Privacy Policy

At Chocolate Experience GmbH, we take your privacy seriously and are committed to protecting your personal data. This Privacy Policy describes how we collect, use, and protect your personal data when you visit our website.Collection and Use of

Personal Data:
(1) When you contact us by email, we will collect the information you provide (such as your email address, name, and telephone number) to answer your questions. We will only retain this information for as long as necessary, or as required by law.
(2) If we engage commissioned service providers for certain functions of our website or if we use your data for advertising purposes, we will provide you with detailed information about these transactions and specify the criteria for the storage duration.

Your Rights:
(1) You have the right to:Request information about the personal data we process about you.Request the correction of incorrect or incomplete personal data.Request the deletion of your personal data, unless we are required to retain it by law.Request the restriction of the processing of your personal data under certain circumstances.Receive your personal data in a structured, commonly used, and machine-readable format or request its transfer to another data controller.File a complaint with a supervisory authority.
(2) To assert your rights or file a complaint, please contact us at [email address]. If you wish to file a complaint with the supervisory authority for our company's registered office, please contact .We reserve the right to update this Privacy Policy at any time. If we make significant changes, we will notify you by email or by placing a prominent notice on our website.

Collection of personal data when visiting our website:
When you visit our website for information purposes only, i.e., without registering or otherwise providing us with information, we automatically collect certain personal data that your browser transmits to our server. This data is technically necessary for us to display our website and to ensure its stability and security, and the legal basis for its collection is Art. 6 (1) sentence 1 (f) GDPR.The data we collect includes:
Your IP address
The date and time of your request
The time zone difference to Greenwich Mean Time (GMT)
The content of your request (specific page)
Access status/HTTP status code
The amount of data transferred in each case
The website from which your request originated
Your browser
Your operating system and its interface
The language and version of your browser software.
We do not use this data to draw any conclusions about you personally, and we do not merge this data with other data sources. We delete this data after seven days, unless we need to keep it for longer for the purposes of investigating identified attacks on our website.

Data Security
We take data security seriously and have implemented technical and organisational measures to protect your personal data from loss, destruction, unauthorised access, alteration, or disclosure by unauthorised individuals. While we conduct regular checks and updates, we cannot guarantee complete protection against all risks. Our website also uses SSL (Secure Sockets Layer) encryption in certain areas to ensure the privacy of your personal information.

Social Plugins:
At CHOCOLATE EXPERIENCE GMBH, we use social plugins from social networks. Please note that separate data protection and liability rules apply to social networks and third-party websites. The relevant website operators may save and use your personal data beyond the extent provided for under our data protection policy. CHOCOLATE EXPERIENCE GMBH cannot influence what data an activated plugin collects and how the provider uses it. Rest assured that we do not collect any personal information ourselves through the use of social plugins.

To increase the protection of your data, we have restricted the embedding of plugins in our website. Instead, we use an HTML link (the "Shariff solution" by c’t) which does not establish a connection with the social network provider's servers when you visit a page containing such plugins. If you choose to click on one of the buttons, a new window will open in your browser and you will be redirected to the relevant service provider's website. From there, you can activate the "like" or "share" buttons after logging in. Please refer to the relevant provider's data protection policy for information about the purpose and extent of data collection and the provider's further processing and use of the data, as well as your rights and the settings you can choose to protect your privacy.We use social plugins from Facebook, Instagram, and TripAdvisor. Here is their operator, website, and data protection information:

We use social plugins from Facebook, Instagram, and TripAdvisor. Here is their operator, website, and data protection information:

(1) Our website uses cookies, which are small text files that are stored on your browser's cache for the duration of your session (session cookies) or on your hard drive for a specific time period (permanent cookies). Cookies allow us to recognize your internet browser, so that we can provide you with targeted content that is tailored to your preferences and needs during your next visit to our website. We only use technically necessary cookies to achieve this, which are in our legitimate interest in providing a website that meets our visitors' needs. These cookies do not store any personal data.(2) If we also want to use marketing, tracking, or analysis cookies in addition to the necessary cookies, we will ask for your express consent before doing so. This request will appear on the cookie banner that appears on our website when you start using it. This banner provides information about our cookie policy and gives you the option to accept or refuse consent for all or specific types of cookies.(3) If you grant consent, the legal basis for processing your personal data is Art. 6 (1) (a) GDPR. You can change your cookie settings or withdraw your consent at any time using the blue button located at the bottom right of your browser window.

Google (Universal) Analytics
Google Universal Analytics is a web analysis service provided by Google Inc. ("Google"), which uses cookies to collect information about your use of our website. Before we can use Google Universal Analytics, we require your explicit consent, which you can provide or decline using the cookie banner when you first visit our website. Our website uses technically necessary cookies which do not save any personal data. If you grant consent for us to use Google Universal Analytics, the legal basis for processing personal data is Article 6(1)(a) of the GDPR.You can withdraw your consent at any time by contacting us at:
or through the contact details provided in our Legal Notice.When you visit our website, the information collected by the cookie is transmitted to Google's servers in the USA and stored there. However, IP anonymization is enabled on our website, which means that your IP address is first truncated by Google within the European Union or other contracting states of the European Economic Area. In exceptional cases, the full IP address may be transmitted to a Google server in the USA and truncated there. Google has committed to complying with the Privacy Shield Agreement on the collection, use, and retention of personal data from the EU, which is published by the US Department of Commerce and has been certified under the Privacy Shield.However, it's important to note that on July 16, 2020, the European Court of Justice declared that the Privacy Shield data protection agreement between the EU and the USA is invalid.

Facebook Remarketing
(1) Our website uses Facebook Ireland Ltd.'s "Custom Audiences" remarketing function, which allows us to display interest-related ads to our website visitors while they browse the Facebook social network ("Facebook ads"). When you visit our website, a Facebook remarketing tag (cookie) is implemented on the site, creating a direct connection to Facebook's servers and informing the server that you have visited our website. This information is listed on your personal Facebook user account. Facebook's data protection policy provides more detailed information on the collection and use of this information, as well as your privacy rights and possible ways to protect your privacy, at:
(2) We require your express consent to use tracking and marketing cookies. You can accept or reject these cookies and learn about our company's data protection policy by using the cookie banner that appears when you first visit our website.(3) If you grant consent, the legal basis for processing personal data is Art. 6 (1) (a) GDPR. You can withdraw your consent at any time without providing any reasons. You can do this by sending an email to:
or by referring to our Legal Notice for further contact information.You may also object to the use of cookies at any time and deactivate the "Custom Audiences" remarketing function. Furthermore, you can adjust your settings directly on Facebook by visiting
Please note that you must be registered with Facebook to use this link.

(1) We offer a newsletter subscription on our website, which requires your name and email address to send you the newsletter.
(2) The legal basis for processing your personal data is your consent (Article 6 (1) sentence 1 (a) GDPR). By subscribing to our newsletter, you agree to receive emails to your specified email address. Your agreement will be confirmed by the following consent text:"I hereby give my consent to [name] to send me emails to the email address provided by me. I have the right to revoke this consent at any time, with effect for the future. I have read the privacy policy, which contains further information on data processing."
(3) You can withdraw your consent at any time by unsubscribing from the newsletter. Each newsletter contains an unsubscribe link at the bottom, which you can use to automatically delete your information.
(4) To register for our newsletter, we use a double opt-in procedure. After submitting your information, you will receive an email asking you to confirm your subscription. We store the registration and confirmation times, as well as the IP address, as proof of the registration for the newsletter.
(5) The statistical analysis and logging of the registration procedure is based on our legitimate interests (Article 6 (1) sentence 1 (f) GDPR), which include the proper and technically flawless execution of the email dispatch.
(6) We will only retain your email address for as long as you subscribe to the newsletter. Once you unsubscribe, we will delete your email address.
(7) We will not share the email address you provide us with any third parties.Regenerate response

Waiting List
(1) By registering for our "list of events", we collect, store, process, and use the information you provide. We do this with your consent, as required by Article 6(1)(a) of the GDPR. When you sign up for the waiting list, you agree to receive an email with information about your selected event at your specified email address.
(2) Once the next update regarding your selected event becomes available, we will send you an email to the address you provided. Your data will be deleted after this notification.
(3) If you wish to withdraw your consent to store your data, email address, and use it for sending waiting list notifications, you can do so at any time by sending an email to:

Offer forms – school classes and companies
We provide online forms on our website that allow school classes and companies to request offers for our services. To do so, we require certain information such as your name, email address, and telephone number, or, in the case of school classes, the telephone number of a chaperone. We process this data based on Article 6(1)(f) of the GDPR, as it serves our legitimate interests in providing you with additional ways to contact us before submitting an offer. We only store this data to the extent necessary for preparing the offer and executing the booked event.

Google Maps
The website of BO-YO CHOCOLATE MUSEUM VIENNA has integrated the Google Maps service to visualise and display the contact address. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. During use, Google collects and processes data about the use of the map function by the user. For more information about data processing, see the Google Privacy Policy

Integration and linking of videos vie YouTube
To integrate and link videos, we use the social network YouTube, which is provided by Google Ireland Limited, located at Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

Welcoming Guests
To provide a personalized experience for our guests, we may process personal data such as their name, age, and information relating to special occasions such as birthdays. This information is displayed on a screen in the museum foyer.We process this data based on Article 6(1)(f) of the GDPR to safeguard our legitimate interests and those of the individual concerned. Our aim is to offer a unique and enjoyable experience for our guests by providing a personal touch and welcoming them in a special way. This aligns with our commitment to customer satisfaction and service-oriented practices.Access to this information is limited to our employees and the guests in the relevant group. Unauthorised third-party access is strictly prohibited. Once the event has concluded, we will delete the personal data unless required by law to retain it.

Advertising to us
We strictly prohibit the use of contact information that is published in the context of the legal notice obligation by third parties for sending unsolicited advertising or information materials. We reserve the right to take legal action against the unsolicited sending of advertising information, such as spam emails.

Chocolate Experience GmbH
April 2023