AUSSDA Privacy Policy

AUSSDA - The Austrian Social Science Data Archive (hereafter referred to as ‘AUSSDA’) attaches great importance to the protection of your personal data. In this Privacy policy, we explain what information we process when using the AUSSDA websites, for which purposes we use them, and how we handle these data.

Please take note that this Privacy policy shall apply when using our websites and the AUSSDA Dataverse. The processing of personal data in the AUSSDA Dataverse is accepted by clicking the pertinent box when logging in for the first time or when downloading an open access file.

This website may include links to other websites or applications and/or software of third parties. We shall not be responsible for the data protection procedures of third parties.

1. Controller and scope of application

Controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states, as well as other data protection regulations:

University of Vienna
Universitätsring 1
1010 Vienna, Austria
E-mail: dsba@univie.ac.at
Website: univie.ac.at

This Privacy policy shall apply to the AUSSDA Internet service, which is accessible under the domain aussda.at, as well as several sub-domains, at present aussda.at, finddata.aussda.at and data.aussda.at (hereafter referred to as ‘our websites’), as well as to the data repository, the AUSSDA Dataverse, that is accessible on the website data.aussda.at (hereafter referred to as ‘AUSSDA Dataverse’).

2. Data protection officer and contact points

External data protection officers of the University:
Dr Daniel Stanonik LL.M, and KINAST Rechtsanwaltsgesellschaft mbH, represented by Dr Karsten Kinast LL.M, who act as proxies for each other.
Should legal claims of data subjects within the meaning of Section 7 of this Privacy policy be established, any requests or applications shall be sent by e-mail to dsba@univie.ac.at, or by postal mail to:

University of Vienna
c/o Datenschutzbeauftragter der Universität Wien
Universitätsring 1
1010 Vienna, Austria.

3. Definitions

a. Personal data

The term ‘personal data’ refers to individual information on the personal or material situation of an identified or identifiable natural person (data subject). This includes, for instance, information such as your name, address, phone number, date of birth or e-mail address. Information that cannot be linked to your person (or not without a disproportionate effort), e.g. anonymised information, is not regarded as personal data.

b. Dataverse

The term ‘Dataverse’ refers to the digital repository or digital archive maintained by AUSSDA. It is the software that is used for data storage and data sharing. The term ‘dataverse’ also refers to a collection of data. The AUSSDA Dataverse represents an open access collection of data, which in turn contains several data collections. The term ‘collection’ refers to a volume of data that have been compiled under one name – i.e. the name of the collection.

c. User

The term ‘user’ refers to any person who uses the services provided by AUSSDA.

d. Administrator, dataset manager and dataset curator

The term ‘administrator’ refers to users who have created a dataverse, control a dataverse or are the main organisers of a dataverse. Administrators can also be curators or managers of a dataverse. Dataset managers and dataset curators are users who can modify the properties or contents of data or dataverses. This includes organising, designing the layout, modifying contents, editing or other forms of changing the status of data or dataverses.

4. General information on data processing

a. Scope

We collect and use our users’ personal data only to the extent that is necessary for the provision of functioning websites, including contents and services. We use your personal data for the purpose of providing information, the products we offer and requested services, and of answering your questions, as well as operating and improving our websites and applications.
Any collection and use of personal data of our users is based on the applicable legislation within the meaning of the GDPR, e.g. subject to consent on the part of the users. For further details on individual processing acts please consult section 5 of this Privacy policy, under the specific processing act.
We do not use your personal data in any other way. We do not transfer your personal data to third parties or use them for advertising purposes without your consent, with the exception of the cases listed below, provided that we are not obliged by law to disclose data.

b. Legal basis

Whenever we ask a data subject to give consent to the processing of their personal data, the legal basis for the processing of personal data shall be Art. 6, para. 1 sub. a of the General Data Protection Regulation of the European Union (GDPR). In the event of processing personal data for the performance of a contract to which the data subject is party, Art. 6, para. 1, sub. b of the GDPR shall be the legal basis. This shall also apply to processing acts that are necessary steps taken prior to entering into a contract. To the extent that the processing of personal data is necessary for compliance with a legal obligation to which the University of Vienna is subject, Art. 6, para. 1, sub. c of the GDPR shall be the legal basis.
Should the processing be necessary in order to protect the legitimate interests of the University of Vienna or a third party and provided that the interests and fundamental rights and freedoms of the data subject do not override the interests of the former, Art. 6, para. 1 sub. f of the GDPR shall be the legal basis for processing.

c. Deletion of data and duration of storage

The personal data of the data subject shall be deleted or blocked as soon as the reason for data storage ceases to exist. Data can, in addition, be stored whenever this is provided for by the European or national legislator in Union regulations, laws or other legislation to which the controller is subject. Data shall also be blocked or deleted whenever a storage period laid down in one of the aforementioned norms has expired, unless the further storage of the data is required for the entering or performance of a contract.

5. Individual processing acts

a. Dataverse user account registration

If you sign up for an AUSSDA Dataverse account, we store your name, e-mail address and information about the affiliated institution, e.g. name of the research institution or university at which you work or of which you are a member. This is necessary for the creation of a Dataverse account. If you voluntarily enter additional account information we will also store this information.

b. Newsletter

On our website, we offer a free newsletter service to which you can subscribe. In the event of subscribing to the newsletter, the data from the subscription form are sent to us. In order to subscribe to our e-mail newsletter service, we need your consent and, at least, your e-mail address to which the newsletter is to be sent. Any further data are provided voluntarily and will be used in order to address you personally, to personalise the content of the newsletter, and for possible enquiries concerning the e-mail address. You can freely decide whether to communicate these data to us.

In order to offer the newsletter service, the following data are collected upon each subscription and deleted after 30 days:
• IP address of the accessing computer
• date and time of access
• name and URL of the accessed file
• amount of transferred data
• notification whether access was successful
• data identifying the accessing browser and the operating system
• the web page from which the access has taken place.

In accordance with Art. 6, para. 1, sub. a of the GDPR, the processing of personal data is based on the following declaration of consent:
I consent to the collection, storage and processing of the personal data I have disclosed, by AUSSDA, for the purpose of sending newsletters. My data will be deleted as soon as the purpose of processing has been achieved and provided that no other storage period is required by law. I hereby declare that I have given this declaration of consent voluntarily. I have been informed that I can withdraw this consent informally at any time, with future effect, without any negative consequences to myself. I can send this withdrawal of consent to info@aussda.at. In the event of my withdrawal AUSSDA, as well as any processor, will delete my data.

For subscriptions to the newsletter, we use a ‘double-opt-in’ procedure – i.e. we will only send you the newsletter after you have confirmed your subscription by clicking a link in a confirmation e-mail that we have sent you for this purpose. In this way, we want to make sure that only you, as the owner of the e-mail address provided, can subscribe to the newsletter. You need to send your confirmation shortly after you have received the confirmation e-mail, as otherwise your subscription to the newsletter will automatically be deleted from our database.

We collect the user’s e-mail address for the purpose of sending the respective newsletter. When subscribing to the respective newsletter, we may use your e-mail address for our own (advertising) purposes until you unsubscribe from the newsletter, provided that the theme of the said advertising is similar to the content of the newsletter, The collection of any other personal data in the context of the subscription process serves the purpose of preventing any abuse of the services or the e-mail address used.

These data shall be deleted as soon as they are no longer necessary for fulfilling the purpose for which they have been collected. The user’s e-mail address will thus be stored for as long as the user’s subscription to the respective newsletter is active.

In the context of data processing for the purpose of sending newsletters, no data will be transferred to third parties. The data will exclusively be used for sending the respective newsletter.

c. Access to the AUSSDA Dataverse

When accessing the AUSSDA Dataverse, our web server generates log files that include the IP address of your computer. These web server logs are stored temporarily and are deleted at regular intervals. Whenever you download data from the AUSSDA Dataverse, our software will collect data of your user account, such as your name, user name, e-mail address, institution and position if indicated (or, in the case of guest users, the session ID), as well as data related to the download, such as the time of download. This information will then be accessible to Dataverse administrators, dataset managers and dataset curators of the file in question.

Art. 6, para. 1 sub. f of the GDPR shall be the legal basis for this processing of personal data. AUSSDA has a legitimate interest in being able to provide an improved service by being able to track downloads using log files, and in the event of abuse, users can thus be identified, and if necessary, their access to the Dataverse can be blocked.

d. Cookies

We use cookies in order to enhance the functions of our services. In addition, we use cookies in order to record and analyse access by visitors. A cookie is a text file that your browser stores on your computer. The purpose of cookies is to remember your browser when you visit our website and in the event of repeated visits. A cookie contains a characteristic string of characters that enables the definite identification of the browser when the website is visited again, so that, for instance, you don’t need to log in again when you visit the site repeatedly. You can prevent the storage of cookies by setting your browser preferences accordingly, and you can delete existing cookies at any time. However, if you completely deactivate the use of cookies this can limit the functions of our service.

Art. 6, para. 1 sub. f of the GDPR shall be the legal basis for processing personal data using cookies. AUSSDA has a legitimate interest in being able to offer enhanced functions by using cookies.

e. Piwik PRO

The AUSSDA websites (aussda.at and its sub-domains) use the Piwik PRO web analytics service in order to collect and analyse access by visitors, and to collect data about the way in which our users use the AUSSDA website and the AUSSDA Dataverse. This helps improve functionalities and enables the compilation of aggregate reports on the frequency and extent of use. In this context, cookies are stored on your computer. This information on your use is stored within Europe and will not be transferred to third parties but shall only serve the purpose of optimising our websites and our services for users, as well as of generating aggregated data on use.
You can refuse this collection and storage of data at any time, with future effect (Piwik opt-out) by following the instructions below. We comply with the do-not-track settings in browsers. Below, you can see whether Piwik PRO collects your data. You can activate or deactivate the collection of data on your visits by Piwik PRO..

f. Social plug-ins

Our websites contain social plug-ins of the social networks Twitter (Twitter, Inc., 1355 Market St., Suite 900, San Francisco, California 94043, USA) and YouTube (Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA). Through these plug-ins, personal data on visitors of the websites may potentially be collected, communicated to the service in question and linked with the service of the said visitor.

g. Security

We commit to treating your personal data as confidential. In order to prevent any manipulation, loss or abuse of the data we have stored, we implement comprehensive technical and organisational security measures that are reviewed regularly and adapted to the latest technological developments. Please note, however, that due to the structure of the Internet it is possible that the data protection rules and the aforementioned security measures are not being complied with by other persons or institutions outside our area of responsibility. In particular, non-encrypted data that have been transferred – e.g. in the case of communication by e-mail – can be read by third parties. This is beyond our technical control. The users shall be responsible for securing the data they have provided, by means of encryption or other forms of protection against abuse.

The AUSSDA Dataverse website also takes security measures in order to protect information in our possession against loss, abuse or alteration.

6. Communication of data to third parties

With the exception of the data collection through Piwik PRO (processing the IP address of the accessing computer), we do not share any personal data that we have gathered or developed about our users for any purpose whatsoever except in the event of an obligation to disclose the said information based on a court ruling, order of a public authority or an act of law.

7. Information obligations, rights of data subjects and right to lodge a complaint

In accordance with Articles 13 and 14 of the GDPR, you have the right to be informed about the processing of your data. This includes information on the purpose of the data processing, the period of storage, as well as the contact details of the controller and the processing body. In addition, you must be informed about your rights as a data subject.

In accordance with Article 15 of the GDPR, you have the right of access to and information on the personal data we have processed. In accordance with Article 16 of the GDPR, you have the right to demand, without undue delay, the rectification of any inaccurate personal data we have stored and the completion of any incomplete data. In accordance with Article 17 of the GDPR, you have the right to demand the deletion of personal data we have stored, provided that processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims. In accordance with Article 18 of the GDPR, you have the right to demand the restriction of processing of your personal data, provided that you contest the accuracy of the personal data, that the processing is unlawful, that we no longer need the data but you oppose their deletion because you require them for the assertion, exercise or defence of legal claims. You shall also have the said right in accordance with Article 18 of the GDPR in the event that you object to processing in accordance with Article 21 of the GDPR. In accordance with Article 20 of the GDPR, you have the right to receive the personal data you have provided, in a structured, commonly used and machine-readable format or the right to have the said data transmitted directly to another controller. In accordance with Article 7, para. 3 of the GDPR, you have the right to withdraw the consent that you have given at any time. As a result, we will no longer be entitled to process data based on the said consent in the future.

In accordance with Article 77 of the GDPR you have the right to lodge a complaint with a supervisory authority. In Austria, this is the data protection authority: Datenschutzbehörde, Barichgasse 40–42, 1030 Vienna, Austria; tel. +43 1 52 152-0, e-mail: dsb@dsb.gv.at, website: dsb.gv.at.

8. Amendments to this Privacy policy

As amendments to the current legislation or changes of our internal procedures may make it necessary to amend this Privacy policy, we ask you to consult this Privacy policy regularly. This Privacy policy is available at https://aussda.at/en/privacy-policy/ for download and printing at any time. AUSSDA has the right to amend this Privacy policy at any time at its sole discretion. Please do not hesitate to contact us in the case of further questions in regard of this Privacy policy, the procedures on the AUSSDA Dataverse website or your use of the said website, by sending an e-mail to info@aussda.at.

Latest amendment to this Privacy policy: 19 March 2019.

Note: This document is a translation of the German version of the document (“Datenschutzerklärung”). In the event of any deviations resulting from the translation, the formulation set forth in the German version shall prevail.