Responsible Body and Scope
Data Protection Supervisor and Contact Persons
What are personal data
General Remarks on Data Processing
Different Processing Operations
Security measures for protecting stored data
Hyperlinks to Third-Party Websites
Your Rights as a Data Subject
Thank you for visiting our website https://medicalhumanities.univie.ac.at, which is a subdomain of univie.ac.at. Thus, also the data protection declaration of the University of Vienna is applicable to this site. The protection and security of your data when browsing our website are of utmost importance to us. For this reason, we would like to take the opportunity to inform you which of your personal data are recorded when visiting our websites and for which purposes these data are used. Since legislative changes or changes to our internal processes can necessitate adaptions to this data protection declaration, we kindly ask you to consult it regularly.
§1 Responsible Body & Scope
The responsible body for the purpose of the General Data Protection Regulation (GDPR) and other national Data Protection Acts of member states as well as other statutory provisions regarding data protection laws is:
University of Vienna
The contact person for this subdomain is:
Univ.-Prof. Dr. Monika Pietrzak-Franger
University of Vienna
Spitalgasse 2, Hof 8.3
1090 Vienna, Austria
§2 Data Protection Supervisor and Contact Persons
External data protection supervisors authorised by the responsible body are:
Lawyer Dr. Daniel Stanonik and KINAST Rechtsanwaltsgesellschaft mbH, represented by lawyer Dr. Karsten Kinast, in reciprocal substitution. In case rights of data subjects according to § 11 of this data protection declaration (e.g. right to information, right to erasure, etc.) are asserted, corresponding applications or requests must be sent to firstname.lastname@example.org or via mail to:
University of Vienna
attn. Data Protection Supervisor of the University of Vienna
§3 What are Personal Data?
Personal data are particulars concerning personal or material characteristics of an identified or identifiable person (data subject). These include, for instance, information like your name, your address, your telephone number, your date of birth, and your e-mail address. Information that cannot be linked to you personally (or only under disproportionate effort), such as anonymised information, do not count as personal data.
§4 General Remarks on Data Processing
As a basic principle, we only collect and use personal data of our users to the extent that is necessary for providing operational websites as well as our content and services. We use your personal data to provide information, products, and desired services offered by us, to answer your questions and operate and improve this website.
We will only collect and use personal data of our users on the grounds of appropriate legal basis in compliance with the GDPR, e.g. with the user’s consent. Further details regarding specific given declarations of consent can be found under § 5 of this data protection declaration under the respective processing operation.
There will be no other form of utilisation of your personal data. Your personal data will not be transferred to third parties and your data will not be utilised for promotional purposes without your consent, other than in the cases specified below, unless we are required to disclose any data pursuant to applicable law.
b) Legal Basis
Provided that we obtain a data subject’s consent for processing operations of personal data, Article 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) forms the legal basis for the processing of personal data. When processing personal data serves the performance of a contract whose contracting party is the data subject, Article 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to
processing operations that are necessary for implementing pre-contractual measures. As far as the processing of personal data serves the performance of a legal obligation to which the University of Vienna is subject, Article 6 para. 1 lit. c GDPR serves as the legal basis. In case an interest that is essential for the life of the data subject or that of another natural person necessitates the processing of personal data, Article 6 para. 1 lit. d GDPR serves as the legal basis. Where the processing is necessary to safeguard a legitimate interest of the University of Vienna or a third party, and where the interests, basic rights, and fundamental freedoms of the data subject do not outweigh the former interest, Article 6 para. 1 lit. f GDPR serves as legal basis for processing.
c) Data Erasure and Storage Period
Personal data of the data subject will be erased or blocked as soon as the purpose of storing ceases to exist. Furthermore, data may also be recorded if specified by the European or national legislative authority in Union law regulations, laws, or other rules to which the responsible body is subject. Data will also be subject to blocking or erasure when the storage period stipulated by one of the norms listed above expires, unless a necessity exists to further store those data for the purpose of the conclusion or execution of a contract
§5 Different Processing Operations
In general, you do not need to provide personal data in order to use our website. However, we may need your personal data to provide some services.
a) Contact form
To process data, your consent is obtained in the course of the sending process and our data protection declaration will be brought to your attention. Alternatively, you can contact us via the provided e-mail address. In this case, the user’s personal data transmitted with the e-mail will be recorded. No data will be disclosed to third parties in this context. The relevant data will only be used for processing the conversation.
Legal basis for the processing of data where the user’s consent has been obtained is Article 6 para. 1 lit. a GDPR. Users grant the following declaration of consent:
I consent that the contact person listed above, as employee of the University of Vienna collects, records, and processes my personal data that I entered into the contact form above for the purpose of sending a message or information. My data will be erased as soon as the purpose of processing is fulfilled and provided that this is not opposed by any other legal retention period. I hereby declare that this consent is given voluntarily. I have been informed that I can withdraw my consent with future effect at any time without adverse consequences. I can address my withdrawal of consent to email@example.com. In the case of my withdrawal, my data will be erased by the University of Vienna and possible data processors.
Legal basis for the processing of data that are transmitted in the course of the consignment of an e-mail is Article 6 para. 1 lit. f GDPR. Where the e-mail contact aims at the conclusion of a contract, additional legal basis for the processing is Article 6 para. 1 lit. b GDPR. If contact is necessary to fulfil a legal obligation, additional legal basis of the data processing is Article 6 para. 1 lit. c GDPR.
The processing of personal data from the input mask serves the sole purpose of processing the contact support. If contact is initiated via e-mail, the required legitimate interest in processing the data is evident. Other personal data processed during the sending process serve the prevention of abuse of the contact form and guarantee the security of our information technology systems.
Data will be erased as soon as their collection no longer serves the fulfilment of their purpose. As for the personal data from the input mask of the contact form and those transmitted via e-mail, this is the case if the respective conversation with the user has been concluded. A conversation is considered concluded when it can be inferred from circumstances that the relevant state of affairs has been conclusively resolved. Personal data that have been collected additionally during the sending process will be erased after 30 days at the latest, provided no legal ground exists for a longer retention period.
b) Collecting and recording usage data
To optimize our website, we collect and store data such as the date and time of the page view or the page from which you accessed our site. This is done anonymously, without personally identifying the user of the page. Under certain circumstances, user profiles are created by means of a pseudonym. Here, too, there is no connection between the natural person behind the pseudonym and the collected usage data. We collect this data exclusively for statistical purposes in order to further optimize our Internet presence and to be able to make our Internet offers even more attractive. The data is collected and stored exclusively in anonymized or pseudonymized form and does not allow any conclusions to be drawn about you as a natural person.
c) Registration for events
If you register for events via our website, the data you have submitted or entered will be checked manually against the existing database to ensure that it is valid and up to date, and, if necessary, the data stored by us will be corrected. For this purpose, it may be necessary for our team to contact you. This is done via e-mail. The data entered by you will be used exclusively for processing the registration; the data will not be passed on to third parties. The data will be deleted as soon as the respective engagements have been fulfilled and there is no longer a legal obligation to store the data.
This way, the following data can be transmitted:
1) Entered search terms
2) Frequency of page views
3) Use of website features
Legal basis for the processing of personal data when using cookies for analysis/tracking purposes is Article 6 para. 1 lit. a GDPR. Legal basis for the processing of personal data when using technically necessary cookies is Article 6 para. 1 lit. f GDPR.
Cookies necessary to enable third-party services (such as reCAPTCHA and Youtube) may transmit data to third countries.
§7 Embedded Content
Some articles on this site may include embedded content (e.g. videos, images, articles, etc.) from the following social networks: Youtube and Spotify (Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden). Embedded content from other websites behaves in the exact same way as if the visitor has visited the social network from which the content is provided.
§8 Security measures for protecting stored data
We commit ourselves to protecting your privacy and treating your data as confidential. To prevent manipulation, loss, or abuse of the data stored by us, we implement extensive technical and organisational safety precautions that are reviewed on a regular basis and updated in accordance with technological developments, such as, among other things, the use of recognised encryption methods (TLS). However, we would like to point out that due to the nature of the internet it is possible that other persons or institutions outside of our control do not abide by the rules of data protection and the above-mentioned security precautions. In particular, data that are revealed without encryption – e.g. where data are transmitted via e-mail – can be read by third parties. Technically, we have no influence on this. It is in the user’s responsibility to protect the provided data against abuse by means of encryption or other measures.
§9 Hyperlinks to Third-Party Websites
On our websites, we place so-called hyperlinks to websites of other providers. Activating these hyperlinks will forward you from one of our pages directly to the website(s) of the other provider. You can recognize this for instance by the URL changing. We cannot assume any responsibility for the confidential handling
of your data on such websites of third parties since it is beyond our control whether these companies abide by data protection regulations. Concerning the handling of your personal data by these companies, please consult the respective company’s website(s) directly.
Concerning the processing of your personal data based on legitimate interests corresponding to Article 6 para. 1 lit. f GDPR you have the right to enter an objection against processing of your personal data based on Article 21 GDPR provided there are reasons relating to your particular situation, or in case the objection is directed towards direct advertising. In the case of direct advertising, you have a general right to object that we will enforce without requiring a particular situation or reason. Please contact firstname.lastname@example.org or the e-mail address indicated along with the respective processing.
§ 11 Your Rights as a Data Subject
The following rights arise from the GDPR for you as the subject of processing of personal data:
• According to Article 15 GDPR, you have the right to demand information on your personal data processed by us. In particular, you can demand information on processing purposes, the categories of personal data, categories of recipients to whom your data were or are disclosed, planned storage periods, the existence of the right to rectification, erasure, restriction of processing or objection, the existence of the right to lodge a complaint, the source of your data provided they have not been collected by us, the transfer of data to third countries or international organisations, as well as the existence of automated decision-making and profiling and, if applicable, meaningful and significant information on their details.
• According to Article 17 GDPR, you have the right to demand the erasure of personal data stored by us provided that the processing is not imperative for exercising the right to freedom of speech and information, for compliance with a legal obligation, for reasons of public interest, or for the assertion, exercise, or defence of legal claims.
• According to Article 18 GDPR, you have the right to demand the restriction of the processing of your personal data provided that you deny the correctness of data, the processing is unlawful, we do not require the data in question anymore and you object to their erasure because you need them for the assertion, exercise, or defence of legal claims. The right arising from Article 18 GDPR remains in forceeven if you objected to processing in accordance with Article 21 GDPR.
• According to Article 20 GDPR, you have the right to obtain personal data that you provided to us in a structured, common, and machine-processable format, or you can demand the transmission to another responsible body.
• According to Article 7 para. 3 GDPR, you have the right to withdraw your consent that you once granted us at all times. This implicates that, with future effect, we may no longer pursue the data processing that was based on this consent.
• According to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can consult the supervisory authority of your usual residence, your workplace, or our place of business. In Austria, the responsible supervisory authority is the Austrian Data Protection Authority, Wickenburggasse 8, 1080 Vienna, telephone: +43 1 52 152-0, e-mail: email@example.com, website: dsb.gv.at.