Privacy Policy – BioMembrOS

We are pleased, that you are visiting the website of the EU Horizon Pathfinder Project BioMembrOS. This project is carried out by the Institute of Engineering Design and Product Development, Research Unit Biomechanics and Rehabilitation Engineering, E307-3 and the Institute of Process Engineering, Environmental Engineering and Technical Biosciences, Research Unit Thermal Process Engineering and Simulation, E166-2, TU Wien. The processing, storage and forwarding of data is based on this data protection declaration and this project.

Data protection and data security when using this website are very important to us. We would therefore like to take this opportunity to inform you which of your personal data we collect when you visit our website and for what purposes it is used.

As changes to the law or changes to our internal processes may make it necessary to adapt this privacy policy, we ask you to read this privacy policy regularly. The data protection declaration can be accessed and printed out at any time under the menu item Privacy Policy.

1 Controller and scope of application

The controllers within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection legislation are

Prof. Dipl.-Ing. Dr.in techn. Margit Gföhler
Institute of Engineering Design and Product Development,
Research Department Biomechanics and Rehabilitation Technology of the Vienna University of Technology

Ao.Univ.Prof. Dipl.-Ing. Dr.techn. Michael Harasek
Institute of Process Engineering, Environmental Engineering and Technical Biosciences, Research Unit Thermal Process Engineering and Simulation, Vienna University of Technology

This privacy policy applies to the website of the EU Horizon Pathfinder Project BioMembrOS which is available under the domain biomembros.eu (hereinafter referred to as „our website“ or „website“).

2 Data Protection Officer

Yamuna Gföhler
Vienna University of Technology
Institute of Engineering Design and Product Development and Institute of Process Engineering, Environmental Engineering and Technical Biosciences
Lehargasse 6, E307-3
1060 Vienna

info@biomembros.eu

If data subject rights within the meaning of this privacy policy (e.g. right to information, right to erasure, etc.) are asserted, these requests or applications must be sent to info@biomembros.eu without exception.

3 What are personal data?

Personal data are individual information about the personal or factual circumstances of a specific or identifiable natural person („data subject“). This includes such information as your name, address, telephone number, date of birth or email address. Information with which we cannot establish any connection to your person (or can only do so with undue effort), e.g. as by anonymising the information, is not personal data.

4 General remarks on data processing

4a) Scope

We generally collect and use our users‘ personal data only to the extent necssary to provide functional websites and our content and services. We use your personal data to provide the information, products and services we offer, to answer your questions and to operate and improve our websites and applications

We collect and use our users‘ personal data only in accordance with a corresponding statutory basis within the GDPR1, for example based on a legal obligation, such as according to Universities Act 2002, a contractual obligation, the public interest or the consent of the user.

We will make no further use of your personal data. We will not transfer your personal data to third parties or use your data for advertising purposes without your consent except in the cases described below, unless we are legally obliged to disclose data.

4b) Statutory basis

If we obtain the consent of the data subject to process personal data, we do so on the basis of Article 6, par 1 (a) EU General Data Protection Regulation (GDPR). Article 6, par 1 (b) GDPR serves as the statutory basis for the processing of personal data required in order to perform contracts to which the data subject is a party. This also applies to processing required in order to implement pre-contractual measures. If it is necessary to process personal data in order to fulfil a statutory obligation to which the TU Wien is subject, this is done according to Article 6, par 1 (c), GDPR.

Should vital interests of the data subject or another natural person make it necessary to process personal data, Article 6, par 1 (d) GDPR serves as a statutory basis. If the processing is necessary for the performance of a task carried out in the public interest, Article 6, par 1 (e) GDPR serves as the legal basis. If processing is necessary to safeguard a legitimate interest of TU Wien or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Article 6,par 1 (f), GDPR serves as the statutory basis for processing.

4c) Erasing and duration of storage

As soon as the purpose of the storage no longer applies, the personal data of the data subject will be erased or blocked. However, the data may be stored if European or national legislatures have made provision for this in EU Regulations, legislation or other regulations to which the person responsible is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless it is necessary to further store the data in order to enter into or perform a contract.

5) Websites and creating logfiles

Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:

the IP address of the requesting computer;
the date and time of access;
the name and URL of the file retrieved;
the quantity of data transmitted;
a report on whether the request was successful;
identification data of the accessing browser and operating system;
the internet site which accesses our website.

The log files contain IP addresses and other data that can be associated with a user. For example, this might be if the link to the website from which the user accesses the website or if the link to the website which the user accesses, contains personal data.

The data is also stored in the log files of our system. These data are not stored together with other personal data of the user.

The statutory basis for the temporary storage of data and log files is Article 6, par 1 (f) GDPR.

The data is stored in log files in order to ensure the functionality of the website. The data is also used to optimize the website and to ensure that our information technology systems are secure. There is no evaluation of the data for marketing purposes in this context.

These purposes also include our legitimate interest in processing data in accordance with Article 6, par 1 (f) GDPR.

The data are erased as soon as they are no longer required for the purpose of their collection. This is done after 30 days at the latest. Collecting data in order to make the website available is essential for the operation of the website. The user is therefore not able to object.

5a) Forwarding personal data to third parties

Personal data will only be sent to third parties if this is necessary for (pre-)contractual measures, due to a legal obligation or if this is in the overwhelming legitimate interest of TU Wien.

Should data be transmitted to third parties, this will be indicated in connection with each transmission.

5b) Contact forms

Contact forms are available on our websites for use in contacting TU Wien by electronic means. If a user uses this option, the data entered in the input template will be transmitted to us and stored. The following data may be collected within the contact forms:

topic;
email address;
name;
subject;
message;

The following data are stored when the message is sent:

the IP address of the requesting computer;
the date and time of access;
the name and URL of the file retrieved;
the quantity of data transmitted;
a report on whether the request was successful;
identification data of the accessing browser and operating system;
the internet site which accesses our website.

In this context no data will be passed on to third parties. These data will be used solely to process the conversation.

The statutory basis for the processing of the data is Article 6, par 1 (a), GDPR; alternatively, Article 6, par 1 (e) GDPR if the user has given his consent.

The statutory basis for the processing of the data which are sent when an email is transmitted is Article 6, par 1 (f) GDPR. If the intention of an email contact is to enter into a contract, Article 6, par 1 (b), GDPR is the additional statutory basis for the processing.

We process personal data from the input mask solely to handle the making of contact. Where contact is made by email, this is also a necessary and legitimate interest in processing this data.

The other personal data processed during the transmission process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data are erased as soon as they are no longer required for the purpose of their collection. In the case of the personal data from the input template of the contact form and those sent by email, this applies when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the relevant facts have been conclusively established.

The additional personal data collected during the transmission process will be erased after a period of 30 days at the latest.

6) Use of cookies

We use so-called „cookies“. Cookies are small text files which are sent from our web server to your browser during your visit to our internet pages and which are stored on your computer for later retrieval. Cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. We only use so-called session cookies (also referred to as temporary cookies). These are cookies that are temporarily stored solely for as long as you use of one of our internet pages.

However, the usage data collected do not allow any conclusions to be drawn about the user. All of this anonymously-collected usage data is not merged with your personal data and will be erased immediately after the end of the statistical evaluation. After the end of the session, all cookies are erased as soon as you terminate your browser session.

To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the “Real Cookie Banner” consent tool. Details on how “Real Cookie Banner” works can be found at https://devowl.io/de/rcb/data processing/.

The statutory basis for the processing of personal data with the use of cookies is Article 6, par 1 (a), GDPR.

The statutory basis for the processing of personal data using cookies required for technical reasons is Article 6, par 1 (f) GDPR.

The cookies are used in particular to determine the frequency of use and the number of users of our websites, to identify your computer during future visits to our internet presence when switching from one of our websites to another and to tell us when you have terminated your visit. This tells us which areas of our websites and which other websites our users have visited.

The purpose of using technically necessary cookies is simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these functions, it must also be possible to recognise the browser after a page-change.

The internal user data collected by technically necessary cookies are not used to create internal user profiles.

An objection can be raised against the processing of personal data using technically necessary cookies (legal basis Article 6, par 1 (f) DSGVO). This objection can be directed by e-mail to info@biomembros.eu.

7) Tracking and analysis tools

We use tracking and analysis tools to ensure that our website is continuously optimised and designed to meet your needs. With the help of tracking-tools, we can also statistically record the use of our website by visitors and to further develop our online offer for you by using the information we obtain. Based on the consent provided in the cookie banner (by selecting the respective cookies for web statistics or marketing in the cookie banner and the following storage and consent), Article 6, par 1 (a) GDPR is the legal basis.

This website uses „Matomo“ (formerly „PIWIK“), a web analysis service hosted on servers of the TU Wien. The cookies from Matomo are categorized as statistical cookies, which are not necessary for the operation of the website. These data are stored on a server of the TU Wien.

This website uses conversion tracking from Google (Google Analytics – used exclusively for campaigns and with the user’s consent; Google; Google AdSense; Google AdWords; Google Ads Optimization) and the social media platforms mentioned below, provided that the cookie category „Marketing“ has been explicitly agreed to.

The data collected do not allow us to draw any conclusions about your identity. However, the data are stored and processed by the companies listed below so that connection to the user profile in question is possible and those companies can use the data for their own advertising purposes, in accordance with the particular data application guidelines (see here below). The data may make it possible for these companies and their partners to place advertisements on and outside of the platforms. In addition, a cookie can also be stored on your computer for this purpose.

Facebook, Inc (https://www.facebook.com/privacy/explanation, https://www.facebook.com/policies/cookies)
Instagram (https://www.facebook.com/privacy/explanation, https://www.facebook.com/policies/cookies)
LinkedIn (https://www.linkedin.com/legal/privacy-policy, https://de.linkedin.com/legal/cookie-policy)
Youtube (https://policies.google.com/privacy?hl=de)
X (Twitter) (https://twitter.com/en/privacy)

The data processing described for the purpose of visitor action evaluation is done according to a voluntarily manifested consent declaration under Article 6, par 1 (a) GDPR. If you have not given consent to the „Marketing“ category, no visit action evaluation will take place. Consent to the use of the visitor action pixel may only be declared by users over the age of 14. If you are younger, then we must request you to ask your parents (guardians) for permission.

YouTube videos are also displayed on this website. We generally ensure that YouTube only processes data about you if you have consented to this. By loading YouTube videos, you agree that a connection to YouTube servers is established and cookies are set by this provider. Further information on how YouTube processes your data can be found at https://policies.google.com/privacy?hl=de. Your data processed by YouTube in this context may be transferred to third countries, in particular to the USA.

The described data processing is carried out in accordance with Article 6 par 1 (a) GDPR based on your voluntarily given declaration of consent. Consent to the use of cookies from YouTube may only be declared by users older than 14 years. If you are younger, we ask you to ask your parents (guardians) for permission.

BioMembrOS operates fan pages on Instagram, Facebook, LinkedIn, Twitter and YouTube. The operators of these social media platforms collect data during each visit, for example in the form of cookies. This means that personal data is processed, regardless of whether registered or unregistered users are involved. This data is made available to the TU Wien in anonymized form by the social media operator through the respective Insight function.

8) Security measures used to protect the data stored with us

We undertake to protect your privacy and to treat your personal data confidentially. In order to prevent the loss or misuse of data stored by us, we take extensive technical and organisational security precautions which are regularly checked and adapted to technological progress. However, we should point out that due to the structure of the internet, it is possible that the data protection rules and the above-mentioned security measures may not be observed by other persons or institutions for which we are not responsible. In particular, unencrypted data can be read by third parties – e.g. if this is done by email. We have no technical control over this. It is the responsibility of the user to protect the data provided by him/her against misuse through the use of encryption or in some other way.

9) Hyperlinks to external websites

Our websites contain so-called hyperlinks to websites of other providers. If you activate these hyperlinks, you will be redirected from one of our websites directly to the website of other providers.

You will recognise this by the change of URL, for example. We cannot accept any responsibility for the confidential handling of your data on these third-party websites, as we have no control over whether these companies comply with data protection regulations. Please inform yourself directly on these websites about how these companies handle your personal data.

10) Objections

When processing your personal data based on „perception in the public interest“ and on “legitimate interests”, you have the right to object to the processing of your personal data if there are reasons for doing

so which arise from your particular situation or from the use of direct advertising. In the case of direct advertising, you have a general right of objection which we put into effect without your having to state a particular situation.

11) Rights of data subjects

In your capacity as a data subject, GDPR grants you the following rights when your personal data are processed:

the right to information;
the right to rectification;
the right to erasure;
the right to restriction of processing of your personal data;
the right to data portability;
the right to object;
the right to revoke.

If the rights of data subjects within the meaning of this data protection declaration are asserted, all such applications or requests must be addressed to: info@biomembros.eu.

If you believe that the processing of your data breaches data protection law or that your data protection claims have been breached in some other way, you can complain to the Data Protection Authority.