Data Protection for ABCSG Website Users

Responsible provider
ABCSG
Nussdorfer Square 8
A-1190 Vienna
ATU61754836

Tel.: +43 1 408 92 30
Fax: +43 1 409 09 90
E-mail: info@abcsg.at

ABCSG Data Protection Officer:
privacy@abcsg.at

on this website (hereinafter referred to as “Offer”).

Scope

The website operator takes your privacy very seriously and treats your personal data confidentially and in accordance with the statutory provisions.

Please bear in mind that data transmission on the Internet can always be subject to security vulnerabilities. A full protection against access by third parties is not feasible.

Access data

The website operator or page provider collects data about accesses to the page and stores them as “server log files”. The following data is logged in this way:

  • Visited website
  • Time at the time of access
  • Amount of data sent in bytes
  • Source/reference from which you came to the page
  • Browser used
  • Operating system used
  • IP address used

The data collected is only used for statistical analysis and to improve the website. However, the website operator reserves the right to check the server log files retrospectively if there are concrete indications of illegal use.

Cookies

Our website uses so-called cookies. These are small text files that are stored on your end device with the help of the browser. They do not cause any damage.

We use cookies to make our offer user-friendly. Some cookies remain stored on your end device until you delete them. They enable us to recognize your browser on your next visit.

If you do not wish this, you can set up your browser so that it informs you about the setting of cookies and you only allow this in individual cases.

When deactivating cookies, the functionality of our website may be limited, the use of the member area is then not possible.

[cookies_revoke]

 

Registration function

We offer you the possibility to register on our website. The data entered in the course of this registration, which can be seen from the input mask of the registration form, are collected and stored exclusively for the use of our offer. With your registration on our site, we will also store your IP address and the date and time of your registration. This serves as a safeguard for us in the event that a third party misuses your data and registers on our site with this data without your knowledge. Your data will not be passed on to third parties. A comparison of the data collected in this way with data that may be collected by other components of our site also does not take place.

Handling of personal data

The website operator collects, uses and discloses your personal data only if this is permitted by law or if you consent to the collection of such data.

Personal data includes all information that can be used to identify you personally and that can be traced back to you – for example, your name, e-mail address and telephone number.

Rights of the user: information, correction and deletion

As a user, you can request information free of charge about what personal data has been stored about you. Provided that your request does not conflict with a legal obligation to retain data (e.g. data retention), you have a right to have incorrect data corrected and to have your personal data blocked or deleted.

Handling of contact data

If you contact the website operator using the contact options provided, your details will be stored so that they can be used to process and respond to your inquiry. This data will not be passed on to third parties without your consent.

Dealing with comments and contributions

If you leave a contribution or comment on this website, your IP address will be stored. This is for the security of the website operator: if your text violates the law, he would like to be able to track your identity.

Use of social media buttons with “Shariff”.

We use the c’t project “Shariff” on our website. “Shariff” replaces the usual share buttons of social networks and thereby protects surfing behavior.

“Shariff” embeds these share buttons of the social networks on our website only as a graphic, which contains a link to the corresponding social network. By clicking on the corresponding graphic, you will be redirected to the services of the respective network. The Shariff button establishes direct contact between the social network and our visitors only when the visitor actively clicks on the Share button. Only then will your data be transmitted to the respective social network. If, on the other hand, the Shariff button is not clicked, no exchange takes place between you and the social networks. You can find more information about the c’t project “Shariff” at Heise.

We integrate the following social networks with “Shariff” on our website:

  • Facebook
  • Twitter
  • LinkedIn
  • Xing

Use of Facebook social plugins

We use social plugins (“plugins”) of the social network facebook.com on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are recognizable by one of the Facebook logos (white “f” on blue tile, the terms “Like”, “Like” or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

When a user calls up a function of this online offer that contains such a plugin, his or her device establishes a direct connection with Facebook’s servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated by the latter into the online offer. In the process, usage profiles of the users can be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.

By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged into Facebook, Facebook can assign the visit to his Facebook account. If users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted from your device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will learn and store his or her IP address. According to Facebook, only an anonymized IP address is stored in Germany.

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the related rights and settings options for protecting the privacy of users, can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Facebook to collect data about him or her via this online offer and link it to his or her membership data stored on Facebook, he or she must log out of Facebook and delete his or her cookies before using our online offer. Further settings and objections to the use of data for advertising purposes, are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

Twitter

This offer uses the buttons of the service Twitter. These buttons are offered by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. They are recognizable by terms such as “Twitter” or “Follow”, combined with a stylized blue bird. With the help of the buttons, it is possible to share a post or page of this offer on Twitter or to follow the provider on Twitter.

When a user calls up a web page of this website that contains such a button, his browser establishes a direct connection with the servers of Twitter. The content of the Twitter button is transmitted by Twitter directly to the user’s browser. The provider therefore has no influence on the scope of the data that Twitter collects with the help of this plugin and informs the users according to its state of knowledge. According to this, only the IP address of the user the URL of the respective website is transmitted when the button is referred to, but not used for purposes other than the display of the button. Further information on this can be found in Twitter’s privacy policy at http://twitter.com/privacy.

Use of Xing recommendation components

We use components of the XING.com network on our site. These components are a service of XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.

With each individual call-up of our website that is equipped with such a component, this component causes the browser you are using to download a corresponding representation of the component from XING.

To our knowledge, XING does not store any personal data of the user about the call of our website. Likewise, XING does not store any IP addresses. In addition, there is also no evaluation of usage behavior via the use of cookies in connection with the “XING Share button”. Further information on this can be found in the data protection information for the XING Share button at: https://www.xing.com/app/share?op=data_protection.

Use of LinkedIn recommendation components

We use components of the LinkedIn network on our site. LinkedIn is a service of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. With each individual call-up of our website that is equipped with such a component, this component causes the browser you are using to download a corresponding representation of the component from LinkedIn.

This process informs LinkedIn which specific page of our website is currently being visited. If you click the LinkedIn “Recommend Button” while logged into your LinkedIn account, you can link the content of our pages on your LinkedIn profile. This enables LinkedIn to associate the visit to our pages with your LinkedIn user account.

We have no influence on the data that LinkedIn collects through this, nor on the scope of this data collected by LinkedIn. We also have no knowledge of the content of the data transmitted to LinkedIn. Details on data collection by LinkedIn as well as your rights and setting options can be found in LinkedIn’s privacy notices. You can find this information at http://www.linkedin.com/legal/privacy-policy

Privacy policy on the use and application of YouTube

The controller has integrated YouTube components on this website. YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all types of videos, which is why complete film and TV shows, but also music videos, trailers or videos made by users themselves can be accessed via the Internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Use of “stripe” as payment service provider

We use the services of the payment service provider Stripe. When paying by credit card, the processing of payment data is therefore carried out by the payment service provider Stripe. Only that data is passed on to the payment service provider which is necessary for the payment processing. For the interface to this provider, cookies with a duration of 12 months may be used directly from our website, if necessary. This serves to prevent fraud and abuse in online payment procedures. The legal basis here is Art 6 para 1 lit. f DSGVO.

Data protection during applications and the application process

We are pleased that you are interested in us and are applying or have applied for a position in our company. We would like to provide you below with information on the processing of your personal data in connection with the application.

The responsible party in terms of data protection law is

ABCSG Austrian Breast & Colorectal Cancer Study Group e.V. A-1190 Vienna, Nussdorfer Platz 8

We process your personal data that you have sent us in connection with your application in order to assess your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application process. The purpose of the electronic processing of your personal data is to select a person suitable for the vacant position.

Your application data will be screened by the HR department after receipt of your application. Suitable applications will subsequently be forwarded internally to the department managers responsible for the respective vacant position. The further course of action will be agreed upon. In principle, only those persons in the company have access to your data who require this for the proper conduct of our application process.

In the course of a personal interview, we may ask you to complete a written test. This tests only your professional knowledge in order to determine your suitability for a possible position in our company. The further processing of the collected test is similar to the processing of any other personal data.

If you are accepted for a position during the application process, the data from the applicant data system will be transferred to our personnel information system.

Storage period of your applicant data

Your personal data will be deleted if it is no longer required to fulfill the data processing purpose and there is no lawful basis, in particular on the basis of Art. 6 DSGVO, for further storage.

We expressly point out that you are not obliged to provide personal data covered by Art. 9 DSGVO in application documents submitted to us. If you nevertheless provide information in your application documents about your racial or ethical origin, religious or ideological beliefs, trade union membership, genetic biometric data, health data, this is based on a voluntary basis. Should you therefore provide us with this information voluntarily, this is deemed to be consent, iSd. Art. 9 para. 2 lit. a) DSGVO on your part that we process this personal data. You have the right to revoke your consent at any time. However, this does not affect the lawfulness of the processing carried out until the revocation.

Data will not be passed on to third parties.

Data protection information for online meetings, telephone conferences and webinars via “Zoom”.

We would like to inform you below about the processing of personal data in connection with the use of “Zoom”.

Purpose of processing

We use the “Zoom” tool to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter: “Online Meetings”). “Zoom” is a service provided by Zoom Video Communications, Inc. which is based in the USA.

Responsible

The data controller for data processing directly related to the conduct of “Online Meetings” is ABCSG.

Note: Insofar as you call up the website of “Zoom”, the provider of “Zoom” is responsible for data processing. However, calling up the website is only necessary for using “Zoom” in order to download the software for using “Zoom”.

You can also use “Zoom” if you enter the respective meeting ID and, if applicable, further access data for the meeting directly in the “Zoom” app.

If you do not want to or cannot use the “Zoom” app, then the basic functions can also be used via a browser version, which you can also find on the “Zoom” website.

What data is processed?

Various types of data are processed when using “Zoom”. The scope of the data also depends on the data you provide before or during participation in an “online meeting”.

The following personal data are subject to processing:

User details: first name, last name, telephone (optional), e-mail address, password (if “single sign-on” is not used), profile picture (optional), Department (optional)

Meeting metadata: Topic, description (optional), attendee IP addresses, device/hardware information.

If recording (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.

For dial-in with the telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.

Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an “online meeting”. To this extent, the text entries you make are processed in order to display them in the “online meeting” and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the “Zoom” applications.

To participate in an “online meeting” or to enter the “meeting room”, you must at least provide information about your name.

Scope of processing

We use “Zoom” to conduct “online meetings.” If we want to record “online meetings”, we will transparently inform you in advance and – if necessary – ask for consent. The fact of the recording will also be displayed to you in the “Zoom” app.

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will generally not be the case.

In the case of webinars, we may also process questions asked by webinar participants for purposes of recording and following up on webinars.

If you are registered as a user at “Zoom”, then reports of “online meetings” (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be stored at “Zoom” for up to one month.

Automated decision-making within the meaning of Art. 22 DSGVO is not used.

Legal basis for data processing

Insofar as personal data of ABCSG employees are processed, the employment contract is the legal basis for data processing. If, in connection with the use of “Zoom”, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of “Zoom”, Article 6 (1) f) DSGVO is the legal basis for data processing. In these cases, our interest is in the effective implementation of “online meetings”.

For the rest, the legal basis for data processing when conducting “online meetings” is Art. 6 (1) lit. b) DSGVO, insofar as the meetings are conducted in the context of contractual relationships.

Should no contractual relationship exist, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here, too, our interest is in the effective implementation of “online meetings”.

Recipients / passing on of data

Personal data processed in connection with participation in “online meetings” is generally not passed on to third parties unless it is specifically intended to be passed on. Please note that the content of “online meetings”, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

Other recipients: the provider of “Zoom” necessarily obtains knowledge of the above-mentioned data to the extent provided for in our order processing agreement with “Zoom”.

Data processing outside the European Union

“Zoom” is a service provided by a provider from the USA. Processing of personal data may thus also possibly take place in a third country. We have concluded a contract with Zoom in which Zoom has confirmed the following to us:

If you are a resident of the European Economic Area (EEA) and your personal data is transferred outside the EEA, we will

Process it in an area that has been determined by the European Commission to provide an adequate level of protection for personal data; or

implement appropriate safeguards to protect your personal data. This includes transfers in accordance with the applicable transfer mechanisms, the European Commission’s Standard Contractual Clause.

Privacy policy on the use and application of Matomo (formerly PIWIK).

The controller has integrated the Matomo component on this website. Matomo is an open source software tool for web analysis. Web analysis is the collection, compilation and evaluation of data about the behavior of visitors to websites. Among other things, a web analysis tool collects data about the website from which a data subject came to a website (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used for optimizing a website and for cost-benefit analysis of internet advertising.

The software is operated on the server of the controller, and the log files, which are sensitive under data protection law, are stored exclusively on this server.

The purpose of the Matomo component is to analyze the flow of visitors to our website. The controller uses the data and information obtained, among other things, to evaluate the use of this website in order to compile online reports showing the activities on our Internet pages.

Matomo sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. Setting the cookie enables us to analyze the use of our website. Each time one of the individual pages of this website is called up, the Internet browser on the information technology system of the data subject is automatically caused by the Matomo component to transmit data to our server for the purpose of online analysis. As part of this technical procedure, we obtain knowledge of personal data, such as the IP address of the data subject, which serves us, among other things, to trace the origin of visitors and clicks.

By means of the cookie, personal information, for example the access time, the location from which an access originated and the frequency of visits to our website are stored. Each time you visit our website, this personal data, including the IP address of the Internet connection used by the data subject, is transmitted to our server. This personal data is stored by us. We do not pass on this personal data to third parties.

The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Matomo from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Matomo can be deleted at any time via an Internet browser or other software programs.

Furthermore, the data subject has the possibility to object to the collection of data generated by Matomo and related to a use of this website and to prevent such a collection. For this purpose, the data subject must set an opt-out cookie. If the information technology system of the data subject is deleted, formatted or reinstalled at a later point in time, the data subject must set an opt-out cookie again.

However, with the setting of the opt-out cookie, there is the possibility that the Internet pages of the controller are no longer fully usable for the data subject.

Further information and the applicable data protection provisions of Matomo can be found at https://matomo.org/privacy/.

Google Maps

We integrate the maps of the service “Google Maps” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Integration of third-party services and content

It may happen that third-party content, such as videos from YouTube, maps from Google Maps, RSS feeds or graphics from other websites are integrated within this online offer. This always requires that the providers of this content (hereinafter referred to as “third-party providers”) perceive the IP address of the user. Without the IP address, they could not send the content to the browser of the respective user. The IP address is thus necessary for the display of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. However, we have no influence if the third-party providers store the IP address, e.g. for statistical purposes. Insofar as this is known to us, we inform the users about it.

Rights of the user: information, correction and deletion

As a user, you can request information free of charge about what personal data has been stored about you. Provided that your request does not conflict with a legal obligation to retain data (e.g. data retention), you have a right to have incorrect data corrected and to have your personal data blocked or deleted.

Status: December 2020



Share on