Kriege Group

Privacy Policy

This policy has been taken and adapted from the official data protection declaration of the University of Vienna.

§ 1 Controller and Scope

The controller according to the General Data Protection Regulation (GDPR) and other national data protection acts of member states as well as other statutory data protection regulations is:

University of Vienna
Universitätsring 1
1010 Wien
E-mail: dsba@univie.ac.at
Website: univie.ac.at

This Data Protection Declaration applies to all websites of the Kriege Group available under the domain kriegegroup.unvie.ac.at as well as the associated subdomains (henceforth “our websites” or “web presence”). In addition, it applies to the data processing activities specified below. From a functional perspective, the Data Protection Declaration applies to all organisational units of the University of Vienna. Information about data protection when using cloud services is provided in the University of Vienna’s data protection declaration for cloud services (in German), available at: Data Protection Declaration of the University of Vienna – cloud services and other IT applications (PDF, in German)

§ 2 Data Protection Office and Contact Persons

The controller has authorised the following external data protection officers:

Daniel Stanonik and Karsten Kinast, representing each other alternately

If the rights of data subjects according to section 13 of this Data Protection Declaration (e.g. right to information, right to erasure, etc.) are asserted, the relevant requests or applications must be sent to dsba@univie.ac.at or via mail to:

University of Vienna
Data protection officer of the University of Vienna
Universitätsring 1
1010 Wien

§ 3 What are Personal Data?

Personal data is individual information concerning personal or material details of an identified or identifiable natural person (data subject). These include, for example, information, such as your name, address, telephone number, date of birth and e-mail address. Information that cannot be linked to your person (or only involving a disproportionate effort), such as anonymised information, is not considered personal data.

§ 4 General Information about Data Processing

a) Scope

As a general principle, we collect and use personal data of our users only to the extent that is necessary for carrying out the relevant data processing activity. We use your personal data to provide information, products and desired services offered by the University, to answer your questions, to fulfil our legal mandate and statutory obligations, as well as to operate and improve our websites and applications.

We collect and use personal data of our users only based on a relevant legal foundation in accordance with the GDPR, e.g. only if the individual user has given their consent. Further details regarding the individual consents granted are specified in section 7 of this Data Protection Declaration under the respective processing activity.

Your personal data will not be used for any other purpose. Your personal data will not be transferred to third parties or used, for example, for advertising purposes without your consent, except in the cases specified below, and unless we are required by law to disclose the data.

b) Legal Basis

Where processing is subject to the data subject’s consent to the processing of their personal data, the legal basis for the processing is article 6, para. 1, sub-para. a of the EU General Data Protection Regulation (GDPR). If the processing of personal data is necessary to perform a contract to which the data subject is a party, article 6, para. 1, sub-para. b of the GDPR provides the legal basis. This also applies to processing activities that are necessary to take necessary steps prior to entering into a contact. Where processing of personal data is necessary for compliance with a legal obligation to which the University of Vienna is subject, article 6, para. 1, sub-para. c of the GDPR provides the legal basis.

If the processing of personal data is necessary to protect the vital interests of the data subject or of another natural person, article 6, para. 1, sub-para. d of the GDPR provides the legal basis. If the processing is necessary for the purposes of the legitimate interests pursued by the University of Vienna or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, article 6, para. 1, sub-para. f of the GDPR provides the legal basis for the processing activity.

If the University of Vienna processes personal data for academic and research purposes, the University of Vienna reserves the right to use suitable provisions specified in the Forschungsorganisationsgesetz (Austrian research organisation act, FOG) as a legal basis in addition to the legal foundations specified above. This also applies in connection with a declaration of consent (broad consent) with regard to the special provisions pursuant to section 2d, para. 3 of the FOG.

c) Erasure of Data and Storage Period

Personal data of the data subject will be erased or blocked as soon as the purpose of the processing activity has been fulfilled. Furthermore, data may also be stored if specified by the European or national legislative authority in Union law regulations, laws, or other regulations to which the controller is subject. Personal data will also be erased or blocked when a storage period stipulated by one of the norms listed above expires, unless it is necessary to further store the data for the purpose of concluding or executing a contract.

d) Transfer of Data to Third Parties

We do not transfer any personal data to third countries unless we expressly inform you about this. In this case, the transfer of personal data to third countries takes place in accordance with articles 45 and 46 of the GDPR. In the absence of an adequacy decision by the European Commission, standard protection clauses adopted in accordance with article 46 of the GDPR guarantee an adequate level of protection. In individual cases, we will also obtain your consent for the transfer of personal data to third countries. In this case, it is our obligation to inform you that the level of data protection in third countries might not be comparable to that in the European Union. This poses a risk to your personal data since they may be accessed, in particular, by public authorities which are not subject to the legal protection mechanisms applicable within the European Union.

§ 5 Transfer of Data to Third Countries during Professional Appointment Procedures, Habilitation Procedures or Similar Procedures

During a professorial appointment procedure, habilitation procedure or similar procedure (e.g. doctoral procedure), your personal data are transferred to external reviewers who may be located in third countries outside the European Union or the European Economic Area. These third countries may have a lower statutory level of data protection. However, we have to transfer your personal data to allow for a review of your documents. The processing of your personal data is based on article 6, para. 1, sub-para. c of the GDPR and section 2g of the Austrian Forschungsorganisationsgesetz (research organisation act, FOG). The transfer of data is permissible according to article 49, para. 1, sub-para. b and sub-para. c of the GDPR as well as with to article 49, para. 1, sub-para. d of the GDPR.

§ 6 Processing of Event Photographs

We organise different events, such as lectures, conferences and similar events, also outside of regular teaching hours. During these events, we may take photographs or make video recordings of the event participants. We use and process these photographs/videos to present the event, offline and/or online (e.g. in magazines, on social media or on websites).

The legal basis for the data processing specified above is determined in article 6, para. 1, sub-para. f of the GDPR and section 12, para. 2, sub-para. 4 of the Austrian Data Protection Act (Datenschutzgesetz, DSG). The processing of the data specified above is necessary for the presentation of the events. Therefore, it serves the purposes of the legitimate interests pursued by the University of Vienna. Where necessary, we will obtain your consent to the processing of your photographs (article 6, para. 1, sub-para. 1 of the GDPR).

The University of Vienna erases photographs and videos as soon as they are no longer required for a legitimate interest to present the relevant event. This may be the case, for example, if the University does not have to advertise the event any longer because there will be no follow-up event.

§ 7 Individual Processing Activities

We do not require any additional information.

§ 8 Use of Cookies

We use so-called cookies. Cookies are small text files that are sent from our web server to your browser when you visit our websites. Your browser holds these cookies available on your computer for later retrieval. Cookies contain a characteristic string of characters that allows your browser to be uniquely identified when the website is accessed again. We use only so-called session cookies (also known as temporary cookies), i.e. cookies that are stored only temporarily (cached) for the duration of your visit to one of our websites.

We use the following cookies:

  • Session cookies (ID)
  • JavaScript cookies
  • Matomo-/Piwik cookies for statistical analysis

The collected usage data do not allow for any conclusions regarding the user (except those cookies that serve the recording of data in connection with an active log-in). All usage data are collected in anonymised form; they will not be linked to your personal data and will be erased immediately after the end of the statistical analysis. All cookies are erased after termination of the session, i.e. as soon as you end your browser session.

Furthermore, on our websites we use cookies which allow for an analysis of our users’ surfing behaviour. This way, the following data may be transferred:

  • Search terms entered
  • Frequency of page views
  • Use of website features

The legal basis for the processing of data, subject to the user’s consent, is article 6, para. 1, sub-para. a of the GDPR as specified in the cookie banner as well as the University of Vienna’s legitimate interest in accordance with article 6, para. 1, sub-para. f of the GDPR, unless these are cookies necessary for the operation of the website.

The legal basis for the processing of personal data when using technically necessary cookies is article 6, para. 1, sub-para. f of the GDPR.

In particular, the used cookies serve the purpose of analysing the frequency of use and the number of visitors to our websites. Furthermore, they are used to continue to identify your computer during a visit on our website when surfing from one page to the next, and to establish the end of your visit. This allows us to determine which sections of our websites and which other websites our users visited.

The purpose of using technically necessary cookies is to simplify the use of websites for their users. Some features of our web presence cannot be provided without the use of cookies. To provide these features, it is imperative to recognise your browser even when you have switched to a different page.

The following applications require cookies:

  • Shopping cart
  • Transferring language settings
  • Remembering search terms

The user data collected by technically necessary cookies are not used to create user profiles.

§ 9 Integration of Social Plug-Ins

On our website, we do not integrate any social media plug-ins.

§ 10 Security Measures for Protecting Data Stored by the University of Vienna

We commit ourselves to protecting your privacy and treating your personal data strictly confidential. To prevent manipulation, loss, or abuse of your personal data stored by us, we have implemented extensive technical and organisational security measures which are reviewed on a regular basis and updated in accordance with technological advances. These security measures include, among other things, the use of recognised encryption methods (TLS). However, please note that due to the nature of the Internet, other persons or institutions outside our area of responsibility may not adhere to the rules of data protection and the security measures specified above. In particular, data that are revealed without encryption – for example, data transferred via e-mail – may be accessed by third parties. We have no technical influence on this. It is the user’s responsibility to protect the data they provide against misuse by means of encryption or other measures.

§ 11 Hyperlinks to Third-Party Websites

On our websites, we place so-called hyperlinks to websites of other providers. Activating these hyperlinks will redirect you from one of our websites directly to the website(s) of the other provider. For example, you can recognise this by the change of the URL. Since it is beyond our scope of influence whether third parties adhere to the data protection regulations, we cannot assume any responsibility for the confidential handling of your data on the websites of third parties. For information about the handling of your personal data by these companies, please refer directly to the respective companies’ websites.

§ 12 Right to Object

Regarding the processing of your personal data based on the legitimate interest of the University of Vienna in accordance with article 6, para. 1, sub-para. f of the GDPR, you have the right to object to the processing of your personal data on grounds relating to your particular situation and/or to object against the use of your personal data for direct marketing purposes. In case of direct marketing, you have a general right to object which we will enforce without you having to specify a particular situation. Please contact us at dsba@univie.ac.at or at the e-mail address specified for the relevant processing activity.

§ 13 Your Rights as a Data Subject

The GDPR specifies the following rights for data subjects regarding the processing of personal data:

  • In accordance with article 15 of the GDPR, you have the right to obtain information from us about the personal data we are processing. In particular, you have the right to obtain information about the purposes of the processing, the categories of personal data concerned, the categories of recipients to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request the rectification or erasure of your personal data or restriction of processing your data or to object to such processing, the right to lodge a complaint with a supervisory authority, the source of personal data collected about but not from you, the transfer of your data to third countries or international organisations, as well as about the existence of automated decision-making, including profiling and, if applicable, meaningful information about the logic involved.
  • In accordance with article 16 of the GDPR, you have the right to request from us the rectification of inaccurate personal data concerning you and to have incomplete personal data completed. Pursuant to section 59, para. 2 of the Universities Act, students are obliged to immediately notify the university to which they are admitted about any changes to their name and address. You can fulfill this obligation via u:space.
  • In accordance with article 17 of the GDPR, you have the right to request from us the erasure of personal data concerning you, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.
  • In accordance with article 18 of the GDPR, you have the right to request the restriction of processing of personal data concerning you, if you contest the accuracy of the personal data, if the processing is unlawful, if the University no longer needs the personal data, and if you oppose the erasure of the personal data because they are required for the establishment, exercise or defense of legal claims. Your right pursuant to article 18 of the GDPR also applies if you object to the processing in accordance with article 21 of the GDPR.
  • In accordance with article 20 of the GDPR, you have the right to receive the personal data which you have provided to us in a structured, commonly used and machine-readable format and to transmit those data to another controller
  • In accordance with article 7, para. 3 of the GDPR, you have the right to withdraw your consent to the processing of your data at any time. Consequently, the University of Vienna may no longer continue the data processing based on this consent in future.
  • In accordance with article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority. In general, you can lodge a complaint with the supervisory authority in your habitual residence, your place of work, or our registered place of business. In Austria, the responsible supervisory authority is the Data Protection Authority, Barichgasse 40-42, 1030 Vienna, Telephone: +43 1 52 152-0, E-mail: dsb@dsb.gv.at, Website: dsb.gv.at