UNIVERSITY
Privacy policy
The University of Klagenfurt is pleased to welcome you to our website. Data protection and data security when using our website are very important to us. We would therefore like to provide you with information about which of your personal data we collect when you visit our website and the purposes for which this data is used.
Since changes to legislation or our internal company processes may require amendments to this privacy policy, please read through this privacy policy on a regular basis. The data privacy policy can be accessed, saved and printed out at any time under “Privacy policy”.
Section 1: Controller and scope of application
The controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of Member States, as well as other data protection provisions, is:
University of Klagenfurt
Universitätsstraße 65–67
9020 Klagenfurt am Wörthersee
Austria
Email: uni [at] aau [dot] at Website: www.aau.at This privacy policy applies to the website of the University of Klagenfurt, which can be accessed at aau.at (hereinafter referred to as “our website” or “website”).
Section 2: Data protection officer
The controller’s data protection officer is:
Assoc. Prof. DI Dr Peter Schartner
Universitätsstraße 65–67
9020 Klagenfurt am Wörthersee
Austria
To assert the rights of data subjects as defined in Section 11 of this privacy policy (e.g. right to information, right to erasure), please send any requests to dsb [at] aau [dot] at or by post to:
University of Klagenfurt
z. H. Datenschutzbeauftrager
Universitätsstraße 65–67
9020 Klagenfurt am Wörthersee
Austria
Section 3: Principles of data processing
Personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, your age, your address, your telephone number, your date of birth, your email address, your IP address and user behaviour. Information that cannot be connected to you personally (or would require disproportionate effort to do so), e.g. on account of the anonymisation of the information, is not defined as personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transmission of said data) always requires a legal basis or your consent.
Processed personal data is deleted as soon as the purpose of processing has been achieved and there are no longer any statutory retention obligations that must be observed.
Where we process your personal data in order to provide certain offers, we have provided information on the specific operations, scope and purpose of the data processing, the legal basis and the applicable storage duration in the following.
Section 4: Provision and use of the website
- Nature and scope of data processingWhen you visit and use our website, we collect the personal data that your browser automatically sends to our server. This information is stored temporarily in a log file. When you use our website, we collect the following data, which we require for technical reasons in order to deliver our website to you and to ensure stability and security:
- IP address of the accessing computer
- date and time of access
- name and URL of file accessed
- data volume transferred
- notification of whether retrieval was successful
- identification data of the accessing browser and the operating system
- website from which our website was accessed.
- Legal basisArt. 6 (1) (f) GDPR serves as the legal basis for the specified data processing. The processing of the specified data is required in order to provide a website and is thus in the legitimate interests of our company.
- Storage durationAs soon as the specified data is no longer required to deliver the website, it is deleted. The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, the user has no opt-out option. The data may be stored for longer than this period in individual cases if required by law.
Section 5: Newsletter
General
- Nature and scope of data processing
On our website, there is the option of subscribing to a free newsletter. In order to regularly send you the newsletter, we require the following information from you:- email address
- IP address of the accessing computer
- date and time of access
- name and URL of file accessed
- data volume transferred
- notification of whether retrieval was successful
- identification data of the accessing browser and the operating system
- website from which our website was accessed.
Your data is not passed on to third parties in connection with the sending of the newsletter.
The Public Relations Office sends the newsletters via the mail service provider Rapidmail GmbH
Augustinerplatz 2, 79098 Freiburg i. Br., Germany. The data protection provisions of the mail service provider are available here: www.rapidmail.de/datenschutzbestimmungen. The mail service provider is used on the basis of our legitimate interests in accordance with Art. 6(1)(f) GDPR and a contract on commissioned processing in accordance with Art. 28(3)(1) GDPR. The mail service provider may use recipients’ data in pseudonymised form, i.e. without any assignment to a user, in order to optimise or improve its own services, e.g. for technical optimisation of the dispatch process and the appearance of the newsletter, and for statistical purposes. However, the mail service provider does not use the data of our newsletter recipients to contact them itself or to pass the data on to third parties.We use the double opt-in procedure for the sending of newsletters, which means that we will only send you the newsletter if you have already confirmed your subscription by clicking on the link contained in a confirmation email sent to you for this purpose. We follow this procedure to ensure that only you, as the owner of the specified email address, are able to subscribe yourself to the newsletter. You must complete the confirmation process promptly after receiving the confirmation email as otherwise your newsletter subscription will be deleted from our database automatically.
- Legal basis
The processing of your email address for the purpose of sending the newsletter is based on your voluntary declaration of consent pursuant to Art. 6(1)(a) GDPR. - Storage duration
Your email address is stored for the duration of your subscription to the newsletter. If you unsubscribe from the newsletter, we will delete your email address. The data may be stored for longer than this period in individual cases if required by law.
Research newsletter and job newsletter
- Nature and scope of data processing
You can subscribe to free newsletters on our website. In order to be able to send you regular newsletters, we need to process the following details about you:- e-mail address
- IP address of the accessing computer
- date and time of access
- name and URL of file accessed
- data volume transferred
- notification of whether retrieval was successful
- identification data of the accessing browser and the operating system
- website from which our website was accessed.
The Public Relations Office/Uni Services sends the newsletters via the mail service provider Rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i. Br., Germany. The data protection provisions of the mail service provider are available here: www.rapidmail.de/datenschutz. The mail service provider is used on the basis of our legitimate interests in accordance with Art. 6(1)f GDPR and a contract on commissioned processing in accordance with Art. 28(3)(1) GDPR. The mail service provider may use recipients’ data in pseudonymised form, i.e. without any assignment to a user, in order to optimise or improve its own services, e.g. for technical optimisation of the dispatch process and the appearance of the newsletter, and for statistical purposes. However, the mail service provider does not use the data of our newsletter recipients to contact them itself or to pass the data on to third parties.
We use the so-called double opt-in procedure for the sending of newsletters, which means that we will only send you a newsletter if you have already confirmed your subscription by clicking on the link contained in a confirmation e-mail sent to you for this purpose. We follow this procedure to ensure that only you, as the owner of the specified e-mail address, are able to subscribe yourself to newsletters. You must complete the confirmation process promptly after receiving the confirmation e-mail as otherwise your newsletter subscription will be deleted from our database automatically.
- Legal basis
The processing of your e-mail address for the purpose of sending newsletters is based on your voluntary declaration of consent pursuant to Art. 6(1)a GDPR. - Storage duration
Your e-mail address is stored for the duration of your subscription to the newsletter. If you unsubscribe from the newsletter, we will delete your e-mail address. The data may be stored for longer than this period in individual cases if required by law.
Alumni Newsletter
- Nature and scope of data processing
According to the Austrian Universities Act (UG), universities are obliged to maintain contact with graduates (Section 3(10) UG) and to provide continuing education for graduates (Section 3(5) UG) as well as to develop the sciences, research and teaching (Section 3(1) UG) – see Section 7 below. Among other measures, contact with graduates is maintained by sending out information in the form of the Alumni Newsletter.In order to be able to distribute the Alumni Newsletter we use data from the student database on the basis of the Universities Act 2002. We also process the following data from you:- e-mail address
- IP address of the accessing computer
- date and time of access
- name and URL of file accessed
- data volume transferred
- notification of whether retrieval was successful
- identification data of the accessing browser and the operating system
- website from which our website was accessed.
The Public Relations Office/Uni Services sends the newsletter via the mail service provider Rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i. Br., Germany. The data protection provisions of the mail service provider are available here: www.rapidmail.de/datenschutz. The mail service provider is used on the basis of our legitimate interests in accordance with Art. 6(1)f GDPR and a contract on commissioned processing in accordance with Art. 28(3)(1) GDPR. The mail service provider may use recipients’ data in pseudonymised form, i.e. without any assignment to a user, in order to optimise or improve its own services, e.g. for technical optimisation of the dispatch process and the appearance of the newsletter, and for statistical purposes. However, the mail service provider does not use the data of our newsletter recipients to contact them itself or to pass the data on to third parties.
- Legal basis
On the one hand, the data is processed to fulfil the duties assigned to the University of Klagenfurt and thus to fulfil legal obligations in accordance with Art. 6(1)c GDPR in conjunction with Art. 3 of the Austrian Universities Act. On the other hand, the processing of the data is based on the existing compelling legitimate and public interest (Art. 6(1)e and f GDPR) of the university in its public relations work and in the presentation of university activities to the public. - Storage duration
Student data is stored in compliance with legal regulations, including the Universities Act 2002, the Education Documentation Act and the University Student Records Ordinance 2004. Graduates have the option to unsubscribe from the Alumni Newsletter at any time. After unsubscribing, your e-mail address will be deleted from the Alumni Newsletter recipient list and you will no longer receive any mailings.
Section 6: Contact form
- Nature and scope of data processingOn our website, we provide you with the option of contacting us via a form. If you use the contact form, the following personal data concerning you will be processed via this form:
- email address
- name (given name(s), last name)
- message
- academic title.
Other personal data such as your current address and telephone number will only be processed if it is provided voluntarily.
Your email address is required in order to allocate your enquiry and respond to you. Your personal data is not passed on to third parties when you use the contact form.
- Legal basisThe data processing described above for the purposes of making contact is carried out on the basis of your voluntary declaration of consent pursuant to Art. 6 (1) (a) GDPR.
- Storage durationAs soon as your enquiry has been processed and the relevant matter fully resolved, your personal data that was processed via the contact form will be deleted. The data may be stored for longer than this period in individual cases if required by law.
Section 7: Alumni Services
- Nature and scope of data processing
According to the Austrian Universities Act (UG), universities are obliged to maintain contact with graduates (Section 3(10) UG) and to provide continuing education for graduates (Section 3(5) UG) as well as to develop the sciences, research and teaching (Section 3(1) UG).The University of Klagenfurt performs these tasks within its organisational structure (departments, university centres, etc.) and in particular via the central public relations and communication unit (Uni Services). The “Alumni Network” of the University of Klagenfurt, which is managed by Uni Services, is a platform providing worldwide and long-term contact and personal and professional support and networking for students, alumni and the university public.Contacts with graduates are maintained through various activities, such as organising events, sending out information (e.g. Alumni Newsletter, see Art. 5 above), alumni surveys, making the fulfilment of these tasks visible through public relations work, etc.The following categories of data taken from the student database are processed in connection with alumni services:
- Personal data: First name, surname, title, date of birth, matriculation number
- Contact data: Home address, postal address, telephone, e-mail addresses
- Study data: field of study, information on the degree programme, graduation date, admission date, status
- Other data: Communication content data, event data
- Legal basis
In the context of alumni services, data processing is carried out in order to fulfil the duties assigned to the University of Klagenfurt (in particular, maintaining contact with graduates [Section 3(10) UG], providing continuing education for graduates [Section 3(5) UG] and informing the public about the fulfilment of the universities’ duties [Section 3(11) UG]) and the ongoing development of the sciences (Section 3(1) UG).According to Art. 6(1)c GDPR, this corresponds to the fulfilment of legal obligations, and there is also a compelling legitimate and public interest (Art. 6(1)e and f GDPR) of the university in its public relations work and the presentation of university activities to the public.
- Storage duration Student data is stored in compliance with legal regulations, including the Universities Act 2002, the Education Documentation Act and the University Student Records Ordinance 2004. In order to guarantee the proper allocation of matriculation numbers, personal data must be stored for up to 99 years; examination data must be stored for at least 80 years in accordance with Art. 53 UG.
Section 8: Surveys - Quality assurance and evaluation in the area of study programmes, teaching and continuing education
- Type and scope of data processing
The data from the student and graduate surveys as well as the feedback surveys of participants and lecturers in university courses are processed for the purpose of quality assurance and the further development of the courses offered at the University of Klagenfurt. The surveys provide us with important management-relevant information about the study situation from the perspective of students, teachers and graduates over the entire student lifecycle as a basis for the further development of study quality at the University of Klagenfurt. Responses to the questionnaires are anonymous and voluntary.
Data categories: We use the e-mail address you provide to send the survey. As part of the surveys we ask about study data, student data, information on the start of studies, socio-demographic data, study programme decision, activities before the start of studies, admission requirements, planned course of studies, planned study-related stays abroad, plans after studies, workload while studying, career planning, study satisfaction, orientation during studies, attitudes towards studies, self-assessment during studies, course of further studies, satisfaction with (technical) infrastructure, job search, professional situation, extent and duration of professional activity, job title, professional experience, any suggestions for improvement, general comments, financial situation, information on Bachelor’s/Master’s thesis, information on doctoral studies and supervision, special knowledge and qualifications. - Legal basis
The legal basis for the processing is the fulfilment of legal obligations pursuant to Art 6 para 1 lit c GDPR and the performance of a duty in the public interest pursuant to Art 6 para 1 lit e GDPR (including § 14 UG; § 141 UG; § 2 UniFinV; §§ 18ff Higher Education Quality Assurance Act; Education Documentation Act; Statutes AAU Part B, C). - Storage period
As soon as the surveys are completed and the evaluations have been completed, the processed personal data (e-mail addresses) will be deleted from the lists of survey recipients.
Section 9: Disclosure of data
We will only pass on your personal data to third parties if:
- you have given your express consent for us to do so in accordance with Art. 6 (1) (1) (a) GDPR
- this is permitted by law and required in accordance with Art. 6 (1) (1) (b) GDPR in order to carry out a contractual relationship with you
- there is a legal obligation to do so in accordance with Art. 6 (1) (1) (c) GDPR
- the disclosure is necessary in accordance with Art. 6 (1) (1) (f) GDPR for the purposes of legitimate company interests, or to establish, exercise or defend legal claims, and there is no reason to believe that you have an overriding legitimate interest in your data not being disclosed.
Section 10: Use of cookies
Our website uses cookies. These are small text files that are stored on your end device through your browser. They do not cause any harm. We use cookies to make our website user-friendly. Some cookies remain stored on your end device until you delete them. They enable us to recognise your browser the next time that you visit our website. If you do not want this, you can configure your browser so that it informs you about the setting of cookies and you only allow cookies to be set in specific cases. If you disable cookies, the functionality of our website may be limited.
Section 11: Tracking and analysis tools
We use tracking and analysis tools to ensure that our website is optimised on an ongoing basis and that its design meets requirements. Tracking measures also enable us to record statistics regarding the use of our website by visitors and to develop our website further on the basis of these findings. Based on these interests, the use of the tracking and analysis tools described below is justified in accordance with Art. 6 (1) (1) (f) GDPR. The following descriptions of tracking and analysis tools also provide information on the relevant processing purposes and the data processed.
Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountainview, CA 94043 USA (‘Google’). Google Analytics uses ‘cookies’, text files which are saved on your computer and enable analysis of your use of the website.
The information generated by these cookies, such as the time, place and frequency that you visit the website is as a rule transferred to and stored on a Google server in the USA. With the use of Google Analytics, there is a possibility that personal data other than your IP address may be collected by the cookies set by Google Analytics. It should be noted that Google may transfer this information to a third party, provided that this is prescribed by law or the third party is processing this data on Google’s behalf.
The information generated by cookies will be used by Google, on behalf of the operator of this website, in order to evaluate your use of the website, to compile reports about website activities and to provide reports about the website and internet usage services to the website operator. According to Google, it will not merge the IP address provided by your browser in relation to Google Analytics with any other data it holds about you.
You can prevent the storage of cookies in general through the relevant settings in your browser software. However, if you do this then you may not be able to use all the functions of this website to their fullest extent.
There is a possibility that personal data other than your IP address may be collected by the cookies set by Google Analytics. In order to prevent the information about your use of the website from being collected by and transferred to Google Analytics, you can use the following link to download and install a plugin for your browser: https://tools.google.com/dlpage/gaoptout?hl=en.
This plugin prevents the information about your visit to the website from being passed on to Google Analytics. This plugin does not prevent any other analysis.
Please note that the browser plugin described above cannot be used when visiting our website via a browser on a mobile device (smartphone or tablet). When using a mobile device, you can prevent Google Analytics from collecting your user data by clicking on the following link: Disable the collection of data by Google Analytics for this website
By clicking on this link, an ‘opt-out cookie’ will be set to your browser. This prevents the information about your visit to the website from being transferred to Google Analytics. Please note that the opt-out cookie is only valid for this browser and this domain. When you delete the cookies from this browser, the opt-out cookie will also be deleted. In order to continue to prevent Google Analytics from collecting your data, you must click on the link again. It is also possible to use the opt-out cookie as an alternative to the above-mentioned plugin when using the browser on your computer.
In order to ensure the best possible protection of your personal data, Google Analytics has been enhanced with the ‘anonymizeIP’ code on this website. This code deletes the last eight bits of your IP address, thereby ensuring that your IP address is anonymised before it is collected (IP masking). Before your IP address is transferred within the member countries of the European Union or in other contracting parties of the Agreement on the European Economic Area, it will be truncated and thereby anonymised by Google. Only in exceptional cases is the full IP address transferred to a Google server in the USA and subsequently truncated there.
Section 12: Online presence in social media and integration of social plugins
We maintain an online presence within social networks and platforms in order to communicate with the customers, interested parties and users who are active in these networks and platforms and to provide these parties with information about our services there. When accessing the relevant networks and platforms, the terms and conditions and data processing guidelines of the operators of these networks and platforms apply.
Unless specified otherwise in our privacy policy, we process user data if the users concerned communicate with us within the social networks or platforms, e.g. adding a post on our online presence or sending us messages.
Integration of third-party services and content
Within our website, on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and cost-effective operation of our website within the meaning of Art. 6 (1) (f) GDPR), we use content and service offers of third parties in order to integrate their content and services, such as videos or fonts (hereinafter collectively referred to as “content”).
This always requires that the third-party providers of this content are able to access users’ IP addresses because otherwise they cannot send the content to users’ browsers. The IP address is therefore required in order to display this content. We endeavour to only use content where the providers of the content concerned use the IP address solely for the purposes of delivering the content. Third-party providers may also use pixel tags (hidden graphics, also known as web beacons) for statistical or marketing purposes. Information such as visitor traffic on the pages of this website can be analysed using the pixel tags. The pseudonymous information may also be stored in cookies on the user’s device and may contain information such as technical information on the browser and operating system, referring websites, time of visit and other information on the use of our website. The pseudonymous information may also be combined with such information from other sources.
- YouTubeWe integrate videos from the “YouTube” platform provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
- Google MapsWe integrate maps from the “Google Maps” service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data processed may, in particular, include the IP addresses and location data of users, but this data is not collected without users’ consent (usually carried out in the settings of users’ mobile devices). The data may be processed in the USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
- Use of Facebook social pluginsOn the basis of our legitimate interests (i.e. interest in the analysis, optimisation and cost-effective operation of our website within the meaning of Art. 6(1)(f) GDPR), we use social plugins (“plugins”) provided by the social network facebook.com, which is run by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can represent interactive elements or content (e.g. videos, graphics or text) and can be identified by one of the Facebook logos (white “f” on blue tile, the “Like” term or a “thumbs up” icon) or by the text “Facebook Social Plugin”. The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.If users access a function of this website that contains such a plugin, the user’s device will establish a direct connection to the Facebook servers. The content of the plugin is sent directly to the user’s device by Facebook and then integrated into the website by the device. Usage profiles of users may be created from the processed data during this process. We therefore have no influence over the scope of the data that Facebook collects via this plugin and provide users with information based on our knowledge.Through the integration of the plugins, Facebook receives the information that a user has visited the relevant page on the website. If the user is logged into Facebook, Facebook can link the visit to the user’s Facebook account. If users interact with the plugins, for example clicking the “Like” button or adding a comment, the user’s device sends the relevant information directly to Facebook, where it is then stored. If users are not members of Facebook, it is still possible that Facebook may find out and store the user’s IP address. According to Facebook, only anonymised IP addresses are stored in Germany.Information on the purpose and scope of data collection and the subsequent processing and use of data by Facebook, as well as related rights and configuration options for protecting users’ privacy, can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.If users are members of Facebook and do not want Facebook to collect data about them via this website and link it to their member data stored by Facebook, they will need to log out of Facebook and delete their cookies before visiting our website. Other settings and options for opting out of the use of data for advertising purposes are available in the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform independent, meaning that they are configured for all devices, including desktop computers and mobile devices.
- TwitterFunctions and content from the service Twitter, provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, may be integrated on our website. This may include content such as images, videos or text, as well as buttons that enable users to share content from this website within Twitter.
If users are members of the Twitter platform, Twitter may link access to/use of the above-mentioned content and functions to their Twitter profile.
Privacy policy: https://twitter.com/privacy, opt-out: https://twitter.com/personalization. - InstagramFunctions and content from the service Instagram, provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, may be integrated on our website. This may include content such as images, videos or text, as well as buttons that enable users to share content from this website within Instagram. If users are members of the Instagram platform, Instagram may link access to/use of the above-mentioned content and functions to their Instagram profile. Instagram privacy policy: http://instagram.com/about/legal/privacy/.The legal basis for the processing of data based on the user’s consent is Art. 6(1)(a) GDPR in accordance with the cookie banner and legitimate interests as defined in Art. 6(1)(f) GDPR.
- XingFunctions and content from the service Xing, provided by XING AG, Dammtorstraße 29–32, 20354 Hamburg, Germany, may be integrated on our website. This may include content such as images, videos or text, as well as buttons that enable users to share content from this website within Xing. If users are members of the Xing platform, Xing may link access to/use of the above-mentioned content and functions to their Xing profile. Xing privacy policy: https://www.xing.com/app/share?op=data_protection.
- LinkedInFunctions and content from the service LinkedIn, provided by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, may be integrated on our website. This may include content such as images, videos or text, as well as buttons that enable users to share content from this website within LinkedIn. If users are members of the LinkedIn platform, LinkedIn may link access to/use of the above-mentioned content and functions to their LinkedIn profile. LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy.Privacy policy: https://www.linkedin.com/legal/privacy-policy,Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- How to prevent collected data being linked to youIf you do not want Facebook to link the data collected via our website directly to your Facebook profile, you will need to log out of Facebook before visiting our website. You can also prevent Facebook plugins from loading at all by means of add-ons for your browser, e.g.
- for Mozilla Firefox: addons.mozilla.org/firefox/addon/facebook-blocker/
- for Opera: addons.opera.com/extensions/details/facebook-blocker/
- for Chrome: https://chrome.google.com/webstore/ [search for “Facebook Blocker”]
If you do not want Google or Twitter, for instance, to link the data collected via our website directly to your profile on YouTube (Google) or Twitter, you will need to log out of YouTube (Google) or Twitter before visiting our website. You can also prevent Google/Twitter plugins from loading at all by means of add-ons for your browser, e.g. with the script blocker NoScript (noscript.net).
Section 13: Hyperlinks
Our website includes hyperlinks to websites provided by other parties. When you click on one of these hyperlinks, you are forwarded from our website directly to the website of the other provider. You can tell this has happened by the fact that the URL changes, among other things. We cannot accept any responsibility for the confidential handling of your data on these third-party websites because we have no influence over whether these companies comply with data protection regulations. For information on how these companies handle your personal data, please refer directly to the websites concerned.
Section 14: Rights of data subjects
As an individual affected by the processing of personal data, you have the following rights under the GDPR:
- In accordance with Art. 15 GDPR, you may obtain information about your personal data that is being processed by us. In particular, you may obtain information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the envisaged storage duration, the existence of a right to rectification, erasure and the restriction of processing and the right to object, the existence of the right to lodge a complaint, the source of your data if we did not collect it ourselves, any transmission to third countries or international organisations, and the existence of automated decision-making, including profiling, and meaningful information about the details thereof where applicable.
- In accordance with Art. 16 GDPR, you may obtain the rectification of inaccurate personal data concerning you that is stored by us or the completion of such data without undue delay.
- In accordance with Art. 17 GDPR, you may obtain the erasure of personal data concerning you that is stored by us provided that the processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
- In accordance with Art. 18 GDPR, you may obtain the restriction of the processing of your personal data where you contest the accuracy of the data, where the processing is unlawful, or where we no longer require the data but you oppose the erasure of the data because you need it to establish, exercise or defend legal claims. You are also entitled to the right specified in Art. 18 GDPR if you have objected to the processing in accordance with Art. 21 GDPR.
- In accordance with Art. 20 GDPR, you may receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or have this data transmitted to another controller.
- In accordance with Art. 7(3) GDPR, you may withdraw the consent that you have given to us at any time. If you do this, we will not be able to continue the data processing based on this consent in the future.
- In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. To do this, you can usually contact the supervisory authority for your habitual residence or place of work or the supervisory authority for our registered office. In Austria, the supervisory authority is the Austrian Data Protection Authority: Datenschutzbehörde, Wickenburggasse 8, 1080 Vienna, Austria, tel.: +43 1 52 152-0, email: dsb [at] dsb.gv.at, website: dsb.gv.at.
Section 15: Right to object
In the case of the processing of your personal data for the purposes of legitimate interests in accordance with Art. 6(1)(1)(f) GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your personal data if there are grounds to do so in relation to your particular situation or if the objection is to direct marketing. In the case of direct marketing, you have a general right to object that we will implement without a particular situation being specified.
Section 16: Data security and security measures
We are committed to protecting your privacy and treating your personal data as confidential. To prevent any manipulation, loss or misuse of your personal data that we store, we implement extensive technical and organisational security measures that are reviewed on a regular basis and adapted in accordance with technological developments. These measures include the use of recognised encryption methods (TLS). However, due to the structure of the internet, the data protection regulations and the security measures specified above may not be observed by other persons or institutions outside of our area of responsibility. In particular, data disclosed in unencrypted form (data sent via email) may be read by third parties. We do not have any influence over this from a technical perspective. It is the responsibility of the users to protect the data that they provide against misuse by means of encryption or by other means.
Data protection information for …
Students
Prospective Students
If you have expressed an interest in receiving information about the programmes we offer, we will send it to you via the specified contact channels or will contact you. In order to do this, we legally require your consent. We may ask you for confirmation in the case of consent declared online.
You may revoke your previously granted consent at any time and may also object to the processing of your data. Otherwise, your details will be deleted within a period of one and a half years after the last instance of contact, unless we have a legitimate reason to keep them for longer (for example, if we are requested to provide proof of consent given previously).
Furthermore, we ask that you pay attention to the following notes on the specific services used and point out that you may also contact us via conventional means, e.g. e-mail or telephone.
- Communication via WhatsAppWe use the messaging service WhatsApp. WhatsApp (WhatsApp Inc. WhatsApp Legal 1601 Willow Road Menlo Park, California 94025, USA) is a US-based service, which means that the data you send via WhatsApp will first be transferred to WhatsApp in the United States before it is forwarded to us. However, WhatsApp ensures that the communication content (i.e. the content of your message and attached images) are encrypted end-to-end. This means that the content of the messages is not visible, not even to WhatsApp itself. However, users must be using a recent version of WhatsApp to ensure message content encryption is active. However, please be aware that, while WhatsApp cannot see the content, it is able to see which users communicate with us and when. Furthermore, information gathered by WhatsApp may also be used within the Facebook group of companies for advertising purposes, provided that you have not successfully objected to this.We use WhatsApp on the basis of the consent of the contacted users, in line with Article 6, Paragraph 1, Point a, and Article 7 of GDPR. Otherwise, if we do not ask for consent, we use WhatsApp on the basis of our legitimate interests in fast and efficient communication, in line with Article 6, Paragraph 1, Point f of GDPR.Further information on the purpose, nature and scope of data collection and the subsequent processing and use of data by WhatsApp, as well as the related rights and configuration options for protecting users’ privacy, can be found in WhatsApp’s privacy policy: https://www.whatsapp.com/legal/.You can object to communication with us via WhatsApp at any time. In the case of subscription to messages (also known as ‘broadcasts’) via WhatsApp, you may delete our corresponding telephone number from your contacts list and request that we remove you from our directory. In the case of ongoing individual inquiries or communications, you may also ask us not to continue communication via WhatsApp.In the case of communication via WhatsApp, we will delete the WhatsApp messages as soon as we can assume that we have answered any information requests from users; if we do not expect to need to refer to a previous conversation and if the deletion does not conflict with any statutory storage requirements.Finally, we would like to point out that, for reasons of your own security, we reserve the right not to respond to inquiries via WhatsApp. This is the case if, for example, contract contents require particular confidentiality or if a response via the messenger app does not meet formal requirements. In such cases we will refer you to more adequate communication channels.
- Facebook pixel, Custom Audiences and Facebook conversionWe use the so-called ‘Facebook pixel’ function of the social network Facebook, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Facebook).Through the Facebook pixel feature, Facebook is able to define the visitors to our online content as a target group for displaying advertisements (so-called ‘Facebook ads’). Accordingly, we use Facebook pixel to ensure that our Facebook ads are only displayed to those Facebook users who have shown an interest in our online content or who have certain characteristics (e.g. interests in certain topics or products, which are determined by which websites they have visited) which we have shared with Facebook. These are known as ‘Custom Audiences’. By using Facebook pixel, we also want to ensure that our Facebook ads are in line with users’ potential interests and are not annoying. Facebook pixel helps us to gain a better understanding of the effectiveness of our Facebook ads for statistical and market research purposes, in that we are able to see whether users have been redirected to our website after clicking on a Facebook ad (known as Facebook conversion).The processing of data by Facebook is carried out in line with Facebook’s data usage policy. You can find the relevant notes on the display of Facebook ads in Facebook’s data usage policy: https://www.facebook.com/policy. Specific information and details about the Facebook pixel feature and how it works can be found in the Help section of Facebook: https://www.facebook.com/business/help/651294705016616.We use Facebook pixel on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and cost-effective operation of our range of services within the meaning of Article 6, Paragraph 1, Point f of GDPR). In the event that we ask for your consent, the legal basis for this is Article 6, Paragraph 1, Point a and Article 7 of GDPR.You may object to the gathering and use of your data via Facebook pixel for the display of Facebook ads. To define what type of advertisements you see within Facebook, you can go to the settings page on Facebook and follow the instructions for the usage-based advertising settings: https://www.facebook.com/settings?tab=ads. The settings are platform independent, meaning that they are configured for all devices, including desktop computers and mobile devices.You can also object to the use of Cookies for the purposes of advertising and measuring reach via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and also the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
- Administration and transmissionWe use the following service providers for the storage and administration of information entered online by prospective students, in line with the legal requirements for contractual agreements and guarantees of security for the processing of your data:– Kartra, Genesis Digital LLC 7660 Fay Ave #H184, La Jolla, CA 92037, USA, guarantee: EU Model Clauses, Privacy Policy: https://app.kartra.com/redirect_to/?asset=page&id=4tBIE0FV8JYf
International Students
Students pursuing teacher training programmes
Privacy policy of the Development Network for the South-East – Recognition of examinations and of curricula modelling (PDF, only available in German)
Privacy policy of the Development Network for the South-East – Special admission procedure for the teacher education programme in movement and sports (PDF, only available in German)
Privacy policy of the Development Network for the South-East – standardised special admission procedure (PDF, only available in German)
Privacy Policy for University Admission
The University of Klagenfurt treats your personal data with the greatest care and attention. Personal data is processed in strict compliance with the principles and requirements laid down in the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act.
As amendments to the law or changes to our internal organisational processes may necessitate an adjustment of this privacy policy, we ask you to review the privacy policy on a regular basis.
Responsible for data processing
The Rectorate of the University of Klagenfurt, Admissions and Examinations Office, Universitätsstraße 65-67, 9020 Klagenfurt am Wörthersee, e-mail: studienabteilung [at] aau [dot] at, phone +4346327009111
Data protection officer
You can reach the university’s data protection officer at dsb [at] aau [dot] at.
Purpose of data processing and data categories
- Preliminary online data collection required for first-time admission to a degree programme at the University of Klagenfurt.
- Personal data (name, academic degrees, national insurance number or alternative identification number, date of birth, citizenship, photo, matriculation number if applicable)
- Correspondence data/delivery address (street, house number, postcode, country, telephone number, e-mail address, optional: Skype address)
- Home address (street, house number, postcode, country)
- Programme data (type of programme, start of programme, type of admission)
- Data on the general university entrance qualification [German abbrev. AUR] (AUR form, AUR date, AUR issuing state)
- UHStat1 data (origin and educational history of parents)
In addition to the data categories listed under 1, the following data processing operations involve the processing of further data categories, depending on requirements or on the degree programme in question.
- Degree programmes with admission procedure
- Letter of motivation, motivation video, curriculum vitae, passport
- Data pertaining to certificates (in particular Bachelor’s certificate, Transcript of Records)
- Documentary evidence (proof of language proficiency or language certificate)
- Transaction data (date of payment of any contribution to costs)
- Bachelor’s degree programmes involving a foreign school-leaving certificate
- Data pertaining to certificates (school-leaving certificate, Transcript of Records)
- Documentary evidence (if applicable, proof of language proficiency or language certificate)
- Examination data (supplementary examinations)
- Master’s degree programmes completed at institutions other than the University of Klagenfurt
- Data pertaining to certificates (Bachelor’s certificate, Transcript of Records, Diploma Supplement)
- Documentary evidence (if applicable, proof of language proficiency or language certificate)
- Examination data (supplementary examinations)
- Doctoral degree programmes
- Data pertaining to certificates (Bachelor’s certificate, Master’s certificate, Transcript of Records, Diploma Supplement)
- Supervision data (preliminary supervision agreement)
- Examination data (supplementary examinations /additional conditions)
- Extension programmes acc. to Section 54a of the Universities Act (UG)
- Data pertaining to certificates (Bachelor’s certificate, Master’s certificate, Transcript of Records)
- Documentary evidence (if applicable, proof of language proficiency or language certificate)
- University entrance qualification examination
- Data pertaining to certificates (certificates, previous education)
- passport, curriculum vitae
Legal basis
Legal obligation pursuant to Article 6 Paragraph 1 lit c or lit e DSGVO in conjunction with
- § 3, 60, 63 – 65a, 70, 71b, 71c UG
- § 9 – 13 BildokG
- 14 UHSBV
Regulations on admission and curricula for degree programmes acc. to §§ 63a Paragraph 8, 65a, resp. 71b UG
Transmission of data
In accordance with § 14 UHSBV, following enrolment, data relating to prospective and current students is transmitted to the University Data Network (Datenverbund der Universitäten und Hochschulen), to the Federal Minister and, following notification of continuation, to the Austrian federal statistics agency (Statistik Österreich).
Storage period
Personal data is retained for as long as is necessary to fulfil the aforementioned purposes and, in addition, for the duration of legal retention periods and during the period in which legal claims can be asserted.
Rights of data subjects
You are entitled to information in order to check whether and which personal data we have stored about you; a right to rectification of any of your personal data that is inaccurate; a right to erasure of your personal data which is not (any longer) processed in compliance with the law and, in this context, a right to the restriction of processing. You also have a right to data portability. If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated, you can lodge a complaint with the Austrian Data Protection Authority at https://www.dsb.gv.at/kontakt.
Employees & Applicants
Applicants
The University of Klagenfurt treats your personal data with the greatest care and attention. Personal data is processed in strict compliance with the principles and requirements laid down in the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act.
As amendments to the law or changes to our internal organisational processes may necessitate an adjustment of this privacy policy, we ask you to review the privacy policy on a regular basis: www.aau.at/en/privacy-policy/
- Purpose of data processing
We only process your details for the purpose and within the scope of the application procedure in accordance with the legal requirements.
- Data categories
In order to participate in the application procedure, applicants must provide us with the relevant application details. The required data are marked as such, where we provide an online form, or otherwise result from the job advertisement. In essence, these include personal details such as name, addresses, date of birth, contact details, academic degrees/titles, curriculum vitae, as well as details of qualifications and school and university degrees, e.g. education, professional experience, publication lists, language skills. Applicants may also voluntarily provide us with additional information (e.g. information regarding their disability).
- Legal basis
By submitting their applications to us, applicants agree to the processing of their data for the purposes of the application procedure in accordance with the type and scope set out in this privacy policy (Article 6(1)(a), respectively Article 9(2)(a) GDPR).
Insofar as special categories of personal data within the meaning of Article 9(1) GDPR are voluntarily communicated as part of the application procedure, they are also processed in accordance with Article 9(2)(b) GDPR (e.g. health data, such as information regarding disability, or religious beliefs).
Application data are processed in accordance with Article 6(1)(f) or Article 9(2)(f) GDPR, if the processing of data becomes necessary for us, e.g. in the context of legal disputes. - Transmission of data
Applications must be submitted using an online form on our website (jobs.aau.at/en).
Applications for a professorship at the University of Klagenfurt must be submitted by e-mail. However, please note that the university cannot accept any responsibility for the transmission of the application until the point when it reaches our server. - Recipients
We keep your data confidential. Your data will only be stored and processed as part of the application procedure. The only parties with access to any data collected and processed will be the department or office to which you submitted your application and the university organisational unit responsible for the application procedure (Recruiting, University or Faculty Management, Office of the Senate, etc. ), as well as those involved in the selection process, including representative bodies (Working Group for Equal Opportunities and competent works council).
In the course of the selection procedure for a professorship or for a postdoctoral position with a tenure-track option, data is also transmitted to the (selection) commissions established and to expert reviewers. - Storage period
In the event of a successful application, the data provided by applicants will be further processed by us for employment purposes. If the application for a vacancy is not successful, the applicants’ data will be deleted after a period of seven months, subject to a justified revocation by the applicants. Applicants’ data will be deleted in any case if an application is withdrawn, which applicants are entitled to do at any time.
Any invoices relating to the reimbursement of travel expenses are archived in accordance with tax regulations. - Rights of data subjects
As a matter of principle, you are entitled to the rights of information, rectification, erasure, restriction of data transferability, and objection. If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated, you can lodge a complaint with our data protection officer by writing to the e-mail address dsb [at] aau [dot] at or contact the Austrian Data Protection Authority at www.dsb.gv.at/kontakt. - Responsible for data processing
The Rectorate of the University of Klagenfurt is responsible for data processing, 9020 Klagenfurt a.W., Universitätsstraße 65-67; rektorat [at] aau [dot] at.
You can contact our data protection officer at dsb [at] aau [dot] at
Staff privacy policy
Privacy policy for staff (in German, Beschäftigten-Portal)
Other data protection information
Video surveillance
Video surveillance
Data protection information for video surveillance
The University of Klagenfurt handles your personal data with due care and attention. Your personal data is processed in strict compliance with the principles and requirements of the GDPR and the Austrian Data Protection Act (DSG).
Since changes to legislation or our internal processes may require amendments to this privacy policy, please read through this document on a regular basis. The privacy policy can be accessed, saved and printed out at any time using the following link: www.aau.at/en/privacy-policy/.
Data subjects
- People who enter the area covered by video surveillance
- People recorded by the video surveillance system, who may be identified where necessary
Purpose of data processing
The University of Klagenfurt uses video surveillance systems solely for the purpose of protecting the university’s property against damage or theft. Video surveillance is intended primarily as a deterrent, but can also been used to provide evidence in the event of actions that may lead to prosecution under criminal or civil law.
The use of video surveillance footage for the purpose of monitoring employees is strictly prohibited.
Video surveillance is used for entrance areas and corridors as well as for those spaces that are subject to an increased risk potential (e.g., PC rooms, library reading rooms).
Data categories
- Images of the data subjects
- Location and time of recordings
- Identity of the data subjects, where recognisable, if footage is analysed
- Role of the data subjects, e.g. perpetrator, victim or witness
Legal basis
The university has a legitimate interest in protecting the areas covered by video surveillance, in order to prevent and reduce criminal behaviour, as well as to establish the facts of any criminal actions.
The following employer/works council agreement also applies for employees: agreement on use of internet, email, telephone, video surveillance and electronic access system.
Data recipients
For the purpose of internal inspections based on the employer/works council agreement:
- Works councils
- Data protection officer
For the purpose of law enforcement or securing evidence in criminal matters:
- Authorities and/or the courts (for securing evidence in criminal matters)
- Security authorities (for security monitoring purposes)
- Courts (for securing evidence in civil matters)
- Insurance (exclusively for the resolution of insurance cases)
- Lawyers (for the purpose of law enforcement)
The data will not be passed on to any recipients who may use this data for their own purposes.
Data storage duration
- The video surveillance footage is stored in a secure location to prevent unauthorised access (Section 16). After 72 hours, the footage is automatically deleted.
- If there are grounds to suspect the footage contains potential evidence, the storage period set out in Point 1 may be temporarily extended. The footage must be analysed at the earliest opportunity and in line with the provisions of Section 16.
- If the footage is analysed because there are grounds to suspect it contains potential evidence, the data will be stored until the necessary evidence has been secured or any legal proceedings are closed.
Rights of data subjects as defined in Article. 12 et seq. of the GDPR
Fundamentally, you have a right of access, the right to rectification, erasure, restriction of processing and data portability, and the right to object.
Since the processing is based on the legitimate interests of the University of Klagenfurt, you can raise a justified objection; however the objection has no influence on the lawfulness of the processing of your data up to the point of the objection. Although you have the right to object to the processing of your data, it should be assumed that, when considering the balance of interests following an objection, the interests of the data processor in protecting its property (see purpose above) would override the interests of the data subject whose data is being collected, especially given the encryption of the data and the fact that the footage is only analysed where necessary. You should contact the office responsible for data processing in writing if you have any questions concerning your rights.
If you believe that the processing of your data infringes data protection law or that your data protection rights have been violated in any other way, then you can submit a complaint to the data protection officer at University of Klagenfurt dsb [at] aau [dot] at or the Austrian Data Protection Authority.
Persons responsible for data protection
Rectorate of the University of Klagenfurt, 9020 Klagenfurt a.W., Universitätsstraße 65-67, Austria; Data protection officer: dsb [at] aau [dot] at
University Library
Data protection information with regard to the use of the University Library
The library at the University of Klagenfurt handles your personal data with due care and attention. Personal data are processed in strict compliance with the principles and requirements of the GDPR and the Austrian Data Protection Act (DSG).
Since changes to legislation or to our internal processes may require amendments to this privacy policy, please read through this document on a regular basis.
Data subjects
Members of the University of Klagenfurt and registered external users as well as other visitors of the University Library Klagenfurt.
Purpose of data processing
- In the context of University Library operations, we process personal data for the purpose of user management and administration in the context of lending (in the Alma library system): Orders and reservations, provisioning, borrowing, returns, interlibrary loans, fees and invoices, automatically generated notifications to users.
- Furthermore, when using Leganto (called “BeriLo” at the University of Klagenfurt), an extension of the library system Alma, if integrated in a Moodle course, data on the course attended will be processed.
- In addition, we process personal data for monitoring purposes in the event of problems in connection with the 24-hour library (see also Privacy policy for access systems).
- Data are also used in order to provide other library services such as courses, events, the reservation and use of the University Library’s group study rooms, communication and the provision of information as well as for acquisition suggestions.
The use of the library services, in particular the lending service, is not possible without processing your data.
Data categories
- For the purpose of user management and administration in the context of lending, we process the following data, which are imported from the Campus system:
- Students at AAU:
Name, gender, date of birth, address (private residential addresses), private telephone numbers (if available), e-mail addresses (AAU address and private e-mail address), user status, borrowing data (bibliographic data, date of issue and return, etc.), data on fines for overdue returns, correspondence, user IDs (user name and matriculation number) and ID of the AAU card. - Staff at AAU:
Name, gender, date of birth, address (private residential addresses), affiliation to a department or institute, office phone number, e-mail addresses (AAU address and private e-mail address, if available), user status, borrowing data (bibliographic data, date of issue and return, etc.), data on fines for overdue returns, correspondence, user IDs (user name and employee number) and ID of the AAU card. - External users:
Name, gender, date of birth, address, phone number, e-mail address, user status, borrowing data (bibliographic data, date of issue and return, etc.), data on fines for overdue returns, correspondence, user IDs (user name) and ID of the AAU card, as well as the declaration of consent of the person with parental authority in the case of minors.
- When integrating BeriLo into Moodle, the course title, number and role (teacher, participant, etc.) are transferred from Moodle to Alma and processed along with the profile data (user name, surname, first name, e-mail address). For the purpose of the upload/download function in BeriLo, the uploaded documents as well as the access information (IP address of the requesting computer, detailed information of the accessing browser as well as the operating system) are stored.
- For monitoring purposes in the event of problems in connection with the 24-hour library, we process the following data:
Name, matriculation number (if available), date, time - In relation to the provision of other library services such as courses, events, the reservation and use of the University Library’s group study rooms, we process the following data: Name, address, e-mail address, phone number, user name, course details (date, time, venue, etc.) and correspondence. Library courses administered via Moodle are subject to the relevant Privacy notice for Moodle.
Legal basis
The processing of the above data is subject to the following legal bases:
- The processing of personal data for the purpose of user administration and lending (library system) is carried out vis-à-vis students within the framework of the legal obligation of the university according to Art. 3 Universities Act; vis-à-vis employees and registered external users it is based on the fulfilment of a contract according to Art. 6 Para. 1 lit b GDPR.
- The BeriLo service and the associated data processing are based on the university’s legitimate interest in providing the best possible service to its teaching staff and students in accordance with Art. 6 Para. 1 lit. f GDPR.
- In the context of monitoring purposes in the event of problems in connection with the 24-hour library, the legitimate interests of the university pursuant to Article 6 (1) (f) GDPR constitute the basis for the processing of personal data.
- In relation to the provision of other library services such as courses, events, the reservation and use of the University Library’s group study rooms, we base the use of personal data on the legal basis of consent by means of registration according to Art. 6 Para. 1 lit. a GDPR.
Data transmission
If it is necessary to pursue a financial claim, the personal data of the user concerned will be transmitted to the Procurator Fiscal, to legal representatives and courts or, within the university, to the Bursar’s Office.
Information on processing operations (information on storage location)
The University of Klagenfurt uses the company Ex Libris (Deutschland) GmbH as a processor for the library system Alma and the extension Leganto. The data processed there is stored in the provider’s data centre in the Netherlands and Germany.
For the purpose of using the upload function in the Leganto extension (BeriLo), the files are stored directly in the Amazon Web Service (AWS) cloud in Germany. For detailed information on the processing, as well as the storage period of the data in the AWS cloud, please read the associated privacy policy.
The OBVSG, the Österreichische Bibliothekenverbund und Service GmbH (Austrian Library Network and Service GmbH), acts as a processor for the University in relation to the catalogue, the Discovery System Primo. The data are stored on OBVSG servers in Austria. All processors and their subcontractors are obliged to comply with the GDPR.
Data storage duration
The data in the library system are stored for a period lasting up to 12 months after the expiry of the validity of the library card, after all borrowed information carriers have been returned and all outstanding fees have been paid.
Data related to the reservation and use of the group study rooms at the University Library are stored for a period of one week after the end of the time of use.
For the purposes of other library services, your data will be stored for a period equal to the duration of the provision of the service in question. In addition, your data will be stored if this is necessary to enforce legal claims or to comply with legal obligations.
Rights of data subjects as defined in Article 12 et seq. of the GDPR
You have a right of access to check whether and which of your personal data we have stored; a right to rectification of any of your personal data that is inaccurate; a right to erasure of your personal data that are not (or no longer) processed in accordance with the law and, in this context, a right to demand the restriction of processing. You also have a right to data portability. To the extent that we base any processing of your personal data on legitimate overriding interests, you have a right to object.
If you believe that the processing of your data infringes data protection law or that your data protection rights have been violated in any other way, you can submit a complaint to the Austrian Data Protection Authority.
Contact
- Persons responsible for data protection: Rectorate of the University of Klagenfurt, 9020 Klagenfurt a.W., Universitätsstrasse 65-67, Austria
- Data protection officer:dsb [at] aau [dot] at
University Sports Institute (USI)
Moodle
Moodle: Privacy notice (in German)
Access systems
The University of Klagenfurt handles your personal data with due care and attention. Your personal data is processed in strict compliance with the principles and requirements of the GDPR and the Austrian Data Protection Act (DSG).
Since changes to legislation or our internal processes may require amendments to this privacy policy, please read through this document on a regular basis.
Data subjects
Staff of the University of Klagenfurt, students and, in exceptional cases, external parties (extra approval required)
Purpose of data processing
The electronic access system is designed for the following purposes:
- To gain access to the university buildings at any time outside of the opening hours (as defined in the university rules) or when the external entrances have been locked by specific request.
- To gain access to the university library outside of the opening hours (as defined in the library rules).
- To manage access authorisations for lecture halls and classrooms using employees’ cards.
The use of data from the electronic access system for the purpose of monitoring employees is strictly prohibited.
Data categories
- Location (door number and description) and time the opening mechanism was activated or activation failed (if related to individuals)
- Transponder number/card number and validity period
- User data (staff number, name, organisational unit)
- Reason (i.e. authorisations governing access permission/refusal)
Legal basis
The university has a legitimate interest in protecting restricted access areas, in order to prevent and reduce criminal behaviour, as well as to establish the facts of any criminal actions.
The following employer/works council agreement also applies for employees: agreement on use of internet, email, telephone, video surveillance and electronic access system
Data recipients
For the purpose of internal inspections based on the employer/works council agreement:
- Works councils
- Data protection officer
For the purpose of law enforcement or securing evidence in criminal matters:
- Authorities and/or the courts (for securing evidence in criminal matters)
- Security authorities (for security monitoring purposes)
- Courts (for securing evidence in civil matters)
- Insurance (exclusively for the resolution of insurance cases)
- Lawyers (for the purpose of law enforcement)
The data will not be passed on to any recipients who may use this data for their own purposes.
Data storage duration
- When the maximum storage capacity is reached, the oldest data collected and stored locally on the electronic door cylinders for the access system is overwritten by the new data.
- Data stored on the server is deleted after 3 months.
- If there are grounds to suspect the data sets contain potential evidence, the storage period set out in points 1 and 2 may be temporarily extended. The data must be analysed at the earliest possible opportunity.
- If the footage is analysed because there are grounds to suspect it contains potential evidence, the data will be stored until the necessary evidence has been secured or any legal proceedings are closed.
- The access log files are stored for one year.
Rights of data subjects as defined in Article. 12 et seq. of the GDPR
Fundamentally, you have a right of access, the right to rectification, erasure and restriction of processing, and the right to object. There is no right to data portability.
Since the processing is based on the legitimate interests of the University of Klagenfurt, you can raise a justified objection; however the objection has no influence on the lawfulness of the processing of your data up to the point of the objection. Although you have the right to object to the processing of your data, it should be assumed that, when considering the balance of interests following an objection, the interests of the data processor in protecting its property (see purpose above) would override the interests of the data subject whose data is being collected, especially given the technical and organisational measures in place to protect the data and the fact that the data is only analysed where necessary. You should contact the office responsible for data processing in writing if you have any questions concerning your rights.
If you believe that the processing of your data infringes data protection law or that your data protection rights have been violated in any other way, then you can submit a complaint to the data protection officer at the University of Klagenfurt dsb [at] aau [dot] at or the Austrian Data Protection Authority.
Persons responsible for data protection
Rectorate of the University of Klagenfurt, 9020 Klagenfurt a.W., Universitätsstraße 65-67, Austria; Data protection officer: dsb [at] aau [dot] at
Additional information on data protection for training sessions, meetings and courses conducted online
The University of Klagenfurt offers training sessions via platforms hosted by the University. All participants of any online training sessions, meetings or courses conducted using these tools should be informed of the data processing that is undertaken based on technical processing, which goes beyond the usual extent of data processing for an attended event.
Purpose of processing
The technical implementation of any online training, meeting or course via platforms such as BigBlueButton (BBB, also known as AAU Classroom) or Skype4Business (S4B) requires personal data to be processed. For organisational and system-technical reasons, this processing is a mandatory requirement for participation, as it is otherwise impossible to conduct the training session online.
Legal framework and data transfer
- Processing within the context of an online course: fulfilment of the University’s legal obligation with regard to teaching (Universities Act (UG))
- Online meeting within the context of activities at the University of Klagenfurt: fulfilment of a contract (e.g. contract of employment, co-operation agreement for research projects, etc.)
- Online training for the fulfilment of your continuing education obligation as part of your activities at the University of Klagenfurt (Art. 6 para 1 lit b GDPR fulfilment of employment contract)
The aforementioned platforms are hosted at the University of Klagenfurt and stored on local servers in compliance with the general security regulations of the University of Klagenfurt. No data is transferred to third parties.
Data categories and storage period
In the case of an online event, IP addresses, date and time of login (accessing and exiting the virtual space) are processed. This data is processed in log files and automatically overwritten at regular intervals.
In the case of records kept by the moderator, any documents uploaded to the platform (such as PowerPoint slides), as well as audio and video files, if the microphone or camera were enabled, and anything written in chat and notes pages, are also processed.
Visibility of participants
Depending on which system is used, the rules regarding the visibility of names may differ:
- When using Classroom within the Moodle platform, first names and surnames are processed and visible for all participants. This also applies when using Skype4Business
- When using Classroom outside the Moodle platform and when using Skype4Business via the web browser as a guest, participants have the option of assigning themselves a nickname when logging in. This means that a participant cannot identify who the other participants are. The participant informs the moderator of their nickname, and the moderator alone can then identify the participant.
- When attending a meeting using Skype4Business by telephone, the participant’s telephone number is displayed.
Rights of persons affected
As a general principle, you have a right to information, the right to rectification, erasure, restriction of processing and data portability, and the right to object. If you believe that the processing of your data contravenes data protection law or that your data protection rights have been otherwise breached, you can lodge a complaint with the Data Protection Officer at the University of Klagenfurt (dsb [at] aau [dot] at) or with the Austrian data protection authorities (www.dsb.gv.at/kontakt).
Contact details
Data processing is the responsibility of the Rectorate at the University of Klagenfurt, 9020 Klagenfurt a.W., Universitätsstraße 65-67; rektorat [at] aau [dot] at. You can contact our Data Protection Officer by sending an e-mail to: dsb [at] aau [dot] at
Privacy policy for the use of car parking facilities at the University of Klagenfurt
The University of Klagenfurt handles your personal data with due care and attention. Your personal data is processed in strict compliance with the principles and requirements of the GDPR and the Austrian Data Protection Act (DSG).
Since changes to legislation or our internal processes may require amendments to this privacy policy, please read through this document on a regular basis. The privacy policy can be accessed, saved and printed out at any time using the following link: www.aau.at/en/privacy-policy.
- Data subjects
This privacy policy is addressed to all persons who apply for or have been issued with a parking permit and also to persons believed to have committed a violation of the applicable parking regulations.
- Purposes of data processing
We process your data only for the purpose of organising the use of the car parking facilities and for pursuing violations of the applicable parking regulations (e.g. unauthorised use, parking outside designated areas). - Data categories
In the case of those applying for a long-term parking permit for use of the parking facilities via the form on the website www.aau.at/wp-content/uploads/2015/11/DauerparkkarteErmaechtigung_zur_Einbehaltung.pdf, we process the following personal data:- First name, surname
- University department, if applicable
- Place and date of applying for the long-term parking permit
- Applicant’s signature
- Parking permit number
In case of a violation of the applicable parking regulations, the following data will be processed:
- Name of the vehicle owner
- Address of the vehicle owner
- Vehicle registration number
- Date, time and place of the parking violation
- Type of parking violation
- Number of reminders issued in accordance with the parking regulations
- Any reminder fee
- Court papers relating to any injunction suit
- Legal basis
The application for a long-term parking permit for use of the parking facilities around the University of Klagenfurt via the form on the website constitutes the authorisation to process personal data pursuant to Art. 7 GDPR. The legitimate interest of the University of Klagenfurt in pursuing violations of the applicable parking regulations provides the basis for processing personal data pursuant to Art. 6 (1) (f) GDPR. The parking regulations of the University of Klagenfurt are furthermore applicable. - Recipients
In case of a parking violation, a request will be sent to the relevant police department or district authority, based on the vehicle registration number. The name and address of the vehicle owner, the registration number and the date, time and place of the parking violation will then be passed on to the lawyer appointed by the University in order to send a cease and desist declaration. The data will not be shared with any other third parties. - Storage duration
We store your data for two years from the time of recording for use by the University’s parking administration, and thereafter for as long as necessary according to statutory retention requirements, as long as legal claims arising from use of the parking facilities can be asserted against the University or as long as the University has a legitimate interest in maintaining such documentation. A list of examples can be found here: www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-speicher-und-aufbewahrungsfristen.html.
Data for processing of reminders is stored for a period of two years. - Rights of the data subject
Fundamentally, you have a right of access, the right to rectification, erasure, restriction of processing and data portability, and the right to object. If you believe that the processing of your data contravenes data protection law or that your data protection rights have been otherwise breached, you can lodge a complaint with our Data Protection Officer via e-mail sent to dsb [at] aau [dot] at or with the Austrian data protection authorities (www.dsb.gv.at/kontakt). - Persons responsible for data protection
Data processing is the responsibility of the Rectorate at the University of Klagenfurt, 9020 Klagenfurt a.W., Universitätsstraße 65-67; rektorat [at] aau [dot] at. You can contact our Data Protection Officers by sending an e-mail to: dsb [at] aau [dot] at.