DATA PRIVACY POLICY

Österreichische Galerie Belvedere

Valid as of 03 February 2022

Österreichische Galerie Belvedere is a Scientific Institution under Austrian Public Law (“Wissenschaftliche Anstalt öffentlichen Rechts”) with its registered office in Vienna and its business address at Prinz Eugen-Straße 27, 1030 Vienna (hereinafter the “Belvedere“ or “we”).

  1. SCOPE OF APPLICATION

    1. 1.1 This Data Privacy Policy applies to the use of the website thekiss.art (the „Website“) of Belvedere, the whitelisting for the purchase of and the actual purchase of a digital reproduction of “The Kiss” by Gustav Klimt as a series of non-fungible tokens through the Website (“The Kiss NFTs”).

    2. 1.2 Processing of personal data by the Belvedere as the data controller according to Art. 4(7) GDPR is subject to the General Data Protection Regulation (“GDPR”) and the Austrian Data Protection Act (“DSG”). 

    3. 1.3 Personal data means all information according to Art. 4(1) GDPR that relates to an identified or identifiable natural person.

  2. DATA PROCESSING Activities 

The Belvedere processes the following personal data for the following purposes:

  1. 2.1 Providing the Website

    1. 2.1.1 In order to be able to provide you with the Website (Art. 6(1)(b) GDPR) and to be able to detect, prevent and investigate attacks on the Website (Art. 6(1)(f) GDPR), we process the following personal data:

      1. URL;

      2. Date and time you access the Website; 

      3. Name and version of the browser; 

      4. Type of the browser and settings;  

      5. Operating system; and

      6. Referral URL.

    2. 2.1.2 The legitimate interest of Belvedere is to be able to detect, prevent and investigate attacks on the Website and thus ward off damage from the Belvedere and the users.

    3. 2.1.3 We store the above-mentioned personal data for as long as this is necessary to provide the Website to you respectively for as long as this is necessary to pursue or defend legal claims, or to fulfil legal retention obligations.

    4. 2.1.4 The provision of the above-mentioned personal data is necessary for using the Website. If you do not provide these personal data, you will not be able to use the Website.

  2. 2.2 NFT Whitelisting

    1. 2.2.1 In order to make you an offer for the purchase of “The Kiss NFTs”, we process the following personal data (Art. 6(1)(b) GDPR) for the purpose of registration and whitelisting:

      1. your email address;

      2. your wallet address.

    2. 2.2.2 For the abovementioned purpose we store the above-mentioned personal data for for the whitelisting phase, i.e. from the time of your registration until the end of the whitelisting phase respectively for as long as this is necessary to pursue or defend legal claims, or to fulfil legal retention obligations.

    3. 2.2.3 The provision of the above-mentioned personal data is necessary for you to whitelist for the purchase of “The Kiss NFTs”. If you do not provide these personal data, you will not be able to use register on the Website or the whitelist.

  3. 2.3 Purchasing NFTs

    1. 2.3.1 In order for you to be able to purchase “The Kiss NFTs”, we process the following personal data (Art. 6(1)(b) GDPR):

      1. Your first and last name; 

      2. your email address;

      3. your wallet address;

      4. the time of your purchase.

    2. 2.3.2 For the abovementioned purpose we store the above-mentioned personal data for as long as this is necessary to complete the purchase process respectively for as long as this is necessary to pursue or defend legal claims, or to fulfil legal retention obligations (e.g. for the duration of 7 years according to the Austrian Tax Act).

    3. 2.3.3 We store the above-mentioned personal data as long as it is necessary to answer the inquiry.

    4. 2.3.4 The provision of the above-mentioned personal data is necessary for you to be able to purchase “The Kiss NFTs”. If you do not provide these personal data, you will not be able to purchase “The Kiss NFTs”.

  4. 2.4 Dedication

    1. 2.4.1 In order for you to be able to publish a personal dedication for your “The Kiss NFT”, we process the following personal data (Art. 6(1)(b) GDPR):

      1. Your first and/or last name or a nickname of your choice;

      2. your email address;

      3. your wallet address;

      4. the message you enter on the Website.

    2. 2.4.2 Where the personal dedication of a “The Kiss NFT” also contains the first and/or last name or a nickname of a person other than the owner of “The Kiss NFT”, we process the following personal data (Art. 6(1)(f) GDPR):

      1. The first and/or last name or a nickname of this person;

      2. The message entered by the owner of “The Kiss NFT” on the Website.

    3. 2.4.3 For the abovementioned purposes we store the above-mentioned personal data until the owner of the respective “The Kiss NFT” changes or deletes it respectively for as long as this is necessary to pursue or defend legal claims, or to fulfil legal retention obligations (e.g., for the duration of 7 years according to the Austrian Tax Act).

    4. 2.4.4 Our legitimate interests to process this personal data is to allow owners of “The Kiss NFTs” to make a gift to someone through a publicly visible dedication.

  5. 2.5 Marketing Communication

    1. 2.5.1 In order to be able to provide you with information about products and services of the Belvedere, we process the following personal data (Art. 6(1)(a) GDPR): 

      1. your email address;

      2. your wallet address.

    2. 2.5.2 For the abovementioned purpose we store the above-mentioned personal data until you withdraw your consent. The withdrawal of your consent does not affect the lawfulness of processing based on consent before the withdrawal.

    3. 2.5.3 The provision of the above-mentioned personal data in the context of marketing is voluntary. If you do not provide these personal data in the context of marketing and do not consent, you will not receive marketing materials.

  6. 2.6 Use of Cookies and Social Plug-Ins

    1. 2.6.1 Universal Analytics

      1. The Website uses Universal Analytics, a web analytics service provided by Google LLC, Google Ireland Ltd. or any other entity that directly or indirectly controls, is controlled by, or is under common control with, Google LLC (“Google”). Universal Analytics uses “cookies”, which are text files placed on your computer, to help the Website to analyse how users use the Website.

      2. We process your data on the basis of your consent (Art. 6(1)(a) GDPR). We store the above-mentioned personal data until you withdraw your consent. The withdrawal of your consent does not affect the lawfulness of processing based on consent before the withdrawal.

      3. For the purpose of analysing your use of the Website and generating anonymous statistics, the following personal data is processed by Google on our behalf:

        1. Time spent on the Website;

        2. Time spent on each individual page and the order in which individual pages are visited;

        3. Which internal links are clicked by you when browsing the Website;

        4. Previously accessed websites;

        5. First page accessed;

        6. IP address;

        7. Geographical location;

        8. Browser (including plug-ins) and operating system;

        9. Screen resolution and whether Flash or Java is installed in the User's browser. 

      4. Google places the following cookies: 

Name

Duration

Purpose

_ga

2 years

Differentiation of individual users.

_gid

24 hours

Differentiation of individual users. 

_gat

10 minutes

Reduction of the number of requests.

Google NID

5 months

Show Google Ads in Google Services for signed out users. 

Google __Secure-3PAPISID

2 years

Builds a profile of website visitor interests to show relevant and personalized ads through retargeting.

  1. On our behalf, the above-mentioned data on the use of the Website is transmitted to Google servers in the USA and stored there. This Website uses the possibility of IP anonymisation offered by Google Analytics. Your IP address is therefore shortened by Google as soon as Google receives your IP address. You can find further information on IP anonymisation at https://support.google.com/analytics/answer/2763052?hl=de

  1. 2.6.2 VIMEO 

    1. Belvedere uses videos of the company Vimeo on the website. The video portal is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. With the help of a plug-in, we can show you interesting video material directly on our website. Certain data may be transferred from you to Vimeo in the process. You can find more information on data processing by Vimeo at https://vimeo.zendesk.com/hc/de/sections/203915088-Datenschutz

    2. Vimeo places the following cookies: 

Name

Duration

Purpose

Vimeo Player

2 years

Cookies enabling video player experience

Vimeo vuid

3 hours

Cookeis enabling video player experience 


  1. When you call up a web page on our website that has a Vimeo video embedded, your browser connects to the Vimeo servers. This results in a data transfer. This data is collected, stored and processed on the Vimeo servers. Regardless of whether you have a Vimeo account or not, Vimeo collects data about you. This includes your IP address, technical information about your browser type, operating system or very basic device information. Furthermore, Vimeo stores information about which website you use the Vimeo service and what actions (web activities) you perform on our website. This web activity includes, for example, session duration, bounce rate or which button you clicked on our website with the built-in Vimeo function.

  2. If you are logged in to Vimeo as a registered member, more data can usually be collected as more cookies may have already been set in your browser. In addition, your actions on our website are directly linked to your Vimeo account. To prevent this, you must log out of Vimeo while “surfing” on our website.

  1. 2.6.3 Display & Video 360

    1. Display & Video 360 is a tool provided by Google for planning campaigns, designing and managing creative, organizing and applying audience data, finding and buying inventory, and measuring and optimizing campaigns. We use Display & Video 360 services on the basis of a data protection agreement pursuant to Art. 28 GDPR concluded with Google.

    2. We process your data on the basis of your consent (Art. 6(1)(a) GDPR). We store the above-mentioned personal data until you withdraw your consent. The withdrawal of your consent does not affect the lawfulness of processing based on consent before the withdrawal.

    3. For the purpose of measuring and optimizing our campaigns, Google processes the following personal data on our behalf:

      1. Online identifiers, including cookie identifiers, internet protocol addresses and device identifiers;

      2. precise location data;

      3. client identifiers;

    4. For more information please see under https://privacy.google.com/businesses/adsservices/

  1. 2.6.4 Campaign Manager 360

    1. Campaign Manager 360 is a web-based ad management system that helps us manage our digital campaigns across websites and mobile. We use Campaign Manager 360 services on the basis of a data protection agreement pursuant to Art. 28 GDPR concluded with Google.

    2. We process your data on the basis of your consent (Art. 6(1)(a) GDPR). We store the above-mentioned personal data until you withdraw your consent. The withdrawal of your consent does not affect the lawfulness of processing based on consent before the withdrawal.

    3. For the purpose of ad serving, targeting, verification, and reporting, Google processes the following personal data on our behalf:

      1. Online identifiers, including cookie identifiers, internet protocol addresses and device identifiers;

      2. precise location data;

      3. client identifiers;

    4. For more information please see under https://privacy.google.com/businesses/adsservices/

  1. Recipients and Data Transers 

    1. 3.1 We instruct data processors who perform services on our behalf. The processors may only process the data provided to them in accordance with our instructions and only to the extent necessary to perform services for us. We contractually oblige these processors to guarantee the confidentiality and security of the personal data processed within the scope of the contract.

    2. 3.2 The level of data protection in other countries outside the European Economic Area (“EEA”) may not be the same as within the EEA. However, we will only transfer your personal data to countries for which the European Commission has decided that they have an adequate level of data protection or we will take measures to ensure that all recipients in third countries guarantee an adequate level of data protection. To this end, we conclude, for example, the standard contractual clauses issued by the European Commission with these recipients. On request we will provide you with the concluded standard contractual clauses. For this purpose, please contact us using the contact details provided above.

  2. Rights according to the GDPR

    1. 4.1 The GDPR grants you as a data subject the following rights:

      1. 4.1.1 The right of access according to Art. 15 GDPR regarding the personal data processed by Belvedere.

      2. 4.1.2 The right of rectification according to Art. 16 GDPR, the right of erasure according to Art. 17 GDPR and the right to restriction of processing according to Art. 18 GDPR.

      3. 4.1.3 The right of data portability according to Art. 20 GDPR.

      4. 4.1.4 The right of objection according to Art. 21 GDPR.

      5. 4.1.5 The right to appeal to the competent data protection authority in accordance with Art. 77 GDPR.

      6. 4.1.6 You may revoke your consent to the processing of personal data at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.

Terms of Service
Dedication Terms
Data Protection
Legal Notice
Contact us
Press