Cookies:
The website based on our service uses unmodified just session cookies. This is a privacy-ethical way to build a website without constant user surveillance. If you add own functionalities via the CMS, you will need to list all in your privacy policy and/or terms of use.
Cookies and similar technologies that generally do not need consent:
User input cookies for the duration of a session.
Authentication cookies, for the duration of a session.
User-centric security cookies used to detect authentication abuses and linked to the functionality explicitly requested by the user for a limited persistent duration.
Multimedia content player session cookies, such as flash player cookies, for the duration of a session
Load-balancing session cookies for the duration of a session.
User interface customization cookies, for a browser session or a few hours, unless additional information in a prominent location is provided (e.g. "uses cookies" written next to the customization feature)
Source: https://wikis.ec.europa.eu/display/WEBGUIDE/04.+Cookies+and+similar+technologies
Provision of web hosting for the project website
For providing the hosting, we use the IT services of one or more web hosting providers from whose servers (or servers or ICT infrastructure they operate) the services can be accessed. We may use storage and database services, infrastructure, provider services, computing power, and provided safety and technical maintenance service for these purposes.
The data processed within these services may include content, data, and information in relation to the users of the IT services, which are collected during usage, access, and communication. This regularly consists of the IP address, which is required to deliver IT services to browsers or apps or external websites, services, and integrated tools.
Internal eMail Sending over the website or domain and Hosting: The IT hosting services we are utilizing can also include sending, receiving, and processing emails. The addresses of the recipients and senders and other data relating to the sending of emails (for example, involved providers) and the emails' contents are processed for these purposes. The processed data may also be used and processed for SPAM detection. Please note: emails on the Internet are commonly not transmitted in an encrypted form. In practice, emails are only encrypted during transport but not on the servers from which they are received or sent (without an end-to-end encryption method in place). Therefore, we cannot accept any accountability or liability for the transmission route of emails between the sender and reception on our IT services.
Collection of Log Files and Access Data: Ourselves, the service, or the web hosting provider, do collect data based on each access to the server in so-called server logs or server log files as it is the nature of the technological practice on the Internet. These server logs files can include the URL address. The name of the web pages and files/pages accessed, the date and time of access, browser types and version numbers, data volumes and transferred traffic, the accessor's operating system, information, and notifications about successful or unsuccessful access, URLs which refer to pages or the website and in general the IP addresses and the identification of the access provider of the user.
Such server logs and log files can also be used for IT security and audit purposes, e.g., to avoid overloading the service or servers (particularly in the circumstance of abusive attacks like DDoS attacks) and ensure the servers' stability and optimal load balancing.
Processed data types: Usage-data (e.g., entry points, access times, websites visited, content interest), Content-data (e.g., text input, photographs, web-form inputs, videos), Meta- and IT communication data (e.g., device information, GEO-spatial information, IP addresses, access providers)
Data subjects: Website visitors, registered users, users of online services
Purposes of Data Processing: Provision of the IT services, app, and website functionality
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR)
Webhosting/Websites: Services in the field of the provision of information technology infrastructure and related services (e.g. storage space and/or computing capacities); Service provider: netcup GmbH, Daimlerstraße 25, D-76185 Karlsruhe, EU, https://www.netcup.de
Email Sending of automated website-based internal emails: easyname: easyname GmbH, Canettistraße 5/10, A-1100 Wien, Austria; Website: https://www.easyname.at/; Privacy Policy: https://www.easyname.at/download/data-protection-policy-de-v2.pdf
OpenStreetMap: We may integrate the maps of the service "OpenStreetMap" in apps and websites, which are offered by the OpenStreetMap Foundation (OSMF) based on the Open Data Commons Open Database License (ODbL). OpenStreetMap utilizes user- and visitor data exclusively to display maps, map functions, and temporarily store selected settings. The processed data can include, in particular, IP addresses and location data of users, which are not collected without their consent (usually within the context of the settings of the accessing device). Service provider: OpenStreetMap Foundation (OSMF); Website: https://www.openstreetmap.de; Privacy Policy: https://wiki.openstreetmap.org/wiki/Privacy_Policy.
HERE Satellite Map: We can use Satellite Maps provided by HERE.com as an optional layer in integrated map applications.
Service Provider: HERE Global B.V. Kennedyplein 222-226, 5611 ZT Eindhoven, Netherlands, Terms of use: https://legal.here.com/en-gb/terms/here-end-user-terms, Privacy Policy: https://legal.here.com/en-gb/privacy
Data Processing in Third Countries
We always set a focus on European (EU) Service Providers for optimal privacy protection of users and project teams alike. If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third party services or disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements.
Subject to express consent or transfer required by contract or law, we process or have processed the data only in third countries with a recognized level of data protection, on the basis of special guarantees, such as a contractual obligation through so-called Standard Contractual Clauses (SCC) of the EU Commission or if certifications or binding internal data protection regulations justify the processing (Article 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).