Version of 23/09/2019
Download a PDF version to save or print this document.
This Privacy Notice explains which personal data are collected when you visit and use the VirES for Aeolus service (the "Service") and how this data is processed by EOX IT Service GmbH as the data controller ("EOX" or "we").
This Privacy Notice is addressed to any user of the Service ("data subject" or "you").
We process your personal data in accordance with the EU General Data Protection Regulation ("GDPR") and applicable national data protection laws. Unless otherwise defined in this Notice, the terms used herein shall have the same meaning as defined in the GDPR.
When you use the Service we process those personal data which you voluntarily provide to us via our sign-up form or email contact.
The following explanations shall serve to inform you about the different ways we may collect personal data about you when you use the Service and for what lawful purposes we may use them.
If you register a user account for the Service, the personal data you voluntarily provide to us (i.e. user name, email address, password, title, first name, last name, institution, country, study area, project data) will be processed for the purposes of providing you access to and use the Service (legal basis: Art 6(1) b GDPR – performance of contract).
In addition, you may choose to send us your feedback and ideas via the provided email contact. In this case, we process the personal data you voluntarily provide to us (e.g. name, email address, content of feedback) in order to evaluate your feedback and improve the Service. Equally, EOX may contact the registered users to inform them about changes to the Service or to inquire about the user's interest in the Service. This may be prevented by sending an email to firstname.lastname@example.org. requesting unsubscription (legal basis: Art 6(1) f GDPR – legitimate interest in the improvement of the Service).
Some of the data we request in the sign-up process are marked as mandatory fields. You are not required to provide these data. However, without providing this information we are not able to provide the Service.
In addition to the data you actively provide, we collect certain data that your browser transmits to our website server (i.e. log files).
Our log files contain the following information: (i) date and time of retrieval of our Website, (ii) type, version and settings of your web-browser, (iii) your operating system and internet service provider, (iv) requested pages, files and data, (v) address of the previous website from which a link to our Website was followed (Referer HTTP header) (vi) username and e-mail of the authenticated users (vii) social network identity (username, civil name, e-mail), in case of the social network authentication, as well as (viii) your IP-address. The IP address is a specific number assigned to your computer which enables your device to communicate in a network using the Internet Protocol (IP). IP addresses may qualify as personal data as they technically allow the identification of the user in certain circumstances.
The processing of these log files is necessary for us to maintain the functionality, stability and security of the Service. We may also process them for the purpose of forensic investigations in the case of a security incident. Further, we may use these data in order to generate user statistics, however, log files (including IP addresses) and personal identification are not linked to each other (legal basis: Art 6(1) f GDPR – legitimate interest in maintaining functionality, stability and security of our Website).
The information collected by the Matomo software about your use of our Website (including your IP address and the URLs of the accessed pages) will be stored by us and will not be disclosed to third parties. Your IP address is made anonymous by truncating it.
We will use this information for the purpose of evaluating your use of our Website, compiling reports on website activity and providing other services relating to website activity and internet usage. We will not associate your IP address with any other data held by us.
By clicking on the "Accept" button in the Website's cookie banner you agree to the use of the above listed optional cookies on the Service. Your consent can be withdrawn (for all or individual cookies) at any time with effect for the future.
You should be aware that any preferences will be lost, if you delete all cookies and many websites will not work properly or you will lose some functionality. We do not recommend turning cookies off when using our website for these reasons.
For the above mentioned purposes we may share your personal data with IT service providers who provide hosting, maintenance and security services for our Service.
In addition, we may submit your data to the European Space Agency (ESA), should these data be requested by ESA.
Where disclosure is required (i) by law or regulation or (ii) to establish, exercise or defend legal claims, we may also disclose personal data to a competent authority, such as supervisory, regulatory or criminal authorities, courts of law or other third parties who advise us in this context (e.g. lawyers or forensics experts).
Some of these recipients may be located in countries outside the EU/EEA for which an adequate level of data protection has not yet been established by the EU Commission. It should be noted that the level of data protection in such countries may not be the same as within the EU/EEA. Also, subject to local laws and regulations data may be accessible to local authorities or courts.
However, where personal data is transferred to such third countries we implement appropriate safeguards to ensure that your rights are protected in accordance with the GDPR. This includes the conclusion of the EU Commission's standard contractual clauses for the transfer of personal data (Art 46(2) c GDPR). Further details on the implemented safeguards as well as copies of the respective agreements are available on request at email@example.com.
Log files are generally kept for a period one year. Beyond this time period log files will only be stored for the purpose of investigating irregularities or security incidents in our system. Cookies are usually valid for a short term (a day, a week or a month), though in some cases they may remain valid for up to 2 years.
We generally retain your personal data for as long as this is necessary for the fulfilment of the purpose for which they were obtained. Thus, in any case we process your personal data for the duration of the active user account (i.e. until the deletion of the account is requested). Where necessary we may also keep your data for as long as potential legal claims against us are not yet time-barred; for certain claims the statutory limitation period may be up to 30 years.
As soon as there are no legitimate grounds for the further storage of personal data available, they will either be deleted or anonymized.
As a data subject you have inter alia the following rights under the statutory conditions:
We do not process your personal data for the purpose of taking decisions based solely on automated processing, including profiling, which produce legal effects concerning you (Art 22 GDPR).
To exercise any of the above rights kindly send an email to firstname.lastname@example.org. In addition, you have the right to lodge a complaint with a supervisory authority, if you believe your data protection rights have been violated. For Austria the competent authority is the Data Protection Authority (Datenschutzbehörde).
We may update this Privacy Notice to reflect legal, technical or business changes. When we update this Privacy Notice, we will take reasonable steps to inform you about the changes made. You will find the date of the "last update" at the beginning of this Notice.
The Service contains links to third-party websites. We have no control over the content or privacy practices of these other websites. Please read the respective data protection provisions of other websites that you visit.
Should you have any requests or questions in relation to the processing of your personal data by us, kindly address them to our data protection officer, Dr. Christian Schiller, at email@example.com.
Our office addresses are: Thurngasse 8/4, 1090 Vienna (Austria)