Information on the processing of your personal data according to Article 13 GDPR
1. General Information
Welcome to our website and thank you for your interest in our company. The protection of your personal data is very important to us. We fully comply to the legal requirements of the EU General Data Protection Regulation and other applicable legal provisions on the protection, lawful handling and confidentiality of personal data. In this document we would like to inform you in a clear and understandable manner about the processing of your data in connection with the visit and the use of our website. If you have any questions about the processing of your data, please don’t hesitate to contact us using the contact details below.
2. Controller/Contact details
Data Protection Controller of the University of Applied Arts Vienna:
Albrecht Alexander
dsb@uni-ak.ac.at
+43-1-71133-2054
3. Purposes of processing and legal basis
Visiting our website:
When you visit our website, we collect and process access data in log files (access logs) to ensure the permanent functionality and accessibility of the website. In this context, we process the following data:
• IP address
• Date and time of access
• Websites from which you reach our site (referrer URL)
• Operating system
• Name of your Internet service provider
• Product and version information of the browser used (including browser language)
• Amount of data transferred, loading time
Legal basis for processing of personal data is legitimate interest Article 6 (1) (f) GDPR. Our legitimate interest is ensuring the functionality, security and accessibility of the website for all site visitors, improving the website in terms of stability and security, if necessary the defence and assertion of legal claims.
Against data processing based on legitimate interest you have the right to object (data subject´s right to object according to Article 21 GDPR). In this case we will no longer process your personal data, unless there are compelling legitimate grounds for the processing of your data.
It is not possible to identify you directly from the data collected. The data will be automatically deleted after the aforementioned purposes have been achieved.
We do not use cookies or corresponding technologies on our website. Therefore, your personal data is not being processed for purposes like user analysis and user tracking.
4. Data transfer and data recipients
As a rule, we only pass on your personal data, if it is absolutely necessary for the fulfilment of the stated purposes (operation and maintenance of the website via external service providers). However, we may also be legally or by instruction of an authority obliged to pass on data to third parties (e.g. passing on data to law enforcement agencies).
When transferring personal data, we ensure that only the absolutely necessary information is being transferred. We strictly comply with the data protection requirements for data transfer (e.g. documented instructions for the data processor, obligation for maintenance of secrecy and confidentiality, obligation to fully comply with a sufficient level of protection in the processing of personal data – pursuant to Article 28 GDPR).
Data transfer to third countries and international organisations: For instance, in connection with administration of communication we might have to transfer personal data to third countries (countries outside the European Union/the European Economic Area) and/or international organisations. We only transfer data with your permission (data subject’s explicit consent to the proposed transfer after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards Article 49 (1) (a) GDPR) or in fulfilment of our contractual duties and pay attention to all aspects of compliance to data protection.
5. Storage period
Your data will only be stored for as long as it is technically and organisationally necessary to achieve the stated purposes. Log file data is retained for a period of 6 months. If necessary, we also retain your personal data on the legal basis of legitimate interest (defence and assertion of legal claims) for certain periods of time. When determining the duration of storage, we make sure not to violate your rights. If data storage is no longer required, we will delete your data immediately.
6. Automated individual decision-making and profiling
We do not use profiling or automated decision-making.
7. Rights of data subjects
Regarding your personal data processed by us, you are entitled to a number of rights. You can assert all these rights free of charge and informally (by e-mail, telephone or mail) – if necessary after proof of your identity – at the contact details provided. Your rights in detail:
Right of access: You are entitled to ask for access to personal data processed by us at any time in a formless way. You will receive written information about the purposes of processing, which data we process, the recipients and categories of recipients and the duration of data storage. We will answer to your request without undue delay and in any event within one month of receipt of the request (this period may be extended by two months when necessary).
Right to erasure: You have the right to obtain the erasure of your personal data. We will comply to your request if your personal data is no longer necessary for the purposes for which it was provided, if you withdraw your consent and there is no other legal basis for processing, if you object to processing pursuant to Art 21 (1) GPDR and there are no overriding legitimate grounds for continuing processing of your data is necessary to fulfil a legal obligation.
Right to rectification: In case we are processing inaccurate or incomplete data about you, you have the right to rectification – following your request we will correct your data.
Right to restriction of processing: If the deletion of your data is not possible or you don’t ask for complete erasure, but you do not consent to any use beyond the storage of the data, we are obliged to restrict the further processing of your personal data upon your request.
Right to data portability: We will provide you with the data we have stored about you, which we have received on the basis of a contract or on the basis of your consent, upon your informal request free of charge in a common file format. You can use this data for your own purposes and pass it on to future contractual partners. If you wish and if it is technically feasible, we will also transfer your data directly to an addressee named by you. In this case, we will inform you after the transfer has taken place. We will respond to your request immediately, but no later than within one month.
Right to object: If we process your data on the basis of our legitimate interest, you have the right to object to further processing of your personal data. In case you object we will no longer process your personal data for the purpose to which you have objected – unless there are legitimate reasons on our side for further processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
Right to withdraw a consent given: You can revoke your consent to data processing at any time with future effect, in which case we will stop processing personal data. The lawfulness of processing based on consent is not affected before its withdrawal.
All the above-mentioned rights can usually be asserted free of charge, an informal application/notice to us is sufficient. We will comply to your request as early as possible – as a general rule at the latest within one month.
8. Right to lodge a complaint
The EU General Data Protection Regulation guarantees you the above-mentioned rights. If you think that these rights have been violated by us, you have the opportunity to lodge a complaint with a data protection supervisory authority. The Data Protection Authority in Austria is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, dsb@dsb.gv.at. Claims against us, to which you are entitled on the basis of other legal bases, remain unaffected. Before lodging a complaint, please give us the opportunity to address your concerns and clarify any issues.
9. Additional Information
We take all necessary and appropriate technical and organisational security measures to protect your personal data from loss and misuse. Your data will be stored in a secure, state-of-the-art operational environment.
Access to our website is secured via HTTPS. This means that communication between your terminal device and our servers is encrypted.
On our website you may find links to websites for which other organisations, institutions or companies are responsible. For information on the processing of personal data by these third parties, refer to the relevant privacy policies. You can recognise a link to another website by the fact that a new browser window/tab opens and a new address or URL is displayed.
Symbols relating to appearances on social media might be available on our website in order to refer to our company presentations on the Social Media channels. Clicking on the pictograms/symbols will take you to our social media appearance. These symbols are mere links and not “social media plugins”. No personal data is being transmitted to the social media-enterprises.
We expressly reserve the right to make future changes or adjustments to this privacy policy. If you have any questions, please contact us using the contact details provided.
05/2023