We take the protection of your personal data and your privacy seriously. We therefore only process your data in the framework of the legal regulations: European Parliament Directive (EU) 2016/679 data protection regulations  (GDPR, General Data Protection Regulation), Austrian Data Protection Act  (DSG) and Telecommunications Act (TKG) and document this with the privacy tool Niobase by Akarion GmbH.

Here, we would like to inform you about the following processing activities:


Pursuant Art 4 Z 7 GDPR (General Data Protection Regulation) is the University for Continuing Education Krems (in the following „Danube University Krems, "we" or "us“)

Dr.-Karl-Dorrek-Straße 30
3500 Krems an der Donau

If you have any questions regarding how we process your data, please don’t hesitate to contact us:

+43  2732 8930

Data Protection Officer: MMag.a Katharina Ranjan

Processing personal data when visiting our website - Processing the access data cookies

Server logs

When visiting our website we store the ip address of the site visitor along with data on the time and history of page requests, the amount of date transferred, whether the retrieval was successful, the identification of the browser data and operating system used, as well as the website from which it was accessed (in case it was accessed via a link) for a period of four months.  

The use of technical cookies

We use so-called cookies on various pages to make our website more attractive and to enable specific functions. Cookies are small files stored on your end device. They allow us to recognize your browser when you visit us again.

The following cookies are referred to:

Name Description Storage time
CookieMessageAccepted used cookies accepted 1 year

mark favorites sites

10 years
Information Material

mark order of information material

10 years (will be deleted at order of information material)  

info.magnolia.ecommerce.cart ID of the uni shop basket

68 years  (2.147.483.647 seconds)


You can set your browser to inform you when cookies are used, and then decide whether you accept certain cookies, or deactivate them entirely. However, if you deactivate technical cookies you may not be able to use all the functions on our website.

Legal Basis

We use server logs and technical cookies in our legitimate interest (Online Services, Data Security)  in accordance with Art 6 par 1 f GDPR.

Google Analytics

Our website uses functions provided by the web analysis service Google Analytics. Cookies are used for the purpose of analyzing how users use our website. The information generated in this manner is transmitted to and stored on the provider’s server.
You can prevent this by setting your browser to prevent cookies being saved.
We have signed a pertinent data processing contractor agreement with the provider.
Your IP address is stored, but immediately pseudonymized. This only allows approximate localization.
The relationship with the web analysis provider is based on the „Privacy Shield“ agreement signed by Google.

Legal Basis

Using Google Analytics is based on legal legitimate interests (Art 6 par 1 lit f GDPR), which comprise website evaluation and website activities.

Who receives the data

The data is transmitted to Google for the purpose described above.

How long it is stored

Personal data (data at user and event level) is stored for a period of 26 months and then deleted.

Google Fonts and Maps

We use Google Fonts, which are integrated into Google's servers and/or, if applicable, a temporary storage in your browser cache. Furthermore, our website has integrated google maps to display the Campus Map of our locations in Krems, Memmingen and Wiener Neustadt to plan routes and/or locate our university staff; you can load the maps by clicking on the location information of our respective staff member.
Legal basis
The use of Google Fonts and Maps is based on our legitimate interest in the user-friendly design of our website pursuant to Art 6 par 1 lit f GDPR.
Information concerning the processing of the data through Google services which are integrated free of charge in our website are listed in the linked terms of Google Maps or the following data protection notice:

Google Privacy Policy

Social Media Links

The website is linked with social media networks such as Facebook, Twitter, Instagram, Youtube, Xing.

You can find out more about the scope and purpose of data collection and processing, how the data is used by the operator, your rights and how to activate the relevant settings to protect your privacy here:


The website contains links to other websites. These links to the websites of other internet participants are offered as a service for users wishing for further information. Danube University Krems has no influence over the content of the linked pages. Danube University Krems cannot accept liability for this content in any way. The providers of the linked websites are solely responsible for the content and accuracy of the information provided.

Any Youtube videos embedded on our website are activated in the extended data protection mode offered by Youtube, so that no cookies are set to record user behavior.

Contact with interested persons and online forms

Purpose of processing
If you contact us personally, via email, phone, and online form on the website, or any other form (handing over a business card), request information material, share our website via clicking the button and the form "Send page by e-mail" or send your favorite lists via the form "Send your favorites", the data you provide will be processed for the purpose of processing your enquiry and for follow-up questions.

Legal basis

The processing of your personal data within the scope of the online forms is based on your consent in accordance with Art 6 par 1 lit a GDPR or, with regard to the recipient contact data provided by you, on our legitimate interest and our legal duty in accordance with Art 6 par 1 lit e resp. f GDPR to inform the public about the fulfilment of the tasks of the university.

Storage of data
1 month for the forms "Send page by mail", "Send your favorites", otherwise
maximum 7 years.

Revoke your consent

You can revoke your consent at any time by sending an email to datenschutz@donau-uni.ac.at . By revoking your consent, legitimacy based on your permission until you revoked it will not be affected.

Newsletter and Info-Mail („e-Post“)

Purpose of processing

The personal data you provide when you register for newsletters (www.donau-uni.ac.at/newsletter) and/or info-mail („e-post“ www.donau-uni.ac.at/e-post.html) is processed for the purpose of sending you emails with information, e.g. about your studies, lectures, research and events and to evaluate the click rates provided by the email recipient. 

Legal basis

We process your personal data only with your express permission (Art 6 par 1 lit a GDPR) and § 107 TKG.

Storage period

We only store your data for the purpose described above until you revoke your permission to sending newsletters and info-mails („e-post”).

Cancelling your permission

1. You can unsubscribe at any time on the respective newsletter’s unsubscribe page on the website of Danube University Krems. You will find a list of all newsletters at www.donau-uni.ac.at/en/news/newsletter/confirm-unsubscription.html. You can also unsubscribe individual newsletters at any time by clicking on the „unsubscribe newsletter“ button at the end of every newsletter.

2. You can unsubscribe to info-mail („e-post“) at any time on the „e-post“ at www.donau-uni.ac.at/en/university/e-post/unsubscription.html.

By cancelling your permission, legitimacy based on your permission until you revoked it will not be affected.


Processing of personal data connected to our research projects

Purposes of processing

1. If you provide us with your name, e-mail address, telephone number or, where applicable, address in order to contact us regarding our research projects, we will save this data to invite you to take part in these projects by means of a survey/investigation/experiment/observation.

2. In the context of research projects that our public clients fund within the public interest, from time to time we process publicly available names and (e-mail) addresses for target group-specific non-commercial contacting for the purpose of inviting you to participate in a survey/investigation/experiment/observation. This will not be linked to your information in the survey/investigation/experiment/
observation - unless otherwise stated.

3. We create surveys for our research projects via the open-source online survey portal REDCap we host and also process server logs: IP address of the platform visitor(s), time and purpose of the website access, whether successful or not, the amount of data transferred, browser and operating system used and from which website the access was made. This data processing is carried only to ensure system security for the website and is not linked to your answers given to the questions.
You will receive further information, e.g., about the purpose, clients and possible recipients of your answers, in the survey portal immediately before calling upon the questions.

4. Conducting surveys (interviews, focus groups)/investigations/experiments/observations as part of our research projects.

5. Carrying out data processing for scientific research purposes that do not aim at personal results, in relation to pseudonymized personal data that we receive from cooperation partners, where we cannot determine the identity of the data persons by legally admissible means.

Legal basis

1.The processing is based on your consent for contact given when registering online in accordance with Art. 6 para 1 lit a GDPR and § 107 TKG (Telecommunications Act).

2. The processing is based on our task in the public interest according to Art. 6 para 1 lit e GDPR in connection with § 4 para 2 lit 2 UWKG (Act of the University of Continuing Studies) as well as § 3 Z 1, 8, 11 UG (University Act) (scientific research) respectively § 7 para 1 Z 1 and 2 DSG (Data Protection Act).

3. The processing of server logs is based on our legitimate interest pursuant to Art. 6 Para. 1 lit f GDPR and § 96 Para. 3 TKG.

The processing of personal data in the questionnaires is based on our task in the public interest pursuant to Art. 6 para 1 lit e GDPR in conjunction with § 4 para 2 lit 2 UWKG as well as § 3 Z 1, 8, 11 UG (scientific research) and, where applicable, e.g., with regard to special categories of personal data, on your consent pursuant to Art. 9 para 2 lit a GDPR or Art. 6 para 1 lit a GDPR in conjunction with § 7 para 2 Z 2 DSG. This applies unless specific reference is made to processing pursuant to FOG (Research  Organization Act) in conjunction with Art. 9 (2) (j) GDPR or other legal bases.

4. Surveys (interviews, focus groups)/investigations/experiments/observations can be based on § 2d FOG - if indicated in the special data protection information.

5. Data processing is based on § 7 para. 1 line 3 of the Data Protection Act.

Data storage period

1. We will store your data until you revoke your consent.
2. We will store your data until the purpose is fulfilled (project duration including the associated statutory retention obligations).
3. Server logs of the REDCap survey portal are automatically deleted 2 weeks after the page is called up. The specific data protection notices prior to calling up the questions in REDCap might contain further information.
4. Legal retention periods according to FOG.
5. Retention periods until after the purpose has been fulfilled/the research objective has been achieved.

Processing of personal data of our cooperation partners or contractors

Purposes of the processing
For the implementation of pre-contractual measures and for the fulfillment of our cooperation agreements or other orders, personal data of the partner institution or client, such as names and contact details of contact persons, etc., are processed.

Legal basis
The processing is based on Art. 6 para 1 lit b GDPR.
In the context of any funding granted for the respective cooperation or contract, personal data of the cooperation partner(s) may be disclosed to the funding body(ies), funding agencies, corresponding federal ministries, control bodies established for the control and verification of the correct use of public funds, as well as, if applicable, to bodies of the EU and third parties consulted by funding bodies for the purpose of the necessary economic or scientific analyses.
Furthermore, personal data may be disclosed to control bodies such as accreditation agencies and the respective tax and legal advisors of the cooperation or contracting parties.
Storage period
The project-related personal data will be stored for a period of 15 years and, if there is a relevant reason, at most until the expiry of the statutory limitation periods.

Processing personal data in connection with epidemics

Contact management - In order to support official contact tracing in connection with suspected epidemiological cases, names and contact data of persons (students, event attendees, staff members, etc.) who are on-campus at the UWK are or can be processed.

Legal basis
Art. 6 para. 1 lit c GDPR in conjunction with § 5 (3) and, if applicable, § 5c Epidemics Act (§ 1 2. COVID-19 Higher Education Act)

Health authority = district administrative authority

Period of storage
28 days


Purposes of processing

  1. The personal data we obtained via telephone, e-mail, in the registration form or via a online registration platform e.g. New Work SE and its technical service provider Xing Events GmbH (www.xing-events.com) in the course of your registration for an event we process exclusively for the preparation, execution and handling of the respective event.
  2. For reasons of teaching, research and reporting on the event (marketing / documentation), participants may be streamed and/or image/video and/or sound data produced or recorded either by the university staff or assigned photographers etc. Irrespective of any participation fees, you shall not be entitled to any financial compensation in respect of any picture/video and/or sound data produced of you within the framework of the event.
  3. As part of relevant orders on special topics, we offer seminars and training events for our contractual partners, who provide us with their personal data for preparation. We process this data to conduct the seminars / training events - if necessary using our digital learning management, conference or collaboration software - and to issue certificates or confirmations of participation.

Legal basis

  1. The processing of data obtained in the course of registration for an event free of charge is based on your consent pursuant to Art. 6 para. 1 lit a GDPR and for seminars, conferences, etc. subjected to a fee following pre-contractual measures pursuant to Art. 6 para. 1 lit b GDPR. Attendance of an conference etc. subjected to a fee is not possible without the provision of your personal data.

    In the course of the registration via the events created by us on the Xing Events platform, you are a contractual partner of Xing SE on the basis of the Xing GTC (https://www.xing.com/terms/xing incl. payment processing via the service provider listed in the GTC). Xing Events is permitted to use your personal data on the basis of Art. 6/1/a GDPR in conjunction with the Xing GTC. Please revoke your consent in this regard directly with Xing SE (see below under "recipients").

  2. In accordance with Art. 6 para. 1 lit c or e GDPR, and para 3 University Act, and the University for Continuing Education Krems Act, the processing of data for reasons of education, research and reporting is based on our legal mandate to support national and international cooperation in the field of scientific research, teaching and the arts. Application and implementation of research results and their social integration as well as supporting the development of arts and informing the public about fulfilled university tasks related to our legitimate interest according to Art. 6 para. 1 lit f GDPR.
  3. The processing is based on Art. 6 para 1 lit b GDPR.

Time of Storage

We will store picture/video and sound data obtained from your registration until fulfilment of the purpose; Xing Events stores the data up to a maximum of 4 years after the event.

Recipient of the data

1. When registrating and, if applicable, payment processing via the Xing platform we created, your personal data will be processed by New Work SE and its service providers under their responsibility. For further information, please refer to the Xing Events Privacy Policy in conjunction with https://www.xingeventscom/de/datenschutz-faqs-veranstalter. 

Your image/video and sound data could be transmitted/published to third parties commissioned by our technical support for digital processing, non-present students and/or registered participants as well as the general public via our digital channels (website, social media pages, Youtube, teaching, communication and administration platforms, e.g. Moodle and the media server: donau-uni.presentations2go.eu) and at times in our print products. If registration is made via other platforms, any additionally applicable specific data protection declarations of the platform are stored.

Insofar as the provision of these media involves a transfer to a third country, the transfer bases on an adequacy decision of the EU Commission or on suitable guarantees such as standard data protection clauses including any necessary additional measures concluded between the processor and us, that are available from the data protection officer.

Revocation of your consent and right of objection

You can revoke your registration for the event and thus the processing of your registration data at any time by sending an e-mail to datenschutz@donau-uni.ac.at. The revocation of your consent does not affect the legality of the processing carried out until the revocation.

If you do not wish to be photographed or your picture taken in any particular situation, please contact the photographer beforehand or ask for the image to be deleted immediately. In order to avoid any video recording or streaming of your person, you can place yourself outside the recording setting of the streaming/video recording system after consulting the organizers/lecturers on site. Attending video conferences or using collaboration tools is also possible with pseudonyms and without activating the camera or microphone in the interest of data minimization. Please note, that any verbal request (questions, engagement in discussions, etc.) can at least record or stream you auditory and therefore you might be identified. In this case the legal basis for processing your personal data is our legal mandate (distance learning, public information) which takes precedence over your right to privacy.

Data Security

We always seek to ensure the privacy of your personal data.
Danube University Krems sets appropriate technical and organizational measures in compliance with Art 32 GDPR to safeguard the rights and freedom of natural persons in due consideration of state of the art technology, implementation costs and the means, scope, circumstances and purpose of processing as well as the probability of occurrence and gravity of the risk.

For this reason, measures are in place to protect your data and save it from loss, destruction, access and dissemination by unauthorized third parties:

  • Securing privacy, integrity, availability and resilience of the systems and services in connection with data processing;
  • Ensuring that personal data is recovered promptly following a physical or technical incident;
  • Implementing processes to regularly monitor, assess and evaluate the efficiency of the technical and organizational measure to safeguard secure data processing.

Please note that we cannot accept liability for information disclosed due to errors during data transmission not caused by us or attributable to us and/or unauthorized access by third parties.

Your rights

You have the following rights when using our website:


  • Right to information (Art 15 GDPR): You have the right to demand that Danube University Krems provides proof that it processes your personal data. Furthermore, you have the right to ask for further information about exactly why your data is processed, personal data categories, who receives your personal data or recipient categories, how long your data is stored, whether you have the right to deletion, correction or to restrict the processing of your data, the right of objection, and all information available concerning the source of your data.


  • Right to correction (Art 16 GDPR): You have the right to demand that Danube University Krems promptly corrects your personal data. This right includes correcting inaccurate data and completing incomplete personal data.


  • Right to deletion (Art 17 GDPR): You have the right to demand that Danube University Krems deletes your personal data promptly for reasons defined in Art 17 par 1 lit a to f GDPR (e.g. the purpose for data processing does not exist anymore) and processing your data becomes unnecessary.


  • Right to restrict processing (Art 18 GDPR):In the cases described in Art 18 GDPR (e.g. inaccuracy of the personal data, unlawful processing, etc.) you have the right to demand that Danube University Krems restricts processing.


  • Right to data transmissibility (Art 20 GDPR): You have the right to receive the personal data you made available to Danube University Krems in a structured, current format and to demand that Danube University Krems transmits this data to another responsible office (e.g. another law firm).


  • Right of objection (Art 21 GDPR): You have the right at any time to object to your personal data being processed while using our website.


  • Cancelling permissions (Art 7 GDPR): You can cancel permissions you gave Danube University Krems at any time.


  • Right of complaint: Furthermore, you can issue a complaint at any time to the
    Austrian Data Protection Authority,

Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna, Austria

Telephone: +43 1 52152 0
E Mail: dsb@dsb.gv.at


You can address your grievance – with the exception of grievances to the Austrian Data Protection Authority – to Danube University Krems at the following address: datenschutz@donau-uni.ac.at

Processing of personal data of applicants and students

Processing personal data of graduates and alumni

Processing personal data of job applicants

Processing of personal data of employees

Information on the data protection regulations regarding employee data can be found in the Infowiki of the University of Continuing Education Krems (login required).

Back to top