TU Graz/

Privacy Policy

Version 1.02 (20.07.2021)

In this privacy policy, we provide you with information about how personal data collected via our websites and online offers are processed. This allows you to immediately see which personal data we process, for what purpose, and the legal basis for this processing. We process your data exclusively on the basis of the legal provisions for data protection and data security and, in particular, the Austrian Data Protection Act (in German: Datenschutzgesetz or “DSG”), the EU General Data Protection Regulation (GDPR, in German: Datenschutz-Grundverordnung or “DSGVO”), as well as the Telecommunications Act (in German: Telekommunikationsgesetz 2003 or “TKG 2003”).

Content

  1. Scope of application
  2. Contact
  3. Creation of log data (access data)
  4. Cookies
    4.1. Functional cookies (session cookies, permanent cookies)
    4.2. Analysis of website visits (analytical cookies)
    4.3. Advertising cookies
  5. Social media plugins
    5.1 Integrated services
  6. Sending information material
  7. Electronic registration for events
  8. Form entries that permit communication
  9. Personal electronic signature
  10. Rights of Data Subjects

1. Scope of application

The privacy policy applies to all processing activities on the websites of Graz University of Technology.

2. Contact

The data controller for processing your personal data is Graz University of Technology, Rechbauerstraße 12, 8010 Graz (hereinafter “TU Graz” or “we”).

The TU Graz data protection officer is x-tention Informationstechnologie GmbH, Römerstraße 80A, 4600 Wels, datenschutzbeauftragternoSpam@tugraz.at.

If you have any data protection concerns, please contact datenschutznoSpam@tugraz.at.

3. Creation of log data (access data)

In order to be able to provide our online services, log data that are technically necessary are stored each time our online offer(s) is(are) accessed (web pages, retrieval of files or other resources). The collection of log data enables us to detect, limit and eliminate system malfunctions, system errors, malfunctions that can restrict the availability of the online services as well as block unauthorised access to our systems. The log data are not linked to other personal data.

Categories of data: Date and time of the request, name and URL of the retrieved resource, amount of data (in bytes) of the requested and/or retrieved resource, response of the server (e.g. HTTP status code), identification data for the browser and operating system used, website from which the access was made, IP address, MAC address, user name.

Legal basis: We store the log data for a limited period of time to fulfil our legitimate interest according to Art. 6 (1) (f) DSGVO.

Storage period: Your log data are generally stored for eight weeks. Depending on the system, data may be stored for a longer period, but not for a period longer than twelve months.

4. Cookies

Cookies are small text files that are stored by the browser when you visit websites. The text files contain information about the user's surfing behaviour, such as which websites were visited. If a website is visited again by the same user, these files enable us to recognise this user. For this purpose, in addition to the technically required cookies (functional cookies), we also use analytical cookies and advertising cookies. We describe in detail which cookies are used in this section.

The legal basis for processing cookies varies depending on their type. We process functional cookies (session cookies and permanent cookies) according to the exemption clause in § 96 (3) TKG 2003. The user’s consent is not required.

The legal basis for data processing with regard to analytical cookies and advertising cookies is your freely given consent according to § 96 (3) TKG 2003. You give us your consent by actively clicking on “I agree” next to the respective processing purpose described in the cookie banner when you visit our web pages. No cookies will be saved before you give your consent. Due to the use of advertising system service providers (see section 4.3.), your data is transmitted to the USA (third country). These qualify as electronic communications services as described in 50 U.S. Code § 1881 (b) (4) and, as such, are subject to monitoring by U.S. intelligence agencies pursuant to 50 U.S. Code § 1881a (“FISA 702”). Therefore, the compliance with European data protection requirements cannot be guaranteed. The transfer of this data to a third country for a specific purpose (see section 4.3 and section 5) is permitted according to the exemption clause found in Art. 49 (1) (a) DSGVO, whereby you give us your consent after being informed of the risks involved. We will store the consent given for a period of six months so that the cookie banner is not displayed every time you visit the web page.

Information about the storage period can be found in the cookie list.

You can control the cookie settings (functional cookies, analytical cookies, advertising cookies) as well as control how long they are stored by modifying your browser settings.

This means that it is possible for you to revoke your consent at any time by deleting all or individual cookies in the browser settings. If you revoke your consent or change the browser settings so that cookies are no longer stored, you (the user) will no longer be recognised by us when you visit our web pages again. For this reason, the cookie banner will be displayed again and provide you again with the option to give your consent.

Below, you will find instructions for how to delete cookies in the most common browsers:

We would like to point out that the deactivation of certain cookies can lead to functional restrictions (i.e. reduced access) to some of our online content.

4.1 Functional cookies (session cookies, permanent cookies)

When you visit our web pages, we use technically required cookies as defined in § 96 (3) TKG 2003. Session cookies enable us to provide users with our online services (e.g. website-navigation, navigate on the website). The cookies are deleted when the browser is closed.

In addition to session cookies, we also set permanent cookies. These help us to improve the user-friendliness of the website. For example, if the user has selected a language on the website, this information is stored in the cookies. If the user visits the same website again, we can provide the user with the appropriate language from the beginning (storage of user settings). The functions contained in the cookies only relate to the website visited. No data are transmitted to third parties.

4.2 Analysis of website visits (analytical cookies)

By setting analytical cookies, we can collect information about user interactions with information content we provide online (e.g. information about the use of our websites, creation of reports about website activities). This helps us to ensure the continuous development of our online offers.

Matomo with anonymisation function

To statistically evaluate the accessed content, we use our own website analytics tool, TU Graz Analytics, which is based on the open source web analytics service Matomo. The information is only stored after the IP address has been shortened or otherwise anonymised. The shortened IP address, therefore, no longer allows any conclusions to be drawn about the user. By using this website analytics tool, no personal data are transmitted to third parties. Your data will be processed exclusively on secure servers of TU Graz.

4.3 Advertising cookies

As a university, we would like to particularly address people who are interested in studying. For this reason, we take measures to carry out tasks in the field of education marketing as described in the measures of the Universities Act 2002.

As one measure that is taken, we use advertising cookies on our websites to analyse the interests of the users (remarketing/retargeting). This allows us to identify our target group (potential students), which, in turn, enables us to advertise our degree programmes more effectively.

When visiting our websites, cookies are set that store information about user behaviour. Based on this user behaviour and the content accessed, we can draw the attention of potential students to TU Graz again at a later date by offering more specific advertisements based on the user’s interests.

This form of data processing is known as profiling. We use the following advertising system service providers and pass the information contained in the cookies on to them (third country transfer, see section 4.):

Facebook Pixel

We use Facebook Pixel from the provider Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). When cookies are set, Facebook can show our target group more specific information about the TU Graz degree programmes based on their interests via the social media platform Facebook, based on the stored information about the content accessed on our websites. We are not able to link the data collected about you with your identity (i.e. it is anonymous for us); therefore, we are unable to draw any conclusions on the basis of our users’ identities. You can find Facebook's privacy policy at https://en-gb.facebook.com/policies/cookies/.

Google

We use Google Ads from the company Google LLC (1600 Amphitheatre Parkway Mountain, View, CA 94043, USA) as an advertising system service provider. If our target group visits a Google website or a website in the Google advertising network, information about the TU Graz degree programmes based on the user’s interests can be displayed as an advertisement on these websites. In order to optimise our advertising measures, user data are collected by means of cookies and evaluated with the analytical tool Google Analytics. However, Google Analytics does not collect any information that enables Google to personally identify individual users. You can find Google's privacy policy at https://policies.google.com/technologies/cookies?hl=en#types-of-cookies.

5. Social media plugins

We use social media plugins (hereinafter referred to as “plugin”) on our websites. The use of such a plugin takes place exclusively based on your consent according to § 96 (3) TKG 2003. The purpose of setting up such a plugin is to offer our users access to a wider range of content and services. We do not collect any personal data via the plugins. After giving your consent by actively clicking on “I agree” in the cookies banner when visiting our websites, the users’ personal data (IP address) can be transmitted to the social media platform. This happens regardless of whether you have a user account with the social media platform. If you are a member of a social media platform and are logged into your user account when you click on the cookie banner on one of our websites, the data collected via the respective plugin will be directly linked to your account. If you do not wish these data to be linked to your user account, you need to first log out of your social media account before activating the plugin. We have no influence over the extent to which and the purpose for which the social media platforms actually collect personal data via the plugins. For more information about how your data are processed and used by the respective social media platform, please refer to the privacy policies of the service providers listed below.

5.1 Integrated services (third country transfer, see section 4.)

Twitter

We integrate a social media stream from the provider Twitter Inc. (Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA) on our websites. This is activated by actively clicking on “I agree” in the cookie banner. Please find their privacy policy here: https://twitter.com/en/privacy

YouTube

We use plugins (videos) from the provider YouTube on our websites. No user data are transmitted to YouTube when our website is accessed. The videos only appear as a preview image. The video content is only loaded and played when you click on the “activate video” link. By doing so, you agree to the data transfer, and personal data (e.g. IP address) are subsequently transferred to YouTube. For further information about how your data are processed and used by YouTube, please refer to the privacy policy of the service provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94103, USA. Privacy policy: https://policies.google.com/technologies/partner-sites?hl=en

6. Sending information material

We give you the opportunity on various websites to subscribe to publications (newsletters, journals, magazines, press releases, etc.), receive information about events and other information material to provide you with more information about the current activities and how the University's is fulfilling its legal requirements. By actively and voluntarily entering your data, you give us your consent to process your personal data.

Categories of data: The types of personal data processed vary depending on the information material. For the specific categories of data and further information about data protection, please refer to the privacy policy for the respective information material.

Legal basis: We process your personal data based on your consent according to Art. 6 (1) (a) DSGVO or § 107 (1) TKG 2003.

Storage period: Your personal data will be processed until you withdraw your consent, i.e. until you unsubscribe so that you no longer receive the information material.

Recipients: If you have selected postal delivery, the address data that you have provided will be transmitted to the respective printing company for mailing. If further mailings will take place, this will be stated in the privacy policy for the respective information material.

You can cancel your subscription by clicking on the respective “unsubscribe” link or by writing to the e-mail address listed in the specific privacy policy. Furthermore, you can revoke your consent at any time by sending an e-mail to datenschutznoSpam@tugraz.at.

7. Electronic registration for events

To make it easier for you to register for events (general events, research events, etc.), we offer online registration options on our websites. With regard to paid events, internal as well as external payment services are also used. In order to be able to guarantee secure and smooth payment, we process the financial data you enter online. If we use external payment services, we will inform you of this in the privacy policy for the specific event. By issuing the payment (for paid events), a contract is concluded between you and TU Graz.

Categories of data: The types of personal data processed vary depending on the event. Please refer to the privacy policy for the respective event for more information about the specific categories of data and about data protection.

Legal basis:
Paid events: We process the personal data you provide in order to organise and carry out the event on the basis of pre-contractual or contractual measures according to Art. 6 (1) (b) DSGVO.
Unpaid (free) events: We process the personal data you provide in order to organise and carry out the event to fulfil the public interest or the legitimate interest of TU Graz according to Art. 6 (1) e DSGVO or Art. 6 (1) (f) DSGVO.

Storage period: Your data will be stored after the contract has been fully processed or the last invoice has been issued for as long as tax law obligations exist to retain such data.
Regarding the public and legitimate interest: We process the data for as long as this is necessary to protect the public/legitimate interest or until an (a justified) objection is raised.

8. Form entries that permit communication

On some of the websites that offer content online, you can enter your contact details in an online form in order to contact us or send enquiries.

Categories of data: The types of personal data processed vary depending on the form. Please refer to the respective input mask for the specific categories of data.

Legal basis: Your personal data will be processed exclusively on the basis of your consent pursuant to § 107 (1) TKG 2003.

Storage period: Your data will be deleted as soon as they are no longer required to achieve the purpose. This is particularly the case when the communication between you and TU Graz finally ends or you have revoked your consent according to § 107 (1) TKG 2003.

Recipients: Data will only be passed on to third parties if you have given us your explicit consent to do so.

9. Personal electronic signature

If you have activated the mobile signature and have a TUGRAZonline account, you can use the TU Graz electronic signature service via esign.tugraz.at and sign your documents electronically with the trust service provider A-Trust GmbH (list of trust service providers). The TU Graz only acts as an intermediary between you and A-Trust GmbH and has no influence on the data collection carried out by A-Trust GmbH. For more information on data protection, please refer to the privacy policy of A-Trust GmbH at https://www.handy-signatur.at/hs2/#!infos/agb.

Categories of data: In order to be able to provide the service technically, it is necessary to process your PDF documents for the duration of the signature process as well as to verify your first and last name.

Legal basis: How your personal data are processed is based on your freely given consent according to Art. 6 (1) (a) DSGVO, which you give us by using the signature service.

Storage period: Your PDF documents are generally not stored by TU Graz. Short-term storage only takes place if you cancel the signature process. In this case, the documents are deleted after five minutes.

Recipient: The PDF documents (for signing) and technically necessary data (IP adress, time to call-up) are transmitted to A-Trust GmbH.

10. Rights of Data Subjects

You have the rights to information and access, rectification, data portability, restriction and erasure of data. Besides these, you also have the right to withdraw your consent to the processing of data. However, bear in mind that withdrawal of consent does not affect the legality of the processing of your data retrospectively. If the data processing is based on the legal basis of fulfilling legitimate or public interest, you can lodge a justified objection to the data processing.

You can withdraw your consent to the cookie settings at any time by modifying your browser settings.

More information is available about the data subject rights.

In order to be able to process your request regarding the abovementioned rights and to ensure that personal data are not disclosed to unauthorised third parties, we must ensure that you are clearly identified. Therefore, we ask you to exercise your data protection rights by using the following form.

There is also a right of appeal to the Austrian Data Protection Authority.

Appendix: Cookie list

Functional cookies (technically necessary cookies)

Name of cookie: BIGipServer~webauftritt~tu-web-https
Purpose: This cookie is used for computer load balancing tasks.
Duration of function: For the duration of the session
Access of third parties: No

Name of cookie: stickyweb
Purpose: This cookie is used for computer load balancing tasks.
Duration of function: For the duration of the session
Access of third parties: No

Name of cookie: tug_consent
Purpose: This cookie saves cookie preference.
Duration of function: six months
Access of third parties: No

Analysis cookies

Name of cookie: pk_id
Purpose: This cookie is used to record the behaviour of users on the website. Statistics on website usage are generated (e.g. time of visit).
Duration of function: thirteen months, until the withdrawal of consent
Access of third parties: No

Name of cookie: pk_ses
Purpose: This cookie is used to record the behaviour of users on the website. Statistics on website usage are generated (e.g. time of visit).
Duration of function: 30 minutes, until the withdrawal of consent
Access of third parties: No

Name of cookie: pk_ref
Purpose: This cookie records which website users used to access the current website or file.
Duration of function: six months, until the withdrawal of consent
Access of third parties: No

You can withdraw your consent at any time by deleting all or individual cookies in the browser settings.