Last updated: 8 March 2023
The protection of your personal data is very important to us, so we would like to list here all the information about the processing and storage of your data when you visit our website and in our companies.
In order to be able to use all the functions and services of our site, it is necessary to collect your personal data. However, processing and storage is only carried out in accordance with the legal guidelines and requirements of the General Data Protection Regulation (GDPR) and the Telecommunications Act (TKG 2021).
The Engagement Lab
Medien- und Innovationsberatung e.U.
Beethovengasse 8 Door 10
1090 Vienna, Austria
For more information, please see Imprint .
COLLECTION AND PROCESSING OF PERSONAL DATA ON THIS WEBSITE
Note: In order to protect your data as comprehensively as possible from unwanted access, we take so-called technical and organizational measures and use an encryption process on our website. Your data is transmitted over the Internet from your computer to our computer and vice versa using so-called TLS encryption. TLS means „Transport Layer Security“ and is an encryption protocol for data transmission on the Internet. You can usually recognize „TLS“ by the fact that the lock symbol in the status bar of your browser is closed and the address begins with https://.
COLLECTION OF ACCESS AND LOG DATA
This website automatically collects and stores server log file information that your browser sends to us.
- IP address of the user,
- Date and time of access,
- Type of request,
- Customer information such as type and version,
- Operating system of the user (device, OS version of the device),
- Referrer information (i.e. the source of the access)
The legal basis for this data processing is the legitimate interest according to Art. 6 para. 1 lit. f) GDPR. The legitimate interest is based on being able to identify indications of unlawful use of our website.
Personal data will not be transmitted to third parties. With the provider of this website, Michael Baierl – stardustday e.U., based in Austria, there is a processing contract in accordance with Art. 28 GDPR. This is a contract prescribed by data protection law, which ensures that Michael Baierl – stardustday e.U. only processes the personal data of website visitors in accordance with our instructions and in compliance with the GDPR.
The collected data is stored for 7 days in server log files, which are automatically transmitted by the browser. The server log files are only stored for longer than 7 days in the event of attacks on the server infrastructure or other legal violations. This longer storage is based on the legitimate interest according to Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in the preservation of evidence.
ENQUIRIES VIA E-MAIL AND TELEPHONE
Any personal information that you provide to us on a voluntary basis will of course be treated confidentially. We use the personal data you provide exclusively to process and respond to your enquiry.
The legal basis for data processing is our legitimate interest according to Art. 6 (1) f) GDPR. This results from our interest in answering enquiries from our customers, business partners and interested parties and in promoting or maintaining customer satisfaction. A further legal basis for natural persons is the initiation or fulfilment of a contract in accordance with Art. 6 (1) (b) GDPR.
All personal data that you transmit to us with your enquiry will be deleted or anonymized by us no later than 2 years after the final reply to you, unless a contract is concluded. The retention period of 2 years is due to the fact that it may occasionally happen that you contact us again about the same matter after a reply and refer to the previous correspondence. Experience has shown that after 2 years no further queries follow our replies.
MAKING ONLINE BOOKINGS FOR EVENTS
You can book tickets directly via the website for participation in events organized by us. We use the ticket booking and registration platform of the company Eventbrite Inc. (hereinafter Eventbrite) based in San Francisco, USA. Within the European Union, Eventbrite is represented by its subsidiary Eventbrite Operations Limited based in Ireland. The transfer of data to Eventbrite as our processor takes place on the basis of concluded , which include a contract for commissioned processing in accordance with Art. 28 GDPR. Eventbrite is comprehensively committed to the protection of personal data and, according to its own information, does not sell any data to third parties. Further information on the additional security measures taken by Eventbrite can be found here.
In connection with the booking of events via Eventbrite, only those data are collected that are necessary for the booking process and the implementation of the event. The legal basis of the data processing is the fulfilment of the contract according to Art. 6 para. 1 lit. b) GDPR. Registered event participants receive information and our contact options by e-mail before and after the specifically booked event. The provision of your data is necessary for the conclusion of the contract.
We store your data for the duration of the statutory retention periods.
Operating social media presences
We maintain the following social media presences:
„LinkedIn“ is operated by the European subsidiary LinkedIn Ireland Unlimited Company with its registered office in Ireland. The parent company LinkedIn Inc. has its registered office in the USA.
Maintaining the above social media pages
The personal data entered on social media sites, such as comments, videos, pictures, likes, public messages, etc. are published by the respective social media platform. We reserve the right to delete content should this be necessary. Where appropriate, we share content on our site and contact you via the social media platform, for example via the messengers offered. The legal basis for this data processing is the legitimate interest according to Art. 6 para. 1 lit. f) GDPR, which is in the interest of our public relations and communication.
The social media platforms provide anonymized statistics and insights that help us gain knowledge about the types of actions people take on our site (called „page insights“). These page insights are created based on certain information about people who have visited our site.
The legal basis for this data processing is our legitimate interest according to Art. 6 para. 1 lit. f) GDPR, which is based on obtaining information about the actions as well as visitors to our pages.
This processing of personal data is carried out by the social media platform and us as the so-called joint controller in accordance with Art. 26 GDPR. In the event of joint responsibility, a separate agreement must be concluded.
If you wish to object to certain data processing over which we have control (e.g. deletion of comments), please contact us using the contact details above.
Note: The provision of your data is neither legally nor contractually required or necessary for the conclusion of a contract. You are not obliged to provide your personal data. The consequence of not providing it is that you will not be able to communicate or interact with us via our social media pages or participate in the competition. To contact us, please use the above-mentioned e-mail address.
Data processing by the operator of the social media platform:
In addition to us, there is also the operator of the social media platforms themselves. From a data protection point of view, this operator is also considered to be another responsible party that carries out its own data processing. This means that the operator is also a separate responsible entity according to the GDPR. However, we have only limited influence on the data processing by the operator. At the points where we can exert influence (e.g. through parameterization), we work towards data protection-compliant handling by the operator of the social media platform within the scope of our possibilities. In many places, however, we cannot influence the data processing by the operator of the social media platform and also do not know exactly what data they process. The respective operator will inform you about the processing of personal data in its own data protection declaration:
In the context of platform use, personal data is usually also processed by the respective platform operator on servers in third countries, in the USA and the United Kingdom. Certain third countries are granted a so-called adequacy decision by the European Commission. This means that the legal situation for the protection of privacy in these countries is comparable to that in the EU or the EEA. You can find more information on the current countries with an adequacy decision here. In all other cases, we conclude so-called standard contractual clauses with the platform operators for the transfer of personal data to third countries.
Note: The operator of the social media platform uses web tracking methods. The web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already explained, we can hardly influence the web tracking methods of the social media platform. For example, we cannot switch this off. Please be aware of this: It cannot be ruled out that the provider of the social media platform uses your profile and behavioral data, for example, to evaluate your habits or personal relationships and preferences, etc. We have no influence on the processing of your data by the provider of the social media platform.
Data subjects‘ rights
Your rights as a data subject
According to Art. 15 Para. 1 GDPR, you have the right to request information free of charge about the personal data stored about you. Furthermore, if the legal requirements are met, you have the right to correction (Art. 16 GDPR), deletion (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data. If you have provided the processed data yourself, you have a right to data transfer according to Art. 20 GDPR.
If the data processing is based on Art. 6 (1) e) or f) GDPR, you have the right to object pursuant to Art. 21 GDPR. If you object to data processing, this will not take place in the future unless the controller can demonstrate compelling legitimate grounds for further processing that outweigh the interest of the data subject in objecting.
You also have the right to lodge a complaint with a data protection supervisory authority. In particular, you can lodge a complaint with a supervisory authority in the EU Member State where you live, work or where the alleged infringement took place.
Contact details for the competent data protection authority in Austria: firstname.lastname@example.org
Communication via the Zoom video conferencing system
To conduct telephone conferences, online meetings and video conferences, we use the „Zoom“ tool of the company Zoom Video Communications Inc. You can access the arranged appointments via a link provided by e-mail. By clicking on the link you can join the video room. Before joining, you can decide for yourself whether to activate the transmission of your video. You will be muted by default and you will need to manually release your microphone if desired. If you turn on your camera and/or microphone, the meeting will process this data.
The following additional data may also be processed depending on the type and scope of the specific use:
- Personal details (e.g. first and last name, email address, profile picture)
- Meeting metadata (e.g. date, time and duration of the communication, name of the meeting, participant IP address)
- Device/hardware data (e.g. IP addresses, MAC addresses, client version)
- Text, audio and video data (e.g. chat histories, video, audio and presentation recordings)
- Connection data (e.g. phone numbers, country names, start and end times, IP addresses)
Furthermore, your personal data may be processed. This also depends on your specific use, such as use of the chat or the whiteboard. I explicitly draw your attention to the fact that any information you provide during the meeting will be processed at least for the duration of the meeting.
The legal basis for data processing for direct contractual partners is Art. 6 para. 1 lit. b) GDPR, for business partners or contact persons at external bodies the legitimate interest according to Art. 6 para. 1 lit. f) GDPR. The legitimate interest is the organization of virtual communication.
I cannot exclude the possibility that data may be routed via internet servers located outside the EU or EEA. In some countries, e.g. the US, there is a risk that authorities may access the data for security and surveillance purposes without you being informed or being able to appeal. We have agreed standard EU contractual clauses with Zoom as the legal basis for data transfer.
The provider Zoom necessarily receives knowledge of the above-mentioned data, insofar as this is contractually regulated within the scope of our order processing agreement in accordance with Art. 28 GDPR. There are no other recipients.
You are not obliged to communicate with me via Zoom. Alternatively, you can also communicate by e-mail or telephone.
We generally delete personal data when there is no need for further storage.
No automated decision making
We do not carry out automatic decision-making or profiling.
Unless otherwise stated in the previous chapters, the provision of personal data is neither legally nor contractually required or necessary for the conclusion of a contract. Failure to provide your personal data may mean that we are unable to respond to your enquiries, for example.
This data protection notice was created in cooperation with the consulting firm SCALELINE. The legal texts are subject to copyright.