Privacy Policy

This privacy statement will help you understand the scope and purpose of the processing of personal data (hereafter referred to as simply “data”) within our online services and the linked web sites, functions and content, as well as external online presence such as our social media profile (hereafter clustered into the description “online services”).

Controller
Verein Club International
Körblergasse 117
8010 Graz, Austria
info@cint.at
CEO: Mag. Veronika Wolf, MBA
Imprint: http://cint.at/disclaimer/
Contact Data Protection Officer: Ing. Mag.  Markus Oman, datenschutz@cint.at
 
Types of processed data:
  • Identification data (e.g. names, addresses)  
  • Contact data (e.g. e-mail addresses, telephone numbers)
  • Content data (e.g. text input, photographs, videos)
  • Usage data (e.g. web sites visited, content of interest, access times)
  • Meta and communication data (e.g. device information, IP addresses)
Categories of affected persons
Visitors and users of the online services (affected persons are hereafter referred to as “users”)

Purpose of data processing
  • Rendering the online server, its functions and contents available
  • Responding to contact requests and communication with users
  • Security measures
  • Catchment area measurement
Definitions
“Personal data” means any information relating to an identified or identifiable natural person (referred to hereafter as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
 
“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. This term is far-reaching and includes practically every operation performed on data.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Relevant legal basis
In accordance with the provision in Article 13 of the GDPR, we hereby provide information regarding the legal basis for our data processing activity. In as far as the legal basis is not mentioned in the GDPR, the following is valid: The legal basis for obtaining consent is provided by Article 6(1)(a) and Article 7 of the GDPR, the legal basis for processing in order to provide our services and comply with our legal duties is provided by Article 6(1)(c) of the GDPR, and the legal basis for processing to pursue our legitimate interests is provided by Article 6(1)(f) of the GDPR. Should processing be necessary in order to protect the vital interests of the data subject or of another natural person, then the legal basis is provided by Article 6(1)(d) of the GDPR.

Security measures
In accordance with Article 32 of the GDPR, we take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons and implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
The measures include, in particular, ensuring ongoing confidentiality, integrity, availability and the resilience of processing systems and services, as well as associated access, input, disclosure, guarantee of availability and their separation. Furthermore, we have installed processes that guarantee the implementation of user rights, data deletion and reaction to threats to the data. We also take the protection of personal data into account even during development, e.g. the selection of hardware, software and processes according to the principle of data protection via technological design and by data protective settings (Article 25, GDPR).

Cooperation with processors and third parties
In as far as during processing we disclose data to other persons and companies (processors or third parties), transmit data to them or otherwise provide them access to the data, this is only done based on the legal permissions (e.g. if required for the fulfilment of contractual obligations, data has to be provided to third parties such as payment services, in accordance with Article 6(1)(b) of the GDPR), if you have consented, if it is a legal requirement to do so, or based on our legitimate interests (e.g. when using authorised representatives, web hosts, etc.).
If third parties are to be contracted with the processing of data on the basis of what is known as “processing contract”, this is done based on Article 28 of the GDPR.

Transfers to third countries
In as far as we process data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)), or this occurs within the framework of utilising the services of a third party, or disclosing or transferring data to third parties, this is only done to fulfil our (pre-)contractual obligations or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process data or have data processed in a third country if the special prerequisites of Article 44 of the GDPR are met. This means that the processing is done for example on the basis of particular guarantees such as the officially recognised declaration of a level of data protection corresponding to that of the EU (e.g. by the Privacy Shield in the USA) or under consideration of officially recognised special contractual obligations (called “standard contract clauses”).

Rights of the data subject
You have the right to obtain confirmation whether data is being processed and for information regarding this data and for further information and a copy of the data in accordance with Article 15 of the GDPR.
In accordance with Article 16 of the GDPR, you have the right to demand the completion of the data related to you or to demand the rectification of incorrect personal data.
In accordance with Article 17 of the GDPR, you have the right to demand the immediate erasure of related data or alternatively in accordance with Article 18 of the GDPR, to demand a restriction in the processing of the data.
You have the right to obtain a copy of the related information that you provided us with in accordance with Article 20 of the GDPR and to demand its transfer to other controllers.
Furthermore, you have the right according to Article 77 of the GDPR to lodge a complaint with the responsible supervisory authority. The authority responsible for our location is the Austrian Data Protection Agency in Vienna (www.dsb.gv.at).

Right to withdraw consent
You have the right to withdraw consent to the future use of your personal data in accordance with Article 7(3) of the GDPR.

Right to object
You have the right to object to the future processing of your personal data in accordance with Article 21 of the GDPR at any time. The objection can be directed in particular against the processing of data for the purposes of direct marketing.

Cookies
We use cookies to improve the functionality of our web presence on the basis of following our legitimate interest in accordance with Article 6 (1)(f).
 
Cookies contain information that are transmitted from our web server or from third party web servers to the user’s web browser and are stored there for later use. Cookies can be small files or other forms of data storage.
 
We use “session cookies” that are only stored for the period of time spent on the current visit to our online presence (e.g. to store your login status etc. and hence to enable the use of our online services). A session cookie stores a randomly generated, unambiguous identification number, known as session ID. A cookie also contains data regarding its origin and the storage validity period. These cookies are not able to store any other data. Session cookies are deleted once you have ended the use of our online services and, for example, when you log out or close the browser.
 
Deactivating cookies
  • If the user does not wish to have cookies stored on their computer, we advise them to deactivate the option in the system settings of their browser. Stored cookies can be deleted in the system settings. The exclusion of cookies can result in reduced performance of the online service.
  • If you have given your consent and if cookies are accepted by your browser settings, you are deemed to have consented to the use of these cookies. Most browsers accept all cookies by default. However, you have the possibility to adjust your browser such that cookies are displayed before they are stored, that only certain cookies are accepted or rejected, or that cookies are generally rejected. If you reject the use of individual cookies or deactivate them (individual opt-out), then this may result in the limited performance of our web site. You can change your general consent and the individual opt-outs at any time.
  • The web site http://www.allaboutcookies.org/provides detailed instructions for opting out of cookies.   
  • We would like to draw your attention to the fact that changes to settings only affect the browser the changes were made in. If you use many browsers or you use a different end device, the settings will need to be made individually. Moreover, cookies can be deleted from your storage device at any time. If you require further information on cookie settings, how to change and delete them, please use your web browser’s help function.
 
Server access log
Our web site provider automatically gathers and stores information in server log files that your browser automatically sends us. This information contains:
  • Browser type/browser version
  • Operating system used
  • Referrer URL
  • Hostname of the computer making the access
  • Time of the server request
This data is not allocated to a natural person.
 
This data is not linked or merged with any other data source. Should our web site be used for illegal purposes, we reserve the right to check this data post hoc.

Google Maps
The web site uses the service “Google Maps”, which is incorporated via API in order to display geographic information in accordance with our pursuit of legitimate interest according to Article 6(1)(f) of the GDPR. The use of Google Maps enables Google to acquire data regarding your use of the service, and to process and use it. The supplier of this service is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google is certified according to the Privacy Shield agreement (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
 
The processed data could contain IP addresses and location data belonging to the user, but which cannot be acquired without the user’s consent. The data may be processed in the USA. Further information is available in Google’s privacy statement that you can access here: https://policies.google.com/privacy?hl=en-GB. Opt-Out: https://adssettings.google.com/authenticated.
 
Google Analytics
In order to optimise our web site and ensure it is designed for purpose, we use functions from the web analysis service, Google Analytics, in accordance with Article 6(1)(f) of the GDPR. The supplier is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses cookies. The information created by the cookies regarding your use of this web site are normally transmitted to and stored in a Google server in the USA.
We only use Google Analytics with activated IP anonymisation. This means that on this web site, your IP address is shortened by Google within member states of the European Union or in other signatory states to the agreement via the European Economic Area. The full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases. The owner of this web site has contracted Google to use this information to evaluate your use of the web site, to compile reports regarding web site activity and to provide further services regarding web site and internet usage to the web site owner. The IP address transmitted by Google Analytics from your browser is not merged with other data from Google.

You can prevent the transmission of the data created by the cookie and data regarding your use of the web site (including your IP address) to Google and the processing of this data by Google by downloading and installing the following plugin into your browser:  http://tools.google.com/dlpage/gaoptout?hl=de.

Further information regarding data usage for marketing purposes by Google, settings and possibilities to object is available on Google’s web pages: https://policies.google.com/technologies/partner-sites?hl=en-GB (“How google uses information from sites or apps that use our services”), https://policies.google.com/technologies/ads?hl=en-GB (“How Google uses cookies in advertising),
 
Contacting us
When contacting us (via e-mail), the data the user provides will be used to process and deal with the user’s request in accordance with Article 6(1)(f) and Article 1(b) of the GDPR (steps to be taken prior to entering into a contract). E-mail requests are usually answered as soon as possible within normal office working hours and your data is deleted, if your request has been dealt with and the deletion is not in opposition to any legal storage requirements, for example, to close a subsequent contract.

Members login area
If you are a registered user of our web site, you can log into and use a private member’s area that you can manage yourself. We will provide you with user identification so that you can manage the user profile, whereby you can determine the password. The aim of the processing is verification of the user, management of the user profile, and the input, management and updating of your data. The processing is based on fulfilment of the contract in accordance with Article 6 (1)(b) of the GDPR and the pursuit of our legitimate business interests in accordance with Article 6(1)(f) of the GDPR. The data required for user verification and the management of the user profile is only stored for the duration of the registration. The data that is processed to manage your membership are stored in principle for the duration of the valid membership. After membership has been terminated, only data that is necessary is stored for the legally permissible period dictated by the applicable legal requirements and record-keeping obligations (Austrian Fiscal Code, Austrian Commercial Code, Austrian Civil Code etc.)

Data deletion
The data we processed will be erased in accordance with Articles 17 and 18 of the GDPR, or their processing will be limited. In as far as not explicitly stated in this privacy statement, the stored data will be erased as soon as they are no longer required for the purpose for which they were gathered unless their erasure is not permissible for legal data retention purposes. If the data is not deleted because they are required for other and legally admissible purposes, their use will be limited. This means that the data is locked and will not be used for other purposes. This is true for example for data that must be kept for commercial or tax reasons.
According to legal requirements in Austria, data retention is required in particular for 7 years according to § 132(1) of the Austrian Fiscal Code (accounting documentation, invoices/bills, accounts, receipts, business papers, statement of revenue and expenditure, etc.), for 22 years in the context of land plots and for 10 years for documentation in the context of electronically provided services, telecommunications/radio/television services, provided for non-commercial parties and for which the Mini-One-Stop-Shop (MOSS) service has been used.

Provision of our statutory and commercial services
We process data belonging to our members, supporters, interested parties, customers and other persons in accordance with Article 6(1)(b) of the GDPR, in as far as we offer them contractual services, or we become active in an existing business arrangement, for example towards members, or are the recipients of services and contributions. Otherwise we process data of data subjects according to Article 6(1)(f) of the GDPR on the basis of pursuit of our legitimate interests, for example, if it is an administrative or a public matter. The data processed in this case, the type, scope, purpose and necessity of their processing are determined by the contractual relationship they are based upon. This includes basic identification and contact data of the persons (e.g. name and address, etc.), as well as their contact data (e.g. e-mail address, telephone number, etc.), the contract data (e.g. services consumed, information and content provided and name of the contact person) and, in as far as we offer payable services or products, payment data (e.g. bank account, payment history, etc.).
We erase data that is no longer necessary to fulfil our statutory and business purpose. This is defined according to the individual task and contractual relationship. In the case of business-related processing, we retain the data for as long as it could be relevant to fulfilling our business, also with regard to any warranty or liability duties. The necessity for data retention is reassessed every three years; other than this, the legal data retention obligations apply.

Copyright
The layout of the web site, the graphics, images and other files including individual contributions are protected by copyright. All rights are reserved. Any form of reproduction, copying, storage or distribution requires explicit written permission, either from ourselves or from the corresponding rights holder.
 
Commercial advertising
The use of the contact data in our imprint or from our web site for commercial advertising is expressly not permitted, unless we have provided written consent. We and all of the persons mentioned on this web site object herewith to any form of commercial use or distribution of this data.
Image

Contact

Club International
Center of Excellence and Service for Expatriates and their Families
Körblergasse 117
8010 Graz
+43 316 601 759
info@cint.at

In cooperation with