Data Protection

Privacy Policy

A. General Information

We are pleased that you are visiting our website www.dpu-research.at. Danube Private University GmbH (hereinafter referred to as “we”, “us”, or “DPU”) takes data protection very seriously. Personal data are processed and used in accordance with the EU General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).

Due to the ongoing development of our website or changes in legal requirements, it may become necessary to amend this Privacy Policy. The version published at www.dpu-research.at/de/datenschutz and www.dpu-research.at/en/dataprotection shall apply.

How to Contact Us

The controller within the meaning of Article 4(7) GDPR is:

Danube Private University GmbH
Steiner Landstraße 124
3500 Krems an der Donau
Austria

You may contact our Data Protection Officer by e-mail at: Datenschutz@DP-Uni.ac.at

Please use these contact details if you have any questions or concerns regarding the processing of your personal data or if you wish to exercise your rights (see Section C).

Further information on how we use your data is provided below.

 

B. Collection and Use of Personal Data

Personal Data

Personal data means any information relating to an identified or identifiable natural person, such as name, address, telephone number, date of birth, or e-mail address. Information that cannot be linked to an identified or identifiable natural person (e.g. the number of users visiting a webpage) does not constitute personal data.

Legal Basis

We process personal data only on the basis of a lawful ground under Article 6 GDPR (e.g. your consent, the performance of a contract, or compliance with a legal obligation) and solely for legitimate purposes. More detailed information on the respective legal bases can be found in Section D below.

Data Processors

In some cases, we engage external service providers (so-called processors) to process personal data on our behalf. These processors have been carefully selected and commissioned, are bound by our instructions, and are regularly monitored. We have ensured that they implement appropriate technical and organisational measures to guarantee the security of your data.

For the technical implementation and maintenance of our website and related services, we have appointed the following processor:

dotsandlines GmbH
Mollardgasse 70C / Top 5
1060 Vienna
Austria

Website Hosting

We use the services of Servd Hosting (Bit Breakfast Limited trading as Servd Hosting, Pomegranate Consulting, 6th Floor, 49 Peter Street, Manchester, United Kingdom, M2 3NG) to host our website.

In this context, personal data may be processed by the hosting provider and its subcontractors. Since Servd Hosting is located in the United Kingdom, personal data may be transferred outside the European Union. The European Commission has adopted an adequacy decision pursuant to Article 45 GDPR for the United Kingdom, confirming that an adequate level of data protection exists there. Data transfers to the United Kingdom are therefore based on this adequacy decision.

Further information on data processing can be found in the provider's privacy policy: Servd Privacy Policy.

If we engage additional processors for specific processing activities, detailed information will be provided in the description of the respective processing activity (see Section D).

Transfers Outside the EEA

Where our processors or other recipients are located outside the European Economic Area (EEA), we will inform you of this circumstance and of the measures taken to ensure an adequate level of data protection in the description of the respective processing activity (see Section D).

Data Retention

We retain your personal data only for as long as necessary to fulfil the respective purpose. The applicable retention periods are specified in the descriptions of the individual processing activities in Section D.

Furthermore, pursuant to Article 6(1)(f) GDPR, we may retain personal data for evidentiary purposes for as long as legal claims relating to the relevant processing activity may be asserted.

Automated Decision-Making

We do not use your personal data for automated decision-making, including profiling, within the meaning of Article 13(2)(f) and Article 14(2)(g) GDPR.

 

C. Your Rights

You have the following rights with regard to all personal data concerning you that we process:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to object to processing
  • Right to data portability

Where processing is based on your consent, you also have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing carried out prior to the withdrawal.

To exercise your rights, please contact: Datenschutz@DP-Uni.ac.at

If you believe that the processing of your personal data violates the GDPR, we encourage you to contact us with your concerns. You also have the right to lodge a complaint with the competent data protection authority.

 

D. Data Processing Activities

 

1. Data Processing When Contacting Us

Whenever you contact us by e-mail or via a form on the website www.dpu-research.at, the data you provide (such as your name, e-mail address, telephone number, correspondence with you, and, in the case of applications to the PhD programme, additional information such as date of birth, academic titles, postal address, and other relevant details) will be stored and processed on the basis of our legitimate interest pursuant to Article 6(1)(f) GDPR for the purpose of handling your request and responding to your enquiry.

The data will be deleted one year after the last correspondence. However, if you subsequently become a PhD student at DPU, all correspondence will be deleted six months after completion of your PhD programme.

 

2. Visiting the Website www.dpu-research.at

Whenever you use our website, we collect data that your browser automatically transmits to our server. This includes the following information:

  • IP address
  • Browser type and browser version (if transmitted by the user)
  • Operating system
  • Date and time of the server request
  • Number of visits
  • Duration of the visit
  • Previously visited website (if transmitted by the user)

This data is technically necessary for us to display the website correctly and to ensure its stability and security. The legal basis for this processing is our legitimate interest pursuant to Article 6(1)(f) GDPR and the technical necessity pursuant to Section 165(3) of the Austrian Telecommunications Act 2021 (TKG 2021).

The data are anonymised immediately after collection and stored only in anonymised form. The anonymised data are deleted after one month.

 

3. Strictly Necessary Cookies

Our website uses so-called cookies. Cookies are small text files that are stored on your device. They do not cause any damage and do not contain viruses.

We use strictly necessary cookies that are required for the operation and core functionality of our website. Without these cookies, the website cannot function properly.

The legal basis for the processing of personal data in connection with strictly necessary cookies is our legitimate interest in providing a secure and functional website pursuant to Article 6(1)(f) GDPR, as well as the technical necessity pursuant to Section 165(3) TKG 2021.

Strictly necessary cookies cannot be disabled via our cookie banner, as they are essential for the operation of the website.

 

CRAFT_CSRF_TOKEN: Protection against CSRF attacks; stored for the duration of the session

CraftSessionId: Session management / website functionality; persistent (approx. 1 year)

Klaro-cookie: Stores cookie and consent preferences; persistent (approx. 1 year)

 

You may delete or block cookies at any time through your browser settings. Please note, however, that doing so may limit the functionality of our website.

In addition, and only with your consent, we use non-essential cookies, particularly for analytics and statistical purposes. Further information can be found in the following section.

 

4. Matomo Web Analytics

To improve the usability and performance of our website, we use the open-source web analytics tool "Matomo", provided by InnoCraft Limited, 7 Waterloo Quay, PO Box 625, 6140 Wellington, New Zealand. Matomo uses non-essential cookies.

Matomo's servers are located within the European Union. Should personal data be transferred to New Zealand, such transfer is based on the adequacy decision adopted by the European Commission pursuant to Article 45 GDPR.

When non-essential cookies are used and visitor data are subsequently analysed, personal data are processed to better understand the preferences of our website visitors and to improve and personalise our services. The specific purpose of each cookie is described below.

The legal basis for the processing of your data through non-essential cookies is your explicit consent pursuant to Article 6(1)(a) GDPR in conjunction with Section 165(3) TKG 2021.

You may provide your consent by selecting the appropriate option in our cookie banner or at a later stage when accessing the application. You may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

 

The following Matomo cooies are used:

pk_ref: Referer URL; stores the referring URL and records the website from which you accessed our website; 6 months.

pk_cvar: Session; stores custom variables that were set during previous page views; 30 minutes.

pk_id: Nutzer-ID; stores a unique visitor ID; 13 months.

pk_ses: Session; indicates the active session of a visitor; 30 minutes.

 

Raw data relating to all visits and actions, together with all aggregated reports, are automatically deleted after a retention period of 12 months.