Privacy Policy

In this privacy policy, we provide you with information about how personal data collected via our websites and online offers are processed. This allows you to immediately see which personal data we process, for what purpose, and the legal basis for this processing. We process your data exclusively on the basis of the legal provisions for data protection and data security and, in particular, the Austrian Data Protection Act (in German: Datenschutzgesetz or “DSG”), the EU General Data Protection Regulation (GDPR, in German: Datenschutz-Grundverordnung or “DSGVO”), as well as the Telecommunications Act (in German: Telekommunikationsgesetz 2003 or “TKG 2003”).

1. Scope of application

The privacy policy applies to all processing activities on the websites of Graz University of Technology.

2. Contact

The data controller for processing your personal data is Graz University of Technology, Rechbauerstraße 12, 8010 Graz (hereinafter “TU Graz” or “we”).

The TU Graz data protection officer is x-tention Informationstechnologie GmbH, Römerstraße 80A, 4600 Wels, datenschutzbeauftragter@tugraz.at.

If you have any data protection concerns, please contact datenschutz@tugraz.at.

3. Creation of log data (access data)

In order to be able to provide our online services, log data that are technically necessary are stored each time our online offer(s) is(are) accessed (web pages, retrieval of files or other resources). The collection of log data enables us to detect, limit and eliminate system malfunctions, system errors, malfunctions that can restrict the availability of the online services as well as block unauthorised access to our systems. The log data are not linked to other personal data.

Categories of data

Date and time of the request, name and URL of the retrieved resource, amount of data (in bytes) of the requested and/or retrieved resource, response of the server (e.g. HTTP status code), identification data for the browser and operating system used, website from which the access was made, IP address, MAC address, user name.

Legal basis

We store the log data for a limited period of time to fulfil our legitimate interest according to Art. 6 (1) (f) DSGVO.

Storage period

Your log data are generally stored for eight weeks. Depending on the system, data may be stored for a longer period, but not for a period longer than twelve months.

4. Cookies

Cookies are small text files that are stored by the browser when you visit websites. The text files contain information about the user’s surfing behaviour, such as which websites were visited. If a website is visited again by the same user, these files enable us to recognise this user. For this purpose, in addition to the technically required cookies (functional cookies), we also use analytical cookies and advertising cookies. We describe in detail which cookies are used in this section.

The legal basis for processing cookies varies depending on their type. We process functional cookies (session cookies and permanent cookies) according to the exemption clause in § 96 (3) TKG 2003. The user’s consent is not required.

The legal basis for data processing with regard to analytical cookies and advertising cookies is your freely given consent according to § 96 (3) TKG. You give us your consent by actively clicking on “I agree” next to the respective processing purpose described in the cookie banner when you visit our web pages. No cookies will be saved before you give your consent. Due to the use of advertising system service providers (see section 4.3.), your data is transmitted to the USA (third country). These qualify as electronic communications services as described in 50 U.S. Code § 1881 (b) (4) and, as such, are subject to monitoring by U.S. intelligence agencies pursuant to 50 U.S. Code § 1881a (“FISA 702”). Therefore, the compliance with European data protection requirements cannot be guaranteed. The transfer of this data to a third country for a specific purpose (see section 4.3 and section 5) is permitted according to the exemption clause found in Art. 49 (1) (a) DSGVO, whereby you give us your consent after being informed of the risks involved. We will store the consent given for a period of six months so that the cookie banner is not displayed every time you visit the web page.

Information about the storage period can be found in the cookie list.

You can control the cookie settings (functional cookies, analytical cookies, advertising cookies) as well as control how long they are stored by modifying your browser settings.

This means that it is possible for you to revoke your consent at any time by deleting all or individual cookies in the browser settings. If you revoke your consent or change the browser settings so that cookies are no longer stored, you (the user) will no longer be recognised by us when you visit our web pages again. For this reason, the cookie banner will be displayed again and provide you again with the option to give your consent.

Below, you will find instructions for how to delete cookies in the most common browsers:

We would like to point out that the deactivation of certain cookies can lead to functional restrictions (i.e. reduced access) to some of our online content.

Functional cookies (session cookies, permanent cookies)

When you visit our web pages, we use technically required cookies as defined in § 96 (3) TKG. Session cookies enable us to provide users with our online services (e.g. website-navigation, navigate on the website). The cookies are deleted when the browser is closed.

In addition to session cookies, we also set permanent cookies. These help us to improve the user-friendliness of the website. For example, if the user has selected a language on the website, this information is stored in the cookies. If the user visits the same website again, we can provide the user with the appropriate language from the beginning (storage of user settings). The functions contained in the cookies only relate to the website visited. No data are transmitted to third parties.

Analysis of website visits (analytical cookies)

By setting analytical cookies, we can collect information about user interactions with information content we provide online (e.g. information about the use of our websites, creation of reports about website activities). This helps us to ensure the continuous development of our online offers.

Matomo with anonymisation function

To statistically evaluate the accessed content, we use our own website analytics tool, TU Graz Analytics, which is based on the open source web analytics service Matomo. The information is only stored after the IP address has been shortened or otherwise anonymised. The shortened IP address, therefore, no longer allows any conclusions to be drawn about the user. By using this website analytics tool, no personal data are transmitted to third parties. Your data will be processed exclusively on secure servers of TU Graz.

5. Social Media Plugins

We use social media plugins (hereinafter referred to as “plugin”) on our websites. The use of such a plugin takes place exclusively based on your consent according to § 96 (3) TKG 2003. The purpose of setting up such a plugin is to offer our users access to a wider range of content and services. We do not collect any personal data via the plugins. After giving your consent by actively clicking on “I agree” in the cookies banner when visiting our websites, the users’ personal data (IP address) can be transmitted to the social media platform. This happens regardless of whether you have a user account with the social media platform. If you are a member of a social media platform and are logged into your user account when you click on the cookie banner on one of our websites, the data collected via the respective plugin will be directly linked to your account. If you do not wish these data to be linked to your user account, you need to first log out of your social media account before activating the plugin. We have no influence over the extent to which and the purpose for which the social media platforms actually collect personal data via the plugins. For more information about how your data are processed and used by the respective social media platform, please refer to the privacy policies of the service providers listed below.

Included services (third country transfer see chapter “Cookies”)

Twitter

We integrate a social media stream from the provider Twitter Inc. (Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA) on our websites. This is activated by actively clicking on “I agree” in the cookie banner. Please find their privacy policy here: https://twitter.com/en/privacy

YouTube

We use plugins (videos) from the provider YouTube on our websites. No user data are transmitted to YouTube when our website is accessed. The videos only appear as a preview image. The video content is only loaded and played when you click on the “activate video” link. By doing so, you agree to the data transfer, and personal data (e.g. IP address) are subsequently transferred to YouTube. For further information about how your data are processed and used by YouTube, please refer to the privacy policy of the service provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94103, USA. Privacy policy: https://policies.google.com/technologies/partner-sites?hl=en

6. Rights of Data Subjects

You have the rights to information and access, rectification, data portability, restriction and erasure of data. Besides these, you also have the right to withdraw your consent to the processing of data. However, bear in mind that withdrawal of consent does not affect the legality of the processing of your data retrospectively. If the data processing is based on the legal basis of fulfilling legitimate or public interest, you can lodge a justified objection to the data processing.

You can withdraw your consent to the cookie settings at any time by modifying your browser settings.

More information is available about the data subject rights.

In order to be able to process your request regarding the abovementioned rights and to ensure that personal data are not disclosed to unauthorised third parties, we must ensure that you are clearly identified. Therefore, we ask you to exercise your data protection rights by using the following form.

There is also a right of appeal to the Austrian Data Protection Authority.