yo
Privacy Policy – Applied Photography Zum Hauptinhalt springen

Privacy Policy

Privacy Policy

We take the protection of your personal data very seriously and process your data exclusively in accordance with applicable data protection laws, in particular the General Data Protection Regulation (GDPR).

This Privacy Policy provides information about the nature, scope, and purposes of the processing of personal data in connection with the use of our website (the “Services”).

By accessing and using our website, you acknowledge that you have read and understood this Privacy Policy.

1. Controller

Department of Applied Photography and Time-Based Media
University of Applied Arts Vienna, Institute of Design
Oskar-Kokoschka-Platz 2
A-1010 Vienna
Austria

(hereinafter referred to as the “Controller”)

2. Definitions

This Privacy Policy uses the terminology of the GDPR. In particular, the terms “personal data”, “processing”, “controller”, “processor”, “recipient”, “third party”, and “consent” shall have the meanings ascribed to them in Article 4 GDPR.

3. Nature, Scope and Purposes of Processing
3.1 Categories of data processed

We may process the following categories of data:

  • Non-personal data: Technical and aggregated information that does not allow identification of an individual.
  • Personal data: Any information relating to an identified or identifiable natural person, such as name, email address, telephone number, IP address, or other data you provide voluntarily.
3.2 Sources of data

Personal data is collected:

  • when you access and use the website (e.g. log data, usage data)
  • when you contact us directly (e.g. via email)
  • via third-party services where applicable
3.3 Purposes and legal bases of processing

We process personal data for the following purposes and on the following legal bases:

  • Provision and operation of the website
    (Art. 6(1)(f) GDPR – legitimate interest in providing a functional website)
  • Communication and handling of inquiries
    (Art. 6(1)(b) GDPR – performance of a contract or pre-contractual measures; Art. 6(1)(f) GDPR)
  • Improvement and analysis of website usage
    (Art. 6(1)(f) GDPR – legitimate interest in optimizing our services)
  • Ensuring security and preventing misuse
    (Art. 6(1)(f) GDPR)
  • Compliance with legal obligations
    (Art. 6(1)(c) GDPR)

Where required, we will obtain your consent pursuant to Art. 6(1)(a) GDPR.

3.4 Recipients of data

Personal data may be disclosed to processors (e.g. hosting providers or IT service providers) to the extent necessary for the operation of the website.

Data will only be disclosed to third parties if:

  • there is a legal obligation to do so, or
  • it is necessary for the establishment, exercise, or defense of legal claims
3.5 Cookies

Our website uses cookies. Cookies are small text files stored on your device.

We use:

  • Technically necessary cookies
    (Art. 6(1)(f) GDPR in conjunction with § 165 Austrian Telecommunications Act 2021)
  • Optional cookies (e.g. for external media) only with your consent
    (Art. 6(1)(a) GDPR)

You can manage or withdraw your consent at any time via the cookie settings.

3.6 Integration of Vimeo (subject to consent)

Our website includes embedded videos from Vimeo.

Provider:
Vimeo Inc.
555 West 18th Street
New York, NY 10011
USA

The integration of Vimeo is carried out exclusively on the basis of your prior consent pursuant to Art. 6(1)(a) GDPR.

Before consent is given, no connection to Vimeo servers is established.

Once you have provided consent, the following data may be processed:

  • IP address
  • device and browser information
  • pages visited
  • user interactions (e.g. video playback)

This may involve the transfer of personal data to the United States. The United States does not provide a level of data protection equivalent to that of the European Union. Appropriate safeguards (e.g. standard contractual clauses pursuant to Art. 46 GDPR) are implemented where required.

If you are logged into your Vimeo account, Vimeo may associate your usage behavior with your user profile. You can prevent this by logging out prior to activating the video.

Further information is available in Vimeo’s privacy policy.

3.7 International data transfers

Where personal data is transferred to countries outside the European Economic Area (EEA), such transfers are carried out only in compliance with Chapter V GDPR, in particular on the basis of adequacy decisions or appropriate safeguards (e.g. standard contractual clauses).

3.8 Data retention

Personal data will be retained only for as long as necessary for the purposes for which it was collected, or as required to comply with legal obligations, resolve disputes, and enforce legal claims.

3.9 Data security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk (Art. 32 GDPR), including encryption (HTTPS) and access controls.

However, no method of transmission over the Internet or electronic storage is completely secure.

3.10 Minors

Our website is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors.

3.11 Rights of data subjects

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent at any time (Art. 7(3) GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

In Austria, the competent supervisory authority is the Austrian Data Protection Authority (Datenschutzbehörde).

3.12 Amendments to this Privacy Policy

We reserve the right to amend this Privacy Policy at any time in order to ensure compliance with legal requirements or to reflect changes to our services. The current version will always be available on our website.