Privacy Policy

Alpen-Adria-Universität Klagenfurt is pleased to welcome you to our website. Data protection and data security when using our website are very important to us. We would therefore like to provide you with information about which of your personal data we collect when you visit our website and the purposes for which this data is used.

Since changes to legislation or our internal company processes may require amendments to this privacy policy, please read through this privacy policy on a regular basis. The data privacy policy can be accessed, saved and printed out at any time under “Privacy policy”.

Section 1: Controller and scope of application

The controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of Member States, as well as other data protection provisions, is:

Alpen-Adria-Universität Klagenfurt
Universitätsstraße 65–67
9020 Klagenfurt am Wörthersee
Austria
Email: uni [at] aau.at Website: www.aau.at This privacy policy applies to the website of Alpen-Adria-Universität Klagenfurt, which can be accessed at aau.at (hereinafter referred to as “our website” or “website”).

Section 2: Data protection officer

The controller’s data protection officer is:

Assoc. Prof. DI Dr Peter Schartner
Universitätsstraße 65–67
9020 Klagenfurt am Wörthersee
Austria

To assert the rights of data subjects as defined in Section 11 of this privacy policy (e.g. right to information, right to erasure), please send any requests to dsb [at] aau.at or by post to

Alpen-Adria-Universität Klagenfurt
z. H. Datenschutzbeauftrager
Universitätsstraße 65–67
9020 Klagenfurt am Wörthersee
Austria.

Section 3: Principles of data processing

Personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, your age, your address, your telephone number, your date of birth, your email address, your IP address and user behaviour. Information that cannot be connected to you personally (or would require disproportionate effort to do so), e.g. on account of the anonymisation of the information, is not defined as personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transmission of said data) always requires a legal basis or your consent.

Processed personal data is deleted as soon as the purpose of processing has been achieved and there are no longer any statutory retention obligations that must be observed.

Where we process your personal data in order to provide certain offers, we have provided information on the specific operations, scope and purpose of the data processing, the legal basis and the applicable storage duration in the following.

Section 4: Individual processing operations

  1. Provision and use of the website

    1. Nature and scope of data processing

      When you visit and use our website, we collect the personal data that your browser automatically sends to our server. This information is stored temporarily in a log file. When you use our website, we collect the following data, which we require for technical reasons in order to deliver our website to you and to ensure stability and security:

      • IP address of the accessing computer
      • date and time of access
      • name and URL of file accessed
      • data volume transferred
      • notification of whether retrieval was successful
      • identification data of the accessing browser and the operating system
      • website from which our website was accessed.
    2. Legal basis

      Art. 6 (1) (f) GDPR serves as the legal basis for the specified data processing. The processing of the specified data is required in order to provide a website and is thus in the legitimate interests of our company.

    3. Storage duration

      As soon as the specified data is no longer required to deliver the website, it is deleted. The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, the user has no opt-out option. The data may be stored for longer than this period in individual cases if required by law.

  2. Newsletter in general

    1. Nature and scope of data processing

      On our website, there is the option of subscribing to a free newsletter. In order to regularly send you the newsletter, we require the following information from you:

      • email address
      • IP address of the accessing computer
      • date and time of access
      • name and URL of file accessed
      • data volume transferred
      • notification of whether retrieval was successful
      • identification data of the accessing browser and the operating system
      • website from which our website was accessed.

      Your data is not passed on to third parties in connection with the sending of the newsletter.

      The Public Relations Office sends the newsletter via the mail service provider Rapidmail GmbH
      Augustinerplatz 2, 79098 Freiburg i. Br., Germany. The data protection provisions of the mail service provider are available here: www.rapidmail.de/datenschutz. The mail service provider is used on the basis of our legitimate interests in accordance with Art. 6(1)(f) GDPR and a contract on commissioned processing in accordance with Art. 28(3)(1) GDPR. The mail service provider may use recipients’ data in pseudonymised form, i.e. without any assignment to a user, in order to optimise or improve its own services, e.g. for technical optimisation of the dispatch process and the appearance of the newsletter, and for statistical purposes. However, the mail service provider does not use the data of our newsletter recipients to contact them itself or to pass the data on to third parties.

      We use the double opt-in procedure for the sending of newsletters, which means that we will only send you the newsletter if you have already confirmed your subscription by clicking on the link contained in a confirmation email sent to you for this purpose. We follow this procedure to ensure that only you, as the owner of the specified email address, are able to subscribe yourself to the newsletter. You must complete the confirmation process promptly after receiving the confirmation email as otherwise your newsletter subscription will be deleted from our database automatically.

    2. Legal basis

      The processing of your email address for the purpose of sending the newsletter is based on your voluntary declaration of consent pursuant to Art. 6(1)(a) GDPR.

    3. Storage duration

      Your email address is stored for the duration of your subscription to the newsletter. If you unsubscribe from the newsletter, we will delete your email address. The data may be stored for longer than this period in individual cases if required by law.

  3. Contact form

    1. Nature and scope of data processing

      On our website, we provide you with the option of contacting us via a form. If you use the contact form, the following personal data concerning you will be processed via this form:

      • email address
      • name (given name(s), last name)
      • message
      • academic title.

      Other personal data such as your current address and telephone number will only be processed if it is provided voluntarily.

      Your email address is required in order to allocate your enquiry and respond to you. Your personal data is not passed on to third parties when you use the contact form.

    2. Legal basis

      The data processing described above for the purposes of making contact is carried out on the basis of your voluntary declaration of consent pursuant to Art. 6 (1) (a) GDPR.

    3. Storage duration

      As soon as your enquiry has been processed and the relevant matter fully resolved, your personal data that was processed via the contact form will be deleted. The data may be stored for longer than this period in individual cases if required by law.

Section 5: Disclosure of data

We will only pass on your personal data to third parties if:

  • you have given your express consent for us to do so in accordance with Art. 6 (1) (1) (a) GDPR
  • this is permitted by law and required in accordance with Art. 6 (1) (1) (b) GDPR in order to carry out a contractual relationship with you
  • there is a legal obligation to do so in accordance with Art. 6 (1) (1) (c) GDPR
  • the disclosure is necessary in accordance with Art. 6 (1) (1) (f) GDPR for the purposes of legitimate company interests, or to establish, exercise or defend legal claims, and there is no reason to believe that you have an overriding legitimate interest in your data not being disclosed.

Section 6: Use of cookies

Our website uses cookies. These are small text files that are stored on your end device through your browser. They do not cause any harm. We use cookies to make our website user-friendly. Some cookies remain stored on your end device until you delete them. They enable us to recognise your browser the next time that you visit our website. If you do not want this, you can configure your browser so that it informs you about the setting of cookies and you only allow cookies to be set in specific cases. If you disable cookies, the functionality of our website may be limited.

Section 7: Online presence in social media and integration of social plugins

We maintain an online presence within social networks and platforms in order to communicate with the customers, interested parties and users who are active in these networks and platforms and to provide these parties with information about our services there. When accessing the relevant networks and platforms, the terms and conditions and data processing guidelines of the operators of these networks and platforms apply.

Unless specified otherwise in our privacy policy, we process user data if the users concerned communicate with us within the social networks or platforms, e.g. adding a post on our online presence or sending us messages.

  1. Integration of third-party services and content

    Within our website, on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and cost-effective operation of our website within the meaning of Art. 6 (1) (f) GDPR), we use content and service offers of third parties in order to integrate their content and services, such as videos or fonts (hereinafter collectively referred to as “content”).

    This always requires that the third-party providers of this content are able to access users’ IP addresses because otherwise they cannot send the content to users’ browsers. The IP address is therefore required in order to display this content. We endeavour to only use content where the providers of the content concerned use the IP address solely for the purposes of delivering the content. Third-party providers may also use pixel tags (hidden graphics, also known as web beacons) for statistical or marketing purposes. Information such as visitor traffic on the pages of this website can be analysed using the pixel tags. The pseudonymous information may also be stored in cookies on the user’s device and may contain information such as technical information on the browser and operating system, referring websites, time of visit and other information on the use of our website. The pseudonymous information may also be combined with such information from other sources.

    • 1.1 YouTube

      We integrate videos from the “YouTube” platform provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

    • 1.2 Google Maps

      We integrate maps from the “Google Maps” service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data processed may, in particular, include the IP addresses and location data of users, but this data is not collected without users’ consent (usually carried out in the settings of users’ mobile devices). The data may be processed in the USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

    • 1.3 Use of Facebook social plugins

      On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and cost-effective operation of our website within the meaning of Art. 6(1)(f) GDPR), we use social plugins (“plugins”) provided by the social network facebook.com, which is run by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can represent interactive elements or content (e.g. videos, graphics or text) and can be identified by one of the Facebook logos (white “f” on blue tile, the “Like” term or a “thumbs up” icon) or by the text “Facebook Social Plugin”. The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

      Facebook is certified under the Privacy Shield Framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

      If users access a function of this website that contains such a plugin, the user’s device will establish a direct connection to the Facebook servers. The content of the plugin is sent directly to the user’s device by Facebook and then integrated into the website by the device. Usage profiles of users may be created from the processed data during this process. We therefore have no influence over the scope of the data that Facebook collects via this plugin and provide users with information based on our knowledge.

      Through the integration of the plugins, Facebook receives the information that a user has visited the relevant page on the website. If the user is logged into Facebook, Facebook can link the visit to the user’s Facebook account. If users interact with the plugins, for example clicking the “Like” button or adding a comment, the user’s device sends the relevant information directly to Facebook, where it is then stored. If users are not members of Facebook, it is still possible that Facebook may find out and store the user’s IP address. According to Facebook, only anonymised IP addresses are stored in Germany.

      Information on the purpose and scope of data collection and the subsequent processing and use of data by Facebook, as well as related rights and configuration options for protecting users’ privacy, can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

      If users are members of Facebook and do not want Facebook to collect data about them via this website and link it to their member data stored by Facebook, they will need to log out of Facebook and delete their cookies before visiting our website. Other settings and options for opting out of the use of data for advertising purposes are available in the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform independent, meaning that they are configured for all devices, including desktop computers and mobile devices.

    • 1.4 Twitter

      Functions and content from the service Twitter, provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, may be integrated on our website. This may include content such as images, videos or text, as well as buttons that enable users to share content from this website within Twitter.
      If users are members of the Twitter platform, Twitter may link access to/use of the above-mentioned content and functions to their Twitter profile. Twitter is certified under the Privacy Shield Framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy policy: https://twitter.com/privacy, opt-out: https://twitter.com/personalization.

    • 1.5 Instagram

      Functions and content from the service Instagram, provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, may be integrated on our website. This may include content such as images, videos or text, as well as buttons that enable users to share content from this website within Instagram. If users are members of the Instagram platform, Instagram may link access to/use of the above-mentioned content and functions to their Instagram profile. Instagram privacy policy: http://instagram.com/about/legal/privacy/.

      The legal basis for the processing of data based on the user’s consent is Art. 6(1)(a) GDPR in accordance with the cookie banner and legitimate interests as defined in Art. 6(1)(f) GDPR.

    • 1.6 Xing

      Functions and content from the service Xing, provided by XING AG, Dammtorstraße 29–32, 20354 Hamburg, Germany, may be integrated on our website. This may include content such as images, videos or text, as well as buttons that enable users to share content from this website within Xing. If users are members of the Xing platform, Xing may link access to/use of the above-mentioned content and functions to their Xing profile. Xing privacy policy: https://www.xing.com/app/share?op=data_protection.

    • 1.7 LinkedIn

      Functions and content from the service LinkedIn, provided by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, may be integrated on our website. This may include content such as images, videos or text, as well as buttons that enable users to share content from this website within LinkedIn. If users are members of the LinkedIn platform, LinkedIn may link access to/use of the above-mentioned content and functions to their LinkedIn profile. LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy. LinkedIn is certified under the Privacy Shield Framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active).

      Privacy policy: https://www.linkedin.com/legal/privacy-policy,

      Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

    • 1.8 How to prevent collected data being linked to you

      If you do not want Facebook to link the data collected via our website directly to your Facebook profile, you will need to log out of Facebook before visiting our website. You can also prevent Facebook plugins from loading at all by means of add-ons for your browser, e.g.

      If you do not want Google or Twitter, for instance, to link the data collected via our website directly to your profile on YouTube (Google) or Twitter, you will need to log out of YouTube (Google) or Twitter before visiting our website. You can also prevent Google/Twitter plugins from loading at all by means of add-ons for your browser, e.g. with the script blocker NoScript (noscript.net).

Section 8: Hyperlinks

Our website includes hyperlinks to websites provided by other parties. When you click on one of these hyperlinks, you are forwarded from our website directly to the website of the other provider. You can tell this has happened by the fact that the URL changes, among other things. We cannot accept any responsibility for the confidential handling of your data on these third-party websites because we have no influence over whether these companies comply with data protection regulations. For information on how these companies handle your personal data, please refer directly to the websites concerned.

Section 9: Data protection during the application process

We process applicant data only for the purpose of and in the context of the application process in compliance with statutory requirements. Applicant data is processed in order to fulfil our (pre)contractual obligations during the application process within the meaning of Art. 6(1)(b) GDPR and in accordance with Art. 6(1)(f) GDPR insofar as it is necessary for us to perform the data processing e.g. as part of a legal procedure.

Applicants are required to provide the applicant data to us during the application process. The necessary applicant data, where we provide an online form, is indicated and is otherwise specified in the job descriptions and essentially includes personal details, postal and contact addresses and the documents included in the application, such as the cover letter, CV and references. Applicants can also voluntarily provide us with further information in addition to this.

By submitting the application to us, applicants confirm that they consent to the processing of their data for the purposes of the application process in accordance with the nature and scope defined in this privacy policy.

If special categories of personal data as defined in Art. 9(1) GDPR are provided voluntarily during the application process, the processing of such data is also carried out in accordance with Art. 9(2)(b) GDPR (e.g. health data, such as details of a severe disability or ethnic origin). If special categories of personal data as defined in Art. 9(1) GDPR are requested from applicants during the application process, the processing of such data is also carried out in accordance with Art. 9(2)(a) GDPR (e.g. health data, if this is required in order to carry out the job).

Applicants can submit their applications to us via an online form on our website. The online form on our website is provided for us by service provider DWFormmailer (https://www.dw-formmailer.de).

The data is sent to DWFormmailer servers for the purposes of transmission and processing. The operator of this website is Wolfgang DĂĽrr (sole proprietorship), In den Kehlen 4, 97342 Marktsteft, Germany. We have an agreement on commissioned data processing in place with the service provider.
The data is sent to us in encrypted form based on the latest technology.

Applying for a professorship

Applicants can also submit applications to Alpen-Adria-Universität Klagenfurt by email. However, please note that emails are not generally sent in encrypted form and the applicants themselves are responsible for ensuring that they are encrypted. Therefore, we cannot accept any responsibility for the transmission path of the application from the sender to receipt on our server.

If their application is successful, we may process the data provided by applicants further for the purposes of the employment relationship. Otherwise, if the application for a post is unsuccessful, the applicant data will be deleted. The applicant data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.

The data will be deleted, subject to entitled withdrawal by the applicant, after a period of six months so that we are able to respond to any follow-up enquiries about the application and fulfil our obligations to produce proof under the Equal Treatment Act (Gleichbehandlungsgesetz). Any invoices for the reimbursement of travel expenses will be archived in accordance with the requirements under fiscal law.

Section 10: Rights of data subjects

As an individual affected by the processing of personal data, you have the following rights under the GDPR:

  • In accordance with Art. 15 GDPR, you may obtain information about your personal data that is being processed by us. In particular, you may obtain information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the envisaged storage duration, the existence of a right to rectification, erasure and the restriction of processing and the right to object, the existence of the right to lodge a complaint, the source of your data if we did not collect it ourselves, any transmission to third countries or international organisations, and the existence of automated decision-making, including profiling, and meaningful information about the details thereof where applicable.
  • In accordance with Art. 16 GDPR, you may obtain the rectification of inaccurate personal data concerning you that is stored by us or the completion of such data without undue delay.
  • In accordance with Art. 17 GDPR, you may obtain the erasure of personal data concerning you that is stored by us provided that the processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
  • In accordance with Art. 18 GDPR, you may obtain the restriction of the processing of your personal data where you contest the accuracy of the data, where the processing is unlawful, or where we no longer require the data but you oppose the erasure of the data because you need it to establish, exercise or defend legal claims. You are also entitled to the right specified in Art. 18 GDPR if you have objected to the processing in accordance with Art. 21 GDPR.
  • In accordance with Art. 20 GDPR, you may receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or have this data transmitted to another controller.
  • In accordance with Art. 7(3) GDPR, you may withdraw the consent that you have given to us at any time. If you do this, we will not be able to continue the data processing based on this consent in the future.
  • In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. To do this, you can usually contact the supervisory authority for your habitual residence or place of work or the supervisory authority for our registered office. In Austria, the supervisory authority is the Austrian Data Protection Authority: Datenschutzbehörde, Wickenburggasse 8, 1080 Vienna, Austria, tel.: +43 1 52 152-0, email: dsb [at] dsb.gv.at, website: dsb.gv.at.

Section 11: Right to object

In the case of the processing of your personal data for the purposes of legitimate interests in accordance with Art. 6(1)(1)(f) GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your personal data if there are grounds to do so in relation to your particular situation or if the objection is to direct marketing. In the case of direct marketing, you have a general right to object that we will implement without a particular situation being specified.

Section 12: Data security and security measures

We are committed to protecting your privacy and treating your personal data as confidential. To prevent any manipulation, loss or misuse of your personal data that we store, we implement extensive technical and organisational security measures that are reviewed on a regular basis and adapted in accordance with technological developments. These measures include the use of recognised encryption methods (TLS).
However, due to the structure of the internet, the data protection regulations and the security measures specified above may not be observed by other persons or institutions outside of our area of responsibility. In particular, data disclosed in unencrypted form (data sent via email) may be read by third parties. We do not have any influence over this from a technical perspective. It is the responsibility of the users to protect the data that they provide against misuse by means of encryption or by other means.

© 2018 | Dr Daniel Stanonik (lawyer) and KINAST Rechtsanwaltsgesellschaft mbH