End of this page section.

Begin of page section: Contents:

Data Protection Declaration

The protection of personal data is of particular concern to the University of Graz, which is why we treat all processed personal data confidentially and in compliance with the statutory provisions.

In this guide, we would like to inform you about how we process your personal data. This includes specific information on data processing as well as more general information on the topic in connection with the University of Graz.

University of Graz

Universitätsplatz 3, 8010 Graz

Tel.: +43 (0) 316 380-0

Fax: +43 (0) 316 380-9030

E-mail: rektorsbuero(at)uni-graz.at

 

Data protection contacts:

Law and Organisation, Universitätsplatz 3, 8010 Graz, Austria

E-mail: datenschutz(at)uni-graz.at

Mag. Dr. Birgit Strauß-Koscher,

Universitätsplatz 3, 8010 Graz, Austria

Tel.: +43 (0) 316 380 - 2139

E-mail: dsba(at)uni-graz.at

https://datenschutz.uni-graz.at

In connection with the processing of personal data by the University of Graz, data subjects at all times have the following rights:

  • Right of access by the data subject (Art 15 GDPR);
  • Right to rectification (Art 16 GDPR) or to erasure (Art 17 GDPR) and to restriction of processing (Art 18 GDPR);
  • Right to data portability (Art 20 GDPR);
  • Right to object (Art 21 GDPR);
  • and if processing of data requires consent: Right to withdrawal of consent (Art 7 (3) GDPR), which does not affect the lawfulness of processing based on consent before its withdrawal;

You can assert your rights in writing at any time:

By post:

University of Graz

Attn: Legal Department ‒ Data Protection, Universitätsplatz 3

8010 Graz, Austria

E-mail: datenschutz(at)uni-graz.at

In addition, data subjects have the right to lodge a complaint with a supervisory authority (Art 77 GDPR), which in Austria is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, phone: +43 1 52 152-0, e-mail: dsb(at)dsb.gv.at.

In addition, data subjects may consult the data protection officer on all questions relating to the processing of their personal data and to exercising their rights. These inquiries are of course treated with utmost confidentiality.

If you have any inquiries, please contact the data protection officer directly:

By post:

University of Graz, Universitätsplatz 3

Attn: Data Protection Officer, 8010 Graz, Austria

By e-mail:

E-mail: dsba(at)uni-graz.at

In principle, your personal data will only be processed within the university. If a transmission to external recipients takes place, you will be informed about this in the course of the respective processing activities.

 

Unless the storing of personal data is explicitly discussed separately for a specific processing activity, the University of Graz stores your personal data as follows:

If the data subject has given consent to the processing (Art 6 (1a) GDPR): Personal data processed on the basis of given consent is stored until consent is withdrawn, but at the longest until the purpose of storing the personal data has been achieved. In addition, only absolutely necessary personal data (name, date of consent, proof of consent, e.g., signature) is stored for the purpose of proving consent or withdrawal thereof for a period of 3 years from the date of withdrawal.

If processing is necessary for the performance of a contract (Art 6 (1b) GDPR): Personal data is stored for as long as necessary to fulfil the contract. In addition, personal data is only stored until any statutory retention periods or statute of limitations with regard to potential legal claims expire.

If processing is necessary for compliance with a legal obligation (Art 6 (1c) GDPR): Personal data is stored for as long as this is legally required. In addition, personal data is only stored until any statutory retention periods or statute of limitations with regard to potential legal claims expire.

If processing is necessary for the performance of a task carried out in the public interest (Art 6 (1e) GDPR): Personal data is stored for as long as this is necessary due to the public interest or until a (justified) objection is raised. In addition, personal data is only stored until any statutory retention periods or statute of limitations with regard to potential legal claims expire.

If processing is necessary for the purposes of the legitimate interests pursued by the controller (Art 6 (1f) GDPR): Personal data is stored for as long as this is necessary to protect legitimate interests or until a (justified) objection is raised. In addition, personal data is only stored until any statutory retention periods or statute of limitations with regard to potential legal claims expire.

We would also like to point out that the University of Graz may continue to process data for archiving purposes in the public interest and for scientific or historical research purposes (Art 5 (1b) GDPR) as part of the fulfilment of our tasks (including in the area of scientific research and teaching). You are informed separately about such further processing.

 

 

Processing activities

UNIZEIT

Description and scope of data processing

If you subscribe to the free magazine “UNIZEIT,” we process the following personal data for the

  1. Print edition:

Form of address (optional), academic degree listed before the person's name (optional), first and last name, academic degree listed after the person's name (optional), address, e-mail address (optional)

  1. Digital edition:

Name and e-mail address

Purpose of data processing

This personal data is processed for the purpose of registering the data subject for a subscription and sending the magazine “UNIZEIT” free of charge.

Legal basis for data processing

This personal data is processed for the performance of the subscription contract or in order to take the required steps prior to entering into the contract in accordance with Art 6 (1b) GDPR.

Since processing of the personal data is necessary for the conclusion of the contract or prior to entering the contract, failure to provide the personal data automatically means that the contractual service (delivery of the “UNIZEIT” magazine) cannot be provided.

Description and scope of data processing

According to the Austrian Universities Act (UG 2002), universities are responsible for maintaining contacts with graduates (§ 3 (10) UG 2002) and continuing education of graduates (§ 3 (5) UG 2002) as well as the advancement of science, research and teaching (§ 3 (1) UG 2002).

On the one hand, the University of Graz fulfils these tasks itself within its organisational structure (individual institutes, centres, departments, etc.) and on the other hand through the association “alumni UNI graz. das absolventInnen-netzwerk” (ZVR directory number 790183860) as a processor to fulfil these tasks.

These tasks are fulfilled in a variety of activities (e.g., organising various events, conducting study and educational trips, providing information [e.g., sending out newsletters], surveying graduates, making the fulfilment of these tasks visible through public relations work, etc.).

 

In particular, the following data categories are processed in connection with support of graduates:

Personal data, e.g.:

  • First name
  • Last name
  • Highest qualification
  • Academic degree
  • Date of birth
  • Field of study
  • Registration number
  • Date of graduation

Contact details, e.g.:

  • Address
  • Telephone number
  • E-mail address

Other, e.g.:

  • Communication content data
  • Event registration information

Purpose of data processing

In the context of support for graduates, personal data is processed for the purpose of fulfilling the tasks assigned to us, in particular maintaining contacts with graduates (§ 3 (10) UG 2002), continuing education of graduates (§ 3 (11) UG 2002) and providing public information on the performance of the university’s tasks (§ 3 (11) UG 2002) and the advancement of science, research and teaching (§ 3 (1) UG 2002).

Legal basis for data processing

The above personal data is processed for the purpose of performing the tasks assigned to us and thus for compliance with a legal obligation to which the university is subject in accordance with Art 6 (1c) GDPR on the one hand, and for the performance of a task carried out in the public/legitimate interest (Art 6 (1e) and (1f) GDPR) of the University of Graz in public relations work and making university services visible to the public as well as on the basis of consent given (Art 6 (1a) GDPR) on the other. The personal data in the course of an event registration (e.g., further education events, educational trips) is processed for the performance of the contract with you or in order to take the required steps prior to entering into the contract in accordance with Art 6 (1b) GDPR. If processing of personal data is necessary due to legal obligations or for the conclusion of the contract or prior to entering the contract, failure to provide the personal data automatically means that the contract cannot be concluded or that the legal obligations cannot be met.

Recipient

The University of Graz fulfils certain task in relation to support for graduates through the association “alumni UNI graz. das absolventInnen-netzwerk” as a processor (see above section “Description and scope of data processing”).

A) Viewing the website

Description and scope of data processing

When accessing the website of the University of Graz, the web server temporarily saves every access in a log file. The following data is recorded and stored until it is automatically deleted:

    • IP address of the accessing computer
    • Date and time of access
    • Name and URL of the data retrieved
    • Amount of data transmitted
    • Success status of the attempted access
    • Identification data of the browser and operating system used
    • Website from which access is requested
    • Name of Internet provider

Purpose of data processing

Data is processed for the purpose of ensuring the usability of the website (connection establishment), system security and the technical administration of the network infrastructure. In addition, processing serves to optimise the online presence of the University of Graz. The IP address is only evaluated in the event of attacks on our network infrastructure.

Legal basis for data processing

The above personal data is processed in particular for the purposes of the legitimate interests (Art 6 (1f) GDPR) of the University of Graz in relation to fulfilment of its tasks according to § 2 and § 3 Universities Act (UG 2002) in guaranteeing system security, facilitating technical administration of the network infrastructure and optimising the offered Internet.

 

B) Measuring of outreach and usage

Matomo

Description and scope of data processing

The University of Graz uses “Matomo” to measure the outreach and usage of its website. For this purpose, so-called “cookies” (small text files) are stored on your computer and transferred to the server in order to process only the usage information absolutely necessary the purpose of outreach and usage measuring.

The software does not store the IP addresses in full, but rather with 3rd and 4th octet of the IP address masked (e.g., 192.168.xxx.xxx). In all probability, it is generally no longer possible to identify the computer requesting access based on such a shortened IP address. The information on website usage generated by the cookie is not passed on to third parties.

Depending on user behaviour (e.g., accessed the website from another site via a referrer), Matomo can set the following cookies:

_pk_id: 13 months (storing of a unique visitor ID)

_pk_ref: 6 months (storing of attribution information, i.e., original referrer used to visit the website)

_pk_ses, _pk_cvar, _pk_hsr: 30 minutes (temporary storing of data about the visit)

mtm_consent_removed: 30-year expiry date to record that the user has opted out

Purpose of data processing

The personal data is processed for the purpose of measuring outreach and usage, in particular to compile reports on aggregated website activities (outreach measurement, estimation of the required server performance, analysis of the content accessed, detection of navigation problems, etc.) and thus to improve our website. The improvement of our website is necessary to fulfil our tasks as a university (in particular to provide public education, to provide further education, to support national and international cooperation; to support the use and implementation of research results in practical application, to support the social integration of research results and appreciation of the art, and to inform the public about fulfilment of these tasks) in compliance with the guiding principles for universities (efficiency, expediency and frugality).

Legal basis for data processing

The above personal data is processed in particular for the purposes of the legitimate/public interests (Art 6 (1e) and (1f) GDPR) of the University of Graz in relation to fulfilment of its tasks according to § 2 and § 3 UG 2002 as a public institution in improving the website for fulfilment of the university’s tasks.

You can prevent the installation of cookies by setting your browser software accordingly; However, we would like to point out that in this case the University of Graz, as a public institution within the meaning of university tasks and guiding principles, unfortunately loses your valuable input in relation to improving the website appearance and usability. If you do not consent to the storage and evaluation of the data generated based on your personal usage, you can object below. In such a case, a so-called deactivation cookie is stored in your browser hindering "Matomo" from collecting any session data. Please note: If you delete your browser cookies, the deactivation cookie will also be deleted and will have to be restored when you next access the website.

You can deactivate data collection by “Matomo” via the following website:

https://www.uni-graz.at/de/datenschutz/

A) Library card, lending (order, reservation, overdue fees reminder)

Description and scope of data processing

The following personal data is processed when using the services of the University Library:

    • E-mail address
    • Company
    • Form of address/gender
    • First name
    • Last name
    • Postal address
    • Payment reference (e.g., registration number, ...)
    • Gender
    • Date of birth
    • Library card number
    • Registration number
    • UNIGRAZonline user name

Purpose of data processing

The personal data is processed by the University Library for the purpose of issuing a library card and administering the lending process (orders, reservations, overdue fee reminders).

Legal basis for data processing

This personal data is processed for the performance of the contract or in order to take required steps prior to entering into the contract in accordance with Art 6 (1b) GDPR.

Since processing of the personal data is necessary for the conclusion of the contract or prior to entering the contract, failure to provide the personal data automatically means that the contractual service (issuing of the library card, lending) cannot be provided.

B) Open Journal Systems OJS

Description and scope of data processing

For the purpose of administration and publication of scientific journals, we process the following personal data:

    • Form of address
    • Gender
    • First name
    • Last name
    • Date of birth
    • Nationality
    • Postal/invoice address
    • Telephone number

Purpose of data processing

This personal data is processed for the purpose of handling the publication process from submission to review to publication in a scientific journal.

Legal basis for data processing

This personal data is processed for the performance of the contract or in order to take required steps prior to entering into the contract in accordance with Art 6 (1b) GDPR.

Since processing of the personal data is necessary for the conclusion of the contract or prior to entering the contract, failure to provide the personal data automatically means that the contractual service (administration and publication of articles in scientific journals) cannot be provided.

Description and scope of data processing

If you pay electronically for a service provided by the University of Graz (tuition fees, events, donations, cost sharing for admission procedures...), the following personal data is processed:

      • E-mail address
      • Company
      • Form of address/gender
      • First name
      • Last name
      • Postal address
      • Date of birth
      • Payment reference (e.g., registration number, ...)

In order for the payment to be assigned to you, the following data must be transmitted to the payment service provider:

      • Payment reference (e.g., registration number, ...)
      • First name
      • Last name

On the part of the payment service provider, further personal data may be collected.

Purpose of data processing

This personal data is processed for the purpose of processing electronic payments and donations.

Legal basis for data processing

This personal data is processed for the performance of the contract or in order to take the required steps prior to entering into the contract in accordance with Art 6 (1b) GDPR along with § 91 Universities Act (UG 2002) with regard to tuition fee payments.

Since processing of the personal data is necessary for the conclusion of the contract or prior to entering the contract, failure to provide the personal data automatically means that the contractual service (electronic payment) cannot be provided.

Further information on the processing of personal data in the context of mobility programmes is available here:

https://international.uni-graz.at/de/datenschutz/)

 

Description and scope of data processing

a) Profile

A personal profile is created for each user of the competence portfolio portal, which is then updated in the event of any changes. This profile includes the following personal data:

    • User name
    • E-mail address
    • First name
    • Last name
    • Password (in encrypted form)

You can manage and change the information this profile yourself (with the exception of the user name). You can access the website for managing and changing your personal settings here:

https://portfolio.uni-graz.at/doku.php?do=profile

First you must log in with your username and password. If you have forgotten your password, it is possible to request a password reset (“Setze neues Passwort” (set new password) on the login page). Please note: The web portal administrators are able to view essentially all profile data as part of their administrative access.

Your personal data will be deleted if your account is deleted or if the competence portfolio portal as a whole is deleted. Please note: Your profile (along with the portfolio data) will be deleted five years after your last access of portfolio support, but not before May 24, 2023, without any further notification! If you are interested in continuing to use your portfolio, we recommend that you attend a workshop on creating a competence portfolio in good time.

b) Portfolio data

The competence portfolio portal is a web application for storing and managing your personal data in order for you to be able to make this data accessible to third parties. Since this data gives a broad insight into your personal circumstances, we strongly recommend that you exercise caution and restraint when publishing your personal data online via this portal. Please think carefully about which personal data you want to make accessible and to whom. The personal data you enter will be stored on the competence portfolio portal web server. Please note: The web portal administrators are able to view essentially all profile data as part of their administrative access. For the purpose of data security, copies of this personal data are generated on a regular basis and stored as back-ups on a data carrier (external hard drive) located in controlled operating facilities. The back-up copies are kept for at least one month and are deleted at the latest three months after the creation of the respective back-up copy.

Furthermore, the competence portfolio supervisor has access to the non-private sections of the portfolio in order to give feedback on the texts ‒ if requested by you as the portfolio creator ‒ and to be able to create a certified version of your portfolio. While creating the certified version of your portfolio (PDF document), the personal data is not stored locally, but rather is deleted immediately after uploading it to the portfolio platform (where you have access to it). The supervisor is obliged to maintain data protection secrecy and has thus signed a corresponding non-disclosure agreement.

Please note: Your portfolio data (along with the profile) will be deleted five years after your last access of portfolio support, but not before May 24, 2023, without any further notification! If you are interested in continuing to use your portfolio, we recommend that you attend a workshop on creating a competence portfolio in good time.

Purpose of data processing

The competence portfolio portal is a web application for storing and managing your personal data in order for you to be able to make this data accessible to third parties. In order to provide these services ‒ in particular to provide the electronic competence portfolio functionality using the software Dokuwiki ‒ the University of Graz processes the specified data to the necessary extent specified.

Legal basis for data processing

This personal data is processed for the performance of the contract or in order to take required steps prior to entering into the contract in accordance with Art 6 (1b) GDPR.

Since processing of the personal data is necessary for the conclusion of the contract or prior to entering the contract, failure to provide the personal data automatically means that the contractual service (use of database, creation and provision of a profile) cannot be provided.

Description and scope of data processing

Contacting the University of Graz (by e-mail, telephone or contact form) generally requires processing of some personal data in order for us to be able to process and answer your request. Usually, this involves the following personal data:

  • First and last name
  • Address
  • E-mail address
  • Registration number

In addition to the data listed above, other personal data may be processed should you provide it, specifically:

  • Gender
  • Academic degree
  • Telephone number
  • Institution/organisation/field of study
  • Content data (if you leave a message)

Purpose of data processing

This personal data is processed for the purpose of answering to your request/feedback. The data is stored by us for at least six months in case of follow-up questions or for the period required to provide the services you have requested.

Legal basis for data processing

The above data is processed in particular for the purposes of the legitimate interests (Art 6 (1f) GDPR) of the University of Graz in processing and answering your request/feedback, if necessary, in order to take steps at your request according to Art 6 (1b) GDPR.

Since processing of the personal data is necessary for the conclusion of the contract or prior to entering the contract, failure to provide the personal data automatically means that the contractual service (answering your request) cannot be provided.

Moodle

Description and scope of data processing

The online learning platform Moodle is used both to accompany/conduct courses, examinations and research and to facilitate collaborative group-working and general (internal) further education. The platform thus supports, among other things, the University of Graz in the fulfilment of its tasks in the areas of teaching, research and administration and is therefore necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the university.

When using Moodle, the following personal data is processed:

  1. Login or profile data: User name, password in encrypted form, e-mail address, first name, last name, registration number
  2. Content data (e.g., uploaded files, forum posts, course entries)
  3. Cookies
  4. Connection and usage data (e.g., IP address, browser type, date and time of access)

Ad a) Access data Mandatory information:

Your personal information will only be processed to facilitate your participation in Moodle courses. A personal profile is created for each user with the following personal data:

  • First name
  • Last name
  • E-mail address
  • User name
  • Registration number

Voluntary information:

In addition, you can voluntarily provide further personal information (e.g., a photo, ...) in your “personal profile”. By actively entering or uploading your personal data, you are giving your (explicit) consent to the processing of this data.

Ad b) Content data

Moodle allows you to publish personal content in forums, wikis, blogs or assignments, thereby making them available and accessible for other participants. Uploading and posting of content serves the purpose of conducting research and teaching.

No illegal content may be posted and the rights of third parties must not be violated. In this regard, all users are responsible for compliance with applicable data protection and copyright regulations.

 

Ad c) Cookies

Moodle saves two types of cookies on your device. The first cookie is called “MoodleSession” and saves the login data of the currently ongoing Moodle session. This cookie must agree to the use of this cookie so that the login data and thus the access rights within Moodle are retained throughout the session. This cookie is automatically deleted if you log out of Moodle or if you close the web browser. The second cookie is called “MoodleID” and, on request, saves the user name in the web browser so that it can be pre-entered for your next login. It aims to simplify the login process and can be activated at login if desired.

Ad d) Connection and usage data

Storage of connection data, in particular the IP address, by the system is necessary to ensure the usability of the service, system security and the technical administration of the network infrastructure.

In addition, your content contributions and activities are saved when using Moodle exclusively to conduct the respective course and for technical and user-friendly optimisation.

Only site administrators have access to connection and usage data.

Storage period

The usage data stored as part of accessing Moodle courses is automatically deleted after 180 days. Posts you have published in forums, chats, blogs, wikis, tasks etc. or files made available for retrieval are excluded from this automatic deletion process. These content contributions remain available until the respective Moodle course is deleted. Unless otherwise agreed, Moodle courses are deleted after 3 semesters + 2 months.

You are able to change or delete the personal data you have voluntarily provided (personal profile) yourself at any time.

Purpose of data processing

Purpose 1: Personal access, profile and usage data is processed for the purpose of supporting/conducting courses, examinations, research activities and further education events in teaching, research and administration. Processing is thus necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the University of Graz on the one hand and for the purposes of the legitimate interests pursued by the University of Graz in the implementation of (internal) further education measures on the other.

Purpose 2: Connection and usage data as well as cookies are processed for the purpose of ensuring the usability of the platform, system security and the technical administration of the platform.

Legal basis for data processing

The above personal data is processed for the performance of a task carried out in the public interest or in the exercise of official authority vested in the University of Graz (Art 6 (1e) GDPR) in conjunction with § 1, § 2, § 3 and § 19 (2)-(4) Universities Act (UG 2002) as well as Art 20 Excerpt of Statutes: Provisions under Study Law as amended along with the relevant sections on e-learning and virtual teaching in the respective curricula of the University of Graz. Furthermore, the personal data is processed for the purposes of the legitimate interests pursued by the University of Graz in the implementation of further education measures (Art 6 (1f) GDPR).

If you actively enter or upload personal data (personal profile), your personal data is processed on the basis of your (explicit) consent to the processing for one or more specific purposes in accordance with Art 6 (1a) or Art 9 (2a) GDPR.

A) Newsletter

Description and scope of data processing

If you have signed up for one of our newsletters, the following personal data is processed:

  • Form of address
  • First and last name
  • E-mail address

Purpose of data processing

This personal data is processed for the purpose of sending you the desired news and information.

Legal basis for data processing

The above personal data is processed on the basis of given consent to the processing (Art 6 (1a) GDPR), which you can withdraw at any time.

 

B) Sending specific information to university member

Description and scope of data processing

Processing of personal data is necessary for sending university members specific information (in the sense of § 94 Universities Act (UG 2002) to their university e-mail addresses. This involves the processing of the following personal data:

    • Form of address
    • First and last name
    • University e-mail address
    • If applicable, faculty, institute or department affiliation
    • If applicable, field of study

Purpose of data processing

The above personal data is processed to pass on university information (e.g., relevant news, events, etc.) so that the university members are kept up to date and the University of Graz can fulfil its tasks according to § 3 UG 2002 in particular.

Legal basis for data processing

The above personal data is processed for the performance of a task carried out in the public/legitimate interest of the University of Graz in passing on essential university information to the university members (Art 6 (1e) and (1f) GDPR in conjunction with § 3 UG 2002).

Validation

Description and scope of data processing

If you want to use the qualified electronic signature as a form of signature equivalent to your handwritten signature in business transactions with the University of Graz (e.g., employment contract, travel expenses, guest lecture, etc.), it is always necessary to validate the qualified electronic signature issued. When using the validation service, the following personal data is processed:

    • Time of signature/seal creation
    • Data of the document to be checked
    • Time of the validation process
    • Information related to the validation report

Purpose of data processing

Within the validation framework for qualified electronic signatures, personal data is processed for the purpose of creating legal certainty with regard to the validity of qualified electronic signatures or for the possible assertion, exercise or defence of legal claims.

Legal basis for data processing

Within the validation framework for qualified electronic signatures, the personal data is processed for the purposes of the legitimate interests pursued by the University of Graz (Art 6 (1f) GDPR) in establishing legal certainty with regard to the validity of qualified electronic signatures or for the possible assertion, exercise or defence of legal claims.

Recipient

In the course of validating the qualified electronic signature, the signed document, together with the personal data contained in the document to be validated, is transmitted to an external qualified validation service, RTR GmbH, in accordance with § 14 (2) Signature and Trust Services Act (SVG) to carry out the validation in accordance with Art 32 eIDAS Regulation.

Description and scope of data processing

The University of Graz is active online on a number of social media networks and platforms in order to communicate with the users represented there and to inform them about the goings-on at the university.

The University of Graz has no influence on the type and scope of personal data processed by the operator of the respective network/platform or on the type of processing, use or possible transmission of this personal data to third parties. The University of Graz also has no effective control options in this respect. We would like to point out that users use the social media networks/platforms and their functions voluntarily and on their own responsibility. The terms of service and privacy policies of the respective operators apply when deciding to use the respective service.

Please note: The social media networks are only an additional way of getting in touch with the University of Graz or to receive information from us. All relevant university information ‒ from study opportunities and access to research to contact information to relevant press releases ‒ is always also available on the university communication channels (website, newsletter, etc.).

Purpose of data processing

 

An online presence in social media networks and platforms complements the existing university communication channels, such as websites, press releases, newsletters, print media and events, in a meaningful and necessary way.

Legal basis for data processing

The University of Graz makes use of social media networks and platforms for the performance of a task carried out in the public/legitimate interest in accordance with Art 6 (1e) and (1f) GDPR in conjunction with § 3 (4)-(5), (7)-(8) and (10)-(11) Universities Act (UG 2002) within the framework of effective and target group-specific public relations.

Currently, the University of Graz has an online presence on:

 

 

 

 

 

A) Organisation of events using the university event tool (esraSoft)

Description and scope of data processing

For the administration, announcement/advertising and payment for events, we process the following personal data:

  • Gender
  • Academic degree
  • First name
  • Last name
  • E-mail address
  • Date of birth
  • Nationality
  • Graduated from [school type]
  • Postal address
  • Telephone number
  • Relationship category (staff, student, external)
  • Field of study

Purpose of data processing

This personal data is processed for the purpose of event administration and implementation as well as to announce/advertise the event.

Legal basis for data processing

This personal data is processed for the performance of the contract or in order to take required steps prior to entering into the contract in accordance with Art 6 (1b) GDPR.

Since processing of the personal data is necessary for the conclusion of the contract or prior to entering the contract, failure to provide the personal data automatically means that the contractual service (administration of the event, registration, payment) cannot be provided.

Recipient

The personal data is processed using esraSoft in connection with the processor Kaindl Informatics GmbH.

 

B) Event registration via the homepage form

Description and scope of data processing

Generally speaking, when registering for an event, the following personal data is processed:

    • First and last name
    • Address
    • E-mail address

In addition to the data listed above, other personal data may be processed should you provide it, specifically:

  • Gender
  • Academic degree
  • Telephone number
  • Institution/organisation/field of study
  • Content data (if you leave a message)

Purpose of data processing

The above personal data is processed as part of the registration, organisation and implementation of the event.

Legal basis for data processing

This personal data is processed in particular for the performance of a contract or in order to take required steps prior to entering into a contract in accordance with Art 6 (1b) GDPR.

Processing of this personal data is absolutely necessary for the administration of the event. If you do not provide us with this personal data, participation in the event is unfortunately not possible.

 

C) Event documentation

Description and scope of data processing

The University of Graz, its administrative and organisational units or individual institutes or centres take photos or short videos of visitors during events. These photos/short videos are published for public relations purposes and to showcase our activities on core university media channels (e.g., university website, institute or centre websites, university magazine “UNIZEIT”, etc.) as needed.

Purpose of data processing

The image data is processed for the purpose of public relations, to highlight university activities and to inform the public about the fulfilment of the university's tasks.

Legal basis for data processing

The data is processed in particular for the purposes of the legitimate interests (Art 6 (1f) GDPR) of the University of Graz.

 

D) Sending electronic event invitations to similar events to existing, potentially interested contacts

Description and scope of data processing

If you provide your contact details (e-mail address) to the University of Graz, its administrative and organisational units or individual institutes or centres as part of registrations for university events, the University of Graz may process these contact details by sending invitations to similar university events.

Purpose of data processing

The contact details are processed for the purpose of fulfilling the university’s tasks, specifically for the purpose of providing information about and actively promoting further education, for supporting the use and implementation of research results in practical application and for supporting the social integration of such research results.

Legal basis for data processing

The personal data is (further) processed in particular for the purposes of the legitimate/public interest of the University of Graz (Art 6 (1e) and (1f) GDPR in conjunction with § 3 (5) and (8) Universities Act (UG 2002) ‒ depending on the specific individual case possibly in conjunction with Art 6 (4) GDPR.

In addition, your contact details are processed exclusively in compliance with the legal provisions of § 174 (4) Telecommunications Act (TKG 2021).

Description and scope of data processing

If you have registered for a degree programme with restricted admission, the following personal data is processed:

  • Gender
  • First name
  • Last name
  • Date of birth
  • Nationality
  • Graduated from [school type]
  • Postal address
  • Telephone number
  • German language skills
  • Registration number
  • Copy of passport/valid identity card
  • Proof of qualifications to study (e.g., graduation certificate, qualifying examination)
  • Passport photo
  • Examination result
  • Disability or other impairments (if you need an alternative examination method due to a disability, chronic or mental illness. Impairments must be verified in a specialist medical report ‒ we will contact you in such cases.)

Purpose of data processing

The above personal data is processed for the purpose of allowing you to participate in the admissions process for degree programmes with restricted admission.

In addition, for statistical and evaluation purposes, aggregated data (e.g., registration and admission numbers, distribution of registrations/admissions according to certain criteria, etc.) is processed without identifiers (e.g. name, e-mail address) that directly relate to an individual, aiming for complete anonymisation.

If, in the case of a smaller group size, it cannot be ruled out that certain data may relate to an individual, processing is nevertheless necessary for the performance of a task carried out in the public/legitimate interest (Art 6 (1e) and (1f) GDPR) of the University of Graz in conjunction with fulfilment of the legal requirements according to § 71b (7) Universities Act (UG 2002) and the corresponding statutory reporting obligations and internal quality management.

Legal basis for data processing

The above data is processed in particular for the purposes of the legitimate interests (Art 6 (1f) GDPR) of the University of Graz.

Furthermore, personal data is processed for the purpose of providing alternative examination methods for those suffering from a disability or impairment which makes it impossible to take an examination in the prescribed manner in accordance with § 59 (1)-(12) UG 2002.

The privacy policy is also available as a PDF document.

 

Contact

Rechtsabteilung-Datenschutz
Universtitätsplatz 3/I
8010 Graz



Further information

End of this page section.

Begin of page section: Additional information:

End of this page section.