Version 1.01 (18.05.2021)
The data controller for processing your personal data is Graz University of Technology, Rechbauerstraße 12, 8010 Graz (hereinafter “TU Graz” or “we”).
The TU Graz data protection officer is x-tention Informationstechnologie GmbH, Römerstraße 80A, 4600 Wels, datenschutzbeauftragternoSpam@tugraz.at.
If you have any data protection concerns, please contact datenschutznoSpam@tugraz.at.
In order to be able to provide our online services, log data that are technically necessary are stored each time our online offer(s) is(are) accessed (web pages, retrieval of files or other resources). The collection of log data enables us to detect, limit and eliminate system malfunctions, system errors, malfunctions that can restrict the availability of the online services as well as block unauthorised access to our systems. The log data are not linked to other personal data.
Categories of data: Date and time of the request, name and URL of the retrieved resource, amount of data (in bytes) of the requested and/or retrieved resource, response of the server (e.g. HTTP status code), identification data for the browser and operating system used, website from which the access was made, IP address, MAC address, user name.
Legal basis: We store the log data for a limited period of time to fulfil our legitimate interest according to Art. 6 (1) (f) DSGVO.
Storage period: Your log data are generally stored for eight weeks. Depending on the system, data may be stored for a longer period, but not for a period longer than twelve months.
Cookies are small text files that are stored by the browser when you visit websites. The text files contain information about the user's surfing behaviour, such as which websites were visited. If a website is visited again by the same user, these files enable us to recognise this user. For this purpose, in addition to the technically required cookies (functional cookies), we also use analytical cookies and advertising cookies. We describe in detail which cookies are used in this section.
The legal basis for processing cookies varies depending on their type. We process functional cookies (session cookies and permanent cookies) according to the exemption clause in § 96 (3) TKG 2003. The user’s consent is not required.
The legal basis for data processing with regard to analytical cookies and advertising cookies is your freely given consent according to § 96 (3) TKG 2003. You give us your consent by actively clicking on “I agree” next to the respective processing purpose described in the cookie banner when you visit our web pages. No cookies will be saved before you give your consent. Due to the use of advertising system service providers (see section 4.3.), your data is transmitted to the USA (third country). These qualify as electronic communications services as described in 50 U.S. Code § 1881 (b) (4) and, as such, are subject to monitoring by U.S. intelligence agencies pursuant to 50 U.S. Code § 1881a (“FISA 702”). Therefore, the compliance with European data protection requirements cannot be guaranteed. The transfer of this data to a third country for a specific purpose (see section 4.3 and section 5) is permitted according to the exemption clause found in Art. 49 (1) (a) DSGVO, whereby you give us your consent after being informed of the risks involved. We will store the consent given for a period of six months so that the cookie banner is not displayed every time you visit the web page.
Information about the storage period can be found in the cookie list.
You can control the cookie settings (functional cookies, analytical cookies, advertising cookies) as well as control how long they are stored by modifying your browser settings.
This means that it is possible for you to revoke your consent at any time by deleting all or individual cookies in the browser settings. If you revoke your consent or change the browser settings so that cookies are no longer stored, you (the user) will no longer be recognised by us when you visit our web pages again. For this reason, the cookie banner will be displayed again and provide you again with the option to give your consent.
Below, you will find instructions for how to delete cookies in the most common browsers:
We would like to point out that the deactivation of certain cookies can lead to functional restrictions (i.e. reduced access) to some of our online content.
When you visit our web pages, we use technically required cookies as defined in § 96 (3) TKG 2003. Session cookies enable us to provide users with our online services (e.g. website-navigation, navigate on the website). The cookies are deleted when the browser is closed.
In addition to session cookies, we also set permanent cookies. These help us to improve the user-friendliness of the website. For example, if the user has selected a language on the website, this information is stored in the cookies. If the user visits the same website again, we can provide the user with the appropriate language from the beginning (storage of user settings). The functions contained in the cookies only relate to the website visited. No data are transmitted to third parties.
By setting analytical cookies, we can collect information about user interactions with information content we provide online (e.g. information about the use of our websites, creation of reports about website activities). This helps us to ensure the continuous development of our online offers.
To statistically evaluate the accessed content, we use our own website analytics tool, TU Graz Analytics, which is based on the open source web analytics service Matomo. The information is only stored after the IP address has been shortened or otherwise anonymised. The shortened IP address, therefore, no longer allows any conclusions to be drawn about the user. By using this website analytics tool, no personal data are transmitted to third parties. Your data will be processed exclusively on secure servers of TU Graz.
As a university, we would like to particularly address people who are interested in studying. For this reason, we take measures to carry out tasks in the field of education marketing as described in the measures of the Universities Act 2002.
As one measure that is taken, we use advertising cookies on our websites to analyse the interests of the users (remarketing/retargeting). This allows us to identify our target group (potential students), which, in turn, enables us to advertise our degree programmes more effectively.
When visiting our websites, cookies are set that store information about user behaviour. Based on this user behaviour and the content accessed, we can draw the attention of potential students to TU Graz again at a later date by offering more specific advertisements based on the user’s interests.
This form of data processing is known as profiling. We use the following advertising system service providers and pass the information contained in the cookies on to them (third country transfer, see section 4.):
We use social media plugins (hereinafter referred to as “plugin”) on our websites. The use of such a plugin takes place exclusively based on your consent according to § 96 (3) TKG 2003. The purpose of setting up such a plugin is to offer our users access to a wider range of content and services. We do not collect any personal data via the plugins. After giving your consent by actively clicking on “I agree” in the cookies banner when visiting our websites, the users’ personal data (IP address) can be transmitted to the social media platform. This happens regardless of whether you have a user account with the social media platform. If you are a member of a social media platform and are logged into your user account when you click on the cookie banner on one of our websites, the data collected via the respective plugin will be directly linked to your account. If you do not wish these data to be linked to your user account, you need to first log out of your social media account before activating the plugin. We have no influence over the extent to which and the purpose for which the social media platforms actually collect personal data via the plugins. For more information about how your data are processed and used by the respective social media platform, please refer to the privacy policies of the service providers listed below.
We give you the opportunity on various websites to subscribe to publications (newsletters, journals, magazines, press releases, etc.), receive information about events and other information material to provide you with more information about the current activities and how the University's is fulfilling its legal requirements. By actively and voluntarily entering your data, you give us your consent to process your personal data.
Legal basis: We process your personal data based on your consent according to Art. 6 (1) (a) DSGVO or § 107 (1) TKG 2003.
Storage period: Your personal data will be processed until you withdraw your consent, i.e. until you unsubscribe so that you no longer receive the information material.
Paid events: We process the personal data you provide in order to organise and carry out the event on the basis of pre-contractual or contractual measures according to Art. 6 (1) (b) DSGVO.
Unpaid (free) events: We process the personal data you provide in order to organise and carry out the event to fulfil the public interest or the legitimate interest of TU Graz according to Art. 6 (1) e DSGVO or Art. 6 (1) (f) DSGVO.
Storage period: Your data will be stored after the contract has been fully processed or the last invoice has been issued for as long as tax law obligations exist to retain such data.
Regarding the public and legitimate interest: We process the data for as long as this is necessary to protect the public/legitimate interest or until an (a justified) objection is raised.
On some of the websites that offer content online, you can enter your contact details in an online form in order to contact us or send enquiries.
Categories of data: The types of personal data processed vary depending on the form. Please refer to the respective input mask for the specific categories of data.
Legal basis: Your personal data will be processed exclusively on the basis of your consent pursuant to § 107 (1) TKG 2003.
Storage period: Your data will be deleted as soon as they are no longer required to achieve the purpose. This is particularly the case when the communication between you and TU Graz finally ends or you have revoked your consent according to § 107 (1) TKG 2003.
Recipients: Data will only be passed on to third parties if you have given us your explicit consent to do so.
Categories of data: In order to be able to provide the service technically, it is necessary to process your PDF documents for the duration of the signature process as well as to verify your first and last name.
Legal basis: How your personal data are processed is based on your freely given consent according to Art. 6 (1) (a) DSGVO, which you give us by using the signature service.
Storage period: Your PDF documents are generally not stored by TU Graz. Short-term storage only takes place if you cancel the signature process. In this case, the documents are deleted after five minutes.
Recipient: The PDF documents are transmitted to A-Trust GmbH to be signed.
You have the rights to information and access, rectification, data portability, restriction and erasure of data. Besides these, you also have the right to withdraw your consent to the processing of data. However, bear in mind that withdrawal of consent does not affect the legality of the processing of your data retrospectively. If the data processing is based on the legal basis of fulfilling legitimate or public interest, you can lodge a justified objection to the data processing.
You can withdraw your consent to the cookie settings at any time by modifying your browser settings.
More information is available about the data subject rights.
In order to be able to process your request regarding the abovementioned rights and to ensure that personal data are not disclosed to unauthorised third parties, we must ensure that you are clearly identified. Therefore, we ask you to exercise your data protection rights by using the following form.
There is also a right of appeal to the Austrian Data Protection Authority.