Data protection information for our websites

Data protection and data security are very important to the Technische Universität Wien (TU Wien). The processing of personal data takes place in strict compliance with the principles and requirements of the General Data Protection Regulation (GDPR). TU Wien only processes the data that is required to achieve the intended purpose and always strives to ensure the security and accuracy of the data.

Controller and scope of application

The controller within the meaning of the European Union’s General rotection Regulation (GDPR) and other national data protection laws of the EU member states and other legal data protection provisions is the

Rectorate of TU Wien
Karlsplatz 13, 1040 Wien

This data protection declaration applies to the websites https://FAM.tuwien.ac.at and https://SWM.tuwien.ac.at (hereinafter referred to as “our websites” or “websites”). For the data protection declaration of TU Wien in general, please, see Data protection at TU Wien.

Data protection officer

Mag. Christina Thirsfeld
TU Wien
Karlsplatz 13/E018, 1040 Wien
datenschutz@tuwien.ac.at

Contacts for FAM & SWM

Sandra Trenovatz and Andreas Schamanek

What are personal data?

Personal data are individual information about the personal or factual circumstances of a specific or identifiable natural person (“data subject”). This includes such information as your name, address, telephone number, date of birth or email address. Information with which we cannot establish any connection to your person (or can only do so with undue effort), e.g. as by anonymising the information, is not personal data.

General remarks on data processing

Scope

We generally collect and use our users’ personal data only to the extent necessary to provide functional websites and our content and services. We use your personal data to provide the information, products and services we offer, to answer your questions and to operate and improve our websites and applications.

We collect and use our users’ personal data only in accordance with a corresponding statutory basis within the GDPR, for example based on a legal obligation, such as according to Universities Act 2002, a contractual obligation, the public interest or the consent of the user. We will make no further use of your personal data. We will not transfer your personal data to third parties or use your data for advertising purposes without your consent except in the cases described below, unless we are legally obliged to disclose data.

Statutory basis

If we obtain the consent of the data subject to process personal data, we do so on the basis of Article 6, par 1 (a) EU General Data Protection Regulation (GDPR). Article 6, par 1 (b) GDPR serves as the statutory basis for the processing of personal data required in order to perform contracts to which the data subject is a party. This also applies to processing required in order to implement precontractual measures. If it is necessary to process personal data in order to fulfil a statutory obligation to which the TU Wien is subject, this is done according to Article 6, par 1 (c), GDPR. Should vital interests of the data subject or another natural person make it necessary to process personal data, Article 6, par 1 (d) GDPR serves as a statutory basis. If the processing is necessary for the performance of a task carried out in the public interest, Article 6, par 1 (e) GDPR serves as the legal basis. If processing is necessary to safeguard a legitimate interest of TU Wien or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Article 6, par 1 (f), GDPR serves as the statutory basis for processing.

Erasing and duration of storage

As soon as the purpose of the storage no longer applies, the personal data of the data subject will be erased or blocked. However, the data may be stored if European or national legislatures have made provision for this in EU Regulations, legislation or other regulations to which the person responsible is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless it is necessary to further store the data in order to enter into or perform a contract.

Individual processing operations

If you wish to make use of the services offered in our internet presence, it will be necessary to provide further data. You will find details below in the description of actual data processing procedures. In particular, personal data are used as follows:

Providing websites and creating logfiles

Every time you visit our websites, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:

• the IP address of the requesting computer;
• the date and time of access;
• the name and URL of the file retrieved;
• the quantity of data transmitted;
• a report on whether the request was successful;
• identification data of the accessing browser and operating system;
• the internet site which linked to our website.

The log files contain IP addresses and other data that can be associated with a user. For example, this might be if the link to the website from which the user accesses the website or if the link to the website which the user accesses, contains personal data.

The data is also stored in the log files of our system. These data are not stored together with other personal data of the user.

The statutory basis for the temporary storage of data and log files is Article 6, par 1 (f) GDPR.

The data is stored in log files in order to ensure the functionality of the website. The data is also used to optimise the website and to ensure that our information technology systems are secure. There is no evaluation of the data for marketing purposes in this context. These purposes also include our legitimate interest in processing data in accordance with Article 6, par 1 (f) GDPR.

The data are erased as soon as they are no longer required for the purpose of their collection. This is done after 30 days at the latest. Collecting data in order to make the website available is essential for the operation of the website. The user is therefore not able to object.

Registration forms

Our websites provide registration forms for registering for events. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved. The following data can be collected as part of the contact forms:

• Event
• Type of participation
• Salutation
• Academic degree
• Name
• E-Mail address
• Address
• Company name
• Actuarial association and membership number

This personal data is used exclusively for the processing and transmission of data for the organization and administration of the events.

Unless explicitly stated under the form, the data will not be passed on to third parties in this context.

This use of personal data is done on the basis of Article 6, par 1 (e) GDPR (fulfilling a task in the public interest) in conjunction with par 3, nos. 5, 7 and 10 of the Universities Act 2002 (“continuing education of graduates”, “support of national and international cooperation in the field of scientific research and teaching as well as arts,” and “maintaining contact with graduates”).

If the user has given his or her consent, the legal basis for processing the data is Article 6, par 1 (a) GDPR.

The statutory basis for the processing of the data which are sent when an email is transmitted is Article 6, par 1 (f) GDPR. If the intention of an email contact is to enter into a contract, Article 6, par 1 (b), GDPR is the additional statutory basis for the processing.

We store your data for the processing of the event and beyond, as long as legal retention periods exist or as long as legal claims can be asserted against the TU Wien or as long as consent has been granted for this purpose.

Newsletters/Mailing lists

You can subscribe to free newsletters on our websites. The data from the input template will be transmitted to us when you register for the respective newsletter. To subscribe to our email newsletter service, we need at least your email address to which the newsletter is to be sent. Any further information you provide is provided voluntarily and will be used to address you in a personal style, or to personally design the content of the newsletter and to resolve issues concerning the email address.

Personal data are processed based on Article 6, par 1 (a) or (e). The collection of the user’s email address is used to deliver each newsletter.

When you register for the respective newsletter, your email address is used for our own (advertising) purposes until you unsubscribe from the newsletter.

The data will be erased as soon as they are no longer required for the purpose of their collection. The user’s email address is therefore stored for as long as the subscription to the respective newsletter is active.

Data will not be passed on to third parties in connection with data processing in order to send newsletters. These data will be used solely to send each newsletter.

Wikis

Our websites offer the option of editing and subscribing to wiki content, which requires free registration. For this we need your e-mail address and a login name. Any further information is voluntary and will only be used to address you personally.

Personal data are processed based on Article 6, par 1 (a) or (e). The collection of the user’s email address is used to deliver changes of subscribed wiki content and to deliver password reset links.

Every time a user makes changes to the wiki or subscribes to changes the following data is collected:

• the IP address of the requesting computer;
• the date and time of access;
• the user’s login name;
• the made changes or uploaded files;
• or the subscriptions.

The data are erased as soon as they are no longer required for the purpose of their collection. The IP address, date and time of access, login names and changes made are erased after 1 year. Subscriptions are erased as soon as they are undone.

Data will not be passed on to third parties in connection with data processing for our wikis.

Security measures used to protect the data stored with us

We undertake to protect your privacy and to treat your personal data confidentially. In order to prevent the loss or misuse of data stored by us, we take extensive technical and organisational security precautions which are regularly checked and adapted to technological progress. However, we should point out that due to the structure of the internet, it is possible that the data protection rules and the above-mentioned security measures may not be observed by other persons or institutions for which we are not responsible. In particular, unencrypted data can be read by third parties - e.g. if this is done by email. We have no technical control over this. It is the responsibility of the user to protect the data provided by him/her against misuse through the use of encryption or in some other way.

Hyperlinks to external websites

Our websites contain so-called hyperlinks to websites of other providers. If you activate these hyperlinks, you will be redirected from one of our websites directly to the website of other providers. You will recognise this by the change of URL, for example. We cannot accept any responsibility for the confidential handling of your data on these third-party websites, as we have no control over whether these companies comply with data protection regulations. Please inform yourself directly on these websites about how these companies handle your personal data.

Objections

When processing your personal data based on “perception in the public interest” and on “legitimate interests”, you have the right to object to the processing of your personal data if there are reasons for doing so which arise from your particular situation or from the use of direct advertising. In the case of direct advertising, you have a general right of objection which we put into effect without your having to state a particular situation.

Rights of data subjects

In your capacity as a data subject, GDPR grants you the following rights when your personal data are processed: the right to information, to rectification, to erasure, to restriction of processing of your personal data, to data portability, to object, or to revoke.

If the rights of data subjects within the meaning of this data protection declaration are asserted, all such applications or requests must be addressed to: datenschutz@tuwien.ac.at . If you believe that the processing of your data breaches data protection law or that your data protection claims have been breached in some other way, you can complain to the Austrian Data Protection Authority.