Data Protection

Last Updated: 6 April 2020

DISCLAIMER: Please note that this document has been translated into English from the original policy written in German (Datenschutzerklärung). While we have made a good-faith effort to do so accurately, this translated text is for information purposes only. The original German version is our official policy and, in case of any discrepancy, shall prevail.


1. General Information 

We take the protection of your personal data very seriously. We process your personal data exclusively on the basis of the statutory provisions (EU General Data Protection Regulation [GDPR], Austrian Federal Act concerning the Protection of Personal Data [DSG], Austrian Telecommunications Act of 2003 [TKG 2003]).

In order to provide you with our website content, we process information about you, known as personal data (referred to as “data” below). The term “processing” in this policy, means any handling of personal data, such as its collection, storage, use, or deletion.

With this Data Privacy Policy, we are pleased to inform you about the processing of your personal data, as well as the respective claims and rights you are entitled to under the data protection regulations.


The entity responsible for processing your personal data is: 

Institut für die Wissenschaften vom Menschen
[Institute for Human Sciences]
Spittelauer Lände 3
1090 Vienna (Austria)
+43-1-313-58-199
iwm [at] iwm.at

Please do not hesitate to contact us at any time with any complaints, questions and/or comments about data protection.


2. How our website processes your data

    2.1. General information 

When you use our website, we process data that you provide to us (e.g., when you subscribe to the newsletter), protocols (for security purposes, our servers log who makes inquiries) and cookies (these are small text files stored on your device that enable us to identify you during your visit and on subsequent visits).

Our website is hosted on servers operated by DomainFactory GmbH under our data-processing agreement. 

You can block so-called “Third-Party Cookies” from being set by your internet browser. Here are instructions for the most common browsers:

Firefox: here 
Chrome: here
Internet Explorer: here 
Safari: In Apple’s Safari, Third-Party-Cookies are blocked by default.

     2.2. Data processing for the operation and security of our website:

        2.2.1. Server logs

Purpose of processing: When you visit our website, the server collects and logs your usage data (“server logs”). This is a technical necessity that enables you to connect to and use our website. It also allows us to recognize the source of cyber-attacks and defend against them.

The server logs collect the following data: The IP-address of the your device; the date and time of your visit; which files you accessed (name and URL); the volume of data transferred to you; a confirmation if your request was successful; data identifying your browser and operating system; as well as the address of the website from which you accessed us (if you navigated to our website by clicking a link from another website).

Legal basis for processing: to ensure the functionality and system security of our website, we are legally authorized to process your data. 

Recipient of the data: We have contracted the IT services provider DomainFactory GmbH as the website’s technical operator. The data collected on the server logs will not be transferred to any third party, except to the relevant law enforcement authorities in the event of a cyber-attack.

 
Additional Information: The server logs are retained not longer than twelve months.

     2.3. Data processing for marketing purposes:

        2.3.1. Web analysis 

We use the following web-based tools to process data about your use of our website in order to be able to adapt it as best as possible to your interests. 

    • Google Analytics, a web-analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). 

Purpose of the processing: Google Analytics stores cookies in order to recognize you in order to create personalized user statistics about your website activities. In addition, we have activated Google’s “anonymize IP” module, with which the IP address assigned to you is anonymized by Google within the European Union.

Legal basis for processing: Your data is processed on the basis of your consent. You can prevent the use of cookies by setting your browser software accordingly. If the relevant settings are not made, we assume that you consent to the use of cookies.

Recipient of the data: As a rule, information generated by the cookie about your use of the website is transferred to and stored on a Google server in the USA. An appropriate level of protection for such data transmission results from a decision by the European Commission according to Article 45 of the GDPR. Under this Privacy Shield Agreement, Google thus offers a guarantee that it will comply with European data-protection law. Google acts as a processor for us and is allowed to use the transmitted data only to process specific functions and is contractually obliged to comply with statutory data-protection regulations.

Additional Information: You can prevent the storage of cookies by setting your browser software accordingly; however, if you do so, you may not be able to use all functions of the website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your anonymized IP address) and from processing this data by Google by clicking on the following link (https://tools.google.com/dlpage/gaoptout) to download and install the available browser plug-in. 

    • Web server-log analysis

Purpose of the processing: If you browse our website, the web server stores your usage data (so-called “server logs”). The web server-log analyses enable us to determine how many users visit our website, which pages and categories are preferred and which content is rather uninteresting. The processing of the data allows us to create and evaluate usage statistics and to optimize our web services. So that no inferences can be made about individual users of our website, the IP address of the requesting device is anonymized immediately. There is therefore no processing of personal data. 

The data required for analysis are collected by server log files. The following server logs are collected: The IP address of the user’s device (in anonymized form), together with the date and time of access, the data files requested (name and URL), the amount of data is transmitted to you, a confirmation of whether the data access was successful, data identifying the browser type and operating system used, as well as the website from which the access was made (should the website be accessed via a link).

Recipient of the Data:  The transmitted data is analyzed exclusively by us and is not transmitted to any third party.

Additional Information: The data is saved for no longer than three days.

     2.4. Data processing regarding social-media activity:

We employ so-called “social-media plugins” that allow us to display to you interactive elements or content (e.g., text articles, graphics, pictures, and videos) from social-media services. Data, including personal data, can be transmitted to and possibly used by these social-media services.

If you visit our website, the social media plug-ins will establish a direct connection between your browser and the server of the social-media service provider only once you have consented to such data transmission.

Currently, we employ plugins for the following social-media services: 

    • Facebook: We use Facebook plugins on our website that can display interactive elements or content (e.g. videos, graphics or text), which are identified by one of Facebook’s logos (a white “f” on a blue tile, the terms “like” or a “thumbs-up” icon ). The plugins enable you to "like" content on our website or to share it on Facebook. Data is transmitted to Facebook only once you have consented to do so. 

Additional information about Facebook and how it processes your data can be found on Facebook’s own privacy-policy declaration (https://www.facebook.com/privacy/explanation). The legal entity responsible for its own data processing is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

    • YouTube: We use plugins from Google’s web service YouTube. The plugins can enable display of interactive elements or content (e.g., videos, graphics and/or text). The plugins allow data to be transmitted to and used by YouTube only once you have given your consent to this. 

Additional information about YouTube and how it processes your data can be found in Google’s own privacy-policy declarations under https://www.linkedin.com/legal/privacy-policy. The legal entity responsible for its own data processing is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

    • LinkedIn: We use plugins from LinkedIn’s web service. The plugins can enable display of interactive elements or content (e.g., videos, graphics and/or text), which are identified by one of LinkedIn’s logos. The plugins enable you to "like" content on our website or to share it on LinkedIn. The plugins allow data to be transmitted to and used by LinkedIn only once you have given your consent to this.

Additional information about LinkedIn and how it processes your data can be found in its own privacy-policy declarations under https://www.linkedin.com/legal/privacy-policy. The legal entity responsible for its own data processing is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

    • Twitter: We use plugins from Twitter’s web service. The plugins can enable display of interactive elements or content (e.g., videos, graphics and/or text), which are identified by one of Twitter’s logos. The plugins enable you to "like" content on our website or to share it on Twitter. The plugins allow data to be transmitted to and used by Twitter only once you have given your consent to do so.

Additional information about Twitter and how it processes your data can be found in its own privacy-policy declarations under https://twitter.com/privacy. The legal entity responsible for its own data processing is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland.

    • WhatsApp: We use plugins from WhatsApp’s web service.

Additional information about WhatsApp and how it processes your data can be found in its own privacy-policy declarations under https://www.whatsapp.com/legal/#privacy-policy. The legal entity responsible for its own data processing is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

     2.5. Other third-party providers

To improve our website content, we use the following third-party providers:

Google Maps: By embedding Google Maps on our website, we can display Google map content and enable you to use the map function directly on our website. By embedding Google Maps, data can be sent to and, if necessary, used by Google. When you visit our website, data is not automatically transmitted to Google. Transmission of data to Google occurs only once you have given your consent to this. 

An appropriate level of protection for such data was determined the European Commission according to Article 45 of the GDPR. Under this Privacy Shield Agreement, Google thus offers a guarantee that it will comply with European data-protection law. 

Additional information about Google Maps and how it processes your data can be found in its own privacy-policy declarations under 
https://policies.google.com/privacy. The legal entity responsible for its own data processing is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.


 3. Data processing for the newsletter

Purpose of processing: If you subscribe to our newsletter, you will periodically receive information from us by e-mail about us and our range of services. If you no longer want to receive such e-mails from us, you can simply use the “unsubscribe” link displayed in each newsletter.

Legal basis for processing: By voluntarily subscribing to the newsletter, you consent to our processing of your data.

Recipient of the data: The following service providers receive your data so that they may send you the newsletter in our name and to manage our newsletter subscribers: 

“MailPoet,” an e-mail plugin by Wysija SARL, 6 rue Dieudé, 13006 Marseille, France. We have contracted with this company to act as a data processor. It may use your data only to process specific orders and is contractually obliged to comply with the statutory data protection regulations.

Additional Information: We process your data until you have rescinded your consent or have unsubscribed from the newsletter. (In each newsletter we send, you will find a link allowing you to unsubscribe).


 4. Data processing for carrying out business activities:

     4.1. Data processing for establishing contact:

Purpose of processing: If you contact us (e.g., by e-mail, via the website’s contact form, or by phone call), we will process the data you provide us only to the extent necessary for us to handle or fulfill your request.

Legal basis for processing: The processing of your data occurs in order for us to carry out pre-contractual measures, to fulfill a contractual relationship or is based on our legitimate interest, specifically so that we can reply to your query.

Recipient of the data: You give us this data under the assumption that it is necessary for handling your query.

Additional Information: We process your data as long as it is necessary to handle your query. In order to service any follow-up requests, we retain your data for seven years after our last contact with you.

     4.2. Data processing for administering events

Purpose of the processing: If you register with us for an event, we process your data to administer the registration, to organize and hold the event, to answer questions you ask us in connection with your registration, and to formally deal with matters arising from our business relationship.

Legal basis for processing: Your data is processed to fulfill a contractual relationship or has a legitimate basis necessary to carry on a business relationship.

Recipient of the data: If it is necessary, on a case-by-case basis, for the fulfillment of a contractual relationship or on legal grounds, your data will be transmitted to the following recipient categories:

    • CiviCRM Contact Database hosted by

Caltha - Krzewski, Potempski Sp.J.
KRS: 0000146283
REGON: 015321936
NIP: 951-20-65-740
Aleja Niepodległości 245 lok. 57
02-009 Warszawa


Additional Information: We process your data only for as long as is necessary to fulfill our contractual relationship or our legal obligations (e.g., record-keeping requirements mandated by tax and corporate laws). As a rule, we retain data for seven years. 

Please note that we might take photographs and video recordings during the event in order to document it and for media reporting (e.g., in newspapers, magazines, and publications, as well as on websites and social-media platforms). 

It is in our legitimate interest to process such photography and videography in order to document and present our activities. When publishing images, care is taken not to violate the legitimate interests of the individuals pictured.


     4.3. Data processing for fundraising (donations)

Purpose of processing: If you wish to support us financially, we will process your data in order to handle the donation transaction or the contractual relationship and to deal formally with matters arising from our business relationship.

Legal basis: Your data is processed to satisfy a contractual relationship for the purpose of processing donations and for booking payments.

Recipient of the Data: If it is necessary, on a case-by-case basis, for the fulfillment of a contractual relationship or on legal grounds, we may forward the data you provide to us, as needed, to the following categories of recipients:

    • banks;
    • legal representatives;
    • public accountants, auditors and tax advisors;
    • courts of justice; and
    • authorized administrative agencies.

Additional information: We process your data only for as long as is necessary to fulfill our contractual relationship or our legal obligations (e.g., record-keeping requirements mandated by tax and corporate laws). As a rule, we retain data for seven years. 


5. Your rights

     5.1. Right to obtain information about stored data in accordance with Article 15 GDPR

You have the right to request information about whether we are processing your personal data. If this is the case, you have a right to obtain information about this personal data as well as other information related to the data’s processing.

     5.2. Right to rectify inaccurate data in accordance with Article 16 GDPR

In the event that the personal data we process about you is not (or no longer) correct or complete, you can request a correction and, if necessary, completion of this data.

     5.3. Right to erasure of data in accordance with Article 17 GDPR

By meeting certain legal requirements, you can request the erasure of your personal data.

     5.4. Right to restrict processing of data in accordance with Article 18 GDPR 

By meeting certain legal requirements, you can request that the processing of your data be restricted.

     5.5. Right to data portability in accordance with Article 20 GDPR

By meeting certain legal requirements, you can request the transfer of your data in a structured, commonly used and machine-readable format.

     5.6. Right to object to unreasonable processing of your personal data in accordance with Article 21 GDPR

On grounds relating to your particular situation, you can object at any time to the processing of your data, which we process on the basis of a legitimate interest in accordance with Article 6(1)(f) GDPR.

     5.7. Right to withdraw consent

If the processing takes place on the basis of a declaration of consent, you have the right to revoke this at any time without affecting the lawfulness of processing based on consent before its withdrawal.

     5.8. Right to lodge a complaint with a data-protection authority

If you believe that our processing of your personal data violates the applicable data protection law, or that your data-protection rights have been violated in any other way, you can lodge a complaint with the responsible supervisory authority (Austrian data protection authority). Its address is:

Österreichische Datenschutzbehörde
Barichgasse 40-42 
1030 Vienna (Austria)
Telephone: +43 1 52 152-0
E-mail: dsb [at] dsb.gv.at

6. Additional Information:

We ask you to provide us with your data so that we are able to process the sale of our goods, provide our services within the scope of a contractual relationship, and/or to provide information that you have requested via our newsletter or other channel of communication.

If you do not provide us with your data, we cannot render our services.

Your data are not subject to a decision based solely on automated processing, including profiling. If we process your personal data for a different purpose than that for which we collected this data, we will inform you of this fact and inform you about this other purpose.