Data Protection Declaration for the FWF Website

The Austrian Science Fund (FWF) is pleased that you are visiting our website. Data protection and data security when using our website are very important to us. We would therefore at this point like to inform you which of your personal data we collect when you visit our website and what purposes it is used for.

Since changes in the law or changes in our internal processes may make it necessary to adapt this data protection declaration, we ask you to read this data-protection declaration regularly. The data protection declaration can be called up, saved and printed out at any time under the heading data protection declaration.

§ 1 Responsibility and area of application

The body responsible within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

Austrian Science Fund (FWF)

Haus der Forschung
Sensengasse 1
A-1090 Vienna

Tel.: +43-1-505 67 40-0
E‑Mail: office(at)fwf.ac.at
Website: www.fwf.ac.at

This data protection declaration applies to the FWF website and its various subdomains, which can be accessed under the domain www.fwf.ac.at (hereinafter referred to as “our website”).

§ 2 Data protection officer

The external data protection officers of the body responsible are:

Dr. Daniel Stanonik
Rechtsanswaltskanzlei Stanonik
Salztorgasse 2/8
A-1010 Vienna

Tel.: +43-1-904 33 55
E‑Mail: daniel(at)stanonik.at
Website: http://www.stanonik.at

Dr. Karsten Kinast, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
Hohenzollernring 54
D-50672 Cologne

Tel.: +49-221-222 183-0
E‑Mail: mail(at)kinast-partner.de
Website: http://www.kinast-partner.de/externer-datenschutzbeauftragter/

§ 3 Principles of data processing

Personal data is all information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behaviour. Information that we cannot (or only with disproportionate effort) relate to your person, e.g. by anonymising the information, is not personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal basis or your consent.

Processed personal data will be deleted as soon as the purpose of the processing has been achieved and no legally prescribed retention obligations are to be observed.

If we process your personal data for the provision of certain offers, we will subsequently inform you about the specific processes, the scope and purpose of data processing, the legal basis for processing and the respective storage period.

§ 4 Individual processing operations

1. Provision and use of our website

a. Type and scope of data processing

When you access and use our website we collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a log file. When you use our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

  • IP address of the requesting computer
  • date and time of access
  • name and URL of the retrieved file
  • web page from which access is made (referrer URL)
  • the browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

b. Legal basis

GDPR Art. 6 para. 1 (f) serves as the legal basis for the aforementioned data processing. The processing of the data mentioned is necessary for the provision of a website and thus serves the ensuring of a legitimate interest of our company.

c. Length of storage

As soon as these data are no longer required to display our website, they will be deleted. The collection of data for the provision of our website and the storage of data in log files is absolutely necessary for the operation of our website. Consequently, there is no possibility of objection on the part of the user. Further storage may take place in individual cases if this is required by law.

2. Ordering of printed products

a. Type and scope of data processing

On our website, we offer users the opportunity to order printed products by providing personal data. The data required for this is entered into an input mask and transmitted to us and stored. The data will not be passed on to third parties. The following data is collected during the ordering process:

  • name
  • address
  • e-mail address
  • telephone number

Your data will be passed on to the shipping company commissioned for the delivery, insofar as this is necessary for the delivery of the goods.

If you order printed products on our website and enter your e-mail address, we may use this to send you a newsletter regarding our own similar goods or services.

b. Legal basis

GDPR Art. 6 para. 1 (b) serves as the legal basis for processing your personal data (cf. § 4 2. a.) that are necessary to fulfil a contract concluded with us,. This also applies to processing operations that are necessary to carry out pre-contractual measures.

c. Length of storage

On completion of the processing of the contract, your data will be blocked for further use and deleted after expiry of the storage periods under tax and commercial law, unless you have expressly consented to the further use of your data. Further storage may take place in individual cases if this is required by law.

3. Newsletter

a. Type and scope of data processing

You can subscribe to a free newsletter on our website. In order to be able to send you the newsletter regularly, we need the following information from you:

  • e-mail address

None of your data is passed on to third parties in connection with the sending of the newsletter.

We use the “double opt-in procedure” for sending the newsletter, i.e. we will only send you the newsletter if you confirm your registration beforehand via a confirmation e-mail sent to you for this purpose via a link contained in it. This is to ensure that, as the owner of the e-mail address provided, only you can subscribe to the newsletter. Your confirmation must be sent shortly after receipt of the confirmation e-mail, otherwise your newsletter subscription will be automatically deleted from our database.

b. Legal basis

The processing of your e-mail address for sending newsletters is based on your voluntary declaration of consent pursuant to GDPR Art. 6 para. 1 (a):

Declaration of consent:

By entering my data and pressing the “send” button, I agree to my e-mail address, my name and my address being processed for the regular sending of the newsletter. I can unsubscribe from the newsletter service at any time by clicking on the appropriate link at the end of the newsletter.

I may revoke my consent to the collection of personal data collected during the registration process at any time.

c. Length of storage

Your e-mail address, your name and your address will be stored for as long as you have subscribed to the newsletter. After you unsubscribe from the newsletter, your e-mail address and your contact data will be deleted. Further storage may take place in individual cases if this is required by law.

4. Elane application and project data

a. Type and scope of data processing

In the course of submitting applications via the Elane application portal, the following personal data of researchers, project participants and other persons associated with the applications will be processed:

  • first name
  • family name
  • address
  • e-mail-address
  • contact data
  • qualifications
  • date of birth
  • date of PhD
  • country of PhD
  • research institution of PhD
  • ORCID (Open Researcher and Contributor ID)
  • language of correspondence
  • educational level
  • family status
  • number of children
  • nationality
  • academic degrees
  • employment contract data
  • personal ID (identifier)

b. Legal basis

The processing of personal data via https://elane.fwf.ac.at is based on Art. GDPR 6 Para. 1 (c) and § 2g FOG.

c. Length of storage

The personal data will be deleted after the end of the legal retention periods.

§ 5 Passing on of data

We will only pass on your data to third parties if:

  • you have given your express consent pursuant to GDPR Art. 6 para. 1, sentence 1 (a).
  • this is permitted by law and is necessary for the fulfilment of a contractual relationship with you pursuant to GDPR Art. 6 para. 1, sentence 1 (b).
  • there is a legal obligation to pass on data according to GDPR Art. 6 para. 1 sentence 1. (c).
  • the disclosure pursuant to GDPR Art. 6 para. 1, sentence 1 (f) is necessary to protect legitimate company interests and to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.

§ 6 Use of cookies

a. Scope and extent of data processing

We use cookies on our website. Cookies are small files that are sent by us to the browser of your terminal device during your visit to our website and stored there. Some functions of our website cannot be offered without the use of technically necessary cookies. Other cookies, on the other hand, allow us to perform various analyses. For example, cookies can recognise the browser you are using the next time you visit our website and to transmit various pieces of information to us. With the help of cookies, we can make our website more user-friendly and effective for you, for example by tracking your use of our website and recording your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device. They cannot run programs or contain viruses.

Various types of cookies are used on our website, the type and function of which will be explained in more detail below.

Our website uses transient cookies, which are automatically deleted when you close your browser. This type of cookie allows us to collect your session ID. This makes it possible to assign different requests from your browser to a common session and enables us to recognise your end device during subsequent visits to the website.

Persistent cookies are also used on our website. Persistent cookies are cookies that are stored in your browser for a longer period of time and transmit information to us. The respective storage time differs depending on the cookie. You can delete persistent cookies independently using your browser settings.

Function 1: Necessary cookies

These cookies are required for technical reasons so that you can visit our website and use the functions we offer. This applies, for example, to the following applications: Website, Piwik

In addition, these cookies contribute to the safe and correct use of our website.

These cookies enable us to analyse website usage and improve the performance and functionality of our website. For example, information is collected about how visitors use our website, which pages are most frequently accessed, or whether error messages are displayed on certain pages.

Advertising cookies (third-party providers) allow us to show you various offers that match your interests. These cookies can be used to record the web activities of users over a longer period of time. You will possibly recognise the cookies on various devices you use.

In addition, certain cookies allow us to connect to your social networks and share content from our website within your networks.

b. Legal basis

According to the described purposes of use (cf. § 6 a), the legal basis for the processing of personal data using cookies is contained in GDPR Art. 6 para. 1 (f).

c. Length of storage

As soon as the data transmitted to us via the cookies is no longer necessary for the purposes described above, this information will be deleted. Further storage may take place in individual cases if this is required by law.

d. Configuration of browser settings

Most browsers are preset to accept cookies by default. However, you can configure your browser so that it only accepts certain cookies or no cookies at all. However, we would like to point out that if cookies are deactivated on our website by your browser settings you may no longer be able to use all functions of the website. You can also use your browser settings to delete cookies already stored in your browser or to have the storage time displayed. In addition, it is possible to set your browser so that it informs you before cookies are stored. Since functions may differ on different browsers, we would ask you to use your browser’s help menu for the configuration options.

If you would like a comprehensive overview of all third-party access to your internet browser, we recommend that you install specially developed plug-ins.

§ 7 Tools for tracking and analysis

We use tracking and analysis tools to ensure continuous optimisation and demand-oriented design of our website. With the help of tracking measures it is also possible for us to statistically record the use of our website by visitors and to further develop our online offer for you with the help of the knowledge gained. In accordance with these interests, the use of the tracking and analysis tools described below is justified under GDPR Art. 6 para. 1 sentence 1 (f). The following description of the tracking and analysis tools also shows the respective processing purposes and the data processed.

1. Piwik

Our website uses Piwik, open-source software for statistical analysis of visitor access. Piwik uses cookies. The information generated by cookies about your use of our website is stored on the web server. You may prevent the use of cookies by selecting the appropriate settings on your browser. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

After processing and before saving, the IP address is anonymised. However, we expressly point out that, despite the fully activated anonymisation function, total anonymisation is not achieved, but is merely a pseudo-anonymisation. When it is used, Piwik creates an internal hash value, which is calculated from various factors such as the IP address, the resolution, the browser, the plugins used and the operating system. With the activated anonymisation function this heuristic also uses the full IP address for internal purposes, so that a recalculation of the values back to the IP address is possible with some effort and can thus be linked the other information with a high degree of reliability.

If you do not agree to the storage and evaluation of this data, you can veto its storage and use (below by mouse click) at any time. (An opt-out cookie is then stored in your browser, which means that Piwik does not collect any session data.)

Visits to our website are currently recorded by Piwik.

2. AddThis“ bookmarking service

This website contains AddThis plugins, which allow you to bookmark or share interesting website content. AddThis uses cookies. The data generated (such as time of use or browser language) is transferred to the AddThis company in the US and processed there.

We do not process the data concerned. By using the AddThis field, you agree to the processing of data by the AddThis company to the extent shown on the www.addthis.com website. You can veto the use of your data at any time by using an opt-out cookie, which you can download from the following link: http://www.addthis.com/privacy/opt-out. This deactivation prevents advertisers from receiving data about excluded visitors. This also prevents them from learning the interests of these visitors and personalising their content or services for them.

§ 8 Plugins

1. Facebook, Google+ and Twitter

Our website contains social plugins of the Facebook (Facebook Inc., 1601 S. California Ave, Palo Alto, California 94304, US), Google+ (Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, US) and Twitter (Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, US) social networks. These services are provided by the respective companies (providers). As part of our online presence, the social plugins are identified by the respective buttons belonging to the service. On the basis of the data transmitted to the respective service via the social plugins, if necessary the service can assign you to your account with it. In order to increase the protection of your data on our website, the social plugins are integrated on our website by means of a two-click solution. This ensures that no automatic connection to the servers is established by the respective providers when a page of our website containing such social plugins is called up.

The activation of the function of the respective social plugin takes place in two stages. To activate a social plugin, you must first click on the link on our website. This first activates the social plugin and your browser establishes a connection to the servers of the respective provider. With a second click you can now interact with the social plugin and, for example, submit your recommendation. If you are already logged in to one of the social networks of the providers, they can immediately assign the visit to this website to your profile. If you interact with the social plugins by clicking on them, the corresponding information is also transmitted directly to the provider’s server and stored there. The information may also be published on the social network and displayed there under your contacts. If you wish to prevent such direct association with your profile of your data collected via our website, you must log out of your provider's account before visiting our website.

The scope and purpose of the data collection by the respective service as well as the further processing and use of your data there can be found in the data protection information directly from the service’s website. There you will also receive further information about your corresponding data protection rights and setting options for the protection of your privacy.

a.   Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, US

https://www.facebook.com/policy.php

https://www.facebook.com/help/186325668085084

b.   Google Inc., 1600 Amphitheater Parkway, Mountain View, California 94043, US

https://policies.google.com/privacy/update?hl=de

c.   Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, US

https://twitter.com/privacy?lang=de

2. Xing

A button of the Xing network is used on our website. When you press this button, a short-term connection is established via your browser to servers of Xing AG (hereinafter Xing), with which the Xing button functions are performed. Xing does not store any personal data about you when you visit our website. In particular, Xing does not store IP addresses. There is also no evaluation of your usage behaviour via the use of cookies in connection with the Xing share button. The latest data protection information on the Xing share button and additional information can be called up on these internet pages:

https://www.xing.com/app/share?op=data_protection and www.xing.com/privacy.

3. Vimeo

Our website uses plugins from Vimeo.com, which is operated by the Vimeo company , 555 West 18th Street, New York, New York 10011, US. If you call up webpages from our website provided with such a plugin, a connection to the Vimeo servers is established and the plugin is displayed on the website by notifying your browser. This will tell the Vimeo server which of our web pages you have visited. If you are logged in as a Vimeo member, Vimeo assigns this information to your personal user accounts on these platforms. When using these plugins, such as clicking/launching a video or sending a comment, this information is assigned to your Vimeo user account, for example, which you can only prevent by logging out before using the plugin.

Information on the collection and use of data by the above platform or plug-ins can be found in the data protection information: http://vimeo.com/privacy.

4. LinkedIn

The functions of the LinkedIn network are used on our website by the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, US (hereafter LinkedIn).

If one of our pages contains elements from LinkedIn, a connection to the LinkedIn server is established when you access it. LinkedIn will be informed about your visit with your IP address on our website. By clicking the LinkedIn button for the recommendation function, LinkedIn is able to assign this visit to your user account on LinkedIn. This information is then processed further by LinkedIn.

The corresponding conditions and setting options can therefore be found in LinkedIn's privacy policy on the page https://www.linkedin.com/legal/privacy-policy.

5. Research Gate

Our website uses the functions of the Research Gate research network from ResearchGate GmbH, Invalidenstrasse 115, 10115 Berlin, Germany. For more information, see: https://www.researchgate.net/privacy-policy.

§ 9 Hyperlinks

Our website contains hyperlinks to websites of other providers. When these hyperlinks are activated you will be redirected from our website directly to the other providers’ networks. You can recognise this, for example, by the change in the URL. We cannot assume any responsibility for the confidential handling of your data on these third-party websites, as we have no influence on whether these companies comply with data protection regulations. Please inform yourself about the handling of your personal data by these companies directly on their websites.

§ 10 Rights of the parties concerned

The GDPR gives you the following rights as someone affected by the processing of personal data:

  • In accordance with GDPR Art. 15, you can request information about your personal data processed by us. In particular, you may request information on the purposes of processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or veto, the existence of a right of appeal, the origin of your data, if not collected by us, a transfer to third countries or international organisations and the existence of automated decision-making including profiling and, if applicable, meaningful information on their details.
  • In accordance with GDPR Art. 16 you can demand the immediate rectification of inaccurate personal data concerning you or the completion of incomplete personal data stored by us.
  • In accordance with GDPR Art. 17, you may request the deletion of your personal data stored by us, provided that the processing is not necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, on grounds of public interest or to assert, exercise or defend legal claims.
  • In accordance with GDPR Art. 18, you can demand the restriction of the processing of your personal data if you dispute their accuracy, if the processing is unlawful, if we no longer need the data and if you refuse their deletion because you need them to assert, exercise or defend legal claims. You are also entitled to the right under GDPR  Art. 18 if you have filed an objection to the processing pursuant to GDPR Art. 21.
  • In accordance with GDPR Art. 20, you can demand that the personal data you have provided us with be received in a structured, commonly used and machine-readable format or you can request that they be transmitted to another person responsible.
  • In accordance with GDPR Art 7. para. 3, you can withdraw your consent to us at any time. As a consequence, we will in future no longer be permitted to continue the data processing based on this consent.
  • In accordance with GDPR Art 7 you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters. In Austria, the supervisory authority is the data protection authority, Wickenburggasse 8, 1080 Vienna. Telephone: +43-1-52 152-0, e mail: dsb(at)dsb.gv.at, Web: www.dsb.gv.at.

§ 11 Right to object

When processing your personal data on the basis of legitimate interests pursuant to GDPR Art. 6 para. 1 sentence 1 (f), you have the right to object to the processing of your personal data pursuant to GDPR Art. 21, if there are grounds for this arising from your particular situation or the objection is directed against direct advertising. In the case of direct advertising, you have a general right of objection, which we will implement without the need for details of a particular situation.

§ 12 Data security and security measures

We commit ourselves to protect your privacy and to treat your personal data confidentially. In order to prevent manipulation, loss or misuse of your data stored with us, we take extensive technical and organisational security precautions, which are regularly checked and adapted to technological progress. This includes the use of recognised encryption methods (transport-layer security).
However, we would like to point out that due to the structure of the internet, it is possible that the data protection rules and the above-mentioned security measures may not be observed by other persons or institutions not within our area of responsibility. In particular, unencrypted data – e.g. if this is sent by e-mail – can also be read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data they provide against misuse, by encryption or in any other way.