Data protection and cookie declaration
I. DATA PROTECTION DECLARATION
1. Data processing
1.1 Processing of your data on this website
The use of our website is also only possible for informative purposes. When you call up this website, your browser automatically transmits the following data to our site provider and stores them as "server log files": IP address, time zone difference to Greenwich Mean Time (GMT), access status/HTTP status code, amount of data transferred in each case, website from which the request comes, page visited on our domain, date and time of the server request, browser type and browser version as well as browser language, operating system used, the reference address and host name of the accessing computer.
This is technically necessary in order to display our website and to ensure the stability and security of the website. The data collected is only used for statistical analysis and to improve the website. We can only link your IP address to your user data by "manual" research. We only use this in exceptional cases when we need to deny access to individual IP addresses to prevent abuse and fraud.
The legal basis for this processing is our legitimate interest (Art 6 Paragraph 1 lit f GDPR) in being able to operate our website. We store your data for this purpose for the period of your access as well as for up to 14 months beyond this period, if technically necessary.
On our website you have the possibility to register voluntarily for our newsletter. You can unsubscribe from our newsletter by clicking on the unsubscribe link provided in each newsletter. To register to receive the newsletter, we need your e-mail address and your declaration that you agree to receive it. You can decide to provide us with your personal data (name and address) by filling out the form completely. This data processing is carried out on the basis of your consent (Art 6 Paragraph 1 lit a GDPR). We store your data for this purpose for the duration of your consent, i.e. until any revocation.
1.3 Partner questionnaire (LimeSurvey)
For our activities we use an online questionnaire, in which we also collect your personal data, which you can request via our website. The online questionnaire is addressed to our EB-CLINET partners (clinical contacts) and serves to collect basic information about our EB-CLINET partners in order to improve our cooperation with them. This questionnaire is managed in the application "LimeSurvey". This tool as well as the questionnaire are administered and hosted by our service provider, IT Consulting Marcel Minke, Sögeler Str. 27, D-30539 Hannover, who also processes, administers and hosts your personal data on our behalf. In the questionnaire we collect the following personal data: Name, e-mail address, postal address, web address, title and profession, professional experience, your experience in the treatment of Epidermolysis Bullosa, information about services you offer and, if applicable, your subcontractors, information about your employees with the relevant experience.
We process your personal data on the basis of your consent (Art 6 Paragraph 1 lit a GDPR). We store your data for this purpose for the duration of your consent, i.e. until a possible revocation.
1.4 Google Maps
This website uses Google Maps to display interactive maps. Google Maps is a map service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. When using Google Maps, Google also collects, processes and uses data on the use of the Maps functions by visitors to the website. Further information on data processing by Google can be found in Google's data protection information at https://policies.google.com/privacy?hl=en. There you can also change your settings in the data protection centre so that you can manage and protect your data.
2. Data transfers
As part of the data processing activities described above, we use external service providers or contract data processors for certain activities, to whom we may share your personal data or who may have access to your personal data. We have entered into commissioned data processing contracts with our commissioned data processors under which they are obliged to process your data only in accordance with our instructions. Service providers who are not contract data processors are responsible for their own compliance with data protection laws in respect of your personal data. We have also selected both the data processors and other service providers on the basis of their reliability with regard to data protection.
The service providers and contract data processors we use include
- the technical operator(s) of our website;
- marketing companies who assist us in the handling of marketing campaigns, including the company responsible for handling our newsletter;
- other technical service providers who provide us with tools and plug-ins used, in particular: Altruja GmbH, Google Inc., Google LLC, Facebook Inc. and YouTube LLC
- under certain circumstances, external consultants such as lawyers and tax advisors, if we need to pass on your data to them in the course of providing their services.
3. Your rights
According to the GDPR, you as a data subject have the following rights:
to check whether and which personal data we have stored about you and to receive copies of this data;
to demand the correction, completion or deletion of your personal data which is incorrect or not processed in accordance with the law;
require us to limit the processing of your personal data under certain conditions;
object to the processing of your personal data where we process it for direct marketing purposes or on the basis of our legitimate interests;
require data transferability;
if we process your personal data on the basis of your consent, you may withdraw your consent at any time;
lodge a complaint with the Austrian data protection authority (for further information see www.dsb.gv.at).
In order to exercise the above rights, you must contact us in person, by telephone or in writing at the (e-mail) address/telephone number listed below.
You can reach us at the following contact details:
Dr. Rainer Riedl, chairman and data protection officer
DEBRA Austria, Am Heumarkt 27/1, 1030 Vienna
+43 1 876 40 30, firstname.lastname@example.org
II. COOKIE DECLARATION
So-called "cookies" are used on our website. In this cookie declaration we inform you which cookies are used on our website and how these cookies are used to process your personal data and other information. Further general information about the processing of your personal data on this website, including in particular your rights, can be found in the general part of the data protection declaration.
1. What are cookies?
Cookies are small text files that are stored on your end device with the help of the browser. They do not cause any damage. When using certain cookies, however, information about your device is collected, which may be able to be assigned to you, as well as any other personal information that may be read at a later date. In addition, some cookies remain stored on your device until you delete them. Cookies may originate from us and possibly also from third parties.
2. Your options when using cookies
Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
You can also specifically prevent certain third-party cookies (see "Third-Party Cookies" below) by using special plug-ins; these are available as follows:
Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=en
Google AdWords: http://optout.networkadvertising.org/?c=1#!
Internet Exlorer: https://support.microsoft.com/de-at/help/278835/how-to-delete-cookie-files-in-internet-explorer
If you disable cookies, the functionality of our website may be limited. More details about which cookies we use on which legal basis (your consent or our legitimate interests) can be found below.
3. Processing of personal data through cookies
Cookies on our website are used to process the following information, which may be related to your person and thus represent personal data:
- Your IP address
- Time and duration of the visit
- the website (URL) you are visiting and the website (URL) from which you were redirected by clicking on a link
4. Purposes and types of cookies we use
- Necessary cookies: These are cookies that are necessary for the functioning and security of the website and your safety. These cookies are used on the basis of our legitimate interest in operating our website, as well as on the basis of the exemption provision of § 96 para. 3 sentence 3 of the Austrian Telecommunications Act 2003 for necessary cookies.
- Analysis cookies: These are cookies that enable us to carry out statistical evaluations of how the website is used, e.g. from which page is accessed how often, which devices are used to access which page, the average duration of the visit to the website, etc. We do not process this information in any personal form, but under certain circumstances it can be assigned to you. Therefore the basis for the use of these cookies is your consent.
- Advertising cookies, including third-party cookies: These are cookies that we use to show you advertisements in order to partially fund our website. Most of these cookies are from third parties. The basis for the use of these cookies is your consent. You can find out which third-party cookies are actually used in the section "Third party cookies".
For more detailed information about individual cookies that we use, including the default retention period, please refer to the "Cookies List" section below.
5. Third party cookies
Our website also uses the following third-party cookies for analysis and marketing purposes. The basis for the use of these cookies is your consent.
5.1 Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Analytics uses text files (cookies) which are stored on the user's computer and which enable an analysis of the use of the website by the user. The information thus generated about the use of this website (including the user's IP address) is transferred to a Google server in the USA and stored there. Further information on data use by Google Inc.: https://support.google.com/analytics/answer/6004245?hl-en.Further information about which cookies are used exactly for Google Analytics can be found below in the section "Cookies List" under Analysis Cookies.
On our website, so-called social plug-ins (hereinafter "plug-ins") of the social network Facebook, which is operated by Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA, hereinafter Facebook).
Facebook pixel: With the help of the Facebook pixel, Facebook can to determine the visitors of our online offer as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads we have placed only to those users on Facebook and within the services of the partners cooperating with Facebook (“Audience Network” https://www.facebook.com/audiencenetwork/) who have also shown an interest in our online offer or who have specific characteristics (e.g. interest in particular topics or products that can be seen from the websites visited) that we transmit to Facebook ("Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interests of users and are not annoying. Furthermore, with the help of the Facebook pixel, we can understand the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad ("conversion measurement").
5.3.1. Facebook fan page
In this section we inform you about the type, scope and purpose of the processing of personal data of all visitors to our Facebook fan page https://www.facebook.com/schmetterlingskinder/ (hereinafter referred to as “fan page”).
The purpose of the fan page is to provide information about our projects as well as information about us and our activities, and to gain new interested parties and supporters. Facebook users can also contact us via the fan page.
To exercise your rights under the GDPR against Facebook, you can contact Facebook's Data Protection Officer at https://www.facebook.com/help/contact/540977946302970 and adjust your Facebook profile. Here are the instructions for doing so: https://www.facebook.com/help/568137493302217
In our communication and depending on the individual privacy setting, we can see via Facebook who has liked our posts, who has subscribed to our messages and who has left a comment on our Facebook fan page. The legal basis for this is our legitimate interest according to Art. 6 para. 1 lit. f GDPR: The Facebook fan page is, as a globally relevant platform, essential for us in our public relations work to get in touch with interested parties, to provide information about us and to attract new supporters and interested parties. An objection to this data processing is possible at any time through appropriate privacy settings.
Facebook also provides statistical data about the visitors to our fan page via the "Insights" function. This data helps us to evaluate our presence on the fan page and to respond more specifically to the needs of our fan page visitors. However, we only receive anonymized data from Facebook (without personal reference) and can analyze it by setting filters. The "Insights" function cannot be turned off, we could only act on this processing by setting filters. Unlike our processing, Facebook processes personal data and uses it for market research and marketing purposes. Facebook can display ads tailored precisely to the individual user profile. Information on this can be found at https://www.facebook.com/iq/tools-resources/audience-insights.
Again, the legal basis for our use of the "Insights" function is our legitimate interest according to Art. 6 para. 1lit. f GDPR: The function enables us to address our fanpage visitors in a more targeted manner to advertise the effort of our outreach and thus communicate with less wastage. We can also improve our fan page presence with this analysis option. An objection to this data processing is possible with Facebook.
Calling up Facebook or using a corresponding account leads to a data transfer to the USA. The use of Facebook is inextricably linked to this data transfer, which we cannot influence. This is why a corresponding use also constitutes express consent pursuant to Article 49 para 1 lit a GDPR to this data transfer. According to current EU law, there is no adequacy decision and no guarantees for this data transfer. Therefore, it comes with risks: U.S. security laws grant competent authorities broad powers to access personal data, and European citizens cannot obtain sufficient legal protection and control over their personal data in U.S. courts. Please consider this risk when using Facebook.
5.3.2 Facebook Ads
We run ads through Facebook to draw attention to our work. This allows us to design the ad and determine, based on predefined characteristics (for example, age groups, geographic specifications, demographic characteristics), for which target group an ad is placed and through which META Group channel (Instagram, Messenger, WhatsApp, Facebook) or Audience Network (websites with a contract with Facebook) it is delivered. The design of the target group is anonymized.
With the advertisements, our stakeholders have the opportunity to register with their name, e-mail address and phone number, in case they want to learn more about our activities. We also process this data electronically and by telephone for fundraising purposes (donation communication). Facebook processes this data in accordance with its data policy (https://www.facebook.com/policy.php). This includes the pre-filling of instant forms that users complete.
After our interested parties have filled out the ad, Facebook forwards their data to us. Facebook supplements this with information about our campaign: the campaign name, the identification of the form used, the platform on which the ad was placed, the name of the ad, the identification of the ad, and the date and time when the data was submitted were transmitted.
In the course of placing the ads, Facebook and we act as joint controllers within the meaning of Art. 26 GPDR. We have concluded a corresponding agreement. The relevant contents can be read at https://www.facebook.com/legal/controller_addendum. All information is pursuant to Article 13 para. 1 lit. a) and b) GDPR about Facebook's data processing activities can be found at https://www.facebook.com/about/privacy . With the help of these links, all information can also be found on how those affected can exercise their rights against Facebook.
Please note the data policy and the data protection declaration of Facebook as well as our information on the Facebook fan page.
The legal basis for processing the data is the consent of the Facebook users in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke this at any time and have your data deleted by us. Please note that your revocation does not affect the legality of the processing carried out based on the consent up to the time of revocation.
Videos from the YouTube service are embedded on our website. These videos are provided by YouTube LLC (901 Cherry Ave., San Bruno, CA 94066, USA) and are stored on www.YouTube.com and can be played directly from our website. They are all embedded in "enhanced privacy mode", which means that no information about you as a user will be transferred to YouTube if you do not play the videos. Only when you play the videos will the data mentioned below be transmitted. We have no influence on this data transfer.
When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website, as well as your system data (IP address, page visited on our domain, date and time of the server request, browser type and version, operating system used, the reference -Address and host name of the accessing computer.)
This happens regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not want your profile to be associated with YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation is carried out in particular (even for users who are not logged in) for the purpose of providing advertising tailored to your needs and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact YouTube in order to exercise this right.
6. Cookie list
6.1 Necessary cookies
|Designation||Purpose and description||Duration of storage|
|These cookies store the user's decision to consent or not to use the other cookies and are also used to determine the display of the cookie pop-up.||1 year|
|These are security cookies that are used to prevent attacks on our website through the transmission of unauthorised commands by a mala fide third party via a bona fide user (cross-site request forgery). These cookies are necessary for the security of the website as well as for your safety.||1 day|
|PHPSESSID||This cookie is used to manage the PHP session. It allocates the user's actions on the website to the correct package of information and executes the respective services appropriately.||Duration of the visit|
|These cookies enable the user to log in for fundraising campaigns. They also enable the log-in to be saved, i.e. the login access is stable and accessible.|| |
• 2 years
• 29 days
6.2 Analysis Cookies
|Designation||Purpose and description||Duration of storage|
|• _ga |
|These are "Google Analytics" cookies, which are used to collect statistical data on the use of the website, to differentiate between users and reduce the frequency of access. For more details about Google Analytics, please see the "Google Analytics" section under "Third Party Cookies" above.||• 2 years |
• 1 day
• 1 day
|collect||This cookie is used by Google for Google Analytics to transmit data about the user's device and use of the website to Google, and to track the user through various devices and marketing channels. For more details about Google Analytics, please see the "Google Analytics" section under "Third Party Cookies" above.||Duration of the visit|
|_dc_gtm_UA-28477870-1||This cookie is used by Google to control the loading of the Google Analytics script tag and is placed when Google Analytics cookies are included via the Google Tag Manager.||1 day|
6.3 Advertising cookies
|Designation||Purpose and Description||Duration of storage|
|• _fbp |
|These cookies are used by Facebook to display advertising from third-party advertisers (such as real time bidding) or other advertising products.||• 3 months |
• 3 months
• Duration of the visit
|ads/ga-audiences||This cookie is used by Google AdWords to address users who may become customers based on their behaviour on the Internet. For more details about Google AdWords, see the "Google Analytics" section under "Third party cookies" above.||Duration of the visit|
|GPS||This cookie is used by YouTube to assign a specific ID number to a device to enable geographical tracking using GPS.||1 day|
|IDE||This cookie is used by Google DoubleClick to record the actions of the user after viewing (clicking) an advertisement in order to measure the effectiveness of an advertisement.||1 year|
|test_cookie||This cookie is used to check whether the user's browser allows cookies.||1 day|
|VISITOR_INFO1_LIVE||This cookie is used by YouTube to estimate the bandwidth available to the user on pages with integrated YouTube videos.||179 days|
|YSC||This cookie is used by YouTube to assign a specific ID number to the user in order to statistically record which YouTube videos the user has already viewed.||Duration of the visit|
|These cookies are used by YouTube to store a user's preferred settings when using embedded YouTube videos.|| |
• Duration of the visit
• Duration of the visit
• Duration of the visit
• Duration of the visit
• Duration of the visit
• Duration of the visit