Kunsthaus Bregenz

Data Protection

Data Protection Regulation

The protection of your personal data is especially important to us. We therefore process your data exclusively on the basis of statutory regulations (GDPR, 2003 Telecommunications Act, TKG). With this data protection information we are informing you about the most important aspects of data processing in the framework of our website. With the use of this website, you agree to the following regulations of our Data Protection Declaration.

Person in charge

This Data Protection Declaration only applies to this website. If you are transferred via links on our website to other websites, inform yourself directly on the forwarded website about the relevant handling of your data.  Your personal data (e.g. form of address, name, address, email address, telephone number and credit card number) are only processed by us in accordance with the regulations of Austrian Data Protection law. The regulations below will inform you about the nature, scope and purpose of collecting, processing and using personal data.

The use of this website is generally possible without indication of any personal data. Where personal data is collected on our website (e.g. name, address or email addresses), this always occurs as much as possible on a voluntary basis. This data will not be passed on to third parties without your express permission.

Use of your personal data:

  • For the purpose of contract fulfilment and contract management
  • In order to provide and improve our service and support
  • In order, in accordance with your request, to contact you
  • In order to individualise the service and make the contents you select available to you
  • For data analysis
  • For internal audits
  • For new product development
  • For determining trends in usage
  • For determining the effectiveness of our marketing operations

We wish to point out that data transmission on the internet (e.g. when communicating by email or via unencrypted websites) can have gaps in security. Complete protection of data against access by third parties is not possible.

Rights of the data subject

According to EU GDPR you as the data subject have extensive rights. These rights are particularly meant to provide you with more transparency in connection with your data. Your rights as a data subject are the right to information about the personal data relating to you, to correction, deletion, restriction of processing, objection to processing (direct marketing) as well as to data portability (only with a contract relationship or with consent) and revocation of consent at any time.

Data subjects may exercise all their rights by sending an email to datenschutz@bodensee-vorarlberg.com or by personal contact (e.g. by telephone or on site) or by letter sent by post.

In addition, you have at any time the right, in regard to processing of your personal data, to submit a complaint to the Data Protection Authority. The contact data of the Austrian Data Protection Authority are:

Österreichische Datenschutzbehörde
Barichgasse 40-42     
1030 Vienna / Austria  
Telephone: +43 1 521 52-0    
Email: dsb@dsb.gv.at

Deletion of data

The personal data of the data subject in question will be deleted or blocked as soon as the purpose of storage no longer applies. Blocking or deletion of data also occurs when a storage deadline expires or you explicitly wish the deletion or blocking.

If the data are not deleted because they are required for other purposes, including legally admissible ones, their processing is restricted. That is, the data is blocked and not processed for other purposes. This applies, for instance, to data that must be kept for commercial or tax law reasons.

Retention is regulated by statutory specifications in Austria.

According to the statutory specifications in Austria, the retention period is seven years according to § 212, paragraph 1 of the Commercial Code (UGB) (ledgers, inventories, opening balance sheets, annual accounts as well as management reports, etc.) and according to § 132, paragraph 1 of the Federal Tax Code (BAO) (accounting documents, vouchers, invoices, accounts, vouchers, business records, listing of income and expenses, etc.) for 22 years in connection with real estate property and for 10 years for documents in connection with electronically performed services, telecommunications, radio and TV services performed for non-entrepreneurs in EU Member States and for which the Mini-One-Stop-Shop is utilised (MOSS).

Email contact and enquiries for accommodation

When contacting us (for instance via the contact form or by email), the following information of the user will be saved for the purpose of processing the enquiry as well as in case subsequent questions arise: Form of address, first name and last name, as well as email address, telephone number, street, postal code, country as well as data relating to the enquiry (e.g. number of persons, period of stay, type of lodgings, etc.).

The personal data collected in this way are stored by the operator for 36 months after completion of processing of the enquiry and then deleted. The personal data disclosed by the user are only processed and used insofar as they are required for processing of the enquiry and/or performing the requested service.

In the course of this data processing the following subcontractors (contract data processors) are involved:

  • Wilken AG, Blumenaustrasse 8, Arbon, Switzerland – CRM tool
  • Feratel Media Technologies AG, Maria-Theresien-Strasse 8, 6020 Innsbruck, Austria – Booking tool for offers, accommodation service

The data processing is required under Article 6, paragraph 1, letter d) GDPR for contract fulfilment or to conduct pre-contract measures.


If you conduct a booking with Bodensee-Vorarlberg Tourismus, we collect the data from you necessary for conducting the reservation which are, in particular, your name, your telephone number, your company address, your email address as well as the date of your arrival and departure, your credit card information, the number and type of services booked.

If you undertake a booking with Bodensee-Vorarlberg Tourismus, your booking data will be forwarded to the accommodation provider or service provider you have chosen in order to make your reservation possible at all.  Beyond that, your data are not basically forwarded to third parties (an exception is for data processing, see below). Under no circumstances are your contact data sold or rented out by Bodensee-Vorarlberg Tourismus. Due to statutory regulations and corresponding judicial or regulatory orders, we are in exceptional cases obliged to surrender data to the authorities or courts issuing the order. This only occurs in the framework of our statutory obligations.

In the course of such data processing the following subcontractors (contract data processors) are involved:

  • Wilken AG, Blumenaustrasse 8, Arbon, Switzerland – CRM tool
  • Feratel Media Technologies AG, Maria-Theresien-Strasse 8, 6020 Innsbruck, Austria – Booking tool for offers, accommodation service
  • Datatrans, Kreuzbühlstrasse 26, 8008 Zurich, Switzerland – Payment information to guarantee the booking
  • Member business of Bodensee-Vorarlberg Tourismus, see: https://www.bodensee-vorarlberg.com/en/accommodations-in-vorarlberg/

The data processing is required under article 6, paragraph 1, letter d) GDPR for contract fulfilment or to conduct pre-contract measures.

Ordering a brochure

All data entered by the user in connection with an order are saved. This includes: Last name, first name, address, email address.

Such data are absolutely necessary to make delivery or process an order and are passed on to service providers.  As soon as the retention of your data is no longer required or legally supported, such data is deleted.

In the course of data processing the following subcontractors (contract data processors) are involved:

  • Wilken AG, Blumenaustrasse 8, Arbon, Switzerland – CRM tool
  • MS Direct, Scheibenstrasse 3, 6923 Lauterach, Austria – Mailing house

The data processing is required under article 6, paragraph 1, letter d) GDPRT for contract fulfilment or to conduct pre-contract measures.

Transmission to third countries

To the extent that we process data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)) or if this occurs in connection with availing of third-party services or disclosure or transmission of data to third parties, then this only occurs if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of legal obligations or on the basis of our legitimate interests.  With reservation for statutory or contractual permissions, we process the data or have it processed in a third country only when the special conditions of article 44 ff GDPR obtain. That is, the processing occurs for instance on the basis of special guarantees such as the officially recognised determination of a data protection level equivalent to that of the EU (e.g. for the USA by the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contract clauses”).


We check links leaving our website very carefully for their wording. Nonetheless, we do not assume any responsibility or liability for contents on website which are linked from this website or from another website.

Job applications

If you send us your job applications by email or post, your particulars from your documents, including the contact data you indicate there, as well as your application documents are stored with us for the purpose of processing the application. We do not pass this data on without your consent. At the latest by six months after the job has been filled, the data you indicated or transmitted will be deleted.


If you take part in our contest on the website, your information from the form, including the contact data you provide there, are stored with us for the purpose of carrying out the contest. We do not pass such data on without your consent. They will then be saved and subsequently deleted for the duration of the contest and, for processing any eventual prize or damage compensation claims, for a maximum of 40 months thereafter.

Master data

Without your explicit consent or without a statutory basis your personal data will not be passed on to third parties not involved in contract fulfilment. After complete contract completion your data will be blocked for any further use. After the end of the tax-law and commercial law regulations, such data will be deleted, unless you have explicitly consented to its further use.

If required for the establishment, the substantive design or modification of the contract relationship (master data), your personal are used exclusively for processing of the contract.

Information about cookies

Three categories of cookies can be distinguished:

  • absolutely necessary cookies to ensure basic functions of the website
  • functional cookies in order to ensure the performance of the website
  • targeted cookies in order to enhance the user experience.

Websites to some extent use so-called cookies. Cookies do not do any damage to your computer and do not contain viruses. Cookies serve to make our programme more user friendly, efficient and safer. Cookies are small text files deposited on your computer which your browser stores.

Most of the cookies we use are so-called “session cookies.” They are automatically deleted at the end of your visit. Other cookies remain on your end device until you delete them. These cookies make it possible for us to recognise your browser on your next visit.

You can configure your browser to inform you when cookies are placed and to only allow cookies on a case-by-case basis, to deny acceptance of cookies for particular cases or in general as well as to activate automatic deletion of cookies when closing the browser. In case cookies are deactivated, the functionality of that website may be restricted.

Function restrictions without cookies

If you do not generally allow the use of cookies, certain functions and pages will not function as expected.

Web analysis with Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses targeted cookies. More information on how Google analytics handles user data can be found in Google’s data protection declaration: https://support.google.com/analytics/answer/6004245?hl=en

You can prevent the collection of the data generated by the cookie relating to your use of the website as well as the processing of such data by Google by downloading and installing the browser plugin available from the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB

Alternatively, you can prevent Google Analytics from collecting your data by clicking on the following link (you can see more precise instructions under https://developers.google.com/analytics/devguides/collection/gajs/#disable). An opt-out cookie is set that prevents the collection of your data during future visits to this website.

This website uses Google Analytics with the extension “anonymizeIP()” so that IP addresses are only processed in abbreviated form in order to eliminate any direct connection to a person.

Server log files

The provider of the site automatically collects and saves information in so-called server log files that your browser automatically transmits to us. They are:

  • Browser type and browser version
  • Operating system in use
  • Referrer URL
  • Host name of the accessing computers
  • Time of the server query
  • IP address

This data cannot be assigned to specific persons. No merging of this data with other data sources is undertaken. We reserve the right to check this data retroactively if we become aware of any concrete indications for suspecting any illegal use.

Social plugin via Facebook

We use social plugins from facebook.com, operated by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The plugins are on the Facebook logo or on the addition “Facebook Social Plugin.” A survey of Facebook’s plugins and their appearance can be found at: https://developers.facebook.com/docs/plugins.

In order to enhance the protection of your data when visiting our website, the plugins are integrated into the website by means of a so-called “2-click solution.” This integration ensures that, when calling up a page in our website that contains such plugins, no connection is made with Facebook’s servers. Only when you activate the plugins and in that way give your consent to transmission of data, does your browser establish a direct connection to Facebook’s servers. The contents of the particular plugin are then transmitted directly from the relevant provider to your browser and integrated into the website. By integration of the plugins, the providers are given the information that your browser has called up the corresponding page of our website even if you do not have any profile on record with the corresponding provider and are not logged in at the moment. This information (including your IP address) is transmitted directly from your browser to a server of that particular provider in the US and saved there.

If you are logged in to the social network, the providers can directly assign the visit to our website to your profile at Facebook. If you interact with the plugins, for instance by activating “Like” or “+1”, then the corresponding information is likewise transmitted directly to a server of the provider and saved there.  The information is additionally published in the social network and shown there to your contacts.

The scope and purpose of data collection and further processing and use of the data by providers as well as your rights and configuration options in this regard to protect your private sphere can be found under the provider’s data protection notices. Data protection notices of Facebook:  http://www.facebook.com/policy.php

If you do not want Facebook attributing the data collected via our website directly to your profile in the service in question, you must first log off from the corresponding service before activating the plugins.

Social plugins of YouTube

We use social plugins from the YouTube site operated by Google. Operator of this site is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit our website provided with a YouTube plugin, then a connection is made to YouTube’s servers. In doing so, the YouTube server is informed that you have visited our website.

If you are logged in to your YouTube account, you are making it possible for YouTube to assign your visit to our website to your user account. You can prevent this by logging out of your YouTube account.

Further information on dealing with user data can be found in YouTube’s data protection declaration at https://policies.google.com/privacy?hl=en-GB&gl=de  

Google AdWords

For advertising on our website, we additionally make use of the “Google-AdWords” advertising tool. In this connection, we use the analytical service “Conversion-Tracking” belonging to Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94032, USA on our website. If you reach our website via a Google advertisement, a cookie is deposited on your computer. Cookies are small text files which your internet browser deposits and stores on your computer. These so-called “conversion cookies” lose their validity after 30 days and do not serve to identify you personally. If you visit specific pages of our website and the cookie has not yet expired, we and Google can recognise that you have clicked on one of our ads with Google and were transferred to our website.

Information obtained with the aid of “conversion cookies” help Google generate visit statistics for our website. From these statistics, we learn the total number of users who have licked on our advertisement and, additionally, which pages of our website have been subsequently called up by the user in question. However, we do not obtain any information with which users can be personally identified.

You can prevent the installation of the “conversion cookies” by means of a corresponding configuration of your browser, basically with the browser setting which in general deactivates the automatic setting of cookies or, more specifically, only blocking cookies from the domain “googleadservices.com.”

You can obtain Google’s relevant data protection declaration from the following link: https://policies.google.com/privacy?gl=de&hl=en

Facebook Pixel

Our website uses the “Facebook-Pixel” remarketing function of Facebook Inc. (“Facebook”). This function serves to present Facebook interest targeting ads (“Facebook-Ads”) to visitors of this website in connection with the social network visit. For this purpose, Facebook-Pixel was implemented on our website.  When visiting the website, a direct connection to the Facebook servers via Facebook-Pixel is set up. With that, the Facebook server learns that you visited this website and Facebook attributes this information to our personal Facebook user account.

More detailed information on collection and use of the data by Facebook, as well as your rights and options in this regard to protect your private sphere can be found in Facebook’s data protection notices under https://www.facebook.com/about/privacy/.

Alternatively you can deactivate Facebook’s remarketing function here: https://www.facebook.com/settings/?tab=ads#_=. To do this you must be logged into Facebook.


With our newsletter you can keep informed about us and our services. To receive our newsletter the indication of your email address is required. Prior to sending the newsletter, you must explicitly confirm for us, in connection with the so-called double opt-in procedure, that we should activate the newsletter service for you. Thereafter, you will receive from us a confirmation and authorisation email with which we ask you to click on the link contained in that email and in that way confirm for us that you wish to receive our newsletter. You may unsubscribe from the newsletter at any time. To do this, clicking on the link attached to the newsletter is required. Your email address will only be used by us and not passed on to any third parties.

With registering for the newsletter, we store your IP address, the date of registration as well as your voluntarily filled in information on your interests. Such storage serves as proof in case a third party abuses your email address and registers without your knowledge for receiving the newsletter. For sending the newsletter we use the emarketing suite software (“EMS”) from Wilken GmbH, Blumenaustrasse 8, 9320, Arbon, Switzerland.

The latter contains a web beacon, also called a tracking-pixel. With that it can be determined whether emails were opened or whether the links contained in the emails were clicked on. We use this information in order to improve our email service and to evaluate what information is read or clicked the most. The information collected in this way is saved by the newsletter provider Wilken on its server in Germany.

You can revoke the consent granted to store your data, your email address and their use for mailing the newsletter at any time. Simply send us an email to office@bodensee-vorarlberg.com or a letter to Bodensee-Vorarlberg Tourismus GmbH, Römerstrasse 2, 6900 Bregenz, Austria. But you can also unsubscribe separately in any newsletter you receive by using the “unsubscribe” button if you do not wish to receive any more newsletters from us in future.

SSL encryption

For reasons of security and to protect the transmission of confidential information, such as enquiries you send to us as site operator, this website uses SSL encryption. You can recognise an encrypted connection by the fact that the address line of the browser switched from “http://” to “https://” and from the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

In case of questions, please contact the following email address: datenschutz@bodensee-vorarlberg.com


“We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.
For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.”