- The University
- Studying
- General
- Studying at Med Uni Graz
- Campus life
- Research
- Profile
- Infrastructure
- Cooperations
- Services
- Career
- Med Uni Graz as an Employer
- Educational Opportunities
- Work Environment
- Health
- Health Topics
- Health Infrastructure
The controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws as well as other data protection regulations is the:
Medizinische Universität Graz
Auenbruggerplatz 2, 8036 Graz
E-Mail: office.datenschutz(at)medunigraz.at
Website: https://www.medunigraz.at/datenschutz/
The data protection officer of the controller may be reached at the following contact data:
E-Mail: datenschutz(at)medunigraz.at
In principle, we collect and use personal data of our users only to the extent necessary to provide a functional website and our content and services. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for reasons of fact and the processing of the data is permitted by law.
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 letter a GDPR serves as the legal basis for the processing of personal data.
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 letter b GDPR serves as the legal basis. This also applies to processing operations required to carry out precontractual activities.
To the extent that processing of personal data is required to fulfil a legal obligation that governs our business, Art. 6 para. 1 letter c GDPR serves as the legal basis.
If the processing is necessary to safeguard the legitimate interests of our company or a third party, and the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 letter f GDPR serves as the legal basis for the processing.
The personal data of the data subject will be deleted or blocked as soon as the purpose for the retention ceases to exist. In addition, such retention may take place if provided for by the European Union or national legislature, in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when a retention period prescribed by the standards mentioned expires, unless there is a need for further retention of the data for conclusion of a contract or fulfilment of the contract.
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected here:
The IP address is fully retained for a period of 7 days and then automatically deleted. Other data that allows for the association of the data with a user will not be retained.
The legal basis for the temporary retention of the data is Art. 6 para. 1 letter f GDPR.
The data is used to optimise the website and to ensure the security of our information technology systems. This also comprises our legitimate interest in data processing as per Art. 6 para. 1 letter f GDPR.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for provisioning the website, this is the case when the respective session is completed.
The collection of data for the provision of the website and the retention of the data in log files is essential for the operation of the website. There is consequently no opt-out option on the part of the user.
Our website uses cookies. Cookies are text files that are retained by the Internet browser or the Internet browser on the computer system of the user. When a user accesses a website, a cookie may be retained on the operating system of the user. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened. Cookies that are already on the computer may be deleted at any time. The procedure for doing so can be found in your browser manual (under "Help" in the browser menu).
We use cookies to make our website more user-friendly. In this context, however, no personal data is generated; the IP address is automatically anonymised.
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 letter f GDPR.
The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some features of our website cannot be offered without the use of cookies. For these, it is necessary that the browser be recognised even after a site change.
For these purposes, our legitimate interest lies in the processing of personal data as per Art. 6 para. 1 letter f GDPR.
Cookies are retained on the computer of the user and transmitted by it to our site. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been retained may be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to fully utilise all the functions of the website.
On our website, there is the possibility for alumni to subscribe to free information. The data from the input mask will be sent to us during registration.
In addition, the following data is collected upon registration:
For the processing of the data, your consent is obtained during the registration process and reference is made to this data protection statement.
The legal basis for the processing of the data after registration for the newsletter by the user is in the presence of consent of the user as per Art. 6 para. 1 letter a GDPR.
The collection of alumni data serves to provide information material.
The collection of other personal data in the context of the registration process serves to pre-vent misuse of the services or the email address used and to generate a personalised greeting.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. The user’s data is therefore retained as long as the subscription is active.
The subscription may be terminated at any time by the affected user. For this purpose, there is a corresponding link in each newsletter.
If your personal data is processed, you are the data subject and have the following rights with the controller:
You may ask the controller for a confirmation as to whether personal data concerning you is processed by us.
If such processing is available, you may request disclosure from the controller regarding the following information:
You have the right to request information about whether the personal data concerning you is sent to a third-party country or an international organisation. In this regard, you may request that you be informed about the appropriate guarantees as per Art. 46 GDPR in connection with the transmission.
You have a right to rectification and/or completion with the controller, if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.
You may request the restriction on processing of your personal data under the following conditions:
If the processing of personal data concerning you has been restricted, this data may only be used - apart from its retention - with your consent or for the assertion, exercise or defence of legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
If the limitation on processing after the above-mentioned conditions is restricted, you will be informed by the controller before the limitation is lifted.
a) Deletion obligation
You may require the controller to delete your personal information without delay and the controller is required to delete that information immediately, if one of the following reasons applies:
b) Information to third parties
If the controller has made your personal data public and is required, as per Art. 17 para. 1 GDPR, to delete it, taking into account the available technology and the implementation costs, it shall take appropriate measures, including technical means, to inform the processors, that you, the data subject, have requested that they delete all links to such personal data or copies or replications of such personal data.
c) Exceptions
The right to deletion does not exist if the processing is necessary
If you have the right of rectification, deletion or limitation on processing vis-a-vis the controller, it is obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or limitation on processing, unless this proves impossible or involves a disproportionate effort.
You have a right against the controller to be informed about these recipients.
You have the right to receive the personal data that you have provided to the controller in a structured, common and machine-readable format, if technically possible. In addition, you have the right to transfer this data to another controller without hindrance by the controller for providing the personal data, provided that
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.
You have the right, due to reasons which result from a special situation, at any time, to opt-out from the processing of your personal data, which arise due to Art. 6 para. 1 letter e or f GDPR.
The controller will no longer process your personal data unless it can demonstrate compelling legal grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to opt-out at any time from the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you opt-out from the processing for the purpose of direct advertising, your personal data will no longer be processed for these purposes.
You may, in the context of the use of information society services - notwithstanding Directive 2002/58/EC - exercise your opt-out right by means of automated procedures using technical specifications.
You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of your personal data is in violation of the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy as per Art. 78 GDPR.