The protection of your personal data is of particular concern to us. We therefore process your data exclusively on the basis of the relevant legal provisions (in Austria: EU-GDPR, Data Protection Act and Telecommunications Act 2003 and EU-GDPR). This data protection declaration informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within the framework of our website and the associated websites, about functions and content of these websites as well as about our external online presence, such as our Social Media Profiles.
1. Who we are
The conference 'UN World Conference on Human Rights in Vienna 1993 – Strengthening Imperatives 30 Years After' is a conference organised by the the Ludwig Boltzmann Institute of Fundamental and Human Rights and the Law Faculty of the University of Vienna. The Institute is part of the Ludwig Boltzmann Society. The website aims to support the conference by offering information, possibilities to join the conference online as well as forms of registration. For further information please refer to the conference description under 'about'.
Ludwig Boltzmann Institute of Fundamental and Human Rights - Research Association
Freyung 6 (Schottenhof), 1st courtyard, Stair II, 4th floor, 1010 Vienna.
Should you have any concerns or questions regarding the processing of your personal data by our project, we kindly ask you to either contact us under email@example.com, or our data protection officer at the above address of the Ludwig Boltzmann Institute of Fundamental and Human Rights.
The purpose of the website is to promote the conference as well as to facilitate support for speakers and participants. For further information please refer to the project description under 'About'.
How we collect data
What data we collect
Why we collect this data
Who we share the data with
Where the data is stored
How long the data is kept
How we protect the data
How we treat minors
3. Legal basis
In accordance with art. 6 1. (a), (f) GDPR the processing of data is lawful if the 'processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.' The legitimate interest in processing the data pursued by the conference website is constituted by its nature of being a research project affiliated to a scientific research institute. Therefore, the legitimate interest relates to the general work of the Ludwig Boltzmann Institute for Human Rights in dealing with relevant human rights issues in a national, European and international context.
4. The data we collect
The following is an overview of the data we may collect:
Non-identified and non-identifiable information that you provide during the registration process or that is collected through the use of our services ("non-personal data"). Non-personal information does not identify who it was collected from. Non-personal information that we collect consists primarily of technical and aggregated usage information.
Individually identifiable information, which is any information that can be used to identify you or could be used to identify you with reasonable effort ("personal data"). Personally identifiable information we collect through our Services may include information requested from time to time, such as names, email addresses, addresses, phone numbers, IP addresses and more. When we combine personal data with non-personal data, as long as it is in combination, we will treat it as personal data.
5. How do we collect data
We collect data when you use our services. So when you visit our digital assets and use services, we may collect, record and store usage, sessions and related information. We collect data that you provide to us yourself, for example, when you contact us directly through a communication channel (such as an email with a comment or feedback). We may collect data from third party sources as described below. We collect data that you provide to us when you sign up to our services through a third party provider such as Facebook or Google.
6. Why we collect data
We may use your information for the following purposes:
to provide and operate our services;
to develop, customise and improve our services;
to respond to your feedback, inquiries and requests and to provide assistance;
to analyse request and usage patterns;
to provide you with updates, news, promotional materials and other information related to our services. For promotional emails, you can decide whether you want to continue receiving them. If not, simply click on the unsubscribe link in these emails.
7. With whom we share the data
We may disclose your information to our service providers in order to operate our services (e.g. storing data via third party hosting services, providing technical support, etc.).
We may also disclose your information in the following circumstances: (i) to investigate, detect, prevent or take action regarding illegal activities or other misconduct; (ii) to establish or exercise our rights of defence; (iii) to protect our rights, property or personal safety, or the safety of our users or the public; (iv) in the event of a change of control of us or any of our affiliates (by way of merger, acquisition or purchase of (substantially) all of the assets, etc.); (v) to protect our rights, property or personal safety, or the safety of our users or the public. (vi) to collect, maintain and/or manage your information through authorised third party service providers (e.g. cloud service providers) as appropriate for business purposes; (vii) to work with third party service providers to improve your user experience. For the avoidance of doubt, we may transfer or disclose non-personal data to third parties or use it in any other way at our discretion.
When you visit or access our Services, we authorise third parties to use web beacons, cookies, pixel tags, scripts and other technologies and analytics services ("Tracking Technologies"). These Tracking Technologies may allow third parties to automatically collect your information to improve the navigation experience on our Digital Assets, optimise their performance and provide a tailored user experience, as well as for security and fraud prevention purposes.
We will not share your email address or other personal information with advertisers or advertising networks without your consent.
8. Where we store the data
Personal data may be maintained, processed and stored in the United States, Ireland, South Korea, Taiwan, Israel and to the extent necessary for the proper provision of our services and/or required by law (as further explained below) in other jurisdictions.
9. Duration of data storage
Please note that we will retain the data collected for as long as is necessary to provide our services, to comply with our legal and contractual obligations to you, to resolve disputes and to enforce our agreements. We may correct, amend or delete inaccurate or incomplete data at any time at our sole discretion. Regarding the duration data is being stored, it has to be distinguished between four different kinds of data, namely content data, access data, contact data and account data. Content data: The substantial content data of the website is being stored for an unlimited amount of time as this is necessary for the legitimate interest underlying the purpose of the website according to art. 6 1. (f) GDPR (see also above),
Access data: The access data is stored for 90 days in order to provide for the best user experience. After these 90 days, the access data is deleted. Contact data: The contact data provided by the user to the website when using the registration form is (in accordance with art. 6 1. (a)) stored for the time a user is a registered member of the website. The right to withdraw consent (art. 7 3. GDPR) may be exercised at any time at firstname.lastname@example.org. The contact data will be deleted accordingly.
Account data: The account data provided by the user to the website when creating an account in order to get access to the workshop material is stored for an unlimited amount of time in accordance with art. 6 1. (a). The right to withdraw consent (art. 7 3. GDPR) may be exercised at any time at email@example.com. The account data will be deleted accordingly.
10. Collection and processing of your personal data
The legislator's definitions of the following terms can also be found in art. 4 GDPR.
‘Personal data’ means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or with one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. You may also visit this website without providing any personal information. However, in order to improve our online services, we store access data to this website without personal reference.
Personal data revealing ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, health data or data relating to sex life or sexual orientation of a natural person.
The term "processing" shall mean any operation or set of operations which is carried out with or without the aid of automated procedures and which is related to personal data. The term is broad and covers practically every handling of data. We process your personal data only with the explicit permission of the users concerned or only on the basis of one of the cases provided for by law pursuant to art. 6 1. GDPR (lawfulness of processing).
In accordance with art. 14 1. (c), the data subject has the right to be provided with “the purposes of the processing for which the personal data are intended as well as the legal basis for the processing”. Besides the substantial purpose (see 2. Purpose), the website processes personal data that have been obtained from the data subject for the purpose of optimizing the online offer, its functions and contents. The legal basis for processing this data is the legitimate interest of the website of being a research project affiliated to a scientific research institute (art. 6 1. (f) GDPR). For further information please see 3. Legal basis.
Categories of data:
The personal data that have not been obtained from the data subject but is processed by the website (art. 14 1. (d) GDPR) is data that is normally contained in documents such as judicature, scientific texts, guidebooks and reports. The processing of this data is within the legitimate interest of the website, being a research project affiliated to a scientific research institute, to ensure the operational basis of the website (art. 14 2. (b) & art. 6 1. (f) GDPR). For further information please see 3. Legal basis.
Data subjects have the rights listed in art.s 15 – 22 GDPR; the procedure for exercising these rights is regulated in art. 12 GDPR:
Especially, you are entitled to request information about whether and which personal data we have stored about you, to request the rectification of incorrect data or erasure of your personal data which are not processed in accordance with the law; moreover, you may request under certain circumstances the restriction of the processing of your personal data. Further rights are the right to object to the processing of your personal data processed on grounds of art. 6 (1)(e) or (f) or for marketing purposes. Under certain circumstances you have a right to recover data provided by you (right to data portability). If you are of the opinion that your data is processed contrary to the applicable data protection law, you have the right to lodge a complaint before the competent data protection authority. Below you will find the legal basis authorising you to undertake the steps mentioned above:
Right of access by the data subject (art. 15 GDPR)
Right to rectification (art. 16 GDPR)
Right to erasure (‘right to be forgotten’) (art. 17 GDPR)
Right to restriction of processing (art. 18 GDPR)
Notification obligation regarding rectification or erasure of personal data or restriction of processing (art. 19 GDPR)
Right to data portability (art. 20 GDPR)
Right to object (art. 21 GDPR)
Automated individual decision-making, including profiling (art. 22 GDPR)
11. Collection and processing of your access data
We, the website operator, collect data on access to the website based on our legitimate interest (see art. 6 1. (f) GDPR) (see 3. Legal basis) and store these as "server log files" on the server of the website. The following data is logged in this way: • Visited website • Time at the time of access • Source/reference from which you came to the page • Browser used • Operating system used • IP address used. The server log files are stored for a maximum of 90 days and then deleted (see 4. Duration of data storage). The data is stored for security reasons, e.g. to clarify cases of misuse. If data have to be kept for reasons of proof, they are excluded from deletion until the incident has been finally clarified.
12. Transfer of data to third parties
We use embeds, meaning embedded content, for example, from Youtube or Vimeo to display videos. This works with framing, merely inserting an HTML-link in our website’s codes. As soon as you start the video, the provider of the embedded content can send tracking information and place cookies.
If we disclose/transfer data to other persons and companies in the course of our processing, or otherwise grant them access to the data, this will be done strictly in accordance with art. 6 (1) GDPR; where necessary, users will be asked for their consent (art. 4 11. GDPR).
Project partners and other third parties:
Third parties, to whom data may be disclosed, are national, international/ European project partners. If your data is passed on to such third parties, we will in turn advise them to comply with the applicable data protection regulations. Please note that we select our partners with the utmost care.
Transfers to third countries:
If we transfer data to a third country without adequate data protection, e.g. for service processing, this will only occur if all relevant safeguards and special requirements of art. 44 ff. GDPR are fulfilled. Users may contact our data protection officer for all details on cases of transfer of data relating to them, especially concerning the existing safeguards.
“Cookies" are small files that are stored on the user's computer. A cookie is primarily used to store information about a user (or, more precisely, about the device on which the cookie is stored) during or after the user's visit to an online service. Different data can be stored within the cookies. Cookies that are used by the website are referred to as “first-party cookies” and those used by our partners/others as “third-party cookies”.
In addition, common browsers offer the option not to accept cookies. Stored cookies can be deleted in the system settings of the browser. However, the exclusion of cookies can lead to functional limitations of this online service.
14. Contact us
If you contact us via the contact options offered (e.g. via contact form, e-mail, telephone or via social media), the contact inquiry and its processing will be processed in accordance with art. 6 1. (b) and (f) GDPR. This data will not be passed on to third parties without your consent. User data may be stored in a customer relationship management system ("CRM system") or comparable inquiry organisation based on art. 6 (1)(f) GDPR. We delete inquiries if they are no longer necessary. We check the necessity each year. Unless otherwise stated in our data protection declaration, we process the data of users who communicate with us within the social networks and platforms, e.g. write articles on our online presence or send us messages.
15. Security and integrity of your data
The hosting service for our digital assets provides us with the online platform through which we can offer our services to you. Your data can be stored via our hosting provider's data storage, databases and general applications. It stores your data on secure servers behind a firewall and it provides secure HTTPS access to most areas of its services. The security of your data is our top priority. We therefore take appropriate technical and organisational measures in accordance with art. 32 GDPR, taking into account the state of the art, the implementation costs and the specific risks of processing to the rights and freedoms of natural persons, in order to ensure an appropriate level of protection. Notwithstanding the measures and efforts taken by us and our hosting provider, we cannot and do not guarantee absolute protection and security of the information you upload, post or otherwise disclose to us or others. For this reason, we ask that you establish strong passwords and, where possible, do not provide us or others with confidential information that you believe could cause you significant or lasting harm if disclosed. In addition, as email and instant messaging are not considered secure forms of communication, we ask that you do not disclose confidential information through either of these communication channels. The measures for ensuring appropriate data security include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data as well as access to input, transmission, availability and separation of the data concerning them. In addition, we have established procedures to ensure the exercise of data subjects' rights, especially concerning deletion of data and response to data breaches. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and data protection-friendly default settings (art. 25 GDPR).
16. Data storage and deletion of data
The data processed by us will be deleted or their processing restricted in accordance with art. 5 1.(e) GDPR. If there are no special legal storage obligations/permissions, we will delete your data as soon as they are no longer required for their intended purpose. If the data are not deleted because they are required for another legally permissible purpose, their processing will be restricted. This means that access to the data for all other purposes will be blocked. This applies, for example, if data must be stored for commercial or tax reasons.
17. Integration of services and content data from third parties
Within the scope of our online offer, and acting on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of art. 6 para. 1 lit. f of GDPR) we use content and service offers from third parties in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content").
This always presupposes that the third-party providers of this content get to know the IP address of the user, since they would not be able to send the content to user’s browser without the IP address. The IP address is therefore required for the provision of this content. We make every effort to use only such providers of content who use the IP address exclusively for delivering content required by a user. Third party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. “Pixel tags" can be used to evaluate information about visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring web pages, visit times and other information about the use of our online services; it may be further be linked to such information from other sources.
In order to analyse the data relating to the use made of the website, the website applies Matomo, provided for by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. For this purpose, pseudonymised user profiles can be created by evaluating user data. Cookies can be used for this purpose. The information generated by the cookie in the pseudonymous user profile is not used to personally identify the visitor to this website and is not merged with personal data about the bearer of the pseudonym.
b) Use of social plugins
On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer in the sense of art. 6 para. 1 lit. f. GDPR) we use Social Plugins ("Plugins") of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), as well as of twitter.com, which is operated by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“Twitter”). The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and can be recognized by one of the Facebook logos (white "f" on a blue tile, the terms "like", "like" or a "thumb up" sign), are marked with the addition "Facebook Social Plugin" or by the Twitter, Inc.’s Twitter buttons. The list and appearance of the Facebook Plugins can be viewed here http://developers.facebook.com/docs/plugins. The list and appearance of the Twitter Plugins can be viewed here http://developer.twitter.com/en/docs/twitter-for-websites/overview.html.
Facebook is established in the EU (Ireland) and thus is subject to the GDPR; moreover Facebook Inc., situated in the U.S., is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law: http://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active. Twitter is also established in the EU (Ireland) and thus is subject to the GDPR; Twitter Inc. is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law, too: http://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO#privacy-policy-1.
When a user calls up a function of these online services containing such a plugin, his device establishes a direct connection with the Facebook and/or Twitter servers. The content of the plugin is transmitted directly from Facebook and/or Twitter to the user's device and integrated into the online service by the user. User profiles can be created from the processed data. We therefore have no influence on the extent to which Facebook and/or Twitter collects data with the help of this plugin.
By integrating the plugins, Facebook and/or Twitter uses third-party plugins to receive the information that a user has called up the corresponding page of the online offer. If the user is logged into Facebook and/or Twitter, Facebook and/or Twitter can assign the visit to his Facebook and/or Twitter account. When users interact with the plug-ins, for example by clicking the Like button or posting a comment, the corresponding information is transferred directly from your device to Facebook and/or Twitter and stored there. If a user is not a member of Facebook and/or Twitter, it is still possible for Facebook and/or Twitter to find out his IP address and save it.
The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the relevant rights and setting options to protect the privacy of users can be found in Facebook's data protection information http://http://www.facebook.com/about/privacy. The purpose and scope of the data collection and the further processing and use of the data by Twitter as well as the relevant rights and setting options to protect the privacy of users can be found in Twitter’s data protection information http://http://twitter.com/en/privacy.
18. Your Consent
We reserve the right to amend this data protection declaration in order to adapt it to changed legal situations or to changes in our offers and the data procession associated with them.