Skip to content

Data protection and cookie declaration

The protection of your personal data is of particular concern to us at DEBRA Austria. We therefore process your data exclusively on the basis of the statutory provisions (GDPR, DSG 2018, TKG 2003). In this statement you will find general information about the processing of your personal data on our website, your rights and information about the use of cookies on our website.



1. Data processing

1.1   Processing of your data on this website

The use of our website is also only possible for informative purposes. When you call up this website, your browser automatically transmits the following data to our site provider and stores them as "server log files": IP address, time zone difference to Greenwich Mean Time (GMT), access status/HTTP status code, amount of data transferred in each case, website from which the request comes, page visited on our domain, date and time of the server request, browser type and browser version as well as browser language, operating system used, the reference address and host name of the accessing computer.

This is technically necessary in order to display our website and to ensure the stability and security of the website. The data collected is only used for statistical analysis and to improve the website. We can only link your IP address to your user data by "manual" research. We only use this in exceptional cases when we need to deny access to individual IP addresses to prevent abuse and fraud.

The legal basis for this processing is our legitimate interest (Art 6 Paragraph 1 lit f GDPR) in being able to operate our website. We store your data for this purpose for the period of your access as well as for up to 14 months beyond this period, if technically necessary.


1.2   Newsletter

On our website you have the possibility to register voluntarily for our newsletter. You can unsubscribe from our newsletter by clicking on the unsubscribe link provided in each newsletter. To register to receive the newsletter, we need your e-mail address and your declaration that you agree to receive it. You can decide to provide us with your personal data (name and address) by filling out the form completely. This data processing is carried out on the basis of your consent (Art 6 Paragraph 1 lit a GDPR). We store your data for this purpose for the duration of your consent, i.e. until any revocation.


1.3   Partner questionnaire (LimeSurvey)

For our activities we use an online questionnaire, in which we also collect your personal data, which you can request via our website. The online questionnaire is addressed to our EB-CLINET partners (clinical contacts) and serves to collect basic information about our EB-CLINET partners in order to improve our cooperation with them. This questionnaire is managed in the application "LimeSurvey". This tool as well as the questionnaire are administered and hosted by our service provider, IT Consulting Marcel Minke, Sögeler Str. 27, D-30539 Hannover, who also processes, administers and hosts your personal data on our behalf. In the questionnaire we collect the following personal data: Name, e-mail address, postal address, web address, title and profession, professional experience, your experience in the treatment of Epidermolysis Bullosa, information about services you offer and, if applicable, your subcontractors, information about your employees with the relevant experience.

We process your personal data on the basis of your consent (Art 6 Paragraph 1 lit a GDPR). We store your data for this purpose for the duration of your consent, i.e. until a possible revocation.


1.4   Google Maps

This website uses Google Maps to display interactive maps. Google Maps is a map service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. When using Google Maps, Google also collects, processes and uses data on the use of the Maps functions by visitors to the website. Further information on data processing by Google can be found in Google's data protection information at There you can also change your settings in the data protection centre so that you can manage and protect your data.


2. Data transfers

As part of the data processing activities described above, we use external service providers or contract data processors for certain activities, to whom we may share your personal data or who may have access to your personal data. We have entered into commissioned data processing contracts with our commissioned data processors under which they are obliged to process your data only in accordance with our instructions. Service providers who are not contract data processors are responsible for their own compliance with data protection laws in respect of your personal data. We have also selected both the data processors and other service providers on the basis of their reliability with regard to data protection.

The service providers and contract data processors we use include

  • the technical operator(s) of our website;
  • marketing companies who assist us in the handling of marketing campaigns, including the company responsible for handling our newsletter;
  • other technical service providers who provide us with tools and plug-ins used, in particular: Altruja GmbH, Google Inc., Google LLC, Facebook Inc. and YouTube LLC
  • under certain circumstances, external consultants such as lawyers and tax advisors, if we need to pass on your data to them in the course of providing their services.

3. Your rights

According to the GDPR, you as a data subject have the following rights:

  •  to check whether and which personal data we have stored about you and to receive copies of this data;

  • to demand the correction, completion or deletion of your personal data which is incorrect or not processed in accordance with the law;

  • require us to limit the processing of your personal data under certain conditions;

  • object to the processing of your personal data where we process it for direct marketing purposes or on the basis of our legitimate interests;
        require data transferability;

  • if we process your personal data on the basis of your consent, you may withdraw your consent at any time;

  • lodge a complaint with the Austrian data protection authority (for further information see

In order to exercise the above rights, you must contact us in person, by telephone or in writing at the (e-mail) address/telephone number listed below.


4. Contact

You can reach us at the following contact details:

Dr. Rainer Riedl, chairman and data protection officer
DEBRA Austria, Am Heumarkt 27/1, 1030 Vienna
+43 1 876 40 30,



So-called "cookies" are used on our website. In this cookie declaration we inform you which cookies are used on our website and how these cookies are used to process your personal data and other information. Further general information about the processing of your personal data on this website, including in particular your rights, can be found in the general part of the data protection declaration.


1. What are cookies?

Cookies are small text files that are stored on your end device with the help of the browser. They do not cause any damage. When using certain cookies, however, information about your device is collected, which may be able to be assigned to you, as well as any other personal information that may be read at a later date. In addition, some cookies remain stored on your device until you delete them. Cookies may originate from us and possibly also from third parties.


2. Your options when using cookies

You can configure the use of cookies in advance through the settings in your browser. In this way you can, for example, generally prohibit the setting of cookies, allow only certain cookies, limit the storage period, etc. You can find more detailed information on this in the help menu of your browser or, for common browsers, under the following links:
Internet Explorer:

You can also specifically prevent certain third-party cookies (see "Third-Party Cookies" below) by using special plug-ins; these are available as follows:
Google Analytics:
Google AdWords:!

You can also give your consent to the use of cookies via our website. You can revoke this consent at any time by deleting the cookies. How this works with your browser, you can read here for the most common browsers:
Internet Exlorer:

If you disable cookies, the functionality of our website may be limited. More details about which cookies we use on which legal basis (your consent or our legitimate interests) can be found below.


3. Processing of personal data through cookies

Cookies on our website are used to process the following information, which may be related to your person and thus represent personal data:

  • Your IP address
  • Time and duration of the visit
  • the website (URL) you are visiting and the website (URL) from which you were redirected by clicking on a link

4. Purposes and types of cookies we use

We use cookies for different purposes. These can generally be divided into three categories:

  • Necessary cookies: These are cookies that are necessary for the functioning and security of the website and your safety. These cookies are used on the basis of our legitimate interest in operating our website, as well as on the basis of the exemption provision of § 96 para. 3 sentence 3 of the Austrian Telecommunications Act 2003 for necessary cookies.
  • Analysis cookies: These are cookies that enable us to carry out statistical evaluations of how the website is used, e.g. from which page is accessed how often, which devices are used to access which page, the average duration of the visit to the website, etc. We do not process this information in any personal form, but under certain circumstances it can be assigned to you. Therefore the basis for the use of these cookies is your consent.
  • Advertising cookies, including third-party cookies: These are cookies that we use to show you advertisements in order to partially fund our website. Most of these cookies are from third parties. The basis for the use of these cookies is your consent. You can find out which third-party cookies are actually used in the section "Third party cookies".

For more detailed information about individual cookies that we use, including the default retention period, please refer to the "Cookies List" section below.


5. Third party cookies

Our website also uses the following third-party cookies for analysis and marketing purposes. The basis for the use of these cookies is your consent.


5.1   Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).  Google Analytics uses text files (cookies) which are stored on the user's computer and which enable an analysis of the use of the website by the user. The information thus generated about the use of this website (including the user's IP address) is transferred to a Google server in the USA and stored there. Further information on data use by Google Inc.: information about which cookies are used exactly for Google Analytics can be found below in the section "Cookies List" under Analysis Cookies.


5.2   Facebook

On our website, so-called social plug-ins (hereinafter "plug-ins") of the social network Facebook, which is operated by Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA, hereinafter Facebook).

The plug-ins are marked with a Facebook logo or the addition "Social Plug-In from Facebook" or "Facebook Social Plug-In". When you access the website, a direct connection is established to the Facebook servers in the USA and certain information (including your IP address) is transmitted. This process takes place regardless of whether you have an account on Facebook or are logged in or not. If you have a Facebook account and you are logged in at the time you access our website, the server can immediately assign the information accessed to your account. To prevent this, please log out from your account before visiting our website. For more information on how Facebook handles your data, please refer to the relevant privacy policy For more information about exactly which cookies are used by Facebook, please refer to the section "Cookies List" below under Advertising Cookies.

Facebook pixel: With the help of the Facebook pixel, Facebook can to determine the visitors of our online offer as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads we have placed only to those users on Facebook and within the services of the partners cooperating with Facebook (“Audience Network” who have also shown an interest in our online offer or who have specific characteristics (e.g. interest in particular topics or products that can be seen from the websites visited) that we transmit to Facebook ("Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interests of users and are not annoying. Furthermore, with the help of the Facebook pixel, we can understand the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad ("conversion measurement").

5.3.1. Facebook fan page

In this section we inform you about the type, scope and purpose of the processing of personal data of all visitors to our Facebook fan page (hereinafter referred to as “fan page”).

The purpose of the fan page is to provide information about our projects as well as information about us and our activities, and to gain new interested parties and supporters. Facebook users can also contact us via the fan page.

To operate this fan page, we have entered into a shared responsibility agreement with Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) - hereinafter referred to as "Facebook" - pursuant to Article 26 of the General Data Protection Regulation (GDPR). This means that, in principle, we are jointly responsible with Facebook for the data processing within the framework of the fan page. The exact division of responsibilities can be read here, but Facebook is primarily responsible for the processing. Facebook's privacy policy and additional information can be found at the following locations and

To exercise your rights under the GDPR against Facebook, you can contact Facebook's Data Protection Officer at and adjust your Facebook profile. Here are the instructions for doing so:

In our communication and depending on the individual privacy setting, we can see via Facebook who has liked our posts, who has subscribed to our messages and who has left a comment on our Facebook fan page. The legal basis for this is our legitimate interest according to Art. 6 para. 1 lit. f GDPR: The Facebook fan page is, as a globally relevant platform, essential for us in our public relations work to get in touch with interested parties, to provide information about us and to attract new supporters and interested parties. An objection to this data processing is possible at any time through appropriate privacy settings.

Facebook also provides statistical data about the visitors to our fan page via the "Insights" function. This data helps us to evaluate our presence on the fan page and to respond more specifically to the needs of our fan page visitors. However, we only receive anonymized data from Facebook (without personal reference) and can analyze it by setting filters. The "Insights" function cannot be turned off, we could only act on this processing by setting filters. Unlike our processing, Facebook processes personal data and uses it for market research and marketing purposes. Facebook can display ads tailored precisely to the individual user profile. Information on this can be found at

Again, the legal basis for our use of the "Insights" function is our legitimate interest according to Art. 6 para. 1lit. f GDPR: The function enables us to address our fanpage visitors in a more targeted manner to advertise the effort of our outreach and thus communicate with less wastage. We can also improve our fan page presence with this analysis option. An objection to this data processing is possible with Facebook.

Calling up Facebook or using a corresponding account leads to a data transfer to the USA. The use of Facebook is inextricably linked to this data transfer, which we cannot influence. This is why a corresponding use also constitutes express consent pursuant to Article 49 para 1 lit a GDPR to this data transfer. According to current EU law, there is no adequacy decision and no guarantees for this data transfer. Therefore, it comes with risks: U.S. security laws grant competent authorities broad powers to access personal data, and European citizens cannot obtain sufficient legal protection and control over their personal data in U.S. courts. Please consider this risk when using Facebook.

5.3.2 Facebook Ads

We run ads through Facebook to draw attention to our work. This allows us to design the ad and determine, based on predefined characteristics (for example, age groups, geographic specifications, demographic characteristics), for which target group an ad is placed and through which META Group channel (Instagram, Messenger, WhatsApp, Facebook) or Audience Network (websites with a contract with Facebook) it is delivered. The design of the target group is anonymized.

With the advertisements, our stakeholders have the opportunity to register with their name, e-mail address and phone number, in case they want to learn more about our activities. We also process this data electronically and by telephone for fundraising purposes (donation communication). Facebook processes this data in accordance with its data policy ( This includes the pre-filling of instant forms that users complete.

After our interested parties have filled out the ad, Facebook forwards their data to us. Facebook supplements this with information about our campaign: the campaign name, the identification of the form used, the platform on which the ad was placed, the name of the ad, the identification of the ad, and the date and time when the data was submitted were transmitted.

In the course of placing the ads, Facebook and we act as joint controllers within the meaning of Art. 26 GPDR. We have concluded a corresponding agreement. The relevant contents can be read at All information is pursuant to Article 13 para. 1 lit. a) and b) GDPR about Facebook's data processing activities can be found at . With the help of these links, all information can also be found on how those affected can exercise their rights against Facebook.
Please note the data policy and the data protection declaration of Facebook as well as our information on the Facebook fan page.
The legal basis for processing the data is the consent of the Facebook users in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke this at any time and have your data deleted by us. Please note that your revocation does not affect the legality of the processing carried out based on the consent up to the time of revocation.


5.3   YouTube

Videos from the YouTube service are embedded on our website. These videos are provided by YouTube LLC (901 Cherry Ave., San Bruno, CA 94066, USA) and are stored on and can be played directly from our website. They are all embedded in "enhanced privacy mode", which means that no information about you as a user will be transferred to YouTube if you do not play the videos. Only when you play the videos will the data mentioned below be transmitted. We have no influence on this data transfer.

When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website, as well as your system data (IP address, page visited on our domain, date and time of the server request, browser type and version, operating system used, the reference -Address and host name of the accessing computer.)

This happens regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not want your profile to be associated with YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation is carried out in particular (even for users who are not logged in) for the purpose of providing advertising tailored to your needs and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact YouTube in order to exercise this right.

Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: For more information about exactly which cookies are used by YouTube, please refer to the section "Cookie List" below under Advertising Cookies.

6. Cookie list

6.1   Necessary cookies

Designation Purpose and description Duration of storage

• CookieConsent

• cookiesAccepted

These cookies store the user's decision to consent or not to use the other cookies and are also used to determine the display of the cookie pop-up. 1 year


• sicherhelfen_session

These are security cookies that are used to prevent attacks on our website through the transmission of unauthorised commands by a mala fide third party via a bona fide user (cross-site request forgery). These cookies are necessary for the security of the website as well as for your safety. 1 day
PHPSESSID This cookie is used to manage the PHP session. It allocates the user's actions on the website to the correct package of information and executes the respective services appropriately. Duration of the visit

• altrj

• altrujalogin

These cookies enable the user to log in for fundraising campaigns. They also enable the log-in to be saved, i.e. the login access is stable and accessible.

• 2 years

• 29 days

6.2    Analysis Cookies

Designation Purpose and description Duration of storage
• _ga
• _gat
• _gid
These are "Google Analytics" cookies, which are used to collect statistical data on the use of the website, to differentiate between users and reduce the frequency of access. For more details about Google Analytics, please see the "Google Analytics" section under "Third Party Cookies" above. • 2 years
• 1 day
• 1 day
collect This cookie is used by Google for Google Analytics to transmit data about the user's device and use of the website to Google, and to track the user through various devices and marketing channels.  For more details about Google Analytics, please see the "Google Analytics" section under "Third Party Cookies" above. Duration of the visit
_dc_gtm_UA-28477870-1 This cookie is used by Google to control the loading of the Google Analytics script tag and is placed when Google Analytics cookies are included via the Google Tag Manager. 1 day

6.3    Advertising cookies

Designation Purpose and Description Duration of storage
• _fbp
• fr
• tr
These cookies are used by Facebook to display advertising from third-party advertisers (such as real time bidding) or other advertising products. • 3 months
• 3 months
• Duration of the visit
ads/ga-audiences This cookie is used by Google AdWords to address users who may become customers based on their behaviour on the Internet. For more details about Google AdWords, see the "Google Analytics" section under "Third party cookies" above. Duration of the visit
GPS This cookie is used by YouTube to assign a specific ID number to a device to enable geographical tracking using GPS. 1 day
IDE This cookie is used by Google DoubleClick to record the actions of the user after viewing (clicking) an advertisement in order to measure the effectiveness of an advertisement. 1 year
test_cookie This cookie is used to check whether the user's browser allows cookies. 1 day
VISITOR_INFO1_LIVE This cookie is used by YouTube to estimate the bandwidth available to the user on pages with integrated YouTube videos. 179 days
YSC This cookie is used by YouTube to assign a specific ID number to the user in order to statistically record which YouTube videos the user has already viewed. Duration of the visit

• yt-remote-cast-installed


• yt-remote-connected-devices

• yt-remote-device-id

• yt-remote-fast-check-period

• yt-remote-session-app


• yt-remote-session-name

• yt.innertube::requests

• yt.innertube::nextId

These cookies are used by YouTube to store a user's preferred settings when using embedded YouTube videos.

• Duration of the visit

• permanent


• permanent

• Duration of the visit

• Duration of the visit

• Duration of the visit

• Duration of the visit

• Duration of the visit

Last updated in June 2021

Back to main navigation