We take the protection of your personal data and your privacy seriously. We therefore only process your data in the framework of the legal regulations: European Parliament Directive (EU) 2016/679 data protection regulations  (GDPR, General Data Protection Regulation), Austrian Data Protection Act  (DSG) and Telecommunications Act (TKG) and document this with the privacy tool Akarion Compliance Cloud by Akarion GmbH.

Here, we would like to inform you about the following processing activities:

Controller

Pursuant Art 4 Z 7 GDPR (General Data Protection Regulation) is the University for Continuing Education Krems (in the following „Danube University Krems, "we" or "us“)


Dr.-Karl-Dorrek-Straße 30
3500 Krems an der Donau


The lawyer Dr. Daniel Stanonik LL.M. and
the lawyer Dr. Karsten Kinast LL.M., representing the law firm KINAST Rechtsanwaltsgesellschaft mbH, are the external data protection officers, representing the responsible party on a reciprocal basis.

If you have any questions regarding how we process your data, please don’t hesitate to contact us:

+43 2732 893-5506
datenschutz@donau-uni.ac.at

Processing personal data when visiting our website - Processing the access data cookies

Server logs

When visiting our website we store the ip address of the site visitor along with data on the time and history of page requests, the amount of date transferred, whether the retrieval was successful, the identification of the browser data and operating system used, as well as the website from which it was accessed (in case it was accessed via a link) for a period of four months.

Cookies

We use so-called cookies on various pages to make our website more attractive and to enable specific functions. Cookies are small files stored on your end device. They allow us to recognize your browser when you visit us again. You can revoke your consent given by the individual settings there at any time by changing the settings.

Legal basis

We use server logs and technical cookies in our legitimate interest (Online Services, Data Security)  in accordance with Art 6 par 1 f GDPR.

Social Media Links

The website is linked with social media networks such as Facebook, Twitter, Instagram, Youtube, Xing.

You can find out more about the scope and purpose of data collection and processing, how the data is used by the operator, your rights and how to activate the relevant settings to protect your privacy here:

Links

The website contains links to other websites. These links to the websites of other internet participants are offered as a service for users wishing for further information. University for Continuing Education Krems has no influence over the content of the linked pages. University for Continuing Education Krems cannot accept liability for this content in any way. The providers of the linked websites are solely responsible for the content and accuracy of the information provided.

Contact with interested persons and online forms

Purpose of processing
If you contact us personally, via email, phone, and online form on the website, or any other form (handing over a business card), request information material, share our website via clicking the button and the form "Send page by e-mail" or send your favorite lists via the form "Send your favorites", the data you provide or send will be processed for the purpose of processing your enquiry and for follow-up questions.

Legal basis

The processing of your personal data within the scope of the online forms is based on your implied consent in accordance with Art 6 par 1 lit a GDPR or, with regard to the recipient contact data provided by you, on our legitimate interest and our legal duty in accordance with Art 6 par 1 lit e resp. f GDPR/ § 3 UG to inform the public about the fulfilment of the tasks of the university.

Time of storage
1 month for the forms "Send page by mail", "Send your favorites", otherwise
maximum 7 years.

Revoke your consent

You can revoke your consent at any time by sending an email to datenschutz@donau-uni.ac.at . By revoking your consent, legitimacy based on your permission until you revoked it will not be affected.

Newsletter and Info-Mail („e-Post“)

Purpose of processing

The personal data you provide when you register for newsletters (www.donau-uni.ac.at/newsletter) and/or info-mail („e-post“ www.donau-uni.ac.at/e-post.html) is processed for the purpose of sending you emails with information, e.g. about your studies, lectures, research and events and to evaluate the click rates provided by the email recipient. 

Legal basis

We process your personal data only with your express permission (Art 6 par 1 lit a GDPR) and § 174 TKG.

Time of storage

We only store your data for the purpose described above until you revoke your permission to sending newsletters and info-mails („e-post”).

Cancelling your permission

1. You can unsubscribe at any time on the respective newsletter’s unsubscribe page on the website of University for Continuing Education Krems. You will find a list of all newsletters at www.donau-uni.ac.at/en/news/newsletter/confirm-unsubscription.html. You can also unsubscribe individual newsletters at any time by clicking on the „unsubscribe newsletter“ button at the end of every newsletter.

2. You can unsubscribe to info-mail („e-post“) at any time on the „e-post“ at www.donau-uni.ac.at/en/university/e-post/unsubscription.html.

By cancelling your permission, legitimacy based on your permission until you revoked it will not be affected.

 

Processing of personal data connected to our research projects

Purpose of processing

1. If you provide us with your name, e-mail address, telephone number or, where applicable, address in order to contact us regarding our research projects, we will save this data to invite you to take part in these projects by means of a survey/investigation/experiment/observation.

2. In the context of research projects that our public clients fund within the public interest, from time to time we process publicly available names and (e-mail) addresses for target group-specific non-commercial contacting for the purpose of inviting you to participate in a survey/investigation/experiment/observation. This will not be linked to your information in the survey/investigation/experiment/
observation - unless otherwise stated.

3. We create surveys for our research projects via the open-source online survey portal REDCap we host and also process server logs: IP address of the platform visitor(s), time and purpose of the website access, whether successful or not, the amount of data transferred, browser and operating system used and from which website the access was made. This data processing is carried only to ensure system security for the website and is not linked to your answers given to the questions.
You will receive further information, e.g., about the purpose, clients and possible recipients of your answers, in the survey portal immediately before calling upon the questions.

4. Conducting surveys (interviews, focus groups)/investigations/experiments/observations as part of our research projects.

5. Carrying out data processing for scientific research purposes that do not aim at personal results, in relation to personal data from publicly available sources, and/or in the context of further processing, if the personal data were permissibly obtained for other purposes or studies, and/or in relation to pseudonymized personal data we have received from cooperation partners, where we cannot determine the identity of the data subjects by legally permissible means.

Legal basis

1. The processing is based on your consent for contact given when registering online in accordance with Art. 6 para 1 lit a GDPR and § 174 TKG (Telecommunications Act).

2. The processing is based on our task in the public interest according to Art. 6 para 1 lit e GDPR in connection with § 3 Z 1, 8, 11 UG (University Act) (scientific research) respectively § 7 para 1 Z 1 and 2 DSG (Data Protection Act).

3. The processing of server logs is based on our legitimate interest pursuant to Art. 6 Para. 1 lit f GDPR and § 165 para 3 TKG.

The processing of personal data in the questionnaires is based on our task in the public interest pursuant to Art. 6 para 1 lit e GDPR in conjunction with § 3 Z 1, 8, 11 UG (scientific research) and, where applicable, e.g., with regard to special categories of personal data, on your consent pursuant to Art. 9 para 2 lit a GDPR or Art. 6 para 1 lit a GDPR or § 7 para 2 Z 2 DSG. This applies unless specific reference is made to processing pursuant to FOG (Research Organization Act) in conjunction with Art. 9 (2) (j) GDPR or other legal bases.

4. Surveys (interviews, focus groups)/investigations/experiments/observations can be based on § 2d FOG - if indicated in the special data protection information.

5. Data processing is based on § 7 para 1 of the Data Protection Act.

Time of storage

1. We will store your data until you revoke your consent.
2. We will store your data until the purpose is fulfilled (project duration including the associated statutory retention obligations).
3. Server logs of the REDCap survey portal are automatically deleted 2 weeks after the page is called up. The specific data protection notices prior to calling up the questions in REDCap might contain further information.
4. Legal retention periods according to FOG.
5. Retention periods until after the purpose has been fulfilled/the research objective has been achieved.

Processing of personal data of our cooperation partners or contractors

Purpose of processing
For the implementation of pre-contractual measures and for the fulfillment of our cooperation agreements or other orders, personal data of the partner institution or client, such as names and contact details of contact persons, etc., are processed.

Legal basis
The processing is based on Art. 6 para 1 lit b GDPR.
 
Data recipients
In the context of any funding granted for the respective cooperation or contract, personal data of the cooperation partner(s) may be disclosed to the funding body(ies), funding agencies, corresponding federal ministries, control bodies established for the control and verification of the correct use of public funds, as well as, if applicable, to bodies of the EU and third parties consulted by funding bodies for the purpose of the necessary economic or scientific analyses.
Furthermore, personal data may be disclosed to control bodies such as accreditation agencies and the respective tax and legal advisors of the cooperation or contracting parties.

We make use of the services of our processor Microsoft Ireland Operations Ltd. to collaborate digitally with cooperation partners or clients and, for the sake of completeness, refer to the limited extent of their responsibility for their own legitimate business purposes for the associated processing operations (e-mail, telephone, collaboration tools, etc.): https://privacy.microsoft.com/de-de/privacystatement
 
Time of storage
The project-related personal data will be stored for a period of 15 years and, if there is a relevant reason, at most until the expiry of the statutory limitation periods.

Processing personal data in connection with epidemics

Purpose of processing
Contact management - In order to support official contact tracing in connection with suspected epidemiological cases, names and contact data of persons (students, event attendees, staff members, etc.) who are on-campus at the UWK are or can be processed.
 

Legal basis
Art. 6 para. 1 lit c GDPR in conjunction with § 5 (3) and, if applicable, § 5c Epidemics Act (§ 1 2. COVID-19 Higher Education Act)
 

Data recipients
Health authority = district administrative authority
 

Time of storage
28 days

PROCESSING PERSONAL DATA OBTAINED AT OUR EVENTS (SEMINARS, WORKSHOPS, CONFERENCES, ETC.)

Purpose of processing

  1. The personal data we obtained via telephone, e-mail, in the registration form or via a online registration platform will be used exclusively for the preparation, execution and handling of the respective event.
  2. For reasons of teaching, research and reporting on the event (marketing / documentation), participants may be streamed and/or image/video and/or sound data produced or recorded either by the university staff or assigned photographers or video conferencing systems used for us as processors. Irrespective of any participation fees, you shall not be entitled to any financial compensation in respect of any picture/video and/or sound data produced of you within the framework of the event.
  3. As part of relevant orders on special topics, we offer seminars and training events for our contractual partners, who provide us with their personal data for preparation. We process this data to conduct the seminars / training events - if necessary using our digital learning management, conference or collaboration software - and to issue certificates or confirmations of participation.

Legal basis

  1. The processing of data obtained in the course of registration for an event free of charge is based on your consent pursuant to Art. 6 para. 1 lit a GDPR and for seminars, conferences, etc. subjected to a fee following pre-contractual measures pursuant to Art. 6 para. 1 lit b GDPR. Attendance of an conference etc. subjected to a fee is not possible without the provision of your personal data.
  2. In accordance with Art. 6 para. 1 lit c or e GDPR, and para 3 University Act, the processing of data for reasons of education, research and reporting is based on our legal mandate to support national and international cooperation in the field of scientific research, teaching, and the arts. Application and implementation of research results and their social integration as well as supporting the development of arts and informing the public about fulfilled university tasks related to our legitimate interest according to Art. 6 para. 1 lit f GDPR. The processing is based on Art. 6 para 1 lit b GDPR.

Time of storage

We will store picture/video and sound data obtained from your registration until fulfilment of the purpose; 

Data recipient

Your image/video and sound data could be transmitted/published to third parties commissioned by our technical support for digital processing, non-present students and/or registered participants as well as the general public via our digital channels (website, social media pages, Youtube, teaching, communication and administration platforms, e.g. Moodle and for us as processors used media server) and at times in our print products. If registration is made via other platforms, any additionally applicable specific data protection declarations of the platform are stored.

For the sake of completeness, regarding our processor Microsoft Ireland Operations Ltd., we point out their responsibility to a limited extent for their own legitimate business purposes for the related processing operations (e-mail, telephone, collaboration tools incl. video conferencing, etc.): https://privacy.microsoft.com/de-de/privacystatement

Insofar as the provision of these media involves a transfer to a third country, the transfer bases on an adequacy decision of the EU Commission or on suitable guarantees such as standard data protection clauses including any necessary additional measures concluded between the processor and us, that are available from the data protection officer.

Revocation of your consent and right of objection

You can revoke your registration for the event and thus the processing of your registration data at any time by sending an e-mail to datenschutz@donau-uni.ac.at. The revocation of your consent does not affect the legality of the processing carried out until the revocation.

If you do not wish to be photographed or your picture taken in any particular situation, please contact the photographer beforehand or ask for the image to be deleted immediately. In order to avoid any video recording or streaming of your person, you can place yourself outside the recording setting of the streaming/video recording system after consulting the organizers/lecturers on site. Attending video conferences or using collaboration tools is also possible with pseudonyms and without activating the camera or microphone in the interest of data minimization. Please note, that any verbal request (questions, engagement in discussions, etc.) can at least record or stream you auditory and therefore you might be identified. In this case the legal basis for processing your personal data is our legal mandate (distance learning, public information) which takes precedence over your right to privacy.

Data Security

We always seek to ensure the privacy of your personal data.
University for Continuing Education Krems sets appropriate technical and organizational measures in compliance with Art 32 GDPR to safeguard the rights and freedom of natural persons in due consideration of state of the art technology, implementation costs and the means, scope, circumstances and purpose of processing as well as the probability of occurrence and gravity of the risk.

For this reason, measures are in place to protect your data and save it from loss, destruction, access and dissemination by unauthorized third parties:

  • Securing privacy, integrity, availability and resilience of the systems and services in connection with data processing;
  • Ensuring that personal data is recovered promptly following a physical or technical incident;
  • Implementing processes to regularly monitor, assess and evaluate the efficiency of the technical and organizational measure to safeguard secure data processing.

Please note that we cannot accept liability for information disclosed due to errors during data transmission not caused by us or attributable to us and/or unauthorized access by third parties.

Your rights

You have the following rights when using our website:

 

  • Right to information (Art 15 GDPR): You have the right to demand that University for Continuing Education Krems provides proof that it processes your personal data. Furthermore, you have the right to ask for further information about exactly why your data is processed, personal data categories, who receives your personal data or recipient categories, how long your data is stored, whether you have the right to deletion, correction or to restrict the processing of your data, the right of objection, and all information available concerning the source of your data.

 

  • Right to correction (Art 16 GDPR): You have the right to demand that University for Continuing Education Krems promptly corrects your personal data. This right includes correcting inaccurate data and completing incomplete personal data.

 

  • Right to deletion (Art 17 GDPR): You have the right to demand that University for Continuing Education Krems deletes your personal data promptly for reasons defined in Art 17 par 1 lit a to f GDPR (e.g. the purpose for data processing does not exist anymore) and processing your data becomes unnecessary.

 

  • Right to restrict processing (Art 18 GDPR):In the cases described in Art 18 GDPR (e.g. inaccuracy of the personal data, unlawful processing, etc.) you have the right to demand that University for Continuing Education Krems restricts processing.

 

  • Right to data transmissibility (Art 20 GDPR): You have the right to receive the personal data you made available to University for Continuing Education Krems in a structured, current format and to demand that University for Continuing Education Krems transmits this data to another responsible office (e.g. another law firm).

 

  • Right of objection (Art 21 GDPR): You have the right at any time to object to your personal data being processed while using our website.

 

  • Cancelling permissions (Art 7 GDPR): You can cancel permissions you gave University for Continuing Education Krems at any time.

 

  • Right of complaint: Furthermore, you can issue a complaint at any time to the Austrian Data Protection Authority,

Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna, Austria

Telephone: +43 1 52152 0
E Mail: dsb@dsb.gv.at

 

You can address your grievance – with the exception of grievances to the Austrian Data Protection Authority – to University for Continuing Education Krems at the following address: datenschutz@donau-uni.ac.at

Processing personal data of applicants and students

Processing personal data of graduates and alumni

Processing personal data of job applicants

Processing personal data of employees

Information on the data protection regulations regarding employee data can be found in the Infowiki of the University for Continuing Education Krems (login required).

Processing personal data of private library users

Purpose of processing

We process the personal data we collected when you registered for a loan request at the library of the University for Continuing Education Krems in order to create your user account, your loan card and to record your loans (§ 971 ff AGBG) and, if necessary, reminders. 

Legal basis

The processing is necessary for the fulfillment of the loan contract, of which you are a contracting party, or for the implementation of pre-contractual measures, which take place upon your request, cf. Art. 6/1/b GDPR.

Data recipient

Österreichischer Bibliothekenverbund und Service GmbH, Vienna and Ex Libris GmbH (software management) within the EU. For maintenance work, personal data may also be processed by Ex Libris in Israel (software production). According to Art. 45 GDPR, an adequacy decision of the EU Commission for Isreal is available.

Time of storage

The loan card is valid for an unlimited period of time, but not transferable. After 3 years, inactive user accounts will be deleted.

Back to top