1. Data protection, declaration of consent in accordance with Sec 107 TKG
1.1. Using your data
1.1.1. Dealing sensitively with customer data is of the greatest importance for DEBRA, founder of EB-Research Network. The collecting, processing and use of data is based on the applicable legal requirements, especially on the Austrian Data Protection Act ("DSG") and the Austrian Telecommunication Act ("TKG").
1.1.2. DEBRA indicates that all personal data provided by the users [name, address, e-mail address, bank data], are stored and used only for information purposes on DEBRA's projects. DEBRA will not disclose personal information to third parties unless it is required by official authorities or law enforcement.
1.1.3. Storage of IP addresses on this website
When you access this website, your IP address will be saved in log files. We use this information to evaluate the use of the site and thereby optimize our website for you - in our database, these files are neither stored nor used in any way. The IP address is the globally valid, unique identifier of a computer and consists of four number blocks separated by dots. In most cases, as a private user, you will not use a consistent IP address, as your provider will only assign you this temporarily for one session. Nevertheless, in the case of static IP addresses, a clear assignment of the user data via this feature is possible in principle. We can only link your IP address with your user data through "manual" research. We only resort to this in exceptional cases if we have to prevent misuse and fraud and deny access to individual IP addresses.
1.2. Declaration of consent
1.2.1. You explicitly agree that we can use your contact details for information purposes on DEBRA's projects and for advertising purposes within the meaning of Sec 107 TKG. You can revoke these consents at any time by sending a fax to +43 1 876 40 30-30, by calling +43 1 876 40 30 or by sending an e-mail to firstname.lastname@example.org. If you forward any DEBRA newsletter to third parties, you are obliged to meet the requirements of Sec 107 TKG and furthermore obtain the consent of the recipient prior to sending (opt-in). You are obliged to indemnify, defend and hold DEBRA harmless from and against any and all third party claims, damages, liabilities, costs and expenses (including attorneys' fees and expenses). If the consent to process personal information is revoked, DEBRA will immediately stop sending further information and/or marketing materials and delete all personal information.
1.3. Use of plugins
On our website we use so-called social plug-ins ("Plug-ins") of the social network Facebook, which is operated by Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA, in succession Facebook) are used. Facebook is a participant in the EU-US Privacy Shield, which requires the company to abide by the agreement and to maintain a level of data protection that complies with European data protection standards. The Privacy Shield certification can be viewed at https://www.privacyshield.gov/list.
Our website uses plug-ins of the social network Google+, operated by Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA). Google is a participant in the EU-US Privacy Shield and the Swiss-US Privacy Shield, which obliges the company to abide by the agreement and to maintain a level of data protection consistent with European data protection standards. The Privacy Shield certification can be viewed at https://www.privacyshield.gov/list.
Most of the information stored results from using Google+ and other Google services. These are, for example, data about your location, the devices used, the IP address. In addition, all activities and interactions are saved, so your searches, which videos you look at and which advertising you click. In order to uniquely identify your device and thus link the data to the Google Account, cookies are also used. As a user, you can limit the scope of data collection and data use. In your profile, you can see which information about you is stored in the account. There you can also specify for whom the data should be visible. More information can be found here: https://policies.google.com/privacy?hl=en
Functions of the YouTube service are implemented on our website. These functions are offered by YouTube LLC (901 Cherry Ave., San Bruno, CA 94066, USA). YouTube is a participant in the EU-US Privacy Shield and the Swiss-US Privacy Shield, which requires the company to abide by the agreement and to maintain a level of data protection that complies with European data protection standards. The Privacy Shield certification can be viewed at https://www.privacyshield.gov/list.
The linked videos store cookies on users' computers when they visit the website. The embedded videos store cookies on the user's device when the website is accessed. Anyone who has deactivated the setting of cookies for the Google advertising program will not have to expect such cookies when viewing YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you want to prevent this, you have to block it in your browser. More information can be found here: https://support.google.com/youtube/answer/2801895?hl=en
1.3.4. Google AdWords und Conversion Tracking
Our website uses Google AdWords, a program of Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA) for advertising.
Google is a participant in the EU-US Privacy Shield and the Swiss-US Privacy Shield, which requires the company to abide by the agreement and to maintain a level of data protection that complies with European data protection standards. The Privacy Shield certification can be viewed at https://www.privacyshield.gov/list.
It shows ads from websites that participate in the Google Ads Network (which is made up of Google Search and the Google Display Network). Ads are always linked to specific search terms, called "keywords". The tool also works by means of the so-called "conversion tracking". Conversion Tracking makes it possible to evaluate user actions after clicking on advertisements.
Similar to other Google programs, Google AdWords also stores cookies on your browser when you click on an ad. The information about your interactions will be transmitted to Google servers in the United States and will only be used to generate statistics and improve advertising. No personal data will be transmitted to third parties. Conversion tracking can be disabled by setting your browser to block cookies from the domain "googleadservices.com". You also have the option of using third-party opt-out or anonymization tools, such as the opt-out page of the Network Advertising Initiative: http://optout.networkadvertising.org/?c=1#!/
2. Cookies and Google Analytics
2.1. This Website uses Google Analytics, a web analysis service of Google Inc ("Google"). Google Analytics uses so-called Cookies, text files which are stored on your computer and which allow an analysis of your use of the Website. The information generated by the Cookie about your use of this Website (including your IP address) is transferred to a server by Google in the USA and stored there.
2.2. Google will use this information to evaluate your use of the Website in order to render reports on the website activities for the website operators and to perform services connected to the use of the Website and the internet. If necessary Google will transfer this information to third parties, provided that this is legally prescribed or as far as third parties process these data on behalf of Google. However, in no event Google will associate your IP address with other data stored by Google.
2.3. DEBRA further uses temporary cookies to provide a more comfortable navigation of the Website. These cookies enable to adapt the language settings and user settings for sorting the links to your personal needs. These cookies are only valid during your visit on the Website; when you leave, they will be deleted automatically.
2.4. By modifying the settings of your browser, you are free to prevent installation of these or certain cookies. Please note that in such a case, the Website or individual services of the Website may be not or only partially available to you for technical reasons.
This Website uses Google Analytics, a web analysis service of Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Inc. is a participant in the EU-US Privacy Shield, which requires the company to abide by the agreement and to maintain a level of data protection consistent with European privacy standards. The Privacy Shield certification can be viewed at https://www.privacyshield.gov/list.
Google Analytics uses text files (cookies) that are stored on the user's device and that allow an analysis of the use of the website by the user. The resulting information about the use of this website (including the IP address of the users) will be transmitted to a Google server in the USA and stored there. For more information on data usage by Google Inc.: https://support.google.com/analytics/answer/6004245?hl-at
You can prevent the storage of cookies by setting your browser software accordingly. We point out, however, that you may not be able to use all the features of this website in this case.
In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google if you download and install the available browser plugin via this link: https://tools.google.com/dlpage/gaoptout?hl=en
The options for disabling cookies can be found for the most popular browsers via the following links:
Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
3. Google Maps
This website uses Google Maps, operated by Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA), to display map information. This website uses Google Maps, operated by Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA), to display maps containing information. Google is a participant in the EU-US Privacy Shield and the Swiss-US Privacy Shield, which requires the company to abide by the agreement and to maintain a level of data protection that complies with European data protection standards. The Privacy Shield certification can be viewed at https://www.privacyshield.gov/list.
When using Google Maps, Google also collects, processes and uses data about the use of the map functions by visitors of the website. You can find more information about data processing by Google in Google's data protection information: https://policies.google.com/privacy?hl=en
4. Personal Data Processing via Grant Tracker
4.1. In this section we provide you with information about why and how we collect your data, which kinds of data are collected and how we use your personal data. Finally, we inform you about data security applied while processing your data and about your right to erase your own data.
4.2. By registering on our EB grant management system via CC Grant Tracker you will be asked to give following personal data and give consent to us for its use: Title, First Name, Middle name, Last name, Position, Department, Institution, Address, Telephone number, Email as well as other personal data included in your application and CV details
4.3. Security of your personal data transmission and processing is provided via Grant Tracker System. Data security is provided by the use of Secure HTTP (https in the URL you visit to access DEBRA’s Grant Tracker), this is backed up by CC Technology being ISO 27001 Certified and CC Grant Tracker Data Centre Partner being Certified.
4.4. These data need to be stored and processed for us to be able to process your grant application and further your approved grant.
4.5. Your research-grant application, including your personal data, will be forwarded to members of EB-ResNet's EB Expert Panel as well as other expert reviewers. They will use your data for the purpose of reviewing and assessing your grant application only. The Terms of Reference for these Experts explicitly require all of them to treat all content of grant applications as confidential. Same is applicable for external Reviewers.
4.6. Whether or not your grant application is successful, we retain your data to have a clear history of all applications, and to facilitate assessment of your possible future applications, including any resubmitted applications. Should your application for research funding be successful, we will also use your personal data for correspondence with you in relation to both research progress and financial management of your EB-ResNet grant, including where relevant, third-party payment processors, and external partners contracted to assist us with IP management, contracting and licensing.
4.7. We may also use your personal data in communicating with other offices and individuals at your institution (for example, your finance or grant-management offices, or technology transfer services), but only to the extent necessary for us to manage your grant and its outputs.
4.8. We may also use your personal data for communication with you about EB events, initiatives, funding opportunities, working groups, or to invite you to meetings or to speak or otherwise participate in EB associated conferences, or to respond to any requests or queries you send to us.
4.9. For the majority of the time, we will not share your data with any other organisations. However, on occasions where we either run a joint event with another organization, or where we enlist the services of event organizers or other service providers, we may share information such as your name, email address, the organisations you work for and any special dietary or accessibility requirements: your data will be shared only for that event, and only to the extent required.
4.10. We may also share your information:
- to comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process.
- to enforce our rights, prevent fraud and for safety: to protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud.
4.11. You have the right to withdraw your consent to our holding your data by informing us and we will delete all your personal data promptly. You also have the right to amend your data (either to update or correct inaccuracies), or to remove particular items of data, though you should bear in mind that some data is essential to our management of a grant or other communications with you.
5.1. Legal basis
We process your data exclusively based on the legal provisions (GDPR, DSG 2018, TKG 2003).
On this page you will find information about how we use and process your personal data. Personal data are for example your name, your address and your contact details (telephone number and email address).
5.3. Purpose limitation, legal basis, duration of storage and data receiver
5.3.1. We process the following data categories:
- Master data
- Contact details
- if applicable, various information provided by you
- Communication history
- Donation history
- classifications (such as member type, sponsorship)
5.3.2. We use this data for the preparation and implementation of fundraising activities, for the fulfillment of statutory organizational purposes (by mail, by phone or by e-mail), for the administration of donations, for birthday greetings, for the administration of active and former members and for the fulfillment of tax obligations.
5.3.3. For this purpose, we save your data in an electronic database. To target one of the above actions, we use a process that groups our supporters according to the amount of their donation, the frequency of the donation, and the date of the most recent donation.
5.3.4. The legal basis for the processing of your personal data is on the one hand our legitimate interest, the fulfillment of our legal or contractual obligations, and on the other hand your consent. The provision of name data and bank details is required for the conclusion of donation / sponsorship agreements, tax regulations and money laundering regulations. Donations and sponsorship services cannot be accepted if those data are not available.
The provision of name data and birth data is also required due to the automated employee assessment, if a donor wants to take a tax consideration of his or her donations. In the case of non-provision, the donations can not be considered as special expenses for tax purposes.
5.3.5. Description of legitimate interest
Personal data for the purposes of soliciting donations, sponsorship services and general postal promotional activities to meet the organization's objectives will be processed on the basis of the legitimate interest of the organization. In this way, the statutory organizational goals are to be achieved. The processing of personal data for the purpose of fundraising constitutes a legitimate interest in accordance with recital 47 GDPR if the processing is necessary to fulfill the legitimate interest and meets the reasonable expectations of the person concerned. The organization pursues goals in the public interest in accordance with § 4a EStG and §§ 34 ff BAO. The fulfillment of the organizational goals recognized by the public thus represent legitimate interests.
We process personal data in particular in order to be able to carry out targeted actions to fulfill the organizational goals. This should in particular also best meet the interests of donors and sponsors and avoid wastage. This should also ensure that funds raised can be used as cost-effectively as possible in the interest of all persons supporting the organization.
5.3.6. In addition, we process data which we have admissibly received from address publishers. This is basic personal information such as your name and address. These address publishers are authorized for the purpose of preparing and executing third-party marketing campaigns or for listing data for the purposes of data collection (§151 GeWo).
5.3.7. For the purpose of optimizing our website, certain data will be collected automatically (date and time of access to the website, IP address, browser version).
5.3.8. As part of the operation of our websites and in the implementation of the postal and telephone donation communication, we are supported by service providers who can gain access to your personal data in the course of their activities, if they need the data to fulfill their respective performance. They have committed themselves to comply with the applicable data protection regulations.
Data processing agreements were concluded in accordance with Art. 28 GDPR.
Thus, we only work with service providers who have reasonable guarantees that appropriate technical and organizational measures will be taken so that the data processing will be carried out in accordance with the requirements of data protection legislation and will ensure the protection of your rights.
5.3.9. Changes of purpose
We will also use personal data of donors, sponsors and members that are processed on a contractual basis for the purposes of direct advertising on the legal basis of the legitimate interest for the organizational goals. Your data will not be given to third parties.
5.4. Duration of storage of your data
2.4.1. We process your personal data, if available and insofar as necessary for the purposes mentioned, until you object, and also in accordance with the statutory retention and documentation obligations, which, among other things derive from the Austrian Federal Tax Code (Bundesabgabenordnung; BAO).
5.5. Donation form
Our donation form is securely called via a Secure Sockets Layer (SSL) connection and the entered data is securely transmitted. You can recognize the secure transmission at a closed lock in the status bar of your Internet browser. Your data is encrypted on the way from your device to us and can only be read again on our server. A security certificate from Thawte confirms the authenticity.
If you donate by credit card, your credit card data will be transferred only via 256-bit SSL encryption to our certified and audited payment provider mPAY24, where the correctness of the card data will be compared with the respective credit card institute and creditworthiness and validity will be checked. We do not store your credit card information.
Salutation, first name, surname, address, zip code and city are mandatory data, as this is the only way to guarantee a clear allocation of your donation in our database. Furthermore, the provision of name data and bank details is required for the completion of the donation as well as due to tax regulations and money laundering regulations.
6. Consent and right of withdrawal
6.1. If your consent is necessary for the processing of your data, we will process them only after you have explicitly expressed your consent.
6.2. In principle, we do not process data from minors and are not authorized to do so. By submitting your consent, you confirm that you have reached the age of 14 or that the consent of your legal representative is ensured.
6.3. You can revoke your consent at any time: Our contact details can be found at the bottom of this page.
In such a case, the data previously stored about you will be anonymized and subsequently used only for statistical purposes without personal reference. The revocation of the consent shall not affect the legality of the processing effected based on the consent until the revocation.
7. Your rights
At any time, you have the right to receive information about which of your relevant personal data we have stored.
As far as there is no statutory retention requirement, you have the right to have this data deleted and to object to processing for direct marketing / donation advertising purposes.
Furthermore you also have the right to have the data corrected, to restrict processing, to data portability and to lodge a complaint with the Austrian data protection authority.
You can reach us using the following contact details:
Dr. Rainer Riedl, president and data protection officer
DEBRA Austria, Am Heumarkt 27/1, 1030 Vienna
+43 1 876 40 30, email@example.com
Last updated in December 2019