Data protection

Privacy Policy of the European Training and Research Centre for Human Rights and Democracy (ETC Graz), host of the International Centre for the Promotion of Human Rights at the Local and Regional Levels under the auspices of UNESCO

1.    Introduction

The International Centre for the Promotion of Human Rights at the Local and Regional Levels is hosted by the European Training and Research Centre for Human Rights and Democracy (ETC Graz). The ETC Graz, located in Graz, Austria, takes the protection of your personal data very seriously. In accordance with the European General Data Protection Regulation (GDPR), this privacy statement informs you about the nature, scope and purpose of the processing of personal data within our organisation.

2.    Responsible person

The person responsible for data processing is:

European Training and Research Centre for
Human Rights and Democracy (ETC Graz)

host of the International Centre for the Promotion
of Human Rights at the Local and Regional Levels
under the auspices of UNESCO
Elisabethstraße 50B

8010 Graz
Austria

office@etc-graz.at
info@humanrightsgolocal.org
www.etc-graz.eu
www.humanrightsgolocal.org

3.    Types of data processed

  • Basic personal data and contact details
  • Professional data (profession, institutional affiliation)
  • Research data (results, studies, publications)
  • Website data (anonymised access data)

4.    Purpose of the data processing

Data is processed in accordance with our mission to promote and enforce human rights and democracy. Specific processing purposes include:

  • Implementation of research projects
  • Organisation of events and trainings
  • Dispatch of newsletters and publications
  • Customer management

Legal basis for the processing of personal data

The legal bases for processing your data are:

  • Your consent (Art. 6 para. 1 lit. a GDPR)
  • Contractual obligations (Art. 6 para. 1 lit. b GDPR)
  • Legal obligations (Art. 6 para. 1 lit. c GDPR)
  • Safeguarding our legitimate interests (Art. 6 para. 1 lit. f GDPR)

Recipients or categories of recipients of the personal data

As a matter of principle, your personal data will only be processed internally within the organisation. Your data will not be passed on to third parties unless this is necessary for the fulfilment of our tasks or required by law. Possible recipients could be:

  • Processors (e.g. IT service providers)
  • Partner organisations
  • Public bodies in the case of overriding legal provisions

If data processing also takes place externally, information about this is provided in the respective processing activities.

5.    Deletion and retention periods

Your data will be deleted as soon as they are no longer required to achieve the purpose of processing and there are no legal obligations to retain them.

Unless the storage and possible restrictions on the right to erasure or the right of revocation and objection are addressed separately in the individual processing activities, we store your data as follows:

In the case of consent (Art 6 para 1 lit a GDPR): Data that we process from you on the basis of your consent will remain stored until your consent is revoked, but no longer than until the purpose has been achieved. In addition, only your absolutely necessary personal data (name, date of consent, proof of consent, e.g. signature) will be stored for the purpose of proving your consent or revocation for a period of 3 years from revocation.

In the event of a contract (Art 6 para 1 lit b GDPR): We store your personal data as long as this is necessary for the fulfilment of the contract. Beyond that, we only store your data if there are legal retention periods for this or if limitation periods regarding potential legal claims are open.

In the event of the fulfilment of a legal obligation (Art 6 para 1 lit c GDPR): We process your data as long as this is necessary due to the legal obligation. In addition, we only store your data if there are legal retention periods or limitation periods concerning potential legal claims.

In the case of legitimate interest (Art 6 para 1 lit f GDPR): We process the data as long as this is necessary to protect the legitimate interests or until a (justified) objection is raised. In addition, we only store your data if there are legal retention periods or statutes of limitation regarding potential legal claims.

6.    Your rights

In connection with the processing of your personal data by ETC Graz, you generally have the following rights:

  • Right of access to the personal data concerned (Art 15 GDPR),
  • Right to rectification (Art 16 GDPR), erasure (Art 17 GDPR) and restriction of processing (Art 18 GDPR),
  • Right to data portability (Art 20 GDPR),
  • Right to object (Art 21 GDPR),
  • if the processing is based on consent: Right to withdraw consent (Art 7(3) GDPR), which does not affect the lawfulness of the processing carried out until withdrawal.

You can assert your rights in writing:
office@etc-graz.at  or by mail:

European Training and Research Centre for
Human Rights and Democracy (ETC Graz)

host of the International Centre for the Promotion
of Human Rights at the Local and Regional Levels
under the auspices of UNESCO
Elisabethstraße 50B

8010 Graz
Austria

office@etc-graz.at
info@humanrightsgolocal.org
www.etc-graz.eu
www.humanrightsgolocal.org

In addition, there is the right to lodge a complaint (Art 77 GDPR) with a supervisory authority, in Austria this is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, telephone: +43 1 52 152-0, e-mail: dsb(at)dsb.gv.atwould have to be submitted.

7.    Contact for data protection questions

For questions regarding data protection, you can contact office@etc-graz.at.

Processing activities

8.    Visit our website

Calling up our website

Description and scope of data processing

When the web pages of the ETC Graz are called up, our web servers temporarily save each access in a log file. The following data is recorded and stored until automated deletion:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved data
  • Transmitted data volume
  • Message whether the retrieval was successful
  • Recognition data of the browser and operating system used
  • Website from which the access is made
  • Name of your Internet access provider

Purpose of the data processing

The processing of this data is for the purpose of ensuring the use of the website (connection establishment), system security and the technical administration of the network infrastructure. Furthermore, the processing serves the optimisation of the internet offer of the ETC Graz.

Legal basis of the data processing

The processing of the above-mentioned data is carried out in particular on the basis of the existing overriding legitimate interest (Art 6 para 1 lit f GDPR) of ETC Graz in ensuring system security, the technical administration of the network infrastructure.

Cookies

Please note the current cookie guidelines: https://www.humanrightsgolocal.org/cookie-policy-eu/

Google Analytics

Description and scope of data processing

We use Google Analytics to analyse website usage. The data obtained from this is used to optimise our website and advertising measures.

Google Analytics is provided to us by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google processes website usage data on our behalf and is contractually committed to measures to ensure the security and confidentiality of the data processed.

During your visit to the website, the following data, among others, is recorded:

  • Pages accessed
  • The achievement of “website goals” (e.g. contact enquiries and newsletter sign-ups).
  • Your behaviour on the pages (for example, dwell time, clicks, scrolling behaviour)
  • Your approximate location (country)
  • Your IP address (in shortened form, so that no clear assignment is possible)
  • Technical information such as browser, internet provider, terminal device and screen resolution
  • Source of origin of your visit (i.e. via which website or via which advertising medium you came to us)

No personal data such as name, address or contact details are ever transferred to Google Analytics.

This data is transferred to Google servers in the USA. We would like to point out that the same level of data protection cannot be guaranteed in the USA as within the EU.

Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID that can be used to recognise you on future visits to the website.

The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remain stored in aggregated form indefinitely.

If you do not agree with the collection, you can prevent it by installing the browser add-on to deactivate Google Analytics once or by rejecting the cookies via our cookie settings dialogue.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our website. This service is provided by Google Inc, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). reCAPTCHA is used to verify whether the data entered on our website (e.g. on a contact form) was entered by a human or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the visitor on the website or mouse movements performed by the user). The data collected during the analysis is forwarded to Google. The analyses of reCAPTCHA take place entirely in the background. Website visitors are not made aware that such an analysis is taking place. The data processing is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its website from abusive automated crawling and spam. For more information on Google reCAPTCHA and Google’s privacy policy, please see the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

SSL encryption

The ETC Graz uses SSL encryption for security and to protect confidential content. You can recognise this encrypted connection by the fact that the address line of the browser changes from “http://” to “https://”, as well as by the lock symbol. SSL encryption means that data transmitted cannot be read by third parties.

9.    Research

The processing of personal data within the scope of the research projects is carried out in compliance with the principles and requirements resulting from the legal provisions (GDPR, DSG and FOG). While ensuring appropriate protection for the personal data, only those data are processed that are necessary to achieve the purpose.

Within the framework of research projects, all types of personal data can be processed in order to achieve the research objective (e.g. various contact data for target group-specific contacting, research data ieS for scientific analysis and possible publications, usage and metadata iZh with various IT systems).

Details on data processing in the context of specific research projects can be found in the privacy policy of the respective research project.

Information on any data transfers (including to third countries) and collaborations, as well as on any provision of research data in repositories, is provided in the privacy statement of the respective project.

10. Contact/feedback forms

Description and scope of data processing

When you contact us (by e-mail, telephone or contact form), the data you yourself provide that is required to process and respond to your enquiry is processed. These are usually:

  • First name and surname
  • Address
  • Email address

In addition to the data listed above, the following optional data provided by you may be processed. These are:

  • Gender
  • Telephone number
  • Institution/Organisation
  • Content data (if you leave us a message)

Purpose of the data processing

This data is processed for the purpose of handling and responding to your enquiry/feedback. The data will be stored by us for at least six months in the event of follow-up questions or for the period that we need to provide the services you have requested.

Legal basis of the data processing

The processing of the above-mentioned data is carried out in particular on the basis of the existing overriding legitimate interest (Art 6 para 1 lit f GDPR) of the ETC Graz in processing and answering your enquiry/your feedback, if necessary on the basis of pre-contractual measures according to Art 6 para 1 lit b GDPR to answer your enquiry.

Insofar as the processing of personal data is necessary for the conclusion of a contract or for pre-contractual measures, the failure to provide the data means that the contractual service (answering your enquiry) cannot be provided.

11. Newsletter and specific dissemination of information

Description and scope of data processing

If you have registered for one of our newsletters, we will process your personal data as listed below:

  • First name and surname
  • Email address

Purpose of the data processing

This data is processed for the purpose of sending you the news and information you have requested.

Legal basis of the data processing

The processing of the above-mentioned data is based on your consent (Art 6 para 1 lit a GDPR), which you can revoke at any time.

12. Events

Event registration via the form on the homepage

Description and scope of data processing

When you register for an event, the following data is usually processed:

  • First name and surname
  • Email address

In addition to the data listed above, the following optional data provided by you may be processed. These are:

  • Gender
  • Preceding and following academic title
  • Telephone number
  • Institution/Organisation
  • Content data (when you leave us a message)

Purpose of the data processing

We process the above-mentioned data in the context of registration, organisation and implementation of the event.

Legal basis of the data processing

The processing of the above-mentioned data is carried out in particular on the basis of a contract or for the implementation of pre-contractual measures (Art 6 para 1 lit b GDPR).

The processing of the mandatory data is necessary for the administration of the event. If you do not provide us with the data, participation in the event is unfortunately not possible.

Event documentation

Description and scope of data processing

In the context of events, the ETC Graz takes photos of event visitors or makes short videos. These photos/short videos are published on the website, in the newsletter or on Youtube for public relations purposes and to present our activities.

Purpose of the data processing

The image data is processed for the purpose of public relations, to present our activities and to inform the public about the fulfilment of the association’s tasks.

Legal basis of the data processing

The processing is carried out in particular on the basis of the existing overriding legitimate interest (Art 6 para 1 lit f GDPR) of ETC Graz in the fulfilment of this purpose.

Sending electronic event invitations to own, similar events to existing contacts

Description and scope of data processing

If the ETC Graz receives your contact data (e-mail address) in the context of registrations for events, the ETC Graz will process this contact data, if necessary, for contacting you for the purpose of advertising its own, similar events (further).

Purpose of the data processing

The contact data is processed for the purpose of fulfilling our tasks, specifically for the purpose of providing information about and actively advertising further education offers, the use and implementation of research results in practice and the support of the social integration of results.

Legal basis of the data processing

The (further) processing is carried out in particular on the basis of the existing legitimate interest (Art 6 para 1 lit f GDPR) and public interest (Art 6 para 1 lit e GDPR in conjunction with § 3 Z 5 and 8 UG – depending on the concrete design in individual cases, possibly in conjunction with Art 6 para 4 GDPR) of ETC Graz in the fulfilment of this purpose.

In addition, we process your contact data exclusively in compliance with the legal provisions of § 174 para 4 TKG 2021.