Privacy  

Privacy - General

Name and Contact Details of Maintenance Responsible Organs
Gesellschaft zur Förderung von Alternativen Biomodellen (The 3R Society)
Postfach 0014 
A-8036 Graz

Executive/representative body:
Mag. Dr. Birgit Reininger-Gutmann chairman@reprefred.eu

Data processing / data processing purposes

Preparation and publication of photos/film clips

Description:
The responsible person creates photos/film recordings of members or other participants at various events.
Consent to the creation and subsequent publication of the photos/film recordings (website, print media, member information, newsletter, social media) is obtained from all persons concerned before or during the event, whereby the type of publication is described in detail. If there are persons in a photo who have not consented to the creation or publication of the photo, the photo will be deleted immediately.
When consent is obtained, the persons concerned are also informed that they can revoke their consent at any time with effect for the future. They can also withdraw their consent for individual aspects of the publication (e.g. objection to the publication of photos in social media, but not for photos used in print media or newsletters).
If consent is revoked, the photo will be removed from the desired platforms or completely.

Sensitive data according to DSGVO Art. 9? No

Data protection impact assessment carried out? No
Since no high risks to the rights and freedoms of data subjects.

Legal basis

• Agreement (Art. 6 Abs. 1 lit. a)

Categories of data subjects

• Persons who can be seen on photos/film clips

Categories of data processed

• photos/film clips
• first name (if applicable)
• last name (if applicable)
• event location
• time of the event
• type of event

Categories of recipients to whom personal data are disclosed

• social media
• recipients of association information

Accounting

Description:
Accounting for the purpose of recording business transactions in order to meet the requirements of §§ 20ff VerG (§21 Income and Expenditure Statement, Balance Sheet, §22 Annual Financial Statements - Balance Sheet, Profit and Loss Account).
Keeping all aspects of the bookkeeping in Excel format and with our own accounting software. The accounting data as well as all related vouchers (e.g. vouchers for expenditure, vouchers for membership fees = income, etc.) are kept either electronically or physically for 7 years.
Depending on the voucher, the data categories listed below are included in full or in part.

Sensitive data according to DSGVO Art. 9? No

Data protection impact assessment carried out? No
Exempted from the data protection impact assessment under the DSFA exemption regulation (DSFA-A01)

Legal basis

• Necessary for the performance of the contract (Art. 6 Abs. 1 lit. b)
• Required to fulfil a legal obligation to which the responsible person is subject (Art. 6 Abs. 1 Lit c)

Categories of data subjects

• Members
• Administrators
• Sponsors, business partners (contact persons)

Categories of data processed

• First name
• Last name
• Street (business or private)
• Postcode (business or private)
• Place (business or private)
• Gender
• Document data (amount of the invoice, invoice object, etc.)

Categories of recipients to whom personal data are disclosed

• Auditor
• Authorities
• Courts
• Legal representative
• Tax consultant

Organizational actions

• Container with accounting documents locked

Information mails / mailings

Description:
Members of the association Gesellschaft zur Förderung von Alternativen Biomodellen (The RepRefRed Society) receive regular information e-mails and/or mailings. This is not advertising, but rather current association or group information, e.g. on future meetings, events and notifications concerning the 3Rs, such as new scientific findings.
The basis for the mailing is either the contractual relationship with members or, in the case of mere participants, the (verbal or written) consent to be informed of news via the (email) address provided. In addition, it is in the legitimate interest of the person responsible to ensure that the address data records are passed on to the print shop where the order is processed by informing the printing company.
In the case of electronic deliveries, the e-mail addresses are passed on to the order processing company for newsletter dispatch if necessary.
Members or participants to ensure an active association life through meetings and events.

Sensitive data according to DSGVO Art. 9? No

Data protection impact assessment carried out? No
Excluded from the data protection impact assessment in accordance with the DSFA exception regulation (DSFA-A03 or DSFA-A04)

Order Processor

• Order processing print shop
• Order processor newsletter dispatch

Legal basis

• Agreement (Art. 6 Abs. 1 lit. a)
• Necessary for the performance of the contract (Art. 6 Abs. 1 lit. b)
• Processing is necessary to protect the legitimate interests of the controller or of a third party and the interests or fundamental rights and freedoms of the data subject which require the protection of personal data do not prevail (Art. 6 Abs. 1 lit. f)

Categories of data subjects

• Members
• Participants
• other prospective clients

Categories of data processed

• Title
• First name
• Last name
• E-mail address
• Street
• Postcode
• Place

Member and participant administration

Description:
The person responsible keeps a register of members and participants.
Ordinary members are recorded with all contact data, about mere participants in events only first and last names and, if applicable, contact data such as telephone number, e-mail address or residential address (depending on the individual case and the wishes of participants ) are stored.
The basis for the data processing is either the existing membership relationship (contract), the consent of the person concerned, the legitimate interests of the person responsible for the purposeful organization of the association. With regard to special categories of data, the legal basis is the express consent of the data subject or the processing of special categories of data without the intention of making a profit in accordance with Art. 9 Abs. 2 lit. d DSGVO.
The member or participant directory is managed via an Excel list and cloud software. (The data is stored on the server of the order processor member software)

Sensitive data according to DSGVO Art. 9? No

Data protection impact assessment carried out? No
Excluded from the data protection impact assessment in accordance with the DSFA exception regulation (DSFA-A03).

Order Processor

• Order Processor Member Software / Cloud

Legal basis

• Agreement (Art. 6 Abs. 1 lit. a) & (Art. 9 Abs. 2 lit. a)
• Necessary for the performance of the contract (Art. 6 Abs. 1 lit. b)
• Processing is necessary to protect the legitimate interests of the controller or of a third party and the interests or fundamental rights and freedoms of the data subject which require the protection of personal data do not prevail (Art. 6 Abs. 1 lit. f)
• Processing by non-profit making organisations in the course of their legitimate activities (Art. 9 Abs. 2 lit. d)

Categories of data subjects

• Members
• Participants

Categories of data processed

• Gender
• Title
• First name
• Last name
• Street
• Postcode
• Place
• E-mail address
• Telephone number
• Institution
• Position
• Type of membership

Organizational measures

• Access restriction (only a restricted group of persons (association board and administrative staff/speakers of the association) has the authorization to access the member/participant database.

Privacy - Website

Cookies
Our website does not use cookies by default because we accept your privacy in order to make our offer more user-friendly and effective.
We use both YouTube and Vimeo to embed videos. Before playing a video, we ask whether you want it to be integrated and point out that cookies are set by the respective provider when the video is played.
YouTube: Our website uses the provider YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA for the integration of videos. Normally, when you call up a page with embedded videos, your IP address is sent to YouTube and cookies are stored on your computer. We have integrated our YouTube videos with the extended data protection mode. YouTube videos are only loaded after you have accepted data protection information. Furthermore, YouTube videos are requested in a data protection-compliant mode. Nevertheless, some cookies are still stored by Google when playing videos. For more information, see YouTube's privacy policy at https://policies.google.com/privacy.
Vimeo: Our website uses the provider Vimeo.com, Inc., New York, USA for the integration of videos. Normally, when you call up a page with embedded videos, your IP address is sent to Vimeo and cookies are stored on your computer. We have integrated our Vimeo videos with the extended data protection mode. Vimeo videos are only loaded after you have accepted a data protection information. When playing videos, some cookies are stored by Vimeo. For more information, see Vimeo's privacy policy at https://vimeo.com/privacy.

Server-Log-Files
To optimize this website in terms of system performance, user-friendliness and the provision of useful information about our services, the provider of the website (EDIS GmbH, Hauptplatz 3, 8010 Graz) automatically collects and stores information in so-called server log files, which your browser automatically transmitted to us. This includes your internet protocol address (IP address), browser and language settings, operating system, referrer URL, your internet service provider and date/time. The location of our server is Graz/Austria.
A combination of this data with personal data sources is not carried out. We reserve the right to subsequently check this data if we become aware of specific indications of illegal use.

Contact form - storage of personal data
Personal data that you transmit to us electronically on this website, such as name, e-mail address, address or other personal information when submitting the contact form, will be processed into an e-mail to us and used for the purpose of establishing contact, kept safe and not passed on to third parties.
We therefore only use your personal data for communication with those visitors who expressly request contact and for the processing of the services offered on this website. We do not pass on your personal data without your consent, but we cannot rule out that this data will be viewed in the event of illegal behavior.
If you send us personal data by e-mail - thus off this website - we cannot guarantee secure transmission and the protection of your data. We recommend that you never send confidential data by e-mail without encryption.

Social Media Links
We integrate external links to social media services on our website to display pictures, videos and text.
When you visit these external pages that display these elements, data is transferred from your browser to the respective social media service and stored there. We have no access to this data.
The following links will take you to the pages of the respective social media services, where it is explained how they handle your data:

• Instagram Privacy Policy: https://help.instagram.com/519522125107875
• Facebook Privacy Policy: https://www.facebook.com/about/privacy
• Twitter Privacy Policy: https://twitter.com/de/privacy
• Linkedin Privacy Policy: https://www.linkedin.com/

Rights under the basic data protection regulation
According to the provisions of the DSGVO and the Austrian Data Protection Act (DSG), you are basically entitled to the following rights:

• Right of rectification (Article 16 DSGVO) Right of deletion ("right to be forgotten") (Article 17 DSGVO)
• Right to restrict processing (Article 18 DSGVO)
• Right of notification - obligation to notify in connection with the rectification or erasure of personal data or the restriction of processing (Article 19 DPA)
• Right to data transferability (Article 20 DSGVO)

 

Right of objection (Article 21 DSGVO)
If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been violated in any way, you may contact us or you can complain to the supervisory authority, which in Austria is the data protection authority, whose website you can find at https://www.dsb.gv.at/.