TU Graz/

Privacy Policy

Version 1.05 (01.03.2024)

In this privacy policy, we provide you with information about how personal data collected via our websites and online offers are processed. This allows you to immediately see which personal data we process, for what purpose, and the legal basis for this processing. We process your data exclusively on the basis of the legal provisions for data protection and data security and, in particular, the Austrian Data Protection Act (in German: Datenschutzgesetz or “DSG”), the EU General Data Protection Regulation (GDPR, in German: Datenschutz-Grundverordnung or “DSGVO”), as well as the Telecommunications Act (in German: Telekommunikationsgesetz 2003 or “TKG 2021”).

Content

  1. Scope of application
  2. Contact
  3. Creation of log data (access data)
  4. Cookies and similiar technologies
    4.1. Functional cookies (session cookies, permanent cookies)
    4.2. Analysis of website visits (analytical cookies)
    4.3. Advertising cookies
  5. Social media plugins
    5.1 Integrated services
  6. Social media presence
  7. Sending information material
  8. Electronic registration for events
  9. Form entries that permit communication
  10. Personal electronic signature
  11. Electronic payment
  12. Rights of Data Subjects

1. Scope of application

The privacy policy applies to all processing activities on the websites of Graz University of Technology.

2. Contact

The data controller for processing your personal data is Graz University of Technology, Rechbauerstraße 12, 8010 Graz (hereinafter “TU Graz” or “we”).

The TU Graz data protection officer is x-tention Informationstechnologie GmbH, Römerstraße 80A, 4600 Wels, datenschutzbeauftragternoSpam@tugraz.at.

If you have any data protection concerns, please contact datenschutznoSpam@tugraz.at.

3. Creation of log data (access data)

In order to be able to provide our online services, log data that are technically necessary are stored each time our online offer(s) is(are) accessed (web pages, retrieval of files or other resources). The collection of log data enables us to detect, limit and eliminate system malfunctions, system errors, malfunctions that can restrict the availability of the online services as well as block unauthorised access to our systems. The log data are not linked to other personal data.

Categories of data: Date and time of the request, name and URL of the retrieved resource, amount of data (in bytes) of the requested and/or retrieved resource, response of the server (e.g. HTTP status code), identification data for the browser and operating system used, website from which the access was made, IP address, MAC address, user name.

Legal basis: We store the log data for a limited period of time to fulfil our legitimate interest according to Art. 6 (1) (f) DSGVO.

Storage period: Your log data are generally stored for eight weeks. Depending on the system, data may be stored for a longer period, but not for a period longer than twelve months.

4. Cookies and similar technologies

The term "cookie(s)" is often used in a technical and legal context as an umbrella term for different technologies. Therefore, the following use of the term "cookies" always includes those technologies that are similar to cookies in terms of functionality. Cookies are small text files that are stored by the browser when you visit websites. The text files contain information about the user's surfing behaviour, such as which websites were visited. If a website is visited again by the same user, these files enable us to recognise this user. For this purpose, in addition to the technically required cookies (functional cookies), we also use analytical cookies and advertising cookies. We describe in detail which cookies are used in this section.

The legal basis for processing cookies varies depending on their type. We process functional cookies (session cookies and permanent cookies) according to the exemption clause in § 165 (3) TKG 2021. The user’s consent is not required.

The legal basis for data processing with regard to analytical cookies and advertising cookies is your freely given consent according to § 165 (3) TKG 2021. You give us your consent by actively clicking on “I agree” next to the respective processing purpose described in the cookie banner when you visit our web pages. No cookies will be saved before you give your consent. Due to the use of advertising system service providers (see section 4.3.), your data is transmitted to the USA (third country). The transfer of this data to a third country for a specific purpose (see section 4.3 and section 5) is permitted according to the exemption clause found in Art. 49 (1) (a) DSGVO, whereby you give us your consent after being informed of the risks involved. We will store the consent given for a period of six months so that the cookie banner is not displayed every time you visit the web page.

Information about the storage period can be found in the cookie list.

You can control the cookie settings (functional cookies, analytical cookies, advertising cookies) as well as control how long they are stored by modifying your browser settings.

This means that it is possible for you to revoke your consent at any time by deleting all or individual cookies in the browser settings. If you revoke your consent or change the browser settings so that cookies are no longer stored, you (the user) will no longer be recognised by us when you visit our web pages again. For this reason, the cookie banner will be displayed again and provide you again with the option to give your consent.

Below, you will find instructions for how to delete cookies in the most common browsers:

We would like to point out that the deactivation of certain cookies can lead to functional restrictions (i.e. reduced access) to some of our online content.

4.1 Functional cookies (session cookies, permanent cookies)

When you visit our web pages, we use technically required cookies as defined in § 165 (3) TKG 2021. Session cookies enable us to provide users with our online services (e.g. website-navigation, navigate on the website). The cookies are deleted when the browser is closed.

In addition to session cookies, we also set permanent cookies. These help us to improve the user-friendliness of the website. For example, if the user has selected a language on the website, this information is stored in the cookies. If the user visits the same website again, we can provide the user with the appropriate language from the beginning (storage of user settings). The functions contained in the cookies only relate to the website visited. No data are transmitted to third parties.

4.2 Analysis of website visits (analytical cookies)

By setting analytical cookies, we can collect information about user interactions with information content we provide online (e.g. information about the use of our websites, creation of reports about website activities). This helps us to ensure the continuous development of our online offers.

Matomo with anonymisation function

To statistically evaluate the accessed content, we use our own website analytics tool, TU Graz Analytics, which is based on the open source web analytics service Matomo. The information is only stored after the IP address has been shortened or otherwise anonymised. The shortened IP address, therefore, no longer allows any conclusions to be drawn about the user. By using this website analytics tool, no personal data are transmitted to third parties. Your data will be processed exclusively on secure servers of TU Graz.

4.3 Advertising cookies

As a university, we would like to particularly address people who are interested in studying. For this reason, we take measures to carry out tasks in the field of education marketing as described in the measures of the Universities Act 2002.

As one measure that is taken, we use advertising cookies on our websites to analyse the interests of the users (remarketing/retargeting). This allows us to identify our target group (potential students), which, in turn, enables us to advertise our degree programmes more effectively.

When visiting our websites, cookies are set that store information about user behaviour. Based on this user behaviour and the content accessed, we can draw the attention of potential students to TU Graz again at a later date by offering more specific advertisements based on the user’s interests.

This form of data processing is known as profiling. We use the following advertising system service providers and pass the information contained in the cookies on to them (third country transfer, see section 4.):

Facebook Pixel

We use Facebook Pixel from the provider Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). When cookies are set, Facebook can show our target group more specific information about the TU Graz degree programmes based on their interests via the social media platform Facebook, based on the stored information about the content accessed on our websites. We are not able to link the data collected about you with your identity (i.e. it is anonymous for us); therefore, we are unable to draw any conclusions on the basis of our users’ identities. You can find Facebook's privacy policy at https://en-gb.facebook.com/policies/cookies/.

Google

We use Google Ads from the company Google LLC (1600 Amphitheatre Parkway Mountain, View, CA 94043, USA) as an advertising system service provider. If our target group visits a Google website or a website in the Google advertising network, information about the TU Graz degree programmes based on the user’s interests can be displayed as an advertisement on these websites. In order to optimise our advertising measures, user data are collected by means of cookies and evaluated with the analytical tool Google Analytics. However, Google Analytics does not collect any information that enables Google to personally identify individual users. You can find Google's privacy policy at https://policies.google.com/technologies/cookies?hl=en#types-of-cookies.

5. Social media plugins

We use social media plugins (hereinafter referred to as “plugin”) on our websites. The use of such a plugin takes place exclusively based on your consent according to § 165 (3) TKG 2021. The purpose of setting up such a plugin is to offer our users access to a wider range of content and services. We do not collect any personal data via the plugins. After giving your consent by actively clicking on “I agree” in the cookies banner when visiting our websites, the users’ personal data (IP address) can be transmitted to the social media platform. This happens regardless of whether you have a user account with the social media platform. If you are a member of a social media platform and are logged into your user account when you click on the cookie banner on one of our websites, the data collected via the respective plugin will be directly linked to your account. If you do not wish these data to be linked to your user account, you need to first log out of your social media account before activating the plugin. We have no influence over the extent to which and the purpose for which the social media platforms actually collect personal data via the plugins. For more information about how your data are processed and used by the respective social media platform, please refer to the privacy policies of the service providers listed below.

5.1 Integrated services (third country transfer, see section 4.)

X (formerly known as Twitter)

We integrate a social media stream from the provider Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRLAND on our websites. This is activated by actively clicking on “I agree” in the cookie banner. Please find their privacy policy here: https://twitter.com/en/privacy

YouTube

We use plugins (videos) from the provider YouTube on our websites. No user data are transmitted to YouTube when our website is accessed. The videos only appear as a preview image. The video content is only loaded and played when you click on the “activate video” link. By doing so, you agree to the data transfer, and personal data (e.g. IP address) are subsequently transferred to YouTube. For further information about how your data are processed and used by YouTube, please refer to the privacy policy of the service provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94103, USA. Privacy policy: https://policies.google.com/technologies/partner-sites?hl=en

6. Social media presence

As an educational institution under public law, TU Graz maintains social media channels in order to provide you with reliable, comprehensive, up-to-date information on academic and research activities at the university and, if you wish, to communicate with you via these social media channels. Depending on the specific social media platform used, your personal data is automatically processed when visiting the social media channels of TU Graz. We would like to point out that TU Graz has no influence on any data processed by the various platforms (for more information on which data is processed by a specific social media platform, please refer to the privacy policy of the respective platform). In addition to the various social media channels, you always have the opportunity to communicate with TU Graz via our own channels (website, newsletter, in person, etc.) and to obtain all relevant information about the university directly. The use of any social media platform to facilitate communication between you and TU Graz is therefore in your own interest.

TU Graz operates channels on the following social media platforms:

(formerly known as Twitter, Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRLAND)
Privacy Policy

YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland)
Privacy Policy

Facebook, Instagram (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland)
Privacy Policy: Facebook, Instagram

Xing (New Work SE, Strandkai 1, 20457 Hamburg, Deutschland)
Privacy Policy

Telegram
Privacy Policy

LinkedIn
Privacy Policy

TikTok
Privacy Policy

Legal basis: Representation on digital communication channels that are frequented by our legally defined target group is necessary for the performance of our university tasks carried out in the public interest in the sense of group-specific public relations (Art 6 (1) (e) and (f) DSGVO in conjunction with § 3 Universities Act 2002).

7. Sending information material

We give you the opportunity on various websites to subscribe to publications (newsletters, journals, magazines, press releases, etc.), receive information about events and other information material to provide you with more information about the current activities and how the University's is fulfilling its legal requirements. By actively and voluntarily entering your data, you give us your consent to process your personal data.

Categories of data: The types of personal data processed vary depending on the information material. For the specific categories of data and further information about data protection, please refer to the privacy policy for the respective information material.

Legal basis: We process your personal data based on your consent according to Art. 6 (1) (a) DSGVO or § 174 (3) TKG 2021.

Storage period: Your personal data will be processed until you withdraw your consent, i.e. until you unsubscribe so that you no longer receive the information material.

Recipients: If you have selected postal delivery, the address data that you have provided will be transmitted to the respective printing company for mailing. If further mailings will take place, this will be stated in the privacy policy for the respective information material.

You can cancel your subscription by clicking on the respective “unsubscribe” link or by writing to the e-mail address listed in the specific privacy policy. Furthermore, you can revoke your consent at any time by sending an e-mail to datenschutznoSpam@tugraz.at.

8. Electronic registration for events

To make it easier for you to register for events (general events, research events, etc.), we offer online registration options on our websites. With regard to paid events, internal as well as external payment services are also used. In order to be able to guarantee secure and smooth payment, we process the financial data you enter online. By issuing the payment (for paid events), a contract is concluded between you and TU Graz (see section 11).

Categories of data: The types of personal data processed vary depending on the event. Please refer to the privacy policy for the respective event for more information about the specific categories of data and about data protection.

Legal basis:
Paid events: We process the personal data you provide in order to organise and carry out the event on the basis of pre-contractual or contractual measures according to Art. 6 (1) (b) DSGVO.
Unpaid (free) events: We process the personal data you provide in order to efficiently organise and carry out the event to fulfil the public interest or the legitimate interest of TU Graz according to Art. 6 (1) (e) DSGVO DSGVO in conjunction with § 3 UG 2002 or Art. 6 (1) (f) DSGVO. Furthermore, the processing of personal data could be based on the legal basis of Art 6 (1) (b) DSGVO.

Storage period: Your data will be stored after the contract has been fully processed or the last invoice has been issued for as long as tax law obligations exist to retain such data.
Regarding the public and legitimate interest: We process the data for as long as this is necessary to protect the public/legitimate interest or until an (a justified) objection is raised.

9. Form entries that permit communication

On some of the websites that offer content online, you can enter your contact details in an online form in order to contact us or send enquiries.

Categories of data: The types of personal data processed vary depending on the form. Please refer to the respective input mask for the specific categories of data.

Legal basis: Your personal data will be processed exclusively on the basis of your consent pursuant to Art 6 (1) (a) DSGVO.

Storage period: Your data will be deleted as soon as they are no longer required to achieve the purpose. This is particularly the case when the communication between you and TU Graz finally ends or you have revoked your consent according to Art 7 (3) DSGVO.

Recipients: Data will only be passed on to third parties if you have given us your consent to do so.

10. Personal electronic signature

If you have activated the mobile signature and have a TUGRAZonline account, you can use the TU Graz electronic signature service via esign.tugraz.at and sign your documents electronically with the trust service provider A-Trust GmbH (list of trust service providers). The TU Graz only acts as an intermediary between you and A-Trust GmbH and has no influence on the data collection carried out by A-Trust GmbH. For more information on data protection, please refer to the privacy policy of A-Trust GmbH at https://www.handy-signatur.at/hs2/#!infos/agb.

Categories of data: In order to be able to provide the service technically, it is necessary to process your PDF documents for the duration of the signature process as well as to verify your first and last name.

Legal basis: How your personal data are processed is based on your freely given consent according to Art. 6 (1) (a) DSGVO, which you give us by using the signature service.

Storage period: Your PDF documents are generally not stored by TU Graz. Short-term storage only takes place if you cancel the signature process. In this case, the documents are deleted after five minutes.

Recipient: The PDF documents (for signing) and technically necessary data (IP adress, time to call-up) are transmitted to A-Trust GmbH.

11. Electronic payment

In order for you to be able to pay electronically when using TU Graz services (tuition fees, events, etc.), it is necessary to process your personal data to the extent required to process the payment.

TU Graz processes the following categories of data: academic title, title, first and last name, company, currency, payment method, amount, payment reference, semester ID, client ID

The following data is transmitted to the payment service provider for the purpose of allocating your payment: amount, currency, payment method

Legal basis: The processing of your personal data is necessary for the fulfilment of a contract to which you are a party, or in order to carry out pre-contractual measures in accordance with Art 6 (1) (b) DSGVO (i.a. § 91 Universities 2002 – tuition fees)

Duration of storage: TU Graz stores your personal data in order to allocate your payment and to comply with financial regulations. Your personal data will be deleted after any statutory retention periods have passed.

Recipient: All electronic payments are processed by a provider of electronic payment services (PAYONE GmbH). The provider may collect further personal data if necessary.

12. Rights of Data Subjects

You have the rights to information and access, rectification, data portability, restriction and erasure of data. Besides these, you also have the right to withdraw your consent to the processing of data. However, bear in mind that withdrawal of consent does not affect the legality of the processing of your data retrospectively. If the data processing is based on the legal basis of fulfilling legitimate or public interest, you can lodge a justified objection to the data processing.

You can withdraw your consent to the cookie settings at any time by modifying your browser settings.

More information is available about the data subject rights.

In order to be able to process your request regarding the abovementioned rights and to ensure that personal data are not disclosed to unauthorised third parties, we must ensure that you are clearly identified. Therefore, we ask you to exercise your data protection rights by using the following form.

There is also a right of appeal to the Austrian Data Protection Authority.

Appendix: Cookie list

Functional cookies (technically necessary cookies)

Name of cookie: BIGipServer~webauftritt~tu-web-https
Purpose: This cookie is used for computer load balancing tasks.
Duration of function: For the duration of the session
Access of third parties: No

Name of cookie: stickyweb
Purpose: This cookie is used for computer load balancing tasks.
Duration of function: For the duration of the session
Access of third parties: No

Name of cookie: tug_consent
Purpose: This cookie saves cookie preference.
Duration of function: six months
Access of third parties: No

Analysis cookies

Name of cookie: pk_id
Purpose: This cookie is used to record the behaviour of users on the website. Statistics on website usage are generated (e.g. time of visit).
Duration of function: thirteen months, until the withdrawal of consent
Access of third parties: No

Name of cookie: pk_ses
Purpose: This cookie is used to record the behaviour of users on the website. Statistics on website usage are generated (e.g. time of visit).
Duration of function: 30 minutes, until the withdrawal of consent
Access of third parties: No

Name of cookie: pk_ref
Purpose: This cookie records which website users used to access the current website or file.
Duration of function: six months, until the withdrawal of consent
Access of third parties: No

You can withdraw your consent at any time by deleting all or individual cookies in the browser settings.