Data Privacy Policy
The protection of your personal data is of great importance to Modul University Vienna. The University therefore strictly adheres to all legal provisions regulating the collection and processing of your personal data, in particular, the EU-wide General Data Protection Regulation (hereafter GDPR) as well as the most up-to-date Austrian data protection regulations. We would like to take this opportunity to inform you about the most important aspects of this new data privacy policy. We would also like to take this opportunity to address the scope and purpose of the personal data that we collect and process as well as the rights to which you are entitled as data subjects. The English version follows below, or click here to read it in German.
Contact Information
We are:
Modul University Vienna Gmbh
Am Kahlenberg 1, 1190 Vienna
Tel: +43 (1) 320 35 55-0
Fax: +43 (1) 320 35 55-901
E-mail: office@modul.ac.at
HP: www.modul.ac.at
FB: HG Wien, FN 277162t
UID: ATU 62643214
with campuses in:
Modul University Vienna | Dubai Campus
4th Floor ONE JLT, Jumeirah Lakes Towers,
Dubai, United Arab Emirates
Modul University Vienna | MODUL School of Tourism and Hospitality Management Nanjing
Nanjing Tech University, Pujiang Institute
Shiqiu Town, Lishui District
Nanjing, People’s Republic of China
If you have questions about our data privacy policy, please e-mail our data privacy experts directly at privacy@modul.ac.at.
Data Privacy Officer:
Prof. Dr. Horst Treiblmaier privacy@modul.ac.at |
Data Privacy Coordinator:
Helmut Casagrande privacy@modul.ac.at |
Using the Website
A) LOG-IN DATA
Personal Data
We are the controller[1] responsible for our website, which is currently accessible under http://www.modul.ac.at.
Every time you visit or use our homepage, we store the following data:
- IP address
- Date and time of query
- Sub-pages that you visit on our website
- Browser type and version
- Operating system
- Referrer URL
Purpose of Data Processing
Data processing is performed with the purpose of maintaining the integrity of our website. In particular, it enables swift error localization and related troubleshooting, while also allowing us to monitor traffic and, if necessary, make adjustments and improvements.
Legal Basis
Art 6(1) lit. f GDPR serves as the legal basis for data processing operations. Where the processing of personal data is concerned, our legitimate interest is to administer the necessary data security measures and maintain our web presence pursuant to Art 6(1) lit. f GDPR.
Storage Period
We assure you that your personal data (with the exception of the IP address) will only be stored for a short time and that it will be impossible to identify a person using this data because the attendant IP address will be deleted or, at the very least, anonymized.
Your computer’s IP address will only be stored for the duration of time that you use the website. Following this period of time, it will be deleted or abridged and thereby rendered anonymous. It may be necessary to store data for a longer period of time in cases where hacking or similar attacks are concerned in order to ensure the continued functionality and security of our web presence.
Data Transmission
Your data will not be transmitted to third parties.
B) COOKIES
Personal Data
We use cookies in order to improve and optimize our website for you and to provide insight into visitor statistics. The use and design of cookies also strictly adheres to European and Austrian legal provisions.[2]
Cookies are small text files that are stored on your computer via an Internet browser. Cookies store information (e.g., the length of time you spend on our website or the information that you choose to input). As such, the website user that enables cookies does not have to repeatedly enter the same required personal data every time that he/she accesses a given website. In addition to recalling input, cookies also recognize your preferences and allow us to personalize our ads and offers in keeping with your areas of interest. We do not use more extensive cookies that require your consent. You can prohibit the use of cookies by changing the corresponding settings in your browser; however, if you choose to do so, you will not be able to fully utilize all of the functions on our website. The data stored in our cookies will not be linked to your personal data (name, address, etc.).
Please click on the respective links to find instructions on how to administer third party cookies (e.g., Analysetools) in the following browsers: Internet Explorer, Firefox, Chrome, Apple Safari blocks third party cookies by default.
Purpose of Data Processing
We use the „Google Analytics“ tracking tool to collect information about traffic on our website. The following cookies are used in their standard configuration and stored for a period of 30 days: _ga, _gat. These cookies are designed by Google Analytics and they make it possible to monitor traffic on the website and improve the user experience. By means of these cookies, Google collects data about the traffic on our website that can be used to compile reports and improve our website. The service collects anonymous data, including number of visitors, the website from which a user has come (the so-called referrer) and which sub-pages have been visited.
Google Analytics is a web analytics service operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This service uses so-called “cookies” (see above). As a rule, the information that the cookies generate about your use of this website will be transmitted to a Google server in the US where it will also be stored. By activating IP anonymization on this website, your IP address will be abridged by Google and anonymized when accessing our website from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area. The full IP address will only be transmitted to a Google server in the US or other third party and subsequently abridged there in specific cases.
Google uses the collected information to evaluate the use of our website and to provide reports on the activity on our website as well as to provide other relevant online services that concern us and how we use our website. The IP address transmitted by your browser within the Google Analytics framework will not be merged with other data collected by Google. The storage of data in cookies used by Google Analytics can be prevented by changing the corresponding settings in your browser; however, if you choose to do so, you will not be able to fully utilize all of the functions on our website. You can object to the collection of data generated by Google Analytics cookies (including your IP address), which is related to the use of this website, as well as the processing and transmission of this data by Google. To do so, the data subject must download and install a browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
The fact that we use cookies is displayed on a cookie banner, which also makes reference to our data privacy policy. By continuing to navigate our website without making adjustments to your browser, you agree to the use of cookies.
Legal Basis
Once again, our legitimate interest pursuant to Art 6(1) lit. f GDPR regarding online service offerings and, if necessary, receipt/revocation of consent serves as the legal basis for data processing operations.
Revocation of Consent
You can exercise your right to object and revoke your consent at any time without providing a reason by e-mailing privacy@modul.ac.at. In cases where data processing is based solely on your consent and we are not legally obliged to preserve the data, the data in question will be irrevocably deleted following receipt of your revocation.
Data Transmission
Your data will not be transmitted to third parties (excluding the circumstances detailed above).
C) YOUTUBE PLUGIN
In addition to the link on our YouTube channel, there is also the possibility to access sub-pages of our website that are outfitted with a YouTube plugin (integrated YouTube clips). As soon as this happens, a connection to the server that operates the webpages owned by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, US, will be established. At the same time, the YouTube server will receive information on which of our webpages you have visited. When opening videos, cookies will be stored on your computer unless you have deactivated the cookie settings in your browser (see above). If you are simultaneously logged into your YouTube account, this information can be assigned to your account, which will provide us with insight into your surfing habits. If you would like to prohibit this, please log out of your YouTube account. You can obtain further information on the collection and use of your data by YouTube by reviewing the data privacy policy on their website at www.youtube.com.
D) FACEBOOK WEBSITE CUSTOM AUDIENCE
Our website also uses the retargeting technology „Website Custom Audience“ developed by Facebook, the social network, which is operated by Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94394, US („Facebook“). The retargeting technology allows us to advertise relevant offers and promotions via the Facebook Audience Network that correspond to the interests of our website users who have demonstrated an interest in us and are also Facebook members.
For this purpose, so-called Facebook retargeting pixels are integrated into our website, which enable Facebook to classify visitors to our website under a pseudonym and use this anonymous data as the basis for our ads on Facebook. In doing so, your personal data will neither be obtained from you nor stored and you will therefore remain unidentifiable for us on Facebook. Furthermore, Facebook will not link the information collected by the retargeting pixel with the data saved in your Facebook user profile.
More information on data protection and privacy-related settings are available at https://www.facebook.com/settings/?tab=ads and https://www.facebook.com/about/privacy. You can adjust your Facebook Custom Audiences user settings at https://www.facebook.com/settings/?tab=ads and http://www.youronlinechoices.com/de/praferenzmanagement/.
E) FACEBOOK FORMS
By submitting a Facebook form, you agree to allow Facebook to transmit your personal data to MODUL University Vienna, Am Kahlenberg 1, 1190 Vienna and that MODUL University Vienna may store, process, and use this data to send you information, advertisements, and newsletters about its products and services. Your personal data will not be transmitted to third parties. You can exercise your right to object and revoke your consent at any time by e-mailing: privacy@modul.ac.at.
F) DATA PRIVACY NOTICE SOCIAL MEDIA
In addition to Google Analytics, the MODUL University Vienna website (http://www.modul.ac.at) includes other social media applications that enable content sharing with others. When you use these applications, your browser will automatically connect to the respective social network, and, if you have visited these platforms before, your browser will automatically transmit your IP address and other information, such as cookies. As far as is possible, MODUL University Vienna prefers to avoid this kind of data transmission until such time as users actually join one of the platforms. By clicking on the relevant symbol, you are indicating that you are ready to communicate with the selected platform and transmit your personal data, such as your IP address, to this social network. For more information, please refer to the particular terms and conditions of each network.
The following social networks are currently in rotation at MODUL University Vienna:
Facebook Social Plugin (http://de-de.facebook.com/privacy/explanation.php)
Social Plugins Google+(http://www.google.com/intl/de/+/policy/+1button.html)
LinkedIn (http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv)
Twitter (http://twitter.com/privacy)
Snapchat (http://snapchat.com/privacy-policy)
YouTube (www.google.de/intl/de/policies/privacy/)
Instagram (www.facebook.com/help/instagram)
The individual data privacy notices for each social network are accessible via external links over which MODUL University Vienna exercises no content control and assumes no responsibility.
[1] Pursuant to Art 4 (7) GDPR.
[2] Art 5(3) ePrivacy Directive; § 96(3) Telecommunications Act 2003 (TKG).
Study Contracts
Personal Data
MODUL University Vienna GmbH operates as a wholly owned subsidiary of the Vienna Chamber of Commerce. As of 2007, MODUL University Vienna Private University is a fully accredited private university. Private universities and companies are subject to higher internal demands and quality standards that can only be met by means of data processing. Data processing is equally indispensable to maintaining and executing study programs.
Contact us to apply and we will store the data that you provide us with, including:
- Name, company name, other commercial details
- Address and contact information (telephone number, e-mail, website)
- Contact person and his/her contact details (telephone number, e-mail)
- Correspondence (e-mails, meeting protocols, faxes, letters, support requests) and other disclosed information
- Payment and bank details (to settle payments, etc.)
- Social security number (identification, ZMR-number)
We also process data rightfully obtained from open sources (e.g., company register, title registry, register of associations, etc.).
Purpose of Data Processing
We use the personal data that you have provided us with only insofar as your data is necessary to fulfill a specific purpose. The purpose of the data processing is, on the one hand, to establish contact and, on the other hand, to conclude study contracts. Data processing within the educational context consists of:
- Student records (database management)
- Accounting / bookkeeping
- Library and research documentation (where applicable)
- Alumni data bank
- Newsletter
Legal basis
Art 6 (1) lit. b GDPR serves as the legal basis for data processing operations related to the performance of a contract. Here we refer to our own legitimate interests pursuant to Art 6(1) lit. f GDPR as well as the implementation of pre-contractual measures and the need to fulfill contractual obligations, satisfy legal obligations, and obtain consent where applicable (e.g., for sending newsletters).
To fulfill contractual obligations (e.g, study contracts), please refer to the relevant contractual documents for further details on data processing purposes.
Revocation of Consent
You can exercise your right to object and revoke your consent at any time without providing a reason by e-mailing privacy@modul.ac.at. In cases where the data processing is based solely on your consent and we are not legally obliged to preserve the data, the data in question will be irrevocably deleted following receipt of your revocation.
Opposition to Data Processing
Data processing for purposes of direct marketing are also recognized in the GDPR as a legitimate interest. You may oppose this kind of data processing for the purpose of direct marketing at any time by e-mailing privacy@modul.ac.at.
Storage Period
We delete personal data used to conclude contracts once a given contract has indeed been concluded and our legal obligations pertaining to the preservation of records have expired (i.e., once all warranties and statutes of limitations have expired and/or ongoing legal disputes have been settled).
Where legal obligations pertaining to the preservation of records are concerned, it is important to mention:
- Seven year fiscal data storage statutes in accordance with Austrian Federal Tax Code (BAO)
- Three year statute of limitations in accordance with Austrian Civil Code (ABGB)
(30 years in individual cases with given evidence pursuant to § 1489 ABGB)
-
- Diverse data storage statutes in accordance with
- Private Universities Act (e.g., § 3(11) PUG in connection with § 53 Universities Act (UG))
- Implementation of the Education Documentation Act on Private Universities (BdokG)
- Act on Quality Assurance in Higher Education (HS-QSG)
- Diverse data storage statutes in accordance with
Data Transmission
Your data will not be transmitted to third parties, except in instances where:
- we are legally obligated to do so,
- it is deemed necessary in order to execute a mandate,
- we are otherwise authorized by you to do so,
- the transfer is consistent with the purpose of the data processing.
Transmitting data to public authorities and institutions, such as financial authorities, insurance providers, the Austrian Students’ Union in accordance with HSG 2014 (matriculation number, name, birthdate, contact information) and Statistics Austria in accordance with the Education Documentation Act (social security number, birthdate, gender, nationality, address, study dates) is not only prescribed by law, but a necessary measure to make your studies possible, particularly in the case of transmitting data to institutions that, for example, provide funding.
Furthermore, transmitting data to other kinds of public authorities may also be necessary. Potential points of contact may include tax authorities, legislative bodies, law enforcement authorities, lawyers, courts, notaries and/or auditors.
Other data processors that we employ may also have access to your personal data. These parties may include postal and printing services, IT service providers, sales partners, Internet service providers, credit bureaus and collection service providers as well as additional data processors with whom we may consult.
Internally, employees who are bound by a strict confidentiality agreement may process data as long as it is relevant to their contractual obligations and is consistent with the purpose of the data processing.
All potential processors are and will continue to be required to observe our data protection regulations.
Personal data will not be transmitted to third countries or international organizations. Furthermore, personal data will not be transmitted to our global campuses in third countries.
Data is stored and secured on our in-house servers in Austria.
Other
Your data will not be used for automated decision-making.
Business Partners
Personal Data
In exercising our rights and responsibilities within the realm of business partnerships, we will, as a rule, provision the following data:
- Name, company, other commercial details
- Address and contact details (telephone number, e-mail, fax number, website)
- Contact person and his/her contact details (telephone number, e-mail)
- Correspondence (e-mails, meeting protocols, faxes, letters)
- Payment and bank details (to settle payments, etc.)
- Information needed to fulfill contractual obligations (e.g., delivery addresses, billing information)
- Information about online behavior and preferences (e.g., IP addresses, identifiers, mobile end devices, data relating to use of website and apps, geolocation information);
- Advertising and sales information (e.g., information regarding consent)
Provided that we have not received it from you personally, this data will be transmitted to us by your legal representative, insurance provider, the court, or other relevant party involved in the proceedings.
We also process data rightfully obtained from open sources (e.g., company register, title registry, register of associations, etc.). It is also possible to obtain data from contractual partners to help us fulfill our obligations to you. In this way, we can provision your data from contractual partners, who have already collected the data directly from you.
Purpose of Data Processing
We use the personal data that you have provided only insofar as your data is necessary to fulfill a specific purpose. The purpose of the data processing is to exercise and fulfill the rights and obligations of the business partnership.
Legal Basis
Art 6 (1) lit. b GDPR serves as the legal basis for data processing operations related to the performance of a contract. Here we refer to our own legitimate interests pursuant to Art 6(1) lit. f GDPR as well as the implementation of pre-contractual measures and the need to fulfill contractual obligations, satisfy legal obligations, and obtain consent where applicable (e.g., for sending newsletters).
To fulfill contractual obligations, please refer to the relevant contractual documents and/or general terms and conditions for further details on data processing purposes.
Storage Period
We delete personal data used to conclude contracts once a given contract has indeed been concluded and our legal obligations pertaining to the preservation of records have expired (i.e., once all warranties and statutes of limitations have expired and/or ongoing legal disputes have been settled).
Where legal obligations pertaining to the preservation of records are concerned, it is important to mention:
- Seven year fiscal data storage statutes in accordance with Austrian Federal Tax Code (BAO)
- Three year statute of limitations in accordance with Austrian Civil Code (ABGB)
(30 years in individual cases with given evidence pursuant to § 1489 ABGB)
Data Transmission
Your data will not be transmitted to third parties, except in instances where:
- we are legally obligated to do so,
- we are otherwise authorized by you to do so,
- the transfer is consistent with the purpose of the data processing.
Transmitting data to public authorities, such as tax authorities, legislative bodies, law enforcement authorities, lawyers, courts, notaries and/or auditors may be necessary.
The data processors that we employ may also have access to your personal data. These parties may include postal and printing services, IT service providers, sales partners, Internet service providers, credit bureaus and collection service providers as well as additional data processors with whom we may consult.
Internally, employees who are bound by a strict confidentiality agreement may process data as long as it is relevant to their contractual obligations and is consistent with the purpose of the data processing.
All potential processors are and will continue to be required to strictly observe our data protection regulations.
Personal data will not be transmitted to third countries or international organizations. Furthermore, personal data will not be transmitted to our global campuses in third countries.
Data is stored and secured on our in-house servers in Austria.
Other
Your data will not be used for automated decision-making.
Unsuccessful Applications
Personal Data
We are happy to receive each and every application that comes our way. Within the application management framework, we process the following data provisioned from potential students and employees alike:
- Basic information (form of address, title, first name, last name)
- Birthdate
- Contact information (address, e-mail address, telephone number)
- Nationality, religion (provided it is known)
- Intended study program, desired start date
- Desired position, earliest start date
- Other information included in the application (CV, certificates, photo, desired salary, etc.)
Purpose of Data Processing
We process application data for the purpose of inviting potential candidates to job interviews, conducting admissions and selection procedures, and communicating acceptances and rejections.
Legal Basis
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. Art 6 (1) lit. b GDPR serves as the legal basis for data processing operations related to the performance of a contract. Art 6(1) lit. f GDPR invokes the pursuit of legitimate interests.
Storage Period
The application materials of unsuccessful applicants are deleted six months after communicating the negative outcome of the application procedure. The preservation of these kinds of records beyond the designated period of time requires the consent of the applicant, which we would be happy to receive.
Revocation of Consent
You can exercise your right to object and revoke your consent at any time without providing a reason by e-mailing privacy@modul.ac.at. In cases where the data processing is based solely on your consent and we are not legally obliged to preserve the data, the data in question will be irrevocably deleted following receipt of your revocation.
Data Transmission
Successful application materials (i.e., those that result in employment) are migrated to the respective personnel files. Further information on the data privacy policy in regards to employees is provided throughout the course of employment.
Data Security
We employ technical and organizational security measures to protect your data from manipulation, damage, and destruction as well as unauthorized third party access. Our security measures are continuously improved in accordance with the technical advances on the Internet. All data is stored on servers that operate with a high level of security that protects against unauthorized access and misuse.
Data is stored and secured on our servers in Austria.
Your Rights
As a data subject, the following laws and legal remedies are available to you:
- Right of Confirmation
Each data subject shall have the right to obtain confirmation as to whether or not his/her personal data is being processed and, if so, what that data is. In order to prevent unauthorized parties from obtaining this information, it may be necessary for the data subject to verify his/her identity.
- Right to Rectification and Erasure
Each data subject shall have the right to rectify/complete his/her incomplete personal data as well as to request the erasure of his/her data. We will comply with these requests without delay, providing that there are no legal obligations that may preclude this.
- Right of Restriction of Processing
Each data subject shall have the right to restrict the processing of his/her personal data.
- Right to Data Portability
Each data subject shall have the right to have his/her collected personal data transmitted to third parties.
- Right to Object
Each data subject shall have the right to object, on grounds relating to his/her particular situation, at any time, to the processing of his/her personal data.
You can exercise these rights at MODUL University Vienna by contacting the responsible data processors
- either per post
- or by writing an e-mail to privacy@modul.ac.at.
We would like to take this opportunity to let you know that regardless of the treatment of your application, we are obligated to verify your identity in order to prevent possible privacy breaches (e.g., informing the wrong person of an outcome). For this reason, we have to administer an identification procedure for every request.
Data subjects also have the right to lodge formal complaints with their local Data Protection Authority (hereafter DPA) if they suspect that the data protection regulations or their own rights as data subjects have been violated. Please contact your Austrian DPA using the following contact information: Wickenburggasse 8, 1080 Vienna, telephone number: +43 1 521 52-25 69, E-mail: dsb@dsb.gv.at.
If you have questions or concerns regarding the data privacy policy at MODUL University Vienna, please do not hesitate to contact us as privacy@modul.ac.at.