Data Protection Policy

Data Protection Policy of the City of Salzburg

The City of Salzburg is the owner of the kk Hellbrunn Fun Palace and the associated buildings and parks, including the water games (following abbreviation “Hellbrunn Palace”)

With this data protection policy, Hellbrunn Palace informs what personal data are processed and what rights you have with regard to the processing. Personal data are all data that are relevant about your person.

I. Information about the collection of personal data
1. Responsible according to Art 4 Z 7 EU General Data Protection Regulation (GDPR):

Municipal Council of the City of Salzburg

Mirabellplatz 4, 5020 Salzburg
[email protected]

2. The data protection officer can be reached at

[email protected]

or at the postal address:

To the
Data Protection Officer
c/o Magistrat der Landeshauptstadt Salzburg
Mirabellplatz 4, 5020 Salzburg

3. The purpose of the data processing in the area of Hellbrunn Palace is for the processing of private sector affairs.

4. The used categories of personal data (address, name, date of birth, owner information, company information and business information) are processed from the electronic file system and open registries such as the commercial register, land register, register of business associations, club registers or census registers.

By submitting this contact form, you acknowledge and agree that we may use your personal data to respond to your request or to contact you. We do not transfer your data to any third parties, unless in such case where we are legally required to do so for the enforcement of legal claims. You may revoke this consent at any time in writing. In the event of such revocation, your personal data will be promptly deleted or changed according to your requirements, where the relevant legal requirements are met.

5. The legal basis for the processing are the legal requirements, the consent of interested parties, as well as contractual agreements.

6. You have the right to revoke your consent at any time in the case of a consent. However, the lawfulness of the processing on the basis of the consent remains unaffected until the revocation.

7. You may be required to provide your persona data due to a contractual agreement. The consequences of non-provisioning are a limited performance of the contract.

8. Recipient (categories) of personal data are:

8.1 as a third party (other persons responsible): jurisdiction, other authorities that are entitled to receive the data due to statutory provisions and the public (as far as provided by law, contract or by consent).

8.2 In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.

9. Insofar as we process data for special purposes and pass it on to recipients, we will inform you about this in our domain-specific data protection statements. Should a transfer to a third country (outside the EU / EEA) take place, we will point this out to you separately.

10. Generally, we process personal data only for as long as necessary to fulfil the above purpose/purposes and delete them thereafter as soon as possible. Often, we are however legally obliged to keep your personal data for a longer period. In this case, we delete your personal data only after the expiry of the statutory retention obligations.

11. With regard to the processing of your personal data (within the framework of the legal requirements), you have the following rights as data subject:

The right to be informed
The right to correction or deletion,
The right to limitation of processing (within the framework of the legal requirements),
The right to object to the processing (within the framework of the legal requirements),
The right to transfer of data in matters pertaining to the private sector administration (within the framework of the legal requirements).
For any relevant questions please contact: [email protected]

12. If you believe that the processing of your personal data violates data protection law, you can file a complaint with the Data Protection Authority (

II. Use of cookies

1.      Description and scope of data processing

Our website uses cookies. Cookies are small text files within the web-browser or stored by the web-browser on the user’s computer system. If a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a distinctive character string that enables unique identification of the browser when the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our website require that the requesting browser can be identified even after changing pages.

The following data are stored and transmitted in the cookies:

(1)   Session ID

(2)   Session-related information
(e.g. device and resolution, shopping cart items, language, font size, application state)

(3)   Log-in Information

Permanently stored cookies serve a better user experience, here the following data are stored and delivered:

(1)   Read status messages

(2)   User settings

(3)   Log-in Information

We also use cookies on our website which enable analysis of the user’s browsing behaviour. You can find more information in the Web Analytics chapter.

2.     Legal basis for data processing

The legal basis for the processing of personal data by using cookies in connection with application forms is Article 6 Para. 1 lit. F GDPR.

3.     The purpose of data processing

The purpose of using technically necessary cookies is to simplify use of websites for users. Some features of our website will not be available without the use of cookies. In this case, it is necessary that the browser is recognised even after changing the page.

The user data collected by technically necessary cookies are not used to create user profiles.

The analysis cookies are used to improve the quality of our website and its content according to Article 6 Para. 1 lit. f GDPR. Using analysis cookies, we learn how the site is used and can constantly optimise our offering. In connection with these analysis cookies, no IP addresses are stored, so it is not possible to draw conclusions about computers or persons (see Web Analysis chapter).

4.     Duration of storage, objection and removal option

Cookies are stored on the user’s computer and transmitted to our site. Therefore, as a user you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all of the website’s features.

III. Web Analytics by Matomo (formerly PIWIK)

1.  Scope of personal data processing

We use the open-source software tool Matomo (formerly PIWIK) on our website to analyse the browsing behaviour of our users.
The software places a cookie on the user’s computer (see above for cookies). When individual pages of our website are accessed, the following data is stored:

The accessed website
The website from which the user has come to the accessed website (referrer)
The sub-pages that are called up from the accessed website
The time spent on the website
The frequency with which the website is accessed
The search terms
Date and time (also for your own time zone)
The resolution
Clicked and downloaded files
Links clicked on to external domains
Browser-specific data (browser, language)
The software runs only on the servers of our website. Storage of the user’s personal data only occurs there. The data is not passed on to third parties.

The software is set up so that no IP address is stored. Therefore, an assignment to neither the accessing computer nor the user is possible.

Further information on the privacy settings of the Matomo software can be found here:

2. Duration of storage

The data will be deleted as soon as it is no longer needed for our recording purposes.

IV.  Newsletter

You have the option to subscribe to a free newsletter on our website. In doing so, the data from the input form are transmitted to us during registration for the newsletter – aside from the email address these are specifically your name, the areas of interest, and the preferred delivery format.

The following data are also collected upon registration:

IP address of the accessing computer
Date and time of registration
Using a Double Opt-In process (see during the registration procedure, we ensure that you are the owner of the used email address.

During the registration process, your consent is obtained for processing data and reference is made to this data protection policy.

If you access our website or use our services on our website and provide us with your email address, we may subsequently use it to send you a newsletter. In such a case, only direct marketing of our own similar products or services will be sent via the newsletter.

No data is disclosed to third parties in connection with the data processing for sending newsletters. The data will be used exclusively for sending the newsletter.

To improve our newsletter, we also use newsletter tracking according to Art. 6 Para. 1 lit. f GDPR.

Legal basis for data processing
The legal basis for processing data after the user registers for the newsletter, if the user’s consent to this has been obtained, is Art. 6 Para. 1 lit. f GDPR. The legal basis for sending the newsletter as a result of the sale of goods or services is § 7 Para. 3 UWG.

The purpose of data processing
The user’s email address is collected in order to deliver the newsletter. The collection of other personal data as part of the registration process ensures the prevention of misuse of the services or of the used email address.

Duration of storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. The user’s email address will therefore be stored for as long as the subscription to the newsletter is active.

Objection and removal options
The subscription to the newsletter can be cancelled by the user, at any time. For this purpose, a corresponding link can be found in every newsletter.

V. Subject-specific data protection statements

Municipal Directorate
To point I. 3.: other purposes of the processing exist in public relations, consulting, information and notices, traffic with the upper authorities and supervisory authorities, processing second judgments procedures, information and communication technologies, economic affairs, participation and subsidy processes, and civil right and land processes.

Personnel office and reference accounting (MD/02)
To point I. 3.: other purposes of processing are the processing and transfer of employment data for the purposes of employment and social security, social protection, ensuring high quality and safety standards in health promotion and care of laws or employment, salary, educational and other related to the employment of public servants and other persons paid by the municipality (such as civil servants, contract agents, persons in training, temporary workers, freelance workers, contractors, holiday workers, along with municipal and other officials) as well as voluntary and civil support workers (in each case without compensation) of each applicable regulation, including automated and archived text documents (e.g. correspondence) in these matters.

Use of and as evidence of personal data from applicants, if these data are specified by the person concerned.

To point I. 5: further legal bases for the processing lie within contract fulfilment, fulfilment of legal obligations, carrying out a task which is carried out in the public interest or in the exercise of official authority, fulfilment of the obligations arising from labour law and social law, defence of legal claims, legally provided processing for reasons of substantial public interest, legally provided processing for reasons of health or occupational medicine.

To point I. 8: further recipients of personal data are the jurisdiction, social insurance institutions, occupational health services, financial authorities, personnel representatives, labour market service, chambers and advocacy organisations, pension funds, personnel and self-employed health services.

Magistrates Department 1 – General and district administration
To point I. 3.: the purposes exist in particular for the management of the general district administration, civil protection and the fire service.

To point I. 4.: in addition, the following relevant categories of personal data (criminal offence) are processed and come from non-public registers such as the EKIS, IDR.

To point I. 5.: further legal bases for processing are the protection of vital interests of the persons concerned or of other natural persons.

Municipal Department 2 – Culture, Education and Knowledge
To point I. 3.: the purposes exist in particular for the handling of cultural, educational and school affairs.

Municipal Department 3 – Social
To point I. 3.: the purposes exist in particular for the management of social affairs.

To point I. 4.: in addition, the following relevant categories of personal data (social affairs) are processed and come from non-public registers such as the social information system.

To point I. 5: further legal bases for data processing are in protecting of vital interests of the persons concerned or other individuals.

Municipal Department 4 – Finance
To point I. 3.: the purposes exist in particular for the tax administration, household and cash affairs, internal and external accounting, insurance, investment and financing matters, lawsuits and executory affairs.

Municipal Department 5 – Spatial Planning and Building Authority
To point I. 3.: the purposes exist in particular for the handling of matters of spatial planning, building authority, nature conservation authority, facility management authority, traffic and street legal authority, local protection services and fire and police.

Municipal Department 6 – Construction
To point I. 3.: the purposes exist in particular for the process of construction.

Municipal Department 7 – Companies
To point I. 3.: the purposes exist in particular for the processing and management of waste management, recreational facilities, funeral and cemetery affairs, as well as other operational bodies (e.g. central purchasing).

Health care institution of municipal officials (KFA)
To point I. 3.: the purposes exist in particular for the management of health care affairs.

To point I. 4: In addition, the following categories of personal data (insurance-related data) will be processed and come from non-public registers of the Federation of Social Security Institutions.

To point I. 5.: further legal bases for the processing are for the protection of vital interests of the persons concerned or other natural persons, and in labour and social law or in health care.

To point I. 8.1.: further recipients are the main associations, institutions and people within health care.

Control Office (KA)
To point I. 3.: the purposes exist in particular for the management control.

VI. Google, webfonts and encryptions

Integration of Google Maps
On this website, we use Google Maps functionality. This allows us to display interactive maps directly on the website and enables your convenient use of the map function. When you visit this website, Google receives the information that you have accessed the corresponding sub-page of our website. This takes place regardless of whether Google makes available a user account via which you are logged in or if no user account exists. If you are logged in to your Google account, the information will be directly associated with your account. If you do not wish to be associated with your Google profile, you must first log out before activating the button. Google stores your data as usage profiles and uses it for the purposes of advertising, market research and/or requirements-oriented design of its websites. Such an evaluation also takes place (even for users who are not logged in) for the purposes of providing customised advertising and to inform other social network users about activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

For more information about the purpose and scope of data collection and its processing by the plug-in provider, please refer to the plugin provider’s data protection policy. There you will also find further information on your corresponding rights and settings options for protecting your privacy: Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield,

Use of web fonts
This website uses external fonts – Google Fonts. Google Fonts is a service of Google Inc. (“Google”). Integration of these web fonts is implemented via a server access, typically a Google server in the United States. Hereby, information is transmitted to the server as to which of our website pages you have visited. The IP address of the browser on the visitor’s device is also stored by Google. Further information can be found in Google’s privacy policy, which you can access here:

SSL or TLS encryption
This website uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the enquiries you send to us as site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. When the SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.