Information for your Terms of Use / Privacy Policy:
Cookies:
The website based on our service uses unmodified just session cookies. This is a privacy-ethical way to build a website without constant user surveillance. If you add own functionalities via the CMS, you will need to list all in your privacy policy and/or terms of use.
Cookies and similar technologies that generally do not need consent:
-
User input cookies for the duration of a session.
-
Authentication cookies, for the duration of a session.
-
User-centric security cookies used to detect authentication abuses and linked to the functionality explicitly requested by the user for a limited persistent duration.
-
Multimedia content player session cookies, such as flash player cookies, for the duration of a session
-
Load-balancing session cookies for the duration of a session.
-
User interface customization cookies, for a browser session or a few hours, unless additional information in a prominent location is provided (e.g. "uses cookies" written next to the customization feature)
Source: https://wikis.ec.europa.eu/display/WEBGUIDE/04.+Cookies+and+similar+technologies
Suppose you add additional services, external sources or widgets, code, integrations, or other forms of services, which add cookies or process personal data. In that case, you will need to add these to your privacy policy and give visitors information about the purpose, legal basis, data subjects, and data types.
Provision of web hosting for the project website
For providing the hosting, we use the IT services of one or more web hosting providers from whose servers (or servers or ICT infrastructure they operate) the services can be accessed. We may use storage and database services, infrastructure, provider services, computing power, and provided safety and technical maintenance service for these purposes.
The data processed within these services may include content, data, and information in relation to the users of the IT services, which are collected during usage, access, and communication. This regularly consists of the IP address, which is required to deliver IT services to browsers or apps or external websites, services, and integrated tools.
Internal eMail Sending over the website or domain and Hosting: The IT hosting services we are utilizing can also include sending, receiving, and processing emails. The addresses of the recipients and senders and other data relating to the sending of emails (for example, involved providers) and the emails' contents are processed for these purposes. The processed data may also be used and processed for SPAM detection. Please note: emails on the Internet are commonly not transmitted in an encrypted form. In practice, emails are only encrypted during transport but not on the servers from which they are received or sent (without an end-to-end encryption method in place). Therefore, we can not accept any accountability or liability for the transmission route of emails between the sender and reception on our IT services.
Collection of Log Files and Access Data: Ourselves, the service, or the web hosting provider, do collect data based on each access to the server in so-called server logs or server log files as it is the nature of the technological practice on the Internet. These server logs files can include the URL address. The name of the web pages and files/pages accessed, the date and time of access, browser types and version numbers, data volumes and transferred traffic, the accessor's operating system, information, and notifications about successful or unsuccessful access, URLs which refer to pages or the website and in general the IP addresses and the identification of the access provider of the user.
Such server logs and log files can also be used for IT security and audit purposes, e.g., to avoid overloading the service or servers (particularly in the circumstance of abusive attacks like DDoS attacks) and ensure the servers' stability and optimal load balancing.
Processed data types: Usage-data (e.g., entry points, access times, websites visited, content interest), Content-data (e.g., text input, photographs, web-form inputs, videos), Meta- and IT communication data (e.g., device information, GEO-spatial information, IP addresses, access providers)
Data subjects: Website visitors, registered users, users of online services
Purposes of Data Processing: Provision of the IT services, app, and website functionality
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR)
Webhosting/Websites: Services in the field of the provision of information technology infrastructure and related services (e.g. storage space and/or computing capacities); Service provider: netcup GmbH, Daimlerstraße 25, D-76185 Karlsruhe, EU, https://www.netcup.de
Email Sending of automated website-based internal emails: easyname: easyname GmbH, Canettistraße 5/10, A-1100 Wien, Austria; Website: https://www.easyname.at/; Privacy Policy: https://www.easyname.at/download/data-protection-policy-de-v2.pdf
Citizen Science Applikation: SPOTTERON: A Citizen Science Web Application integrated into the website enables the display of spatial data and community content from the Citizen Science App toolkit of the project. Processed data may include, in particular, IP addresses and location data of users, which are not collected without their consent (usually within the context of user registration and user contributions). Service provider: SPOTTERON Gmbh; Faßziehergasse 5/16, 1070 Vienna, AT; Website: https://www.spotteron.net; Privacy Policy: https://www.spotteron.net/privacy
OpenStreetMap: We integrate the maps of the service "OpenStreetMap" in apps and websites, which are offered by the OpenStreetMap Foundation (OSMF) based on the Open Data Commons Open Database License (ODbL). OpenStreetMap utilizes user- and visitor data exclusively to display maps, map functions, and temporarily store selected settings. The processed data can include, in particular, IP addresses and location data of users, which are not collected without their consent (usually within the context of the settings of the accessing device). Service provider: OpenStreetMap Foundation (OSMF); Website: https://www.openstreetmap.de; Privacy Policy: https://wiki.openstreetmap.org/wiki/Privacy_Policy.
HERE Satellite Map: We can use Satellite Maps provided by HERE.com as an optional layer in integrated map applications.
Service Provider: HERE Global B.V. Kennedyplein 222-226, 5611 ZT Eindhoven, Netherlands, Terms of use: https://legal.here.com/en-gb/terms/here-end-user-terms, Privacy Policy: https://legal.here.com/en-gb/privacy
Data Processing in Third Countries
We always set a focus on European (EU) Service Providers for optimal privacy protection of users and project teams alike. If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third party services or disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements.
Subject to express consent or transfer required by contract or law, we process or have processed the data only in third countries with a recognized level of data protection, on the basis of special guarantees, such as a contractual obligation through so-called Standard Contractual Clauses (SCC) of the EU Commission or if certifications or binding internal data protection regulations justify the processing (Article 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).
For Project Websites utilizing the SPOTTERON Community Package:
Single-Sign-on Login/User Account creation
with an account on the SPOTTERON Citizen Science Platform
Single-Sign-On" or "Single-Sign-On Authentication" are methods enabling users to log in to the website using a SPOTTERON platform user account. The requirement for Single Sign-On Authentication is that users are registered on SPOTTERON and enter the login data in the online form provided for this purpose.
When signing in via the SPOTTERON user account, you receive the user account information consisting of:
-
Login Name
-
Password
-
Registered email address
After the user's confirmation/consent in the single sign-on interface, a user account is created on your website’s Content Management System (CMS) with the user information received.
You can use this user account data e.g. in the context of pre-fulfillment or fulfillment of the provision, in the context of consent processing, or use it based on your legitimate interests in providing the website's service and functionalities.
Should a user no longer wants the user account data in use and processed on this website please provide methods of erasure like for example: „You can get in touch with us via email to exercise your right to be forgotten. We will erase your account and all personal data with it. Please contact us via email to exercise your right to receive a machine-readable copy of your personal data we process and store for the provision of the website and its services.“
Processed data types: Inventory data (e.g. names, addresses); Contact data (e.g. email, telephone numbers).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of Processing: Provision of website services, features, and user support; Authentication processes.
Legal Basis: Consent (Article 6 (1) (a) GDPR); Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).
Single sign-on Provider: SPOTTERON Gmbh; Faßziehergasse 5/16, 1070 Vienna, AT; Website: https://www.spotteron.net; Privacy Policy: https://www.spotteron.net/privacy
Community Functions
The community functions provided by us in the website allow users to engage in conversations and other forms of interaction with each other. Please note that the use of the community functions is only permitted in compliance with the applicable legal situation, our terms and guidelines, and the rights of other users and third parties.
-
Processed data types: Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
-
Data subjects: Users (e.g. website visitors, users of online services).
-
Purposes of Processing: Provision of contractual services and customer support; Security measures.
-
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).
Further information on processing methods, procedures and services used:
-
User contributions are public: The posts and content created by users are publicly visible and accessible.
-
Setting the visibility of posts: By using their settings, users can determine the extent to which the posts and content they create are visible or accessible to the public or only to certain persons or groups.
-
Storage of data for security purposes: The posts and other entries of the users are processed for the purposes of the community and conversation functions and, subject to legal obligations or legal permission, are not disclosed to third parties. An obligation to disclosure may arise in particular in the case of unlawful posts for the purposes of legal prosecution. We would like to point out that, in addition to the content of the posts, their time and the IP address of the user are also stored. This is done in order to be able to take appropriate measures to protect other users and the community.
-
Right to delete content and information: The deletion of posts, content or information provided by users is possible in the CMS Administration Interfaces to the extent necessary after proper consideration if there are concrete indications that they could represent a violation of legal regulations, our provisions or the rights of third parties.
-
Protection of own data: Users decide for themselves what data they disclose about themselves within our online services. For example, when users provide personal information in a user profile or participate in conversation threads. We ask users to protect their data and to publish personal data only with caution and only to the extent necessary. In particular, we ask users to note that they must protect their login credentials in particular and use secure passwords (preferably long and random combinations of characters).
Registration, Login and User Account
Users can create a user account via Single Sign-On service or via manual account registration. Within the scope of registration, the required mandatory information is communicated to the users and processed for the purposes of providing the user account on the basis of contractual fulfillment of obligations. The processed data includes in particular the login information (name, password and an email address).
Within the scope of using our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.
Users may be informed by email of information relevant to their user account, such as technical changes.
-
Processed data types: Inventory data (e.g. names, addresses); Contact data (e.g. e-mail, telephone numbers); Content data (e.g. text input, photographs, videos); Meta/communication data (e.g. device information, IP addresses).
-
Data subjects: Users (e.g. website visitors, users of online services).
-
Purposes of Processing: Provision of contractual services and customer support; Security measures; Managing and responding to inquiries.
-
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).
Further information on processing methods, procedures and services used:
-
Registration with pseudonyms: Users may use pseudonyms as user names instead of real names.
-
Users' profiles are public: Users' profiles are publicly visible and accessible.
-
Setting the visibility of profiles: By setting preferences, users can determine the extent to which their profiles are visible or accessible to the public or only to certain groups of people.
-
Deletion of data after termination: If users decide to terminate their user account, the user themselves or you will delete their data relating to the user account, subject to any legal permission, obligation or consent of the users.
-
No obligation to retain data: It is the responsibility of the users to secure their data before the end of the contract in the event of termination. We are entitled to irretrievably delete all user data stored during the term of the contract.