Privacy policy

The protection of your personal data is of particular concern to ART for ART Theaterservice GmbH, Goethegase 1, 1010 Vienna. ART for ART Theaterservice GmbH complies with the applicable legal provisions for the protection, lawful handling and confidentiality of personal data, as well as for data security, in particular the Austrian Data Protection Act ("DSG"), the EU General Data Protection Regulation ("GDPR") and the Telecommunications Act ("TKG").

In the following, we would like to inform you about the type, scope and purpose of the collection and use of your personal data and about your rights.

For information on the processing of personal data through the use of our website, please refer to our Cookie Statement, which should be read in conjunction with this Privacy Policy.


Data processing, purposes and legal bases

According to the GDPR, personal data is any information relating to an identified or identifiable natural person, such as name, email address, customer number, etc.

ART for ART Theaterservice GmbH processes the personal data of employees, partners, interested parties, customers and suppliers for the purpose of performing its business activities and fulfilling the associated legal and contractual requirements:

  • Communication with interested parties and business partners about products, services and projects, e.g. processing enquiries, applicant selection procedures;

  • Initiating, processing and managing (contractual) business relationships and maintaining business relationships, e.g. to process orders for products and services, collect payments, for accounting, billing and debt collection purposes and to carry out deliveries, maintenance activities or repairs;

  • Carry out customer surveys and market analyses:

  • Maintaining and protecting the security of our products and services and our websites, preventing and detecting security risks, fraudulent behaviour or other criminal or malicious acts;

  • Complying with (i) legal requirements (e.g. retention obligations under tax and commercial law), as well as (ii) guidelines of the Bundestheater Group; and

  • Settlement of legal disputes, enforcement of existing contracts and assertion, exercise and defence of legal claims.

The following categories of personal data may be processed to achieve the aforementioned purposes:
  • The following categories of personal data may be processed in order to achieve the aforementioned purposes:

  • Professional contact information, such as name, contact address, telephone number or email address;

  • Payment data, such as information required for the processing of payment transactions or fraud prevention;


  • Information collected from publicly available sources and information databases, such as the Austrian Business Register (ANKÖ);


  • Other personal data whose processing is necessary for the initiation, processing and administration of (contractual) business relationships and the maintenance of business relationships or which is provided voluntarily by you, such as orders placed, order details, enquiries made or project details, correspondence, other data on cooperation;

The legal basis for data processing is:
  • Article 6(1)(a) GDPR: The data subject has given their consent to the processing of their personal data for one or more specific purposes


  • or Article 6(1)(b) GDPR: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;


  • and Art 6 para 1 lit f GDPR: Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Making contact

If you contact us by e-mail, online contact form (vemap procurement portal for the electronic processing of procurement procedures), fax, telephone or other means of communication, your personal data and information that you provide to us when contacting us will be used exclusively to process your enquiry or any resulting pre-contractual measures. You are free to decide whether you wish to provide us with this data. Corresponding information regarding data protection is provided directly on the respective website/application - "Jobs", "Tenders" (-> vemap procurement portal).

Data transfer

Your personal data will not be passed on to third parties unless we are legally obliged to do so or the transfer of data is necessary to fulfil our obligations.

To fulfil certain tasks, we use selected service providers who work for us as processors and may be granted access to your data to the extent necessary. This applies, for example, to software solutions, services as part of an IT support contract or services in the area of payroll accounting and financial accounting. All of our processors only process your data on our behalf and on the basis of our instructions for the purposes described above. Furthermore, we ensure through contractual obligations that our processors comply with the legal regulations on data protection in the same way as we do.

Data security

In addition to compliance with the principles of data protection and the obligation of our employees to maintain data secrecy, we take appropriate technical and organisational measures to ensure the security of data processing, i.e. the confidentiality, integrity, availability, resilience and rapid recoverability of the systems and services used, on a permanent basis.

Retention period

We store your data in accordance with the legal provisions. As a rule, this is the duration of the customer relationship. A longer retention period may result in particular from legal retention obligations or for the assertion of legal claims. We retain data that we process with your consent until you withdraw your consent.

Whistleblower system

The purpose of the processing is to implement the Whistleblower Protection Act (HSchG), which came into force on 25 February 2023, in the Austrian Federal Theatres and thus to comply with the legal obligation. The law serves the purpose of uncovering misconduct within the meaning of the HSchG and thus ensuring compliance with the law.

Legal basis: Art 6 para 1 lit c GDPR (fulfilment of a legal obligation)

Type of data processed:
  • Contact details of the whistleblower (optional)
  • Report of the whistleblower or the whistleblower
  • Personal data contained in the report (e.g. in continuous text or in documents)
The provision or processing of this data is required by law.
Data is forwarded to the following recipients:
  • Sage GmbH (processor)
  • Jank Weiler Operenyi Rechtsanwälte GmbH
  • Deloitte Legal (sub-processor)
Rights of data subjects in the whistleblower system:
Please note that the exercise of some of these rights could hinder the effectiveness of the Whistleblower Protection Act, in particular the submission of reports, the taking of follow-up measures and the guarantee of anonymity of a whistleblower. Against this background, the Austrian legislator has taken measures to restrict the exercise of certain data protection rights of data subjects.
Click here to go to the whistleblower system

Your rights

Right to information
You have the right to information about the personal data we process about you.
Right to authorisation
You have the right to rectification of your personal data that is no longer up to date, incomplete or incorrect.
Right to erasure ("right to be forgotten")
You have the right to erasure of your personal data, unless there are legal or legitimate reasons (such as retention obligations under tax or commercial law or the assertion, exercise or defence of legal claims) to retain it.
Right to restriction of data processing
You have the right to request the restriction of the processing of your personal data if one of the conditions listed in Art. 18 GDPR is met.
Right to data portability
You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format.
Right to object
If we process your personal data on the basis of a legitimate interest, you have the right to object to this processing at any time on grounds relating to your particular situation. However, compelling legitimate grounds of ART for ART Theaterservice GmbH may prevail, which may allow us to continue processing your personal data.
In addition, you have the right to object to the processing of your data at any time if the processing is for the purpose of direct marketing.
Right to withdraw consent
You have the right to withdraw your consent to the processing of personal data with effect for the future if the processing is based on your consent.
Questions and complaints
If you have any questions regarding your personal data, please contact us at You can also contact the Data Protection Officer of the Austrian Federal Theatres, Ms Silvia Schauer, MSc MBA, at or by post at Data Protection Officer of the Austrian Federal Theatres, Goethegasse 1, 1010 Vienna.

You also have the option of lodging a complaint with a data protection supervisory authority. The data protection supervisory authority responsible for us is the Austrian Data Protection Authority.


Final provisions

Please note that ART for ART Theaterservice GmbH will continue to adapt this data protection declaration (e.g. due to changes in legal regulations, use of new technologies, expansion of our offers and services). We therefore recommend that you consult this privacy policy regularly.

Status: March 2023