been violated in any other way, you have the possibility to complain to the competent supervisory authority (Austrian Data Protection Authority). The address is:
Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Phone: +43 1 52 152-0
E-Mail: dsb@dsb.gv.at
Further information
We use "https" to transmit data in a tap-proof manner on the Internet. By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data. You can recognise the use of this data transmission protection by the small lock symbol at the top left of the browser and by the use of "https" as part of our internet address.
If you send us personal data by e-mail we cannot guarantee secure transmission and protection of your data. We therefore recommend that you never send confidential data by e-mail without encryption.
Automated decision-making, including profiling, does not take place. If we process your personal data for a purpose other than that for which we collected it, we will disclose this fact to you and inform you of this other purpose.
_
Status: 21.9.2022