Data protection and cookie declaration
The protection of your personal data is of particular concern to us at DEBRA Austria. We therefore process your data exclusively on the basis of the statutory provisions (GDPR, DSG 2018, TKG 2003). In this statement you will find general information about the processing of your personal data on our website, your rights and information about the use of cookies on our website.
I. DATA PROTECTION DECLARATION
1. Data processing
1.1 Processing of your data on this website
The use of our website is also only possible for informative purposes. When you call up this website, your browser automatically transmits the following data to our site provider and stores them as "server log files": IP address, time zone difference to Greenwich Mean Time (GMT), access status/HTTP status code, amount of data transferred in each case, website from which the request comes, page visited on our domain, date and time of the server request, browser type and browser version as well as browser language, operating system used, the reference address and host name of the accessing computer.
This is technically necessary in order to display our website and to ensure the stability and security of the website. The data collected is only used for statistical analysis and to improve the website. We can only link your IP address to your user data by "manual" research. We only use this in exceptional cases when we need to deny access to individual IP addresses to prevent abuse and fraud.
The legal basis for this processing is our legitimate interest (Art 6 Paragraph 1 lit f GDPR) in being able to operate our website. We store your data for this purpose for the period of your access as well as for up to 14 months beyond this period, if technically necessary.
1.2 Donations
You have the possibility to donate via our website. For this purpose, we have to process the following personal data from you: Master data (name, address), contact data (telephone, e-mail address), any other information you may have provided, communication history, donation history, classifications (such as type of membership, sponsorship).
We process this data for the preparation and implementation of fundraising campaigns to fulfill the organisational purposes in accordance with the statutes - by post, telephone call or e-mail - and for the administration of donations, for birthday greetings, for the administration of donations made and for the administration of active and former members and the fulfilment of tax obligations. To select target groups for any of the above activities, we use a process that groups our supporters according to the amount of their donation, the frequency of donation and the time of the last donation.
The legal basis for the processing of your personal data is the fulfilment of our contractual obligations arising from the donation contract (Art. 6 para. 1 lit b GDPR) as well as our legal obligations based on tax regulations and money laundering provisions (Art. 6 para. 1 lit c GDPR in conjunction with other relevant legal provisions).
Furthermore, we process this data, which we collect in connection with your donations, in order to provide you with information about our activities. This processing is carried out on the basis of our legitimate interest (Art 6 Paragraph 1 lit f GDPR) in pursuing the objectives of our organisation in accordance with our statutes and in promoting further donations for our association's purposes.
If you would like your donation to be tax deductible, you can enter the required data on our tax deductible form as part of your donation. This data will be transmitted to us via our own secure server to register your data with the Austrian tax office, processed and stored by us. We record and transmit this data to the Austrian tax office on the basis of your order for this purpose (Art 6 Paragraph 1 lit b GDPR).
We also process data that we have legitimately received from address publishers. These are basic personal data such as your name and address. These address publishers are authorized to collect data for the purpose of preparing and carrying out third-party marketing campaigns or for list broking (§ 151 GewO).
We process your personal data, if available and if necessary for the purposes mentioned above, until you object, and beyond that in accordance with the statutory storage and documentation obligations, which result from the Austrian Federal Fiscal Code (BAO), among others.
1.3 Research Funding
Within the scope of fulfilling the purpose of our association, we also award research grants. If you apply for or receive such a grant from us, we will process your personal data for the purpose of examining the application and fulfilling the grant agreement (Art 6 Paragraph 1 lit b GDPR). In doing so, we will process the following personal data: First name and surname, title, professional contact details (telephone number, e-mail address), user account data (e-mail address, password), data in the curriculum vitae (current position, qualification, previous employment, publications, other research projects currently being funded, attempted submissions that were not completed or were unsuccessful), country of origin, specialist area, employer of the applicant (university, research institute, clinic, etc.). Account details of the organisation (in the case of a grant), project information including publications, known collaborators (who were part of a research proposal submitted to the responsible person and are also in the database), requested and completed reviews of other, third-party research proposals (peer review), participation in meetings and e-mail correspondence with you.
We store this data as long as this is necessary for the fulfillment of the contract as well as in the context of the tax and accounting law retention obligations (7 years) and, if necessary, further, insofar as this data is necessary for the establishment, exercise or defense of legal claims, for the duration of the applicable Limitation period.
As part of the review of your application, we may pass on your personal data to an advisory body, the "DEBRA International Medical and Scientific Advisory Panel" (MSAP). Furthermore, your data could be passed on to other members of the EB-ResNet network as well as other bodies that finance funding (external financiers), if you apply for funding that is financed by several bodies. Members of the MSAP are experts from science from all over the world, so that your data may be transferred to countries without adequate data protection. The same applies to data transfers to external financiers. This data transfer is necessary for the examination of your application and any financing of your funding and thus for the fulfillment of our contract with you (Art 49 Paragraph 1 lit b GDPR). More information about this, as well as about current members of the MSAP, can be obtained from us via our contact (point 4 below).
In addition, we transmit your data to our contract processors, who support us with the processing of your application and who are located in Great Britain. In order to secure your rights and to ensure adequate data protection, we have concluded contracts with these processors in accordance with EU standard contractual clauses.
1.4 Google Maps
This website uses Google Maps to display interactive maps. Google Maps is a map service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. When using Google Maps, Google also collects, processes and uses data on the use of the Maps functions by visitors to the website. Further information on data processing by Google can be found in Google's data protection information at https://policies.google.com/privacy?hl=en. There you can also change your settings in the data protection centre so that you can manage and protect your data.
2. Data transfers
As part of the data processing activities described above, we use external service providers or contract data processors for certain activities, to whom we may share your personal data or who may have access to your personal data. We have entered into commissioned data processing contracts with our commissioned data processors under which they are obliged to process your data only in accordance with our instructions. Service providers who are not contract data processors are responsible for their own compliance with data protection laws in respect of your personal data. We have also selected both the data processors and other service providers on the basis of their reliability with regard to data protection.
The service providers and contract data processors we use include
- the technical operator(s) of our website;
- other technical service providers who provide us with tools and plug-ins used, in particular: Symplectic, Digital Science & Research Solutions Ltd (fromer CC Technologies), Google Inc., Google LLC, Facebook Inc. and YouTube LLC
- under certain circumstances, external consultants such as lawyers and tax advisors, if we need to pass on your data to them in the course of providing their services.
3. Your rights
According to the GDPR, you as a data subject have the following rights:
-
to check whether and which personal data we have stored about you and to receive copies of this data;
-
to demand the correction, completion or deletion of your personal data which is incorrect or not processed in accordance with the law;
-
require us to limit the processing of your personal data under certain conditions;
-
object to the processing of your personal data where we process it for direct marketing purposes or on the basis of our legitimate interests;
require data transferability; -
if we process your personal data on the basis of your consent, you may withdraw your consent at any time;
-
lodge a complaint with the Austrian data protection authority (for further information see www.dsb.gv.at).
In order to exercise the above rights, you must contact us in person, by telephone or in writing at the (e-mail) address/telephone number listed below.
4. Contact
You can reach us at the following contact details:
Dr. Rainer Riedl, chairman and data protection officer
DEBRA Austria, Am Heumarkt 27/1, 1030 Vienna
+43 1 876 40 30, rainer.riedl@debra-austria.org
II. COOKIE DECLARATION
So-called "cookies" are used on our website. In this cookie declaration we inform you which cookies are used on our website and how these cookies are used to process your personal data and other information. Further general information about the processing of your personal data on this website, including in particular your rights, can be found in the general part of the data protection declaration.
1. What are cookies?
Cookies are small text files that are stored on your end device with the help of the browser. They do not cause any damage. When using certain cookies, however, information about your device is collected, which may be able to be assigned to you, as well as any other personal information that may be read at a later date. In addition, some cookies remain stored on your device until you delete them. Cookies may originate from us and possibly also from third parties.
2. Your options when using cookies
You can configure the use of cookies in advance through the settings in your browser. In this way you can, for example, generally prohibit the setting of cookies, allow only certain cookies, limit the storage period, etc. You can find more detailed information on this in the help menu of your browser or, for common browsers, under the following links:
Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Chrome: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en
Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Opera: https://help.opera.com/en/latest/security-and-privacy/
You can also specifically prevent certain third-party cookies (see "Third-Party Cookies" below) by using special plug-ins; these are available as follows:
Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=en
Google AdWords: http://optout.networkadvertising.org/?c=1#!
Facebook: http://noscript.net/
You can also give your consent to the use of cookies via our website. You can revoke this consent at any time by deleting the cookies. How this works with your browser, you can read here for the most common browsers:
Internet Exlorer: https://support.microsoft.com/de-at/help/278835/how-to-delete-cookie-files-in-internet-explorer
Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en
Firefox: https://support.mozilla.org/en-US/kb/how-clear-firefox-cache
Opera: https://help.opera.com/en/latest/web-preferences/
If you disable cookies, the functionality of our website may be limited. More details about which cookies we use on which legal basis (your consent or our legitimate interests) can be found below.
3. Processing of personal data through cookies
Cookies on our website are used to process the following information, which may be related to your person and thus represent personal data:
- Your IP address
- Time and duration of the visit
- the website (URL) you are visiting and the website (URL) from which you were redirected by clicking on a link
4. Purposes and types of cookies we use
We use cookies for different purposes. These can generally be divided into three categories:
- Necessary cookies: These are cookies that are necessary for the functioning and security of the website and your safety. These cookies are used on the basis of our legitimate interest in operating our website, as well as on the basis of the exemption provision of § 96 para. 3 sentence 3 of the Austrian Telecommunications Act 2003 for necessary cookies.
- Analysis cookies: These are cookies that enable us to carry out statistical evaluations of how the website is used, e.g. from which page is accessed how often, which devices are used to access which page, the average duration of the visit to the website, etc. We do not process this information in any personal form, but under certain circumstances it can be assigned to you. Therefore the basis for the use of these cookies is your consent.
- Advertising cookies, including third-party cookies: These are cookies that we use to show you advertisements in order to partially fund our website. Most of these cookies are from third parties. The basis for the use of these cookies is your consent. You can find out which third-party cookies are actually used in the section "Third party cookies".
For more detailed information about individual cookies that we use, including the default retention period, please refer to the "Cookies List" section below.
5. Third party cookies
Our website also uses the following third-party cookies for analysis and marketing purposes. The basis for the use of these cookies is your consent.
5.1 Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Analytics uses text files (cookies) which are stored on the user's computer and which enable an analysis of the use of the website by the user. The information thus generated about the use of this website (including the user's IP address) is transferred to a Google server in the USA and stored there. Further information on data use by Google Inc.: https://support.google.com/analytics/answer/6004245?hl-en.Further information about which cookies are used exactly for Google Analytics can be found below in the section "Cookies List" under Analysis Cookies.
5.2 Google AdWords
Our website uses Google AdWords, a programme of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for the placement of advertisements. Google AdWords displays advertisements from websites that participate in the Google advertising network (this consists of Google search and the Google display network). Advertisements are generally linked to specific search terms, so-called "keywords". The tool also works by means of so-called "conversion tracking". Conversion tracking enables us to evaluate user actions after clicking on advertisements. Similar to other Google programmes, Google AdWords also stores cookies on your browser as soon as you click on an ad.
Google uses the information collected in this way to provide us with statistics about visits to our website. In addition, this provides us with information on the number of users who have clicked on our ad(s) as well as on the pages of our website subsequently accessed. However, neither we nor third parties who also use Google AdWords will be able to identify you in this way.
The information about your interactions is transmitted to Google servers in the USA and used exclusively to compile statistics and improve advertising measures. You can find more information about how Google handles your data in the company's privacy policy: https://www.google.com/intl/de/policies/privacy/ . For more information on exactly which cookies are used for Google AdWords, please see the "Cookies list" section below under Advertising cookies.
5.3 Facebook
On our website, so-called social plug-ins (hereinafter "plug-ins") of the social network Facebook, which is operated by Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA, hereinafter Facebook).
The plug-ins are marked with a Facebook logo or the addition "Social Plug-In from Facebook" or "Facebook Social Plug-In". When you access the website, a direct connection is established to the Facebook servers in the USA and certain information (including your IP address) is transmitted. This process takes place regardless of whether you have an account on Facebook or are logged in or not. If you have a Facebook account and you are logged in at the time you access our website, the server can immediately assign the information accessed to your account. To prevent this, please log out from your account before visiting our website. For more information on how Facebook handles your data, please refer to the relevant privacy policy http://www.facebook.com/policy.php. For more information about exactly which cookies are used by Facebook, please refer to the section "Cookies List" below under Advertising Cookies.
Facebook pixel: With the help of the Facebook pixel, Facebook can determine the visitors of our online offer as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads we have placed only to those users on Facebook and within the services of the partners cooperating with Facebook (“Audience Network” www.facebook.com/audiencenetwork/) who have also shown an interest in our online offer or who have specific characteristics (e.g. interest in particular topics or products that can be seen from the websites visited) that we transmit to Facebook ("Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interests of users and are not annoying. Furthermore, with the help of the Facebook pixel, we can understand the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad ("conversion measurement").
5.3.1. Facebook fan page
In this section we inform you about the type, scope and purpose of the processing of personal data of all visitors to our Facebook fan page https://www.facebook.com/schmetterlingskinder/ (hereinafter referred to as “fan page”).
The purpose of the fan page is to provide information about our projects as well as information about us and our activities, and to gain new interested parties and supporters. Facebook users can also contact us via the fan page.
To operate this Fanpage, we have entered into a shared responsibility agreement with Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) - hereinafter referred to as "Facebook" - pursuant to Article 26 of the General Data Protection Regulation (GDPR).
This means that, in principle, we are jointly responsible with Facebook for the data processing within the framework of the fan page. The exact division of responsibilities can be read here https://www.facebook.com/legal/terms/page_controller_addendum , but Facebook is primarily responsible for the processing. Facebook's privacy policy and additional information can be found at the following locations https://www.facebook.com/privacy/explanation and https://www.facebook.com/policy.php.
To exercise your rights under the GDPR against Facebook, you can contact Facebook's Data Protection Officer at https://www.facebook.com/help/contact/540977946302970 and adjust your Facebook profile. Here are the instructions for doing so: https://www.facebook.com/help/568137493302217
In our communication and depending on the individual privacy setting, we can see via Facebook who has liked our posts, who has subscribed to our messages and who has left a comment on our Facebook fan page. The legal basis for this is our legitimate interest according to Art. 6 para. 1 lit. f GDPR: The Facebook Fanpage is, as a globally relevant platform, essential for us in our public relations work to get in touch with interested parties, to provide information about us, and to attract new supporters and interested parties. An objection to this data processing is possible at any time through appropriate privacy settings.
Facebook also provides statistical data about the visitors to our fan page via the "Insights" function. This data helps us to evaluate our presence on the fan page and to respond more specifically to the needs of our fan page visitors. However, we only receive anonymized data from Facebook (without personal reference) and can analyze it by setting filters. The "Insights" function cannot be turned off, we could only act on this processing by setting filters. Unlike our processing, Facebook processes personal data and uses it for market research and marketing purposes. Facebook can display ads tailored precisely to the individual user profile. Information on this can be found at https://www.facebook.com/iq/tools-resources/audience-insights.
Again, the legal basis for our use of the "Insights" function is our legitimate interest according to Art. 6 para. 1lit. f GDPR: The function enables us to address our fanpage visitors in a more targeted manner to advertise the effort of our outreach and thus communicate with less wastage. We can also improve our fan page presence with this analysis option. An objection to this data processing is possible with Facebook.
Calling up Facebook or using a corresponding account leads to a data transfer to the USA. The use of Facebook is inextricably linked to this data transfer, which we cannot influence. This is why a corresponding use also constitutes express consent pursuant to Article 49 para 1 lit a GDPR to this data transfer. According to current EU law, there is no adequacy decision and no guarantees for this data transfer. Therefore, it comes with risks: U.S. security laws grant competent authorities broad powers to access personal data, and European citizens cannot obtain sufficient legal protection and control over their personal data in U.S. courts. Please consider this risk when using Facebook.
5.3.2 Facebook Ads
We run ads through Facebook to draw attention to our work. This allows us to design the ad and determine, based on predefined characteristics (for example, age groups, geographic specifications, demographic characteristics), for which target group an ad is placed and through which META Group channel (Instagram, Messenger, WhatsApp, Facebook) or Audience Network (websites with a contract with Facebook) it is delivered. The design of the target group is anonymized.
With the advertisements, our stakeholders have the opportunity to register with their name, e-mail address and phone number, in case they want to learn more about our activities. We also process this data electronically and by telephone for fundraising purposes (donation communication). Facebook processes this data in accordance with its data policy (https://www.facebook.com/policy.php ). This includes the pre-filling of instant forms that users complete.
After our interested parties have filled out the ad, Facebook forwards their data to us. Facebook supplements this with information about our campaign: the campaign name, the identification of the form used, the platform on which the ad was placed, the name of the ad, the identification of the ad, and the date and time when the data was submitted were transmitted.
In the course of placing the ads, Facebook and we act as joint controllers within the meaning of Art. 26 GPDR. We have concluded a corresponding agreement. The relevant contents can be read at https://www.facebook.com/legal/controller_addendum. All information is pursuant to Article 13 para. 1 lit. a) and b) GDPR about Facebook's data processing activities can be found at www.facebook.com/about/privacy[RJ1] . With the help of these links, all information can also be found on how those affected can exercise their rights against Facebook.
Please note the data policy and the data protection declaration of Facebook as well as our information on the Facebook fan page.
The legal basis for processing the data is the consent of the Facebook users in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke this at any time and have your data deleted by us. Please note that your revocation does not affect the legality of the processing carried out based on the consent up to the time of revocation.
5.4 YouTube
Videos from the YouTube service are embedded on our website. These videos are provided by YouTube LLC (901 Cherry Ave., San Bruno, CA 94066, USA) and are stored on www.YouTube.com and can be played directly from our website. They are all embedded in "enhanced privacy mode", which means that no information about you as a user will be transferred to YouTube if you do not play the videos. Only when you play the videos will the data mentioned below be transmitted. We have no influence on this data transfer.
When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website, as well as your system data (IP address, page visited on our domain, date and time of the server request, browser type and version, operating system used, the reference -Address and host name of the accessing computer.)
This happens regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not want your profile to be associated with YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation is carried out in particular (even for users who are not logged in) for the purpose of providing advertising tailored to your needs and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact YouTube in order to exercise this right.
Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy. For more information about exactly which cookies are used by YouTube, please refer to the section "Cookie List" below under Advertising Cookies.
6. Cookie list
6.1 Necessary cookies
Designation | Purpose and description | Duration of storage |
• CookieConsent • cookiesAccepted | These cookies store the user's decision to consent or not to use the other cookies and are also used to determine the display of the cookie pop-up. | 1 year |
• XSRF-TOKEN • sicherhelfen_session | These are security cookies that are used to prevent attacks on our website through the transmission of unauthorised commands by a mala fide third party via a bona fide user (cross-site request forgery). These cookies are necessary for the security of the website as well as for your safety. | 1 day |
PHPSESSID | This cookie is used to manage the PHP session. It allocates the user's actions on the website to the correct package of information and executes the respective services appropriately. | Duration of the visit |
6.2 Analysis Cookies
Designation | Purpose and description | Duration of storage |
• _ga • _gat • _gid | These are "Google Analytics" cookies, which are used to collect statistical data on the use of the website, to differentiate between users and reduce the frequency of access. For more details about Google Analytics, please see the "Google Analytics" section under "Third Party Cookies" above. | • 2 years • 1 day • 1 day |
collect | This cookie is used by Google for Google Analytics to transmit data about the user's device and use of the website to Google, and to track the user through various devices and marketing channels. For more details about Google Analytics, please see the "Google Analytics" section under "Third Party Cookies" above. | Duration of the visit |
_dc_gtm_UA-28477870-1 | This cookie is used by Google to control the loading of the Google Analytics script tag and is placed when Google Analytics cookies are included via the Google Tag Manager. | 1 day |
6.3 Advertising cookies
Designation | Purpose and Description | Duration of storage |
• _fbp • fr • tr | These cookies are used by Facebook to display advertising from third-party advertisers (such as real time bidding) or other advertising products. | • 3 months • 3 months • Duration of the visit |
ads/ga-audiences | This cookie is used by Google AdWords to address users who may become customers based on their behaviour on the Internet. For more details about Google AdWords, see the "Google Analytics" section under "Third party cookies" above. | Duration of the visit |
GPS | This cookie is used by YouTube to assign a specific ID number to a device to enable geographical tracking using GPS. | 1 day |
IDE | This cookie is used by Google DoubleClick to record the actions of the user after viewing (clicking) an advertisement in order to measure the effectiveness of an advertisement. | 1 year |
test_cookie | This cookie is used to check whether the user's browser allows cookies. | 1 day |
VISITOR_INFO1_LIVE | This cookie is used by YouTube to estimate the bandwidth available to the user on pages with integrated YouTube videos. | 179 days |
YSC | This cookie is used by YouTube to assign a specific ID number to the user in order to statistically record which YouTube videos the user has already viewed. | Duration of the visit |
• yt-remote-cast-installed
• yt-remote-connected-devices • yt-remote-device-id • yt-remote-fast-check-period • yt-remote-session-app
• yt-remote-session-name • yt.innertube::requests • yt.innertube::nextId | These cookies are used by YouTube to store a user's preferred settings when using embedded YouTube videos. | • Duration of the visit • permanent
• permanent • Duration of the visit • Duration of the visit • Duration of the visit • Duration of the visit • Duration of the visit |