Last updated: 6. April 2026
This Privacy Policy explains how Das Werk (“we”, “us”, “our”) processes personal data when you use our website at www.daswerk.org (the “Website”).
Austria: We are established in / offer this Website in Austria. The processing of personal data is governed by the EU General Data Protection Regulation (GDPR) and, where applicable, the Austrian Data Protection Act (Datenschutzgesetz, DSG) and other Austrian laws (for example rules on telecommunications and cookies under the Telecommunications Act (Telekommunikationsgesetz, TKG) in conjunction with the ePrivacy Directive).
Please read this policy together with our COOKIES INFORMATION (and the dedicated Cookies page on the Website, if published). If we publish an Imprint (Impressum) on the Website, it forms part of our legally required transparency (separate from this Privacy Policy).
The controller responsible for the processing of personal data described in this policy is:
WERK Clubkultur GmbH Spittelauer Lände 12/331-333 1090 Wien FN 605514 m info[at]daswerk.org
If you have questions about this policy or wish to exercise your rights, please contact us using the details above.
We process personal data only where necessary to provide the Website, to communicate with you when you contact us, and to understand aggregated use of the Website.
The Website is hosted and delivered using Vercel, Inc. (United States). When you visit the Website, Vercel processes technical data that is typically required to establish and maintain the connection, such as IP address, date and time of the request, browser type and version, operating system, referrer URL, and HTTP status. This processing is necessary to make the Website available and to ensure security and stability.
Depending on the circumstances, the legal basis is Article 6(1)(f) GDPR (legitimate interests in secure, reliable hosting and operation of the Website) and/or Article 6(1)(b) GDPR (performance of a contract or pre-contractual steps, where applicable).
Where personal data is transferred to the United States, we rely on appropriate safeguards under GDPR, such as the EU–US Data Privacy Framework where applicable, and/or Standard Contractual Clauses approved by the European Commission, as offered by Vercel in its role as processor.
We use Vercel Web Analytics to understand how the Website is used in aggregate (for example, page views and navigations). According to Vercel’s documentation, Vercel Web Analytics does not use third-party cookies for this purpose and is designed to work with aggregated, non-identifying statistics. For more detail, see Vercel’s documentation: PRIVACY AND COMPLIANCE – WEB ANALYTICS.
The legal basis is Article 6(1)(f) GDPR (legitimate interests in measuring and improving the performance and structure of the Website), unless applicable law in your country requires consent for this type of processing—in which case we will rely on consent where required.
Editorial content on the Website (text, images, navigation, event information, etc.) is managed using Strapi, operated on infrastructure controlled by us (for example, a virtual server). When you use the Website, your browser generally does not log in to Strapi; content is retrieved by our Website’s servers and delivered to you.
If you are an editor or administrator logging into the Strapi admin interface, separate terms and login-specific processing apply; that use is not covered for end visitors in the same way as public browsing.
The legal basis for processing related to delivering public content is Article 6(1)(f) GDPR (operation of the Website) and/or Article 6(1)(b) GDPR where relevant.
If you use our contact form, we process the information you enter (for example, name, email address, subject, message, and any optional fields we display) in order to handle your request and, where applicable, to communicate with you about it.
Emails may be sent via SMTP using a provider or mail server configured for this Website. Recipients and routing may be configured in our CMS (Strapi) so that messages reach the appropriate inbox.
The legal basis is Article 6(1)(b) GDPR (steps at your request prior to entering into a contract or, where applicable, performance of a contract) and/or Article 6(1)(f) GDPR (responding to enquiries). Where consent is required for specific processing (for example, certain marketing communications), we will ask for it separately.
We store contact enquiries only as long as necessary to fulfil the purpose for which they were sent and to meet legal retention obligations (for example, tax or commercial law), unless a longer period is required for the establishment, exercise or defence of legal claims.
For presentation and usability on the start page, the Website may use browser local storage to remember that an introductory animation has recently been shown, so that it is not repeated on every short revisit. This storage is tied to your browser on your device; we do not use it for cross-site advertising.
The legal basis is Article 6(1)(f) GDPR (legitimate interests in a stable, predictable user experience), or consent where required by applicable law in your jurisdiction.
We do not use advertising or social media marketing cookies on the Website as part of this setup. For a concise overview of cookies and similar storage, see our [Cookies] page on the Website (/cookies).
We use service providers who process data on our behalf under Article 28 GDPR (processors), including in particular:
Further processors may include email/SMTP providers and infrastructure providers for Strapi, depending on our configuration.
We only permit processors to use data to provide their services to us and require appropriate data processing agreements and safeguards.
Where personal data is transferred to countries outside the European Economic Area, we ensure appropriate safeguards in line with GDPR (such as adequacy decisions, the EU–US Data Privacy Framework where applicable, or Standard Contractual Clauses).
We retain personal data only for as long as necessary for the purposes described in this policy, unless longer retention is required by law or for the establishment, exercise or defence of legal claims. Aggregated analytics data may be retained in line with our provider’s documentation and our settings.
Subject to applicable law, you may have the following rights:
To exercise these rights, please contact us at the email address in section 1.
Supervisory authority (Austria): If you are in Austria or if Austrian law applies, you may lodge a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde, DSB):
Österreichische Datenschutzbehörde
Barichgasse 40–42
1030 Vienna, Austria
Phone: +43 1 52 152-0
Web: HTTPS://WWW.DSB.GV.AT
You may also contact another EU/EEA supervisory authority (for example in your habitual residence), where applicable.
We do not use automated decision-making or profiling within the meaning of Article 22 GDPR in connection with the Website as described here.
The Website is not directed at children. Under GDPR, rules for offering online services directly to children can depend on age limits in EU Member States. In Austria, the age from which consent may be valid for certain information society services is often set at 14 years under national law (subject to the specific service and context). We do not knowingly collect personal data from children in a way that conflicts with applicable law. If you believe we have processed such data, please contact us.
We may update this Privacy Policy from time to time. The “Last updated” date at the top will change accordingly. We encourage you to review this page periodically. For material changes, we will use appropriate notice mechanisms where required by law.
Unless mandatory consumer protection laws in your country of residence provide otherwise, this Privacy Policy and any non-contractual matters arising from it are governed by Austrian law, excluding Austrian conflict-of-law rules that would refer to another jurisdiction, where such exclusion is permissible.