Privacy Policy for the alpha+ Website

The alpha+ Non-profit foundation of the Austrian Science Fund FWF (hereinafter referred to as alpha+) is pleased that you are visiting our website. Data protection and data security when using our website are very important to us. We would therefore like to inform you about the personal data we collect during your visit to our website and about the intended purposes.

As changes to the law or changes to our internal processes may require an adaptation of this privacy statement, we ask you to read this privacy policy regularly. The privacy policy can be accessed any time under "Privacy Policy," saved, and printed out.

§ 1 Data controller and scope

The controller according to the EU General Data Protection Regulation (hereinafter referred to as GDPR) and other national data protection acts of the Member States, as well as other data protection regulations, is:

Alpha+ non-profit foundation of the Austrian Science Fund FWF (alpha+)

Haus der Forschung
Sensengasse 1
A-1090 Vienna

Tel: +43-1-505 67 40-0
Email: hello@alphaplusstiftung.at
Website: www.alphaplusstiftung.at

This privacy policy applies to the online presence of the alpha+ Foundation, which is available at www.alphaplusstiftung.at and its various subdomains (hereinafter referred to as “our website”).

§2 Principles of processing personal data

Personal data are all information relating to an identified or identifiable natural person. This includes information such as your name, age, address, telephone number, date of birth, email address, IP address, or user behaviour. Information that cannot (or only with disproportionate effort) be referred to your person, e.g., by anonymising the information, is not personal data. The processing of personal data (e.g., the collection, retrieval, use, storage, or transmission) always requires a legal basis or your consent.

Processed personal data will be deleted as soon as the purpose of the processing has been fulfilled and no legally prescribed retention obligations are to be observed.

In case we process your personal data for the provision of certain offers, please find below information about the specific processes, the scope and purpose of data processing, the legal basis for processing, and the respective storage period.

§ 3 Individual processing operations

Provision and use of our website

a. Description and scope of data processing

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a log file. When you use our website, we collect the following data, which are technically necessary for us to display our website to you and to guarantee stability and security:

• IP address of the requesting computer
• date and time of access
• name and URL of the retrieved file
• the web page from which access is made (referrer URL)
• the browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

b. Legal basis

Art. 6 para. 1 point f GDPR serves as the legal basis for the aforementioned data processing. The processing of the mentioned data is necessary for the provision of our website and thus serves the protection of a legitimate interest of our company.

c. Storage time

As soon as the mentioned data for the display of our website are no longer necessary, they will be deleted. The collection of data for the provision of our website and the storage of data in log files is absolutely necessary for the operation of our website. Consequently, there is no possibility of objection on the part of the user. Further storage may take place in individual cases if this is required by law.

§ 4 Third party transfers

We only share your personal data with third parties if:

• you have given your express consent pursuant to Art. 6 para. 1 sentence 1 point a GDPR,
• it is legally permissible and necessary for the fulfilment of a contractual relationship with you pursuant to Art. 6 para. 1 sentence 1 point b GDPR,
• there is a legal obligation to pass on the data in accordance with Art. 6 para. 1 sentence 1 point c GDPR,
• the disclosure pursuant to Art. 6 para. 1 sentence 1 point f GDPR is necessary to protect legitimate company interests and to assert, exercise, or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.

§ 5 Use of cookies

Except for those listed below, our website does not use cookies.

§ 6 Tools for tracking and analysis

We use tracking and analysis tools to ensure continuous optimisation and needs-based design of our website. With the aid of tracking measures, it is also possible for us to statistically record visitors’ use of our website and further develop our online offer for you with the help of the information we obtain from this. On the basis of these interests, the use of the tracking and analysis tools described below is justified in accordance with Art. 6 para. 1 sentence 1 point f GDPR. The following description of the tracking and analysis tools also provides information on the purposes of the processing concerned and the data that are processed.

1. Matomo

Our website uses Matomo, an open-source software for the statistical analysis of visitor traffic. Matomo uses cookies. The information generated by these cookies about your use of our website is stored on the web server. You can prevent the setting of cookies by adjusting the settings on your browser. We would like to point out, however, that in this case you may not be able to use all the functions of this website to their full extent.

After being processed and before being stored, the IP address is anonymised. However, we want to emphasise that despite the fully activated anonymisation function, total anonymisation cannot be achieved—only pseudonymisation. During use, Matomo creates an internal hash value, which is generated from various factors such as the IP address, resolution, browser, the plugins used, and the operating system. Even with the anonymisation function activated, this heuristic uses the full IP address for internal purposes so, with some effort, it is possible to convert the values back to the IP address and thus reliably determine the other information.

§ 7 Hyperlinks

Our website contains hyperlinks to websites of other providers. When you activate these hyperlinks, you will be redirected from our website directly to the other providers’ website. You can recognise this, for example, by the change in the URL. We cannot accept any responsibility for the confidential handling of your data on these third-party websites, as we have no influence on whether these companies comply with data protection regulations. Please inform yourself about the handling of your personal data by these companies directly on their websites.

§ 8 Rights of the data subject

Under the GDPR, you, as the data subject of the processing of personal data, have the following rights:

• Pursuant to Article 15 GDPR, you can request information about your personal data processed by us. In particular, you can request information about the purposes of the processing; the categories of personal data concerned; the categories of recipients to whom your data have been or will be disclosed; the envisaged period for which your personal data will be stored; the existence of the right to rectification, erasure, restriction of processing, or objection to such processing of your personal data; the existence of the right to lodge a complaint; the source of your data where the personal data is not collected by us; the transfer of your personal data to third countries or international organisations; as well as the existence of automated decision-making, including profiling, and if necessary, meaningful information about the logic involved.
• Pursuant to Article 16 GDPR, you can request the immediate rectification of inaccurate personal data concerning you or the completion of incomplete personal data stored by us.
• Pursuant to Article 17 GDPR, you can request the erasure of your personal data stored by us, provided that the processing is not necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation; for reasons of public interest; or for the establishment, exercise, or defence of legal claims.
• Pursuant to Article 18 GDPR, you can request the restriction of the processing of your personal data if you contest the accuracy of the data, the processing is unlawful, we no longer need the data and you oppose their erasure because you require them for the establishment, exercise, or defence of legal claims. You are also entitled to the right under Article 18 GDPR if you have objected to processing pursuant to Article 21 GDPR.
• Pursuant to Article 20 GDPR, you can request that the personal data you have provided us with be received in a structured, current, and machine-readable format, or you can request that the data be transmitted to another controller.
• Pursuant to Article 7 para. 3 GDPR, you can withdraw your consent at any time. As a consequence, we will in future no longer be permitted to continue the data processing based on this consent.
• Pursuant to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your habitual residence or place of work, or our registered office. In Austria, the supervisory authority is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, Tel: +43-1-52 152-0, Email: dsb@dsb.gv.at, Web: www.dsb.gv.at.

§ 9 Right to object

When processing your personal data on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 point f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 insofar as there are reasons which arise from your particular situation or if the objection refers to direct marketing. In the case of direct marketing, you have a general right to objection, which we will implement without you needing to specify any particular situation.

§ 10 Data security and security measures

We are committed to protecting your privacy and treating your personal data confidentially. In order to avoid manipulation, loss, or misuse of your data stored by us, we take extensive technical and organisational security precautions that are regularly reviewed and adapted to technological progress. This includes, among other things, the use of recognised encryption methods (transport-layer security or TLS). However, we would like to point out that due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions for which we are not responsible. In particular, unencrypted data—e.g., if this is done by email—can be read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data provided by him/her against misuse by encryption or in any other way.