Data Protection Declaration

Personal user data (for instance name, e-mail address…) is processed by the Imperial Austria Palaces Service GmbH (in the following “Imperial Austria”) solely according to the provisions of the Austrian Data Protection Law and the GDPR– General Data Protection Regulation. These instructions on data protection are intended to inform you about the most important aspects of data processing in the context of our website.

1. Data controller and contact

Imperial Austria Palaces Service GmbH

Schloß Schönbrunn, Kavalierstrakt
1130 Vienna

As a matter of principle, we ensure that we only use the data that we actually need for our web presence, in particular:

-  for the processing of contracts that are concluded through our ticket shop and our online shop,

-  for answering queries,

-  for marketing purposes,

-  for optimisation of our web presence and our range of offers

If we grant third parties (especially order processors) access to data in the context of our processing , this is done either on the basis of a statutory authorisation (e.g. if the transfer of data to a third party or to payment service providers is necessary to fulfil a contract), or if you have given your consent, or if it is required by a legal obligation, or on the basis of our legitimate interests (e.g. use of web hosts, CRM tools, newsletter transmission tools, etc.).

The following items provide information on the type, range and purpose of the acquisition, processing and usage of personal data in the context of the web presence of Imperial Austria

Imperial Austria stores the notified user data with the greatest of care (in accordance with Art 32 GDPR); however, we cannot take any responsibility for hacker attacks.

2. Legal bases & storage duration

In the case of concluded contracts and queries, personal data is processed because this is required in order to fulfil the contract, or, as the case may be, to process the query (Art. 6 [1] lit b GDPR – General Data Protection Regulation)

Your contact data is only processed for the purpose of direct advertising via e-mail or telephone with your permission according to Art. 6 [1] lit a of the General Data Protection Regulation (“GDPR”).

Otherwise we process your personal data on the basis of our overriding legitimate interest, in order to achieve the purposes stated in this declaration (Art. 6 [1] lit f GDPR).

We generally store data that you have made available to us exclusively for customer care, respectively marketing and information purposes until three years have elapsed since our last contact. If you do not wish this, we shall delete your data also before this term elapses, in so far as there is no legal hindrance preventing this.

In the case of a contract initiation or completion we process your person-related data after completed contract processing until the expiry of the guarantee, limitation and legal storage terms that apply to us, furthermore until the end of all possible legal disputes needing the data as evidence.

3. Hosting

Our website is hosted by Abaton EDV-Dienstleistungs GmbH, Hans-Resel-Gasse 17, 8020 Graz. Our host provider provides us with the IT infrastructure services, disk space, computing capacity, technical security and maintenance services that we need to cover the range of options of this web presence. The user data is processed in the context of these services within the framework of our legitimate interests (Art. 6 [1] f GDPR) in enabling the provision of our online services.

4. Automatic data acquisition

For technical reasons, the usage data that a user’s Internet browser transfers to Imperial Austria includes the following:

  • browser type and version;
  • operating system being used;
  • website visited by the user;
  • date and time of access;
  • Internet protocol (IP) address of the user’s computer.


This data is stored separate from any user data communicated (in particular name, address, telephone number, e-mail address, language) and is evaluated for statistical purposes in order to optimise the Internet presence and services at (for more details, see below).

5. Data transfer to Schloß Schönbrunn Kultur und Betriebsgesellschaft mbH

Imperial Austria is the ticket-shop of the Schloß Schönbrunn Kultur- und Betriebsgesellschaft mbH (in the following „SKB“), with headquarters in our company location – Schloss Schönbrunn, Kavalierstrakt, 1130 Vienna. We are informing SKB on ticket reservations made via

Specifically, during this process we receive the following data: name, address, telephone number, e-mail address, language, age (adult or children’s ticket), membership of a family or group (for family, student, group tickets).

The person-related data and contract data (contract subject, term, customer categories) notified in the course of ordering procedures are used exclusively for contract processing; payment data is protected in a coded process and used solely for payment management during the contract processing.

The use of the ticketing system is necessary for processing ticket reservations. We have entered into a contract for order data processing with the SKB.

This data usage is based on Art. 6 [1] b GDPR.

6. Data usage

6.1 During the ordering process, the following personal data is requested:

name, address, telephone number, e-mail address, language, age (adult or children’s ticket), membership of a family or group (for family, student, group tickets). For press accreditations the medium, working title and short description of the project must be stated. For online reservations by event organisers the event organiser’s PIN must be stated.

The personal data notified in the course of the order processing is used exclusively for contract processing (Art. 6 [1] lit b GDPR); payment information is protected by encryption and used solely for the payment management.

6.2 The following data is acquired when using contact forms and participation in competitions (Art 6 [1] b GDPR):

name, e-mail, telephone number if needed, postal address if needed. This data is used exclusively for the reply to the contact and to manage the competition in question.

6.3 In registering for newsletters and company newspapers, the following data is acquired (Art. 6 [1] a GDPR): 

name; e-mail address for newsletters and the postal address for company newspapers. This data is used exclusively for despatching the ordered newsletters / company magazines.

Our newsletters is only sent after a double opt-in, i.e., after registering in our newsletter list you will receive another, separate confirmation e-mail in order to conclude the registration for the newsletter.

7. Integration of the Trusted Shops Trustbadge

The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops Trustmark and the collected reviews as well as to offer Trusted Shops products to buyers after an order.

This is necessary to safeguard our legitimate prevailing interests in an optimal marketing by ensuring the safety of your purchase according to Article 6 (1) f GDPR. The Trustbadge and the services advertised with it are an offer of the Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, _Germany. The Trustbadge is made available by a CDN provider (Content-Delivery-Network) as part of order processing. The Trusted Shops GmbH uses also service provider from the USA. An adequate level of data protection is guaranteed. Further information to the data security of the Trusted Shops GmbH can be found here:

When the Trustbadge is called up, the web server automatically saves a server log file which contains, for example, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call. Individual access data are stored in a security database for the analysis of security problems. The log files are automatically deleted 90 days after creation at the latest.

Further personal data will be transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or have already registered for use. The contractual agreement made between you and Trusted Shops applies. For this purpose personal data is automatically collected from the order data. Whether or not you are already registered as a Trusted Shops customer is automatically checked by means of a neutral parameter, the e-mail address hashed by cryptological one-way function. The e-mail address is converted to this hash value, which cannot be decrypted by Trusted Shops before it is transmitted. After checking for a match, the parameter is deleted automatically.

This is necessary for the fulfillment of our and Trusted Shops' legitimate prevailing interests in the provision of the buyer protection linked to the specific order and the transactional review services in accordance with Art. 6 para. 1 s. 1 lit. f GDPR. Further details, including your right to object, can be found in the Trusted Shops Privacy Policy linked above and within the Trustbadge.

8. Cookies

Imperial Austria uses cookies for the provision of its services (Art. 6 Abs [1] lit f GDPR). Cookies are small text files that the user’s Internet browser places and stores on his or her computer. Cookies make our Internet presence user-friendlier and enable us to recognise multiple usage of this website by the same user. Cookies are needed in particular for using a web shop.

Some cookies remain stored on your end device until you delete them. They enable us to recognise your browser on your next visit.

If you do not want this option, you can set your browser in such a way that you are informed about the placing of cookies and you can permit this specifically for individual cases.

Users can prevent the installation of cookies by an appropriate setting in their browser software; Imperial Austria wishes to inform you however that in this case not all website functions can be used in their entirety.

9. Analysis of the Imperial Austria Internet presence

To improve and optimise its web presence, Imperial Austria uses Google Analytics, a Google LLC (“Google” in the following) web analysis service, Amphitheatre Parkway, Mountain View, CA 94043, USA. Google is certified under the Privacy Shield Framework Agreement and thus guarantees compliance with European data protection law: We have entered into a corresponding contract with Google for order data processing. You can find the Google Data Protection Declaration here:

Google Analytics uses so-called cookies, text files that are stored on the user’s computer and that enable an analysis of the user’s website usage. The information generated by the cookie on usage of this website is normally transmitted to a Google server in the USA and stored there.

Our interest within the meaning of the GDPR/General Data Protection Regulation is the improvement of our offer and our web presence. Since our users’ privacy is important to us, user data is processed under a pseudonym. In addition, we apply the “Google Tag Manager” system so as to integrate and manage the Google analysis and marketing services into our website (Art. 6 [1] lit f GDPR).

We have activated “anonymizeIp()” for our website; this extension allows IP addresses to be further processed in abbreviated form in order to eliminate direct personal references: IP anonymisation on this website first abbreviates the IP address of a Google user within the member states of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and abbreviated there.

In the course of the use of Google Analytics, Google evaluates website usage in order to compile reports on website activities and to provide additional services associated with website usage and Internet usage. The IP address transferred from a user’s browser within the framework of Google Analytics is not merged with other Google data. By using our web presence, the user confirms his/her agreement to the use of the data acquired from him/her as described above and for the aforementioned purpose.  

User data is stored for the duration of 38 months.

Users can prevent the storage of cookies by an appropriate setting in their browser software; however, we point out that in this case the user might not be able to make use of all the functions of this website.

In addition, users can prevent the acquisition of the data generated by the cookie and related to their website usage (incl. their IP address), its transfer to Google as service provider, and the processing of this data by Google by downloading and installing the browser plug-in available through the following link:

10. Google Marketing

We use Google AdWords and Google Remarketing of Google LLC (“Google” in the following), Amphitheatre Parkway, Mountain View, CA 94043, USA. Google is certified under the Privacy Shield Framework Agreement and thus guarantees compliance with European data protection law: We have entered into a corresponding contract with Google for order data processing. You can find the Google Data Protection Declaration here:

Internet users are shown advertisements both in Google Search and on numerous advertising-sponsored websites. This occurs in any event. Google Marketing Services enable ads to be provided to those users who presumably are interested in these advertised contents.

Conversely, Google enables us to show our advertising specifically only to those users who are potentially interested in it.

Remarketing means that users are presented with advertisements for products in which they last showed interest. This involves integrating so-called marketing tags into websites. When a user device accesses the website, a cookie (a small file) is stored which records the websites the user has visited. As he or she continues surfing, they are shown specific ads based on these records.

Google Adwords stores a “conversion cookie” on the user’s computer if the user has accessed our website via a Google ad. These cookies cease to apply after 30 days and do not serve personal identification.

Information accessed with the aid of the conversion cookie serves to create conversion statistics for AdWords users (for instance through the overall number of users who have clicked the ad). But when this is done, we do not receive information that can be used to identify the user personally.

The use of Google Marketing is based on (Art. 6 [1] f GDPR). In addition, we have activated “anonymizeIp()” for our website, as explained in Section 8; this extension means that user data is further processed only under a pseudonym. This means that neither Google nor advertisers can specifically identify the user; name, e-mail address remain unknown in this procedure.

If you do not wish to take part in the tracking procedure, you can also reject the installation of the cookie required for this – for instance via the browser setting that generally deactivates cookies automatically, or by blocking cookies through the domain “”.

You can also use the opt-out option installed by Google:

11. Social Plugins

Imperial Austria does not use social plug-ins (e.g. share, like-buttons) for its Internet presence in order to avoid data transfers to social networks that are unnecessary and that are not fully clear to users of social plug-ins.

Links from this web site lead solely to our presence on Facebook, Twitter, Instagram and Pinterest. Please note: when accessing these networks and platforms, the relevant operators’ business terms and conditions and data processing guidelines apply.

12. Facebook Pixel

We analyse and optimise our web presence using the so-called visitor action pixel (“Facebook Pixel”) of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, for users resident in the EU, Facebook Ireland Ltd, Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook" in the following).

Facebook is certified under the Privacy Shield Framework Agreement and guarantees compliance with European data protection law:

You can find the Facebook data guidelines here:

The Facebook social network is financed through advertising. This advertising is displayed to every Facebook user. This means that Facebook ads are displayed to Facebook users in any event. Facebook Pixel used to show Facebook users advertising that presumably complies with their interests. This prevents completely irrelevant advertising being displayed that is in fact only a nuisance.

We also use Facebook Pixel in order to place Facebook advertisements which target only those Facebook users who are most likely to take an interest in our services. In doing so, we also create so-called custom audiences, for which we define characteristics (e.g. interests, age groups etc.) in order to show our advertising to those users who are most likely to be interested in them.

Facebook Pixel also enables us to determine whether our ad was interesting for Facebook users,especially if the user clicked the ad, by allowing us to see whether the user clicked the ad and was thus linked to our website. In this way, we can assess the effectiveness of our ads; nevertheless, the individual user who clicks the ad remains anonymous to us. We do not possess this data.

The Facebook Pixel is thus firstly an opportunity to prevent companies distributing advertising pointlessly to all users, regardless of whether they are interested in the services or not. Secondly, the Facebook Pixel is also useful for Facebook users, because it means that they are shown advertising that in all probability is in a field that interests them, while Facebook Pixel the advertisements would be displayed randomly. The use of Facebook Pixel thus represents a predominant and legitimate interest according to Art. 6 [1] f GDPR.

Users can set what type of ads are shown to them on Facebook here:

13. Newsletter Services

Our newsletters is sent through the Austrian despatch service dialog-Mail eMarketing Systems GmbH, Nussgasse 31, A-3434 Wilfersdorf. The use of the despatch service is based on our legitimate interests according to Art. 6  [1] f GDPR and an order processing contract according to Art. 28 [3 ,1] GDPR.

Our quiz-newsletter at is sent through the US despatch service MailChimp, The Rocket Science Group, LLC675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA. The use of the despatch service is based on our legitimate interests according to Art. 6 [1] f GDPR and an order processing contract according to Art. 28 [3 ,1] GDPR.

As soon as you have registered for the newsletter, we send you a confirmation e-mail with a link for you to confirm registration (double opt-in). Newsletter registrations are recorded (registration date and time, confirmation date and time, IP address), so that we can verify the registration process according to legal requirements.

The use of dialog-Mail represents a legitimate interest in the application of a secure, user-friendly newsletter service. The following user data is processed: e-mail address, name, title and, for the dialog-Mail newsletter, a salutation.

When dialog-Mail is used, statistical data about the recipient’s access tto the newsletter is communicated (opening, time of opening, what links were activated). This information serves the improvement of our newsletter. Data is not merged for creating individual user profiles.

14. User rights

You are entitled to information, rectification, erasure, restriction, data portability, withdrawl of consent and objection to processing in relation to your personal data we use. If you believe that the processing of your data infringes data protection law, or your legal claims for data protection are violated in any other way, please contact us. You can also file a complaint with the supervisory authority. In Austria this is the Datenschutzbehörde ( 

The data we process is erased as soon as it is no longer required for its purpose and provided that the erasure is not in conflict with any legal storage obligations. 

If data is not deleted because it is required for other / legally permitted purposes (e.g. product liability etc.), its processing is limited, i.e., data is reduced to the extent necessary and not processed for other purposes.   Please note: there is a warranty period of 2 years for purchases of moveable items; the data of the purchase procedure must be stored in order for us to handle possible claims. Moreover, according to Sec 132 BAO (Bundesabgabenordnung, Federal Tax Code), bookkeeping documents, receipts, bills, etc. must be stored for seven years, or 22 years if related to real estate.

15. Provision of information

On request, information on the data stored relating to a person or a user name will be provided. On request, the information can be provided electronically. To obtain this information please contact:

Imperial Austria Palaces Service GmbH

Schloß Schönbrunn/Kavalierstrakt

1130 Vienna

Tel.: +43-1-81113-0

Fax: +43-1-8121106