Home Privacy statement

Privacy statement

Privacy statement – duty of information in accordance with Art. 13/14 GDPR - (General Data Protection Regulation)

This privacy statement names the data controller and provides the contact details of the data protection officer. The recording and further use as well as measures taken by UMIT to secure personal data are also described. The protection of your personal data is an important concern for UMIT and takes place in compliance with the general data protection provisions.

Who is responsible for processing your data?

Controller and data protection officer
UMIT – Private Universität für Gesundheitswissenschaften, Medizinische Informatik und Technik GmbH (abbreviated to: UMIT) decides on the purposes and means of processing of personal data. UMIT is represented by its authorized bodies (management).

UMIT has appointed a data protection officer with effect from 25 May 2018. You can contact the data protection officer using the following contact details:

Data protection officer:
T +43 (0)50 8648 3879
M +43 (0)664 8372136

UMIT-Private Universität für Gesundheitswissenschaften, Medizinische Informatik und Technik GmbH, Eduard-Wallnöfer-Zentrum 1, 6060 Hall in Tirol

What are your data protection rights?

Rights of the data subject and the right to lodge a complaint
According to the GDPR every person has the right to receive information as to who processes which data about him/her, for what purpose it is processed and, if applicable, to whom it is disclosed.

You have the following rights in this connection:

  • Right of information,
  • Rectification,
  • Erasure,
  • Restriction of processing
  • Revocation of consent,
  • Data transfer.

You have the option to make use of the above-mentioned rights using the following UMIT e-mail address: datenschutz@umit.at

Insofar as processing of personal data breaches the data protection law, a complaint may be lodged with the Austrian data protection authority. You can obtain more detailed information on the website of the Austrian data protection authority at www.dsb.gv.at/

Which data is processed for which purpose and what is the legal basis for this processing?

When you visit the UMIT website or use the web services offered by UMIT via the website, you transfer your IP address to UMIT. If you express interest in our offers, you provide us with your name and contact data. This is personal data.

Use of your IP address and cookies:
UMIT uses functions of the web analytics service Google Analytics. Provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA. This analysis requires your IP address to be transferred to Google Inc. A cookie is used to show personalized page suggestions. In the context of your visit to the website the following data is recorded via a pixel which is embedded in every website: a) internal ID of the viewed page, b) attributes of the viewed page, c) categories of the viewed page. This data will not be disclosed. You may at any time delete cookies that are already on your computer. The procedure for this varies depending on the web browser you use (e.g.: Google Chrome, Internet Explorer, Firefox, etc.). You will find further information in the respective web browser instructions.

We use the function "activation of IP anonymization" on our website. In this way your IP address will be abbreviated by Google within the EU or the EEA to make it impossible for you to be identified personally. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. Reports about activities on our website can also be generated on the basis of abbreviated IP addresses – in which case the IP address can no longer be referred back to you. The IP address transferred from your browser within the framework of Google Analytics will not be kept together with other data of Google.

The GDPR requires us to protect our IT infrastructure. In order to guarantee the functional capability of our firewall, we need to record and process the IP addresses or the domain names of visitors to our web pages.

We also use this data for ongoing improvement of our web content.

Use of your personal data:
You have the option to register for a UMIT newsletter via the UMIT website. Your personal data (name, e-mail address) is processed by UMIT for this purpose and transferred to the company CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany (hereinafter referred to as: "CleverReach"). They provide the software used for this purpose by UMIT via a cloud. With the registration for the newsletter you declare that you agree to further processing of the data you provide by UMIT via CleverReach. You have the option at any time to unsubscribe again from requested newsletters. For this purpose you will find a link in each newsletter which allows you to unsubscribe. The data that you have entrusted will then be erased, both at CleverReach and from the UMIT data application. You will receive no further newsletters after unsubscribing.

We also process personal data that we receive from you in the context of a business relationship. You have the option to make contact with UMIT via the UMIT website, to request information about UMIT research and to initiate a training contract with UMIT. By making contact or requesting information about research you declare that you agree to further processing by UMIT of the data you provide for the purpose of initiating a contract/concluding a training contract. This data will be processed by the UMIT system prospects until the time of revocation or as long as it is required for fulfilment of the duties of UMIT from the respective business relationship or other statutory duties.

Legal basis:
If the processing of personal data is necessary and there is no statutory or contractual basis for such processing, we obtain consent from the data subject. Right of revocation: Insofar as you have consented to processing of your data, you may revoke this consent at any time.

Please remember that the rights from the GDPR may be subject to legal restrictions under certain circumstances if exercising these rights would compromise fulfilment of statutory or contractual tasks.

How long is your data is stored for?

We process your personal data, where necessary, for the duration of the entire business relationship and beyond it in accordance with the statutory duties of preservation and documentation. These arise, amongst other things, from the Privatuniversitätengesetz (Private Universities Act), the Bildungdokumentationsgesetz (Education Documentation Act, the Forschungsorganisationsgesetz (Research Organization Act) or the Bundesabgabenordnung (Federal Fiscal Code). Furthermore, with regard to storage, the statutory expiry periods in accordance with the General Civil Code must be considered which may extend up to 30 years in certain cases (relative and absolute expiry period).

Who receives your data?

The organizational units and employees within UMIT receive your data which they require for fulfilment of contractual or statutory duties as well as justified interests. Moreover, commissioned data processors engaged by us receive your data insofar as they require this data for fulfilment of their respective service. All commissioned data processors are required by UMIT to handle your data confidentially and process it exclusively for rendering the service. These procedures are recorded in the processing directory of UMIT. If a statutory obligation exists, public offices and institutions (e.g. tax authorities, social insurance agencies, Austrian National Union of Students etc.) may receive your personal data.

Does automated decision-making including profiling take place?

UMIT does not use automated decision-making in accordance with Art. 22 GDPR.

How does UMIT secure your data?

IT security is a special priority at UMIT. The IT infrastructure is provided by TCC Errichtungs- und Betriebsgesellschaft mbH (www.t-c-c.at); they also operate it and modify it in accordance with the latest developments.

Numerous technical and organizational measures have been implemented to secure your data. This includes physical access and entry controls, data access controls, data media controls, assignment controls, availability controls as well as implementation of the separation rule.

Do you have any further questions, requests or suggestions concerning data protection or do you wish to exercise your rights under the GDPR?

You can contact the data protection officer using the following contact details:

T +43 (0)50 8648 3879
M +43 (0)664 8372136

UMIT-Private Universität für Gesundheitswissenschaften, Medizinische Informatik und Technik GmbH, Eduard-Wallnöfer-Zentrum 1, 6060 Hall in Tirol

Validity of this privacy statement:

This privacy statement is valid from 25 May 2018.

As of: 23.05.2018