Privacy Policy of the University of Vienna's u:rise Platform for Professional & Career Development

This privacy policy describes the collection, processing and protection of your personal data in the context of the use of the u:rise platform for Professional & Career Development of the University of Vienna. We take the protection of your privacy and the security of your data seriously.

§ 1 Controllers and Scope of Application

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection laws is:

Universität Wien
Universitätsring 1
1010 Wien
E-Mail: dsba@univie.ac.at
Website: univie.ac.at

 

§ 2 Data Protection Officer and Contact Person

The external data protection officers of the controller are:

Dr. Daniel Stanonik LL.M. and Dr. Karsten Kinast LL.M., in alternate representation.

Insofar as the rights of data subjects within the meaning of § 13 of this data protection declaration (e.g. right to information, right to erasure, etc.) are asserted, these requests or requests must be sent without exception to dsba@univie.ac.at or by post to

University of Wien

FAO Data Protection Officer of the University of Vienna

Universitätsring 1
1010 Wien

§ 3 What is personal data?

Personal data is individual information about the personal or factual circumstances of an identified or identifiable natural person (data subject). This includes, for example, information such as your name, address, telephone number, date of birth or email address. Information for which we cannot (or only with disproportionate effort) establish a connection to your person, e.g. anonymised information, is not personal data.

 

§ 4 Individual Processing Operations

A)      Setup and operation of the website and the u:rise platform

When the website is accessed, technical data is automatically collected. This data is used to ensure the functionality and security of the website, to correct errors and to create statistical evaluations of the use of the platform. With the help of this information, we can operate the website in the best possible way and detect and remedy possible attacks or technical problems at an early stage.

The personal data processed for this purpose includes:

Reference data:

• First name (givenName)
• Last name (surname)
• Display name (displayName)
• E-mail (mail)
• Identification (eduPersonPrincipalName)
• Affiliation (eduPersonScopedAffiliation)
• Activity (e.g. University assistants, employees, ...)
• Organizational unit/organizational unit number
• Academic degree(s): Title prefixed/postfixed
• Doctoral student (yes/yes, co-registrar/no)
• SPL of the doctoral studies
• DocSchool Affiliation
• PostDoc (yes/no)

Transaction:

• Attendance detection
• Issuance of certificates of participation
• Invoicing
• Event booking
• Moodle course interaction

Log data:

• Date and time of access
• Last name, first name
• Event context (e.g. course or core system)
• Component (e.g. activity, work material, etc.)
• Technical event name
• Technical event name description
• Origin (Web or cli)
• IP address of the requesting computer
• Recent changes to booking options

Legal basis

The legitimate interest pursuant to Art. 6 (1) (f) GDPR serves as the legal basis for the aforementioned data processing. The processing of the aforementioned data is necessary for the provision of a website and thus serves to safeguard a legitimate interest of our company.

Storage period

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Your personal data will be deleted as soon as it is no longer necessary for the above-mentioned purpose. If your personal data is stored in log files, it will be deleted after one (1) year. Further storage may take place in individual cases if this is required by law.

B)      Registration and participation in events

Personal data is processed for registration and participation in events. This data is required for confirming your registration, sending you relevant information about the event and coordinating your participation. This also includes contacting the event organizers if necessary.

For this purpose, the following personal data will be processed:

·         Your master data

·         the chosen event

·         as well as registration details (e.g. confirmation of participation, communication from the organizers)

Legal basis

The processing is carried out for the performance of a contract in accordance with Art. 6 (1) (b) GDPR, as registration and participation are essential components of the use of the platform.

Storage period

Your data will be stored for 7 years after the end of the semester in which the respective course took place. The billing-relevant data is stored for up to 7 years in accordance with the legal requirements.

C)     My bookings 

In the "My bookings" field, you will get an overview of your booked events. In order to enable you to conveniently manage your bookings and provide you with a personalized user experience, your login details and participation information will be stored. This allows you to quickly and easily view past and future events.

Legal basis

The data processing is carried out for the performance of a contract in accordance with Art. 6 (1) (b) GDPR.

Storage period

Your data will be stored for 7 years after the end of the semester in which the respective course took place. The data will be stored for as long as the user account is active.

D)     Profile

On u:rise, you have the option of entering optional information such as a profile picture, interests, telephone number and other contact details in addition to the master data. You decide for yourself which information you want to make visible to other users. If you register for a guest account yourself, you must provide your last name, first name, user name, password and email address.

Legal basis

The processing is based on your consent in accordance with Art. 6 (1) (a) GDPR.

Storage period

The data will be stored for as long as the user account is active (at the latest after 7 years of inactivity).

E)      Hyperlinks

The platform may contain hyperlinks to websites of the University of Vienna or websites of external providers/third parties. If these hyperlinks are activated, you will be redirected directly. You can recognize this, among other things, by changing the URL. If you click on these links, no further personal data will be processed by the platform. These links are only intended to provide additional information or resources that may be of interest to your use of the platform. You can find more information about the handling of your personal data on other websites in their respective privacy statements. We are not responsible for the confidential handling of your data on the websites of external providers/third parties, as we have no influence on whether these companies comply with data protection regulations. Please refer directly to these websites for information on how these companies process your personal data.

Legal basis

The data processing is carried out on the basis of a legitimate interest in accordance with Art. 6 (1) (f) GDPR, as the links help to facilitate navigation on the platform.

Storage period

Data is not stored.

F)      Cookies

We use cookies to improve the usability and functionality of the platform. Cookies are small files that are sent by us to the browser of your device during your visit to our platform and stored there. Some functions of our platform cannot be offered without the use of technically necessary cookies. These cookies store, among other things, your language selection, user preferences, session cookies and JavaScript cookies. This ensures that the platform is optimally tailored to your needs and that technical functions run smoothly.

In addition to the technically necessary cookies, Matomo cookies are used for statistical analysis of the platform. Matomo is an open-source software for the statistical analysis of visitor traffic and is offered by InnoCraft Limited, a company registered in New Zealand with its registered office at 7 Waterloo Quay, PO625, 6140 Wellington, New Zealand.

Matomo uses cookies, which generate information about the usage of the website and are stored on the web server. The implementation of cookies can be prevented by configuring the browser accordingly. However, we would like to point out that in this case it may not be possible to use all functions of this website to their full extent.

After completion of the processing and before storage, the IP address is anonymized. However, it should be noted that despite the complete activation of the anonymization function, complete anonymization is not achieved, but only pseudonymization takes place. Matomo generates an internal hash value during use, which is determined from various factors such as the IP address, the resolution, the browser, the plugins used and the operating system. Even when the anonymization function is activated, Matomo uses the full IP address for internal purposes, so that it is possible to calculate the values back to the IP address with some effort. In this way, the remaining information can be derived with a high degree of reliability. 

Legal basis

The legal basis for the processing of so-called technically necessary cookies is our legitimate interest in the processing of personal data, in accordance with Art. 6 (1) (f) GDPR. With the help of cookies, we can, among other things, make our platform more user-friendly and effective for you, for example by tracking your use of our platform and determining your preferred settings.

The legal basis for the use of Matomo is your consent in accordance with Art. 6 (1) (a) GDPR.

Storage period

Depending on the type of cookie, the storage period varies. Session cookies are stored until the browser is closed or expire after 8 hours.

G)     System Notifications

To notify you of important information such as booking confirmations, availability of recordings, or upcoming events, we will send you system notifications. These notifications ensure that you are always up to date and don't miss any important information. You can specify the reasons for which you should be notified and whether the notification should be made on the platform or via email.

Legal basis

The processing is based on your consent in accordance with Art. 6 (1) (a) GDPR.

Storage period

The data will be stored for as long as your account is active, or for a longer period of time if there are legal retention periods.

§5 Data Disclosure

Your personal data will only be passed on within the University of Vienna or to third parties if this is necessary for the performance of a contract, for compliance with legal obligations or on the basis of your consent.

The personal data of the users is stored and processed almost exclusively within u:rise. It will only be passed on to third parties for individual selected courses for the purpose of authentication for the currently entering systems/services of the University of Vienna (e.g. Zoom, u:stream).

Furthermore, we work together with Wunderbyte GmbH, Bruno-Marek-Allee 5 / 11 Z3, 1020 Vienna, for the provision of certain services. As part of this cooperation, Wunderbyte GmbH may gain access to personal data. Wunderbyte GmbH processes the data on the basis of the instructions of the controller and uses technical and organizational measures to ensure the protection of the data of the data subjects. Further information can be found in the privacy policy of Wunderbyte GmbH: https://wunderbyte.at/datenschutzerklaerung/  

§ 6 Security measures to protect the data stored by us

We are committed to protecting your privacy and keeping your personal information confidential. In order to prevent manipulation, loss or misuse of your data stored by us, we take extensive technical and organisational security precautions, which are regularly reviewed and adapted to technological progress. This includes, among other things, the use of recognized encryption methods (TLS). However, due to the nature of the Internet, it is possible that other persons or entities outside of our control may not adhere to the privacy policies and security measures described above. In particular, unencrypted data – e.g. if this is done by e-mail – can be read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data provided by him/her from misuse by encryption or in any other way.

§ 7 Right to object

When processing your personal data on the basis of legitimate interests in accordance with Article 6 (1) (f) GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, insofar as there are reasons for this that arise from your particular situation or the objection is directed against direct marketing. In the case of direct marketing, you have a general right to object, which is implemented by us without the need to specify a particular situation. Please contact dsba@univie.ac.at if processing does not require a different or additional email address.

§ 8 Your rights as a data subject

The GDPR grants you the following rights as a data subject of personal data processing:

• In accordance with Article 15 of the GDPR, you can request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data, if it has not been collected by us, via a transfer to third countries or to international organisations, as well as the existence of automated decision-making, including profiling, and, where appropriate, meaningful information on its details.
• In accordance with Article 16 of the GDPR, you can immediately request the rectification of incorrect personal data or the completion of your personal data stored by us. As a student, you are obliged to notify any university at which you are admitted to study immediately of any changes of name and address in accordance with Section 59 (2) of the Universities Act. You can comply with this obligation in u:space.
• In accordance with Article 17 of the GDPR, you can request the erasure of your personal data stored by us, provided that the processing is not necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.
• In accordance with Article 18 of the GDPR, you can request the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, we no longer need the data and you reject its deletion because you need it to assert, exercise or defend legal claims. You are also entitled to the right under Article 18 of the GDPR if you have objected to the processing in accordance with Article 21 of the GDPR.
• In accordance with Article 20 of the GDPR, you can request to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or you can request that it be transmitted to another controller.
• In accordance with Article 7 (3) GDPR, you can withdraw your consent at any time. As a result, we may no longer continue the data processing based on this consent for the future.
• In accordance with Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters. In Austria, the supervisory authority is the Data Protection Authority, Barichgasse 40–42, 1030 Vienna, telephone: +43-1-52152-0, e-mail: dsb@dsb.gv.at, website: dsb.gv.at

§9 Update of the Privacy Policy

We reserve the right to amend this Privacy Policy. Please check this page regularly to stay informed of any changes.