This privacy policy provides clarity on the nature, scope and purpose of the processing of personal data by the Otto Loewi Foundation.
With regard to the terms used, such as "processing" or "controller", please refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Controller:
The Otto Loewi Foundation
Please direct any queries via email to office@olg.or.at.
The types of data processed are as follows:
- Inventory data (e.g. names, addresses).
- Contact data, including email addresses and telephone numbers.
- Content data (e.g. text entries, photographs).
This data is not shared with any third parties.
The categories of data subjects are as follows:
This includes visitors and users of our online offering, as well as our members.
The purpose of the processing is to:
- The provision of the website, its functions and content.
- Responding to queries from users and conducting communication.
- Administration of memberships.
Terminology used:
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" is defined as any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means. This term is broad and encompasses a wide range of data handling activities.
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information. This additional information must be kept separately and subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
The term "controller" refers to the natural or legal person, public authority, agency or other body that determines the purposes and means of processing personal data, either alone or in collaboration with other entities.
A "processor" is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
Please find below a list of the relevant legal bases
In accordance with Article 13 of the GDPR, we inform you of the legal basis of our data processing. If the legal basis is not stated in the privacy policy, the following applies:
The legal basis for obtaining consent is Article 6, paragraph 1, letter a and Article 7 of the GDPR.
The legal basis for processing to fulfil our services and implement contractual measures and respond to enquiries is Article 6, paragraph 1, letter b. The legal basis for processing to fulfil our legal obligations is Art. 6 para. 1 lit. c GDPR. The legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
Cookies
Cookies are small files stored on users' computers. They can contain various types of information. Cookies are primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online service. Temporary cookies, also known as "session cookies" or "transient cookies", are deleted after a user leaves an online service and closes their browser. The content of a shopping basket in an online shop or a login status, for example, can be stored in such a cookie. "Permanent" or "persistent" cookies are cookies that remain stored even after the browser is closed. For example, the login status can be saved if the user visits the website after several days. The interests of users can also be stored in such a cookie and used for reach measurement or marketing purposes. "Third-party cookies" are cookies offered by providers other than the controller who operates the online service (otherwise, if they are only the controller's cookies, they are referred to as "first-party cookies").
If users wish to disable cookies on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Saved cookies can be deleted in the browser's system settings. Please note that disabling cookies may result in functional restrictions of the online offer.
A general objection to the use of cookies for online marketing purposes can be declared for a large number of services, especially in the case of tracking. This can be done via the US website www.aboutads.info/choices/ or the EU website www.youronlinechoices.com. Furthermore, the storage of cookies can be achieved by switching them off in the browser settings. Please note that you may then not be able to use all the functions of this online offering.
Provision of our statutory services
We process the data of our members, supporters, interested parties or other persons in accordance with Art. 6 para. 1 lit. b. GDPR, insofar as we offer them services, e.g. to members, or are ourselves recipients of services. Otherwise, we process the data of data subjects in accordance with Art. 6 para. We process data on the basis of our legitimate interests, for instance, in relation to administrative tasks or public relations work.
The data processed in this context, the type, scope and purpose, and the necessity of its processing are determined by the underlying contractual relationship. This typically encompasses inventory and master data pertaining to individuals, such as their name, address, and so forth. It also includes contact data, such as email addresses and telephone numbers. Additionally, it encompasses contract data, including the services utilized, content and information provided, and the names of contact persons. In the event that we offer services or products subject to payment, it also encompasses payment data, including bank details, payment history, and so forth.
Contacting us
When contacting us (e.g. via contact form or email), the user's details are processed in order to process the contact enquiry and its handling in accordance with Art. 6 para. 1 lit. b) GDPR.
Once an enquiry is no longer required, it will be deleted.
Security measures are in place to protect your data
In accordance with Article 32 of the GDPR, we have implemented appropriate technical and organisational measures to ensure the security of your data. These measures are designed to address the state of the art, the costs of implementation, the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
Your rights
You have the right to request information, correction, erasure, restriction, data portability, cancellation and objection (Art. 15 - Art. 21 GDPR). You can contact us using the details provided. If you believe that the processing of your data contravenes data protection legislation or that your data protection rights have been infringed, you have the option of lodging a complaint with the relevant supervisory authority: Austrian Data Protection Authority; postal address: Wickenburggasse 8, 1080 Vienna; telephone +43 1 52 152-0; e-mail: dsb@dsb.gv.at.
Status as of 23/10/2019