Privacy Policy for the FWF Website

The Austrian Science Fund (hereinafter referred to as FWF) is pleased that you are visiting our website. Data protection and data security when using our website are very important to us. We would therefore like to inform you about the personal data we collect during your visit to our website and about the intended purposes.

As changes to the law or changes to our internal processes may require an adaptation of this privacy statement, we ask you to read this privacy policy regularly. The privacy policy can be accessed any time under "Privacy Policy," saved, and printed out.

§ 1 Data controller and scope

The controller according to the EU General Data Protection Regulation (hereinafter referred to as GDPR) and other national data protection acts of the Member States, as well as other data protection regulations, is:

Austrian Science Fund (FWF)

Haus der Forschung
Sensengasse 1
A-1090 Vienna
Tel: +43-1-505 67 40-0
Email: office(at)fwf.ac.at
Website: www.fwf.ac.at

This privacy policy applies to the online presence of the FWF, which is available at www.fwf.ac.at and its various subdomains (hereinafter referred to as “our website”).

§ 2 Data protection officer

The external data protection officers of the data controller are:

Dr. Daniel Stanonik
Rechtsanswaltskanzlei Stanonik
Salztorgasse 2/8
A-1010 Vienna
Tel: +43-1-904 33 55
Email: daniel(at)stanonik.at
Website: http://www.stanonik.at

Dr. Karsten Kinast, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
Hohenzollernring 54
D-50672 Cologne
Tel: +49-221-222 183-0
Email: mail(at)kinast-partner.de
Website: http://www.kinast-partner.de/externer-datenschutzbeauftragter/

§ 3 Principles of processing personal data

Personal data are all information relating to an identified or identifiable natural person. This includes information such as your name, age, address, telephone number, date of birth, email address, IP address, or user behaviour. Information that cannot (or only with disproportionate effort) be referred to your person, e.g., by anonymising the information, is not personal data. The processing of personal data (e.g., the collection, retrieval, use, storage, or transmission) always requires a legal basis or your consent.

Processed personal data will be deleted as soon as the purpose of the processing has been fulfilled and no legally prescribed retention obligations are to be observed.

In case we process your personal data for the provision of certain offers, please find below information about the specific processes, the scope and purpose of data processing, the legal basis for processing, and the respective storage period.

§ 4 Individual processing operations

1. Provision and use of our website

a. Description and scope of data processing

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a log file. When you use our website, we collect the following data, which are technically necessary for us to display our website to you and to guarantee stability and security:

  • IP address of the requesting computer
  • date and time of access
  • name and URL of the retrieved file
  • the web page from which access is made (referrer URL)
  • the browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

b. Legal basis

Art. 6 para. 1 point f GDPR serves as the legal basis for the aforementioned data processing. The processing of the mentioned data is necessary for the provision of our website and thus serves the protection of a legitimate interest of our company.

c. Storage time

As soon as the mentioned data for the display of our website are no longer necessary, they will be deleted. The collection of data for the provision of our website and the storage of data in log files is absolutely necessary for the operation of our website. Consequently, there is no possibility of objection on the part of the user. Further storage may take place in individual cases if this is required by law.

2. Ordering of printed products

a. Description and scope of data processing

On our website, we offer users the opportunity to order printed products with the indication of personal data. The data required for this is entered into an input mask and transmitted to us and stored. The data will not be passed on to third parties. The following data is collected during the ordering process:

  • name
  • address
  • email address
  • telephone number

Your data will be passed on to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of the goods.

If you order printed products from our website and enter your email address, we may use this to send you a newsletter regarding our own or similar goods or services.

b. Legal basis

Art. 6 para. 1 point b GDPR serves as the legal basis for the processing of your personal data (cf. § 4. 2. a.) that are necessary to fulfil a contract concluded with us. This also applies to such processing that is necessary to carry out pre-contractual measures.

c. Storage time

After complete processing of the contract, your data will be blocked for further use and deleted after expiry of the tax and commercial retention periods, unless you have expressly consented to the further use of your data. Further storage might take place in individual cases if this is required by law.

3. Newsletter

a. Description and scope of data processing

On our website, you can subscribe to a free newsletter. In order to be able to send you the newsletter regularly, we need the following information from you:

  • email address
  • name
  • address

Your data will not be passed on to third parties in the connection with sending the newsletter.

We use the double opt-in procedure for sending the newsletter, i.e., we will only send you the newsletter if you have previously confirmed your registration via a link that is sent to you for this purpose in a confirmation email. We would like to make sure that only you, as the owner of the specified email address, can subscribe to the newsletter. Your confirmation must be given promptly after receiving the confirmation email; otherwise, your newsletter registration will be automatically deleted from our database.

b. Legal basis

The processing of your email address for sending the newsletter is based on Art. 6 para. 1 point a GDPR on the declaration of consent, which you have voluntarily given as follows:

Declaration of consent:

By entering my data and clicking the “send” button, I declare my consent to the use of my email address, my name, and my address for regularly receiving newsletters. I can unsubscribe from the newsletter at any time by clicking on the link at the end of the newsletter.

I can withdraw my consent to the processing of personal data collected during the registration process at any time.

c. Storage time

Your email address, name, and address will be stored for as long as you have subscribed to the newsletter. After you unsubscribe from the newsletter, your email address and contact details will be deleted. Further storage might take place in individual cases if this is required by law.

4. elane application and project data

a. Description and scope of data processing

In the course of submitting applications via the ELANE application portal, the following personal data of researchers, project participants, and other persons associated with the applications will be processed:

  • first name
  • surname
  • address
  • email address
  • contact details
  • qualifications
  • date of birth
  • date of PhD
  • country of PhD
  • research institution of PhD
  • ORCID (Open Researcher and Contributor ID)
  • language of correspondence
  • educational level
  • marital status
  • number of children
  • nationality
  • academic degrees
  • employment contract details
  • personal ID (identifier)

b. Legal basis

The processing of personal data via https://elane.fwf.ac.at is based on Art. 6 para. 1 point c GDPR and § 2g of the Austrian Research Organisation Act (FOG).

c. Storage time

The personal data will be deleted after the end of the legal retention periods.

d.   Evaluation of funding programmes

If your application has been rejected, the FWF will continue to process your data for the legally permissible period. The data processing is based on Art. 6 para. 1 point f GDPR and/or § 2g of the Austrian Research Organisation Act (FOG). The FWF has a legitimate interest in the evaluation and analysis of its allocation of funding.

5. Complaint management

The FWF processes your data in the case of a complaints procedure if you have lodged a complaint using the contact form on the website at https://elane.fwf.ac.at./page/panel/beschwerde. The data fields collected are:

  • Name
  • Title
  • Email address
  • Nature of the complaint
  • Message

The data processing is based on Art. 6 para. 1 point f GDPR. The FWF has a legitimate interest in a functioning complaint management process which is transparent and effective.  Your personal data will be stored until the complaint procedure has been concluded.

§ 5 Third party transfers

We only share your personal data with third parties if:

  • you have given your express consent pursuant to Art. 6 para. 1 sentence 1 point a GDPR,
  • it is legally permissible and necessary for the fulfilment of a contractual relationship with you pursuant to Art. 6 para. 1 sentence 1 point b GDPR,
  • there is a legal obligation to pass on the data in accordance with Art. 6 para. 1 sentence 1 point c GDPR,
  • the disclosure pursuant to Art. 6 para. 1 sentence 1 point f GDPR is necessary to protect legitimate company interests and to assert, exercise, or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.

§ 6 Transfer of personal data to third countries

In order to review your funding application, your personal data is transferred to external reviewers who are potentially located in countries outside of the European Union or the European Economic Area. It may be that these countries have a lower level of protection guaranteed by law; however, the transfer of your personal data is necessary to review your funding application. The data processing itself is based on Art. 6 para. 1 point c GDPR and § 2g of the Austrian Research Organisation Act (FOG). The transfer of personal data is permitted on the basis of Art. 49 para. 1 point b and c GDPR as well as Art. 49 para. 1 point d GDPR in conjunction with § 38a para. 4 and § 2j sentence 1 point b of the Austrian Research Organisation Act (FOG).

§ 6 Use of cookies

a. Description and scope of data processing

We use cookies on our website. Cookies are small files which are sent by us to the browser of your terminal device and stored there as part of your visit to our website. Some functions of our website cannot be offered without the use of technically necessary cookies. Other cookies allow us to perform various analyses. Cookies are, for example, able to recognise the browser you are using when you visit our website again and to transmit various information to us. We can use cookies to make our website more user-friendly and effective, for example, by tracking your use of our website and by determining your preferred settings (e.g., country and language settings). In case third parties use cookies to process information, they will collect the information directly from your browser. Cookies do not cause any damage to your terminal device. They cannot run programmes or contain viruses.
Various types of cookies are used on our website, the type and function of which are explained in more detail below.

Our website uses transient cookies, which are automatically deleted when you close your browser. This type of cookie allows us to collect your session ID. This makes it possible to assign different requests from your browser to a common session and enables us to recognise your terminal device during subsequent visits to the website.

Our website also uses persistent cookies that are stored in your browser for a longer period of time and transmit information to us. The respective storage time differs depending on the cookie. You can delete persistent cookies independently using your browser settings.

Function 1: Required cookies

These cookies are required for technical reasons so that you can visit our website and use the functions we offer. This applies, for example, to the following applications: website, Matomo.

In addition, these cookies contribute to the safe and correct use of our website.

These cookies enable us to analyse website usage and improve the performance and functionality of our website. Information is collected, for example, about how visitors use our website, which pages are most frequently accessed, or whether error messages are displayed on certain pages.

Advertising cookies (third-party providers) allow us to show you various offers that match your interests. These cookies can be used to record the web activities of users over a longer period of time. You may recognise the cookies on various devices you use.

In addition, certain cookies allow us to connect to your social networks and share content from our website within your networks.

b. Legal basis

Due to the described purposes of use (cf. § 6. a.), the legal basis for the processing of personal data with the help of cookies is Art. 6 para. 1 point f GDPR.

c. Storage time

As soon as the data transmitted to us via cookies is no longer necessary for the purposes described above, this information will be deleted. Further storage might take place in individual cases if this is required by law.

d. Configuration of browser settings

Most browsers are preset to accept cookies by default. However, you can configure your browser so that it only accepts certain cookies or no cookies at all. We would like to point out, however, that if cookies are deactivated on our website by your browser settings, you may no longer be able to use all the functions of our website. You can also use your browser settings to delete cookies already stored in your browser or display the storage time. In addition, it is possible to set your browser so that it notifies you before cookies are stored. Since functions may vary on different browsers, we would ask you to use your browser’s help menu for the configuration of options.

If you would like a comprehensive overview of all third-party access to your Internet browser, we recommend that you install specially developed plugins.

§ 8 Tools for tracking and analysis

We use tracking and analysis tools to ensure continuous optimisation and needs-based design of our website. With the aid of tracking measures, it is also possible for us to statistically record visitors’ use of our website and further develop our online offer for you with the help of the information we obtain from this. On the basis of these interests, the use of the tracking and analysis tools described below is justified in accordance with Art. 6 para. 1 sentence 1 point f GDPR. The following description of the tracking and analysis tools also provides information on the purposes of the processing concerned and the data that are processed.

1. Matomo

Our website uses Matomo, an open-source software for the statistical analysis of visitor traffic. Matomo uses cookies. The information generated by these cookies about your use of our website is stored on the web server. You can prevent the setting of cookies by adjusting the settings on your browser. We would like to point out, however, that in this case you may not be able to use all the functions of this website to their full extent.

After being processed and before being stored, the IP address is anonymised. However, we want to emphasise that despite the fully activated anonymisation function, total anonymisation cannot be achieved – only pseudonymisation. During use, Matomo creates an internal hash value, which is generated from various factors such as the IP address, resolution, browser, the plugins used, and the operating system. Even with the anonymisation function activated, this heuristic uses the full IP address for internal purposes so, with some effort, it is possible to convert the values back to the IP address and thus reliably determine the other information.

2. AddThis bookmarking service

This website contains Addthis plugins, which allow you to set bookmarks or share interesting website content. Addthis uses cookies. The data generated in the process (such as the time of use or the browser language) are transferred to Add This LLC in the USA and processed there.

We do not process the data concerned. By using the Addthis field, you agree to the processing of data by Add This LLC to the extent shown on the www.addthis.com website. You can object to the use of your data at any time by using an opt-out cookie, which you can download from the following link: http://www.addthis.com/privacy/opt-out. This deactivation prevents advertisers from receiving data about excluded visitors. This also prevents them from learning the interests of these visitors and personalising their content or services for them.

§ 9 Plugins

1. Facebook, Google+ and Twitter

Our website contains social plugins of the social networks Facebook (Facebook Inc., 1601 S. California Ave, Palo Alto, California 94304, USA), Google+ (Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA), and Twitter (Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA). These services are provided by the respective companies (“providers”). As part of our online presence, the social plugins are identified by the respective buttons belonging to the service. On the basis of the data transmitted to the respective service via the social plugins, the service can associate you with the account you have with it. To increase the protection of your data on our website, the social plugins are integrated into our website by means of the 2-click solution. This ensures that no automatic connection to the servers is established by the respective providers when a page of our website containing such a social plugin is called up.

The activation of the function of the respective social plugin takes place in two steps. To activate a social plugin, you must first click on the link on our website. This first activates the social plugin and your browser establishes a connection with the servers of the provider in question. With a second click you can now interact with the social plugin and submit your recommendation, for example. If you are already logged in to one of the social networks of the providers, the providers can immediately associate the visit to this website with your profile. If you interact with social plugins by clicking on them, the corresponding information is also transmitted directly to a server of the providers and stored there. The information may also be published on the social network and displayed there under your contacts. If you wish to prevent such immediate assignment of your data collected via our website to your profile, you must log out of your account of the respective provider before visiting our website.

The scope and purpose of the data collection by the respective service as well as the further processing and use of your data there can be directly obtained from the privacy policy on the website of the respective service. There you will also receive further information about your corresponding data protection rights and setting options for the protection of your privacy..

a.   Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA

https://www.facebook.com/policy.php

https://www.facebook.com/help/186325668085084

b.   Google Inc., 1600 Amphitheater Parkway, Mountain View, California 94043, USA

https://policies.google.com/privacy/update?hl=en

c.   Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA

https://twitter.com/privacy?lang=en

2. Xing

We use a XING network button on our website. When you press this button, a short-term connection is established via your browser to servers of XING AG (hereinafter referred to as XING), with which the XING button functions are performed. XING does not store any personal data about you when you access our website. More specifically, XING does not store any IP addresses. There is also no evaluation of your usage behaviour via the use of cookies in connection with the XING share button. The latest data protection information on the XING share button and additional information can be accessed on these web pages:

https://www.xing.com/app/share?op=data_protection and www.xing.com/privacy

3. Vimeo

Our website uses plugins from Vimeo.com, which is operated by Vimeo, Inc, 555 West 18th Street, New York, New York 10011, USA. If you visit one of our web pages equipped with such a plugin, a connection to Vimeo’s servers is established and the plugin is displayed on the web page by notifying your browser. Here the Vimeo server is informed about which of our web pages you have visited. If you are logged in as a member of Vimeo, Vimeo will associate this information to your personal user accounts on these platforms. When using these plugins, such as clicking/launching a video or sending a comment, this information is also associated to your Vimeo user account, for example, which you can only prevent by logging out before using the plugin.

Information on the collection and use of data by the above platform or plugins can be found in the privacy policy: http://vimeo.com/privacy.

4. LinkedIn

Our website uses the functions of the LinkedIn network. The service is provided by the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter referred to as “LinkedIn”).

Each time one of our web pages containing LinkedIn features is accessed, a connection to the LinkedIn server is established. LinkedIn is informed that you have visited our website from your IP address. By clicking the LinkedIn “Recommend” button, LinkedIn is able to associate this visit to your LinkedIn user account. This information is then processed further by LinkedIn.

The relevant provisions and setting options can therefore be found in the privacy policy of LinkedIn at https://www.linkedin.com/legal/privacy-policy.

5. Research Gate

Our website uses the functions of the ResearchGate researcher network of ResearchGate GmbH, Invalidenstrasse 115, 10115 Berlin, Germany. For further information, see: https://www.researchgate.net/privacy-policy.

§ 10 Hyperlinks

Our website contains hyperlinks to websites of other providers. When you activate these hyperlinks, you will be redirected from our website directly to the other providers’ website. You can recognise this, for example, by the change in the URL. We cannot accept any responsibility for the confidential handling of your data on these third-party websites, as we have no influence on whether these companies comply with data protection regulations. Please inform yourself about the handling of your personal data by these companies directly on their websites.

§ 11 Rights of the data subject

Under the GDPR, you, as the data subject of the processing of personal data, have the following rights:

  • Pursuant to Article 15 GDPR, you can request information about your personal data processed by us. In particular, you can request information about the purposes of the processing; the categories of personal data concerned; the categories of recipients to whom your data have been or will be disclosed; the envisaged period for which your personal data will be stored; the existence of the right to rectification, erasure, restriction of processing, or objection to such processing of your personal data; the existence of the right to lodge a complaint; the source of your data where the personal data is not collected by us; the transfer of your personal data to third countries or international organisations; as well as the existence of automated decision-making, including profiling, and if necessary, meaningful information about the logic involved.
  • Pursuant to Article 16 GDPR, you can request the immediate rectification of inaccurate personal data concerning you or the completion of incomplete personal data stored by us.
  • Pursuant to Article 17 GDPR, you can request the erasure of your personal data stored by us, provided that the processing is not necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation; for reasons of public interest; or for the establishment, exercise, or defence of legal claims.
  • Pursuant to Article 18 GDPR, you can request the restriction of the processing of your personal data if you contest the accuracy of the data, the processing is unlawful, we no longer need the data and you oppose their erasure because you require them for the establishment, exercise, or defence of legal claims. You are also entitled to the right under Article 18 GDPR if you have objected to processing pursuant to Article 21 GDPR.
  • Pursuant to Article 20 GDPR, you can request that the personal data you have provided us with be received in a structured, current, and machine-readable format, or you can request that the data be transmitted to another controller.
  • Pursuant to Article 7 para. 3 GDPR, you can withdraw your consent at any time. As a consequence, we will in future no longer be permitted to continue the data processing based on this consent.
  • Pursuant to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your habitual residence or place of work, or our registered office. In Austria, the supervisory authority is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, Tel: +43-1-52 152-0, Email: dsb(at)dsb.gv.at, Web: www.dsb.gv.at.

The FWF would like to point out that the personal data required for the allocation of monetary funds are processed, among others, on the basis of § 2g of the Austrian Research Organisation Act (FOG). You can find a list of the relevant processes here.

If the FWF acts as joint controller with one or more legal entities for the allocation of funding, the decisive factor in determining responsibility for data protection as defined by Article 26 GDPR is to which controller the application for funding was submitted. If such an application is submitted to the FWF, it shall be contacted in connection with the exercise of the data subject’s rights as defined by Article 26 GDPR and shall be responsible for this privacy policy. If an application is submitted to another (joint) controller, this controller shall be contacted in connection with the exercise of data subject’s rights as defined by Article 26 GDPR and shall be responsible for its privacy policy or the like.

§ 12 Right to object

When processing your personal data on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 point f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 insofar as there are reasons which arise from your particular situation or if the objection refers to direct marketing. In the case of direct marketing, you have a general right to objection, which we will implement without you needing to specify any particular situation.

§ 13 Data security and security measures

We are committed to protecting your privacy and treating your personal data confidentially. In order to avoid manipulation, loss, or misuse of your data stored by us, we take extensive technical and organisational security precautions that are regularly reviewed and adapted to technological progress. This includes, among other things, the use of recognised encryption methods (transport-layer security or TLS). However, we would like to point out that due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions for which we are not responsible. In particular, unencrypted data – e.g., if this is done by email – can be read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data provided by him/her against misuse by encryption or in any other way.