Outbreak of the war
End of the war

Data Protection Declaration


Personal user data (for instance name, e-mail address…) is processed by the Schloss Schönbrunn Kultur- und Betriebsgesellschaft mbH (in the following “Schloss Schönbrunn", "Hofburg Wien", "Hofmobiliendepot" (Imperial Furniture Collection), “Schloss Hof” solely according to the provisions of the Austrian Data Protection Law and the GDPR General Data Protection Regulation. These instructions on data protection are intended to inform you about the most important aspects of data processing in the context of our website.


1. Data controller and contact

The data controller is:

Schloss Schönbrunn Kultur- und Betriebsgesellschaft mbH
Schloss Schönbrunn, Kavalierstrakt
1130 Vienna

As a matter of principle, we ensure that we only use the data that we actually need for our web presence, in particular:

-  for the processing of contracts that are concluded through our ticket shop and our online shop,
-  for answering queries,
-  for marketing purposes,
-  for optimisation of our web presence and our range of offers

If we grant third parties (especially order processors) access to data in the context of our processing , this is done either on the basis of a statutory authorisation (e.g. if the transfer of data to a third party or to payment service providers is necessary to fulfil a contract), or if you have given your consent, or if it is required by a legal obligation, or on the basis of our legitimate interests (e.g. use of web hosts, CRM tools, newsletter transmission tools, etc.).

The following items provide information on the type, range and purpose of the acquisition, processing and usage of personal data in the context of the web presence of Schloss Schönbrunn, Hofburg Wien, Hofmobiliendepot and Schloss Hof.

Schloss Schönbrunn, Hofburg Wien, Hofmobiliendepot and Schloss Hof stores the notified user data with the greatest of care (in accordance with Art 32 GDPR); however, we cannot take any responsibility for hacker attacks.


2. Legal bases

In the case of concluded contracts and queries, personal data is processed because this is required in order to fulfil the contract, or, as the case may be, to process the query (Art. 6 [1] lit b GDPR – General Data Protection Regulation)

Your contact data is only processed for the purpose of direct advertising via e-mail or telephone with your permission according to Art. 6 [1] lit a of the General Data Protection Regulation (“GDPR”).

Otherwise we process your personal data on the basis of our overriding legitimate interest, in order to achieve the purposes stated in this declaration (Art. 6 [1] lit f GDPR).


3. Hosting

Our website is hosted by Abaton EDV-Dienstleistungs GmbH, Hans-Resel-Gasse 17, 8020 Graz. Our host provider provides us with the IT infrastructure services, disk space, computing capacity, technical security and maintenance services that we need to cover the range of options of this web presence. The user data is processed in the context of these services within the framework of our legitimate interests (Art. 6 [1] f GDPR) in enabling the provision of our online services.


4. Automatic data acquisition

For technical reasons, the usage data that a user’s Internet browser transfers to Schloss Schönbrunn, Hofburg Wien, Hofmobiliendepot and Schloss Hof includes the following:

This data is stored separate from any user data communicated (in particular name, address, telephone number, e-mail address, language) and is evaluated for statistical purposes in order to optimise the Internet presence and services at,,,,,, and (for more details, see below).


5. Data transfer to Imperial Austria Palaces Services GmbH

Our ticketing system is handled by the Ticket Shop of Imperial Austria Palaces Service GmbH, whose headquarters are at our company location – Schloss Schönbrunn, Kavalierstrakt, 1130 Vienna. We are informed by Imperial Austria Palaces Service GmbH about ticket reservations made via

Specifically, during this process we receive the following data: name, address, telephone number, e-mail address, language, age (adult or children’s ticket), membership of a family or group (for family, student, group tickets).

For press accreditations: the medium, working title and short description of the project must be stated.

For online reservations by event organisers: the event organiser’s PIN.

The personal data and contract data (contract subject, term, customer categories) notified in the course of the ordering process are used exclusively for contract processing; payment data is protected by encryption and used solely for payment management during the contract processing.

The use of the ticketing system is necessary for processing ticket reservations. We have entered into a contract for order data processing with Imperial Austria Palaces Service GmbH.

This data usage is based on Art. 6 [1] b GDPR.


6. Data usage

6.1 During the ordering process, the following personal data is requested:

name, address, telephone number, e-mail address, language, age (adult or children’s ticket), membership of a family or group (for family, student, group tickets). For press accreditations the medium, working title and short description of the project must be stated. For online reservations by event organisers the event organiser’s PIN must be stated.

The personal data notified in the course of the order processing is used exclusively for contract processing (Art. 6 [1] lit b GDPR); payment information is protected by encryption and used solely for the payment management.

6.2 The following data is acquired when using contact forms and participation in competitions (Art 6 [1] b GDPR):

name, e-mail, telephone number if needed, postal address if needed. This data is used exclusively for the reply to the contact and to manage the competition in question.

6.3 In registering for newsletters and company newspapers, the following data is acquired (Art. 6 [1] a GDPR): 

name; e-mail address for newsletters and the postal address for company newspapers. This data is used exclusively for despatching the ordered newsletters / company magazines.

Our newsletters is only sent after a double opt-in, i.e., after registering in our newsletter list you will receive another, separate confirmation e-mail in order to conclude the registration for the newsletter.


7. Cookies

Schloss Schönbrunn, Hofburg Wien, Hofmobiliendepot and Schloss Hof uses cookies for the provision of its services (Art. 6 Abs [1] lit f GDPR). Cookies are small text files that the user’s Internet browser places and stores on his or her computer.

What are cookies?

Cookies make our Internet presence user-friendlier and enable us to recognise multiple usage of this website by the same user. Cookies are needed in particular for using a web shop. Some cookies remain stored on your end device until you delete them. They enable us to recognise your browser on your next visit.

If you do not want this option, you can set your browser in such a way that you are informed about the placing of cookies and you can permit this specifically for individual cases. Users can prevent the installation of cookies by an appropriate setting in their browser software; Schloss Schönbrunn, Hofburg Wien, Hofmobiliendepot and Schloss Hof wishes to inform you however that in this case not all website functions can be used in their entirety.

You can find details on the individual cookies in “Cookies settings”.


8. Analysis of the Schloss Schönbrunn, Hofburg Wien, Hofmobiliendepot and Schloss Hof Internet presence

To improve and optimise its web presence, Schloss Schönbrunn, Hofburg Wien, Hofmobiliendepot and Schloss Hof uses Google Analytics, a Google LLC (“Google” in the following) web analysis service, Amphitheatre Parkway, Mountain View, CA 94043, USA. Google is certified under the Privacy Shield Framework Agreement and thus guarantees compliance with European data protection law: We have entered into a corresponding contract with Google for order data processing. You can find the Google Data Protection Declaration here:

Google Analytics uses so-called cookies, text files that are stored on the user’s computer and that enable an analysis of the user’s website usage. The information generated by the cookie on usage of this website is normally transmitted to a Google server in the USA and stored there.

Our interest within the meaning of the GDPR/General Data Protection Regulation is the improvement of our offer and our web presence. Since our users’ privacy is important to us, user data is processed under a pseudonym. In addition, we apply the “Google Tag Manager” system so as to integrate and manage the Google analysis and marketing services into our website (Art. 6 [1] lit f GDPR).

We have activated “anonymizeIp()” for our website; this extension allows IP addresses to be further processed in abbreviated form in order to eliminate direct personal references: IP anonymisation on this website first abbreviates the IP address of a Google user within the member states of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and abbreviated there.

In the course of the use of Google Analytics, Google evaluates website usage in order to compile reports on website activities and to provide additional services associated with website usage and Internet usage. The IP address transferred from a user’s browser within the framework of Google Analytics is not merged with other Google data. By using our web presence, the user confirms his/her agreement to the use of the data acquired from him/her as described above and for the aforementioned purpose. 

User data is stored for the duration of 38 months.

You find more information on the cookies also in “Cookies settings”. Users can prevent the storage of cookies by an appropriate setting in their browser software; however, we point out that in this case the user might not be able to make use of all the functions of this website.

In addition, users can prevent the acquisition of the data generated by the cookie and related to their website usage (incl. their IP address), its transfer to Google as service provider, and the processing of this data by Google by downloading and installing the browser plug-in available through the following link:


9. Google Marketing

We use Google AdWords and Google Remarketing of Google LLC (“Google” in the following), Amphitheatre Parkway, Mountain View, CA 94043, USA. Google is certified under the Privacy Shield Framework Agreement and thus guarantees compliance with European data protection law: We have entered into a corresponding contract with Google for order data processing. You can find the Google Data Protection Declaration here:

Internet users are shown advertisements both in Google Search and on numerous advertising-sponsored websites. This occurs in any event. Google Marketing Services enable ads to be provided to those users who presumably are interested in these advertised contents.

Conversely, Google enables us to show our advertising specifically only to those users who are potentially interested in it.

Remarketing means that users are presented with advertisements for products in which they last showed interest. This involves integrating so-called marketing tags into websites. When a user device accesses the website, a cookie (a small file) is stored which records the websites the user has visited. As he or she continues surfing, they are shown specific ads based on these records.

Google Adwords stores a “conversion cookie” on the user’s computer if the user has accessed our website via a Google ad. These cookies cease to apply after 30 days and do not serve personal identification.

Information accessed with the aid of the conversion cookie serves to create conversion statistics for AdWords users (for instance through the overall number of users who have clicked the ad). But when this is done, we do not receive information that can be used to identify the user personally.

The use of Google Marketing is based on (Art. 6 [1] f GDPR). In addition, we have activated “anonymizeIp()” for our website, as explained in Section 8; this extension means that user data is further processed only under a pseudonym. This means that neither Google nor advertisers can specifically identify the user; name, e-mail address remain unknown in this procedure.

If you do not wish to take part in the tracking procedure, you can also reject the installation of the cookie required for this – for instance via the browser setting that generally deactivates cookies automatically, or by blocking cookies through the domain “”.

You can also use the opt-out option installed by Google:


10. Social Plugins

Schönbrunn Palace, Vienna Hofburg, Imperial Furniture Collection and Schloss Hof do not use any social plugins on their Internet sites (such as Share or Like buttons), in order to avoid data being unnecessarily transferred to a social network in a way that at present cannot be fully tracked by the users of social plugins.

These Internet sites only contain links to our Facebook, Twitter, Instagram and Pinterest pages. Please note that if you access these networks and platforms, the relevant operator’s terms of business and data processing regulations will apply.

We operate our Facebook page with the assistance of the technical platform and services of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

If you visit our Facebook pages at, Facebook will, among other things, record your IP address and further information that is present on your computer in the form of cookies. These details are used to give us as operator of the Facebook pages statistical information about the use of the pages. For further details about this statistical information (Insights) see:

The data acquired about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union. Facebook Data Policy sets out in general terms the information it acquires and how it is used. It also contains information about how to contact Facebook and about the advertisement settings available. The Data Policy can be found at:

Facebook does not disclose exhaustively and clearly, nor do we know, the manner in which it uses Facebook visitor data for its own purposes, the extent to which activities on the Facebook page can be attributed to specific users and whether data from a Facebook visit is passed on to third parties.

When you access a Facebook page, the IP address allocated to your user device is sent to Facebook. According to Facebook, this IP address is anonymised and deleted after 90 days. In addition, Facebook  stores information about its users’ devices (e.g. as part of “Unrecognised login notifications”).

If you are currently registered as a Facebook user, your device contains a cookie with your Facebook ID. This enables Facebook to identify the fact you visited this page and how you used it. This applies to all other Facebook pages. In addition, Facebook buttons integrated in websites (such as Like, as well as other social plugins) allow Facebook to record your visits to these websites and link them to your Facebook profile (as stated above, we do not use such plugins on our company’s websites). All the data about you collected by Facebook can be used to present content or advertising customized to your profile.

Please bear in mind that when you visit Facebook you will in any event be presented with advertising. The data collection sketched out above means that this advertising can at least be adjusted to your assumed interests, with the result that you will not be troubled by completely irrelevant advertisements.

If you want to prevent Facebook collecting data on third-party sites, you should log out of Facebook, or deactivate the “Keep me signed in” function, delete the cookies stored on your device and close and restart your browser. This deletes Facebook information that allows you to be directly identified. As a result, you can use our Facebook page without your Facebook ID being disclosed. However, please note that if you use interactive functions on the page (Like, Comment, Share, Messages etc.), you will see a Facebook log-in mask. If you log in, you will once again be identifiable to Facebook as a specific user.

Information on how to administer or delete existing information about you can be found on the following Facebook support pages:


11. Newsletter Services

Our newsletters is sent through the Austrian despatch service dialog-Mail eMarketing Systems GmbH, Nussgasse 31, A-3434 Wilfersdorf. The use of the despatch service is based on our legitimate interests according to Art. 6  [1] f GDPR and an order processing contract according to Art. 28 [3 ,1] GDPR.

Our quiz-newsletter at is sent through the US despatch service MailChimp, The Rocket Science Group, LLC675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA. The use of the despatch service is based on our legitimate interests according to Art. 6 [1] f GDPR and an order processing contract according to Art. 28 [3 ,1] GDPR.

As soon as you have registered for the newsletter, we send you a confirmation e-mail with a link for you to confirm registration (double opt-in). Newsletter registrations are recorded (registration date and time, confirmation date and time, IP address), so that we can verify the registration process according to legal requirements.

The use of dialog-Mail represents a legitimate interest in the application of a secure, user-friendly newsletter service. The following user data is processed: e-mail address, name, title and, for the dialog-Mail newsletter, a salutation.

When dialog-Mail is used, statistical data about the recipient’s access tto the newsletter is communicated (opening, time of opening, what links were activated). This information serves the improvement of our newsletter. Data is not merged for creating individual user profiles.


12. Use of the analysis and CRM tool

Schloss Schönbrunn, Hofburg Wien, Hofmobiliendepot and Schloss Hof uses the tool of the Vienna company “Die Socialisten” Social Software Development GmbH, Andreasgasse 6, Top1 1070 Vienna, for storage, display and management of the data on its pages on the social media platforms Facebook, Pinterest, Instagram and Twitter. “Die Socialisten” Social Software Development GmbH is directly subject to the GDPR regime and is bound by it. A contract has been entered into for processing order data.

The tool firstly serves customer service purposes, and therefore assists us in answering user comments in the social media contributions. In this process, it uses user names that are chosen by users on the relevant social media platforms and whose comments are used. An inference as to real names and addresses is not possible with the tool.

In addition, the tool is used for purposes of the collective processing and planning of content on these platforms. Finally, the tool enables us to assess the success of our contributions on social media platforms (the range and scope of a contribution, the intensity of interaction it triggers, etc.). However, in this it does not show an individual’s data. The use of this customer service and content tool is performed within the scope of an overriding and legitimate interest (Art. 6 [1] f GDPR). 


13. User rights

You are entitled to information, rectification, erasure, restriction, data portability, withdrawl of consent and objection to processing in relation to your personal data we use. If you believe that the processing of your data infringes data protection law, or your legal claims for data protection are violated in any other way, please contact us. You can also file a complaint with the supervisory authority. In Austria this is the Datenschutzbehörde (

The data we process is erased as soon as it is no longer required for its purpose and provided that the erasure is not in conflict with any legal storage obligations.

If data is not deleted because it is required for other / legally permitted purposes (e.g. product liability etc.), its processing is limited, i.e., data is reduced to the extent necessary and not processed for other purposes.   Please note: there is a warranty period of 2 years for purchases of moveable items; the data of the purchase procedure must be stored in order for us to handle possible claims. Moreover, according to Sec 132 BAO (Bundesabgabenordnung, Federal Tax Code), bookkeeping documents, receipts, bills, etc. must be stored for seven years, or 22 years if related to real estate. 


14. Provision of information

On request, information on the data stored relating to a person or a user name will be provided. On request, the information can be provided electronically. To obtain this information please contact:

Schloss Schönbrunn Kultur- und Betriebsges.m.b.H.
Schloss Schönbrunn/Kavalierstrakt
1130 Vienna
Tel.: +43-1-81113-0
Fax: +43-1-8121106