Data Protection Declaration
It is of utmost importance to us in all areas of business that your personal data is protected in regards to elicitation, processing and usage when you visit and use our website.
Current state: 24.05.2018
Table of content
- Collection and storage of personal data
- Usage and disclosure of personal data
- Direct advertising to contracting parties
- Transmission of application data
- Donation data
- Right to information, amendment, deletion or restriction of processing data, to dissent as well as transferability of data
- Data Protection
- Website analysis & cookies
- Logging of emails
- Social media
- Messenger services
- Publication of data
We, the Caritas Österreich/Caritas Austria (called Caritas in the following), feel obliged to protect your personal data – from collecting and processing data to storing it – in the best way possible and will do so with the highest diligence during your visit on our website. The basis for this is the Austrian and European law provisions on data protection law.
This privacy statement is only concerned with the website of Caritas. Individual sites can refer to internal and external hosts which are not covered by the privacy statement at hand. Hence, the Caritas does not assume liability for these contents or the usage and processing of data in these terms.
The following organisation is responsible for the handling of data.
Caritas Österreich (Caritas Austria)
Albrechtskreithgasse 19 - 21
Tel.: +43/ 1 488 31 - 400
Data Protection Officer: Josef Himmelbauer firstname.lastname@example.org
Information in regards to the handling of data according to Art 13 and 12 GDPR
In the following you will also find information on how we use your data, how and why we collect your data and to which extent this data collection is undertaken.
3. Collection and storage of personal data
For technical reasons your browser transmits the below listed data to our webserver automatically every time you visit our website. Saving these data serves technical and statistical purposes only so that we can e.g. analyze the frequency of visits on our website or determine technical failures of our servers. The following data will be collected and analyzed:
- Request (name of the requested file)
- Browser type and browser version
- Used operating system
- Referrer URL, i.e. the website from which you are visiting our internet presence
- Date and time of your visit
- The particular sites you visit on our website
- Username and password (at registration)
Any further personal data, such as name, post code, email address, date of birth or business related data will only be collected if you provide them voluntarily. On our website this information can only be disclosed via our contact form, applying online, making a donation, creating an online account, or subscribing to a newsletter. Caritas does not store any card or bank data, and your payment data goes directly through Mpay24, an external certified online payment partner. Our contractors are allowed to use this information solely to perform their tasks and are obliged to abide by the Austrian data protection regulations.
4. Usage and disclosure of personal data (incl. newsletter)
Personal data you provided is only used to deal with your concern, in the context of the fulfillment of contracts concluded with you or for technical administration.
If you gave your consent to process your personal data further, the data will only be processed for the purposes set out in the declaration of consent; the extent will not be exceeded. You can therefore receive advertising or e-mail newsletters from us based on your consent. We process your first and last name, salutation and your email address. Any given consent can be revoked free of charge at any time with effect for the future: in electronic newsletters via the listed link to unsubscribe, via written and telephone notification to all listed contact details.
Your data will only be passed on to those Caritas offices and employees respectively who need the information to fulfil their contractual, legal or supervisory duties and have a legitimate interest. In regards to the technical and organisational implementation of our website as well as for the newsletter dispatch we also draw on selected data processing companies. By contract, these companies are bound to treat your data as confidential and only process it in the context of their service provision and as instructed.
Caritas Österreich (Caritas Austria) is part of a consortium. In order to fulfil its extensive duties the Caritas also cooperates with related companies. This is a legit interest of Caritas Austria (recital 48, GDPR).
5. Direct advertising to contracting parties
Caritas also uses your personal information to provide you, as long as you are a contracting party and not object to the use of your data for that purpose, for direct marketing purposes and to provide you with general information about Caritas' own activities, products and services.
Direct marketing of this personal data is a legitimate interest of Caritas in order to reach the customers in the best possible way and to align the marketing strategies accordingly. The legal basis for the processing is therefore the existence of a legitimate interest according to Article 6 (1) lit f DSGVO. When using data for this purpose, the requirements of communication law, in particular § 107 TKG 2003, are complied with.
Unless you object to the use of your data for this purpose beforehand, your data will be deleted after 3 years from your last contact with Caritas or earlier in the event of a cancellation. Your data will not be passed on to third parties for their own purposes without your consent.
6. Transmission of application data
By submitting your application documents, you agree that personal data such as name, title, address, telephone number, date of birth, education, professional experience, salary expectations and the data and images contained in the motivational letter, curriculum vitae, certificates or other sent documents will be processed by Caritas for the purpose of processing the enquiry and handling the application procedure.
You also agree that the aforementioned data may be transferred by the Austrian Caritas Central to its subsidiaries listed below for the purpose of using this data in the subsidiaries for filling vacant positions:
- Caritas Österreich Kommunikation & Service GmbH, Albrechtskreithgasse 19-21, 1160 Vienna,
- Caritas Foundation Austria, Albrechtskreithgasse 19-21, 1160 Vienna,
- Caritas Foundation Österreich GmbH, Albrechtskreithgasse 19-21, 1160 Vienna, Austria
With your consent, you accept that you can be contacted by employees by telephone and/or e-mail to ensure that the application process runs smoothly. You confirm that all information provided is true and correct. Wrong information, even after a possible employment, can lead to dismissal.
If the Austrian Caritas Centre or a subsidiary concludes an employment contract with an applicant, the data transmitted will be stored for purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be deleted six months after notification of the rejection decision, unless consent has been obtained pursuant to Art. 6 (1) lit a DSGVO for 2 years.
Your consent may be revoked at any time without giving reasons by contacting the above-mentioned contacts. Data processing is carried out on the basis of the legal provisions of § 96 (3) TKG and Art. 6 (1) lit a (consent) and lit b (necessary for fulfilment of the contract) of the DSGVO.
Your data will not be passed on to third parties.
7. Donation data
Caritas protects the privacy of all persons who use online donation facilities on www.caritas.at and to treat personal data provided to us by users confidentially. Caritas requires stored data for smooth processing of your donation, e.g. for transmission to tax office, so that you can claim your donation for tax purposes. Caritas does not sell any personal data and does not pass this data on to third parties who do not belong to Caritas or its group.
Data will only be transmitted internally to the regional diocesan Caritas office responsible for your area. This responsibility is based on the postal code you provide. The recipient of your data therefore depends on your place of residence:
Vienna: Caritas of the Archdiocese Vienna, Albrechtskreithgasse 19-21, 1160 Vienna, www.caritas-wien.at
Lower Austria: Caritas Diocese St. Pölten, Hasnerstraße 4, 3100 St. Pölten, www.caritas-stpoelten.at
Burgenland: Caritas of the Diocese Eisenstadt, St. Rochus-Straße 15, 7000 Eisenstadt, www.caritas-burgenland.at
Styria: Caritas of the diocese Graz-Seckau, Grabenstraße 39, 8010 Graz, www.caritas-steiermark.at
Carinthia: Caritas Carinthia, Sandwirtgasse 2, 9010 Klagenfurt, www.caritas-kaernten.at
Upper Austria: Caritas of the Diocese of Linz, Kapuzinerstr. 84, 4021 Linz, www.caritas-linz.at
Salzburg: Caritas Association of the Archdiocese of Salzburg, Universitätsplatz 7, 5020 Salzburg, www.caritas-salzburg.at
Tyrol: Caritas - Diocese of Innsbruck, Heiliggeiststraße 16, 6020 Innsbruck, www.caritas-tirol.at
Vorarlberg: Caritas of the diocese Feldkirch, Wichnergasse 22, 6800 Feldkirch, www.caritas-vorarlberg.at
Your data will not be transmitted to Caritas Externe. By submitting your data (name, address, e-mail address, ...), you consent to their storage and use by the Austrian Caritas Centre, as well as to their disclosure to other Austrian regional Caritas organisations for the purpose of informing them about their activities and projects to be supported.
Personal data provided voluntarily when filling out forms is subject to the Data Protection Act. The consent to the use of data may be revoked at any time in writing, by fax (+43 1/488 31-9400), by telephone (+43 1/488 31-400) or by e-mail (email@example.com). However, if the person concerned expressly requests it, they will be deleted with immediate effect or the data can be corrected at any time.
8. Right to information, amendment, deletion or restriction of processing data, to dissent as well as transferability of data
You have the right to information, amendment, deletion or restriction of processing your stored data at any point. Furthermore you have both the right to object the processing of the data, and the right to data portability according to legal prerequisites of the data protection law.
You can file complaints at your local data protection authority.
9. Data safety
Security of your data in our systems is very important to us. Our aim is to manage your data with utmost care and to take all necessary technical and organizational security measures to protect your personal data from loss and misuse.
If your browser supports SSL, access to nearly all our websites is secured via HTTPS. This means that communication between your end device and our servers is encrypted. Should you want to contact us or our employees by e-mail, we would like to point out that the confidentiality of the information transmitted cannot be guaranteed. Due to their technical design, the contents of e-mails can be viewed by third parties unless special technical security measures are taken.
10. Web analysis & Cookies
In order to analyze and improve structure and navigation of our website which are also catered to your needs, we use analytics tools on our website.
The information on the website’s usage that was generated by Google Analytics with the help of Cookies – including the anonymized IP-addresses – is sent to a Google Inc. server in the USA.
The anonymization is done by deleting the IP-address’s last eight Bit. This makes it impossible to clearly assign the generated information to a specific IP-address. The information is passed on to authorities or third parties if such action is legally required or if third parties are acting as service providers for Google.
That means that there is no personal data generated or analysed and the information is not linked to such data either. You can also prevent the installation of all kinds of cookies through appropriate browser settings. If you choose such settings some of our features on the website might not be available to you anymore.
If the storage of cookies is to be prevented, this can take place above by a click.
11. Logging of e-mails
We save protocol data in regards to emails to ensure the recognition of malware on the one hand and proper system and information security on the other. If you send an email to one of the email addresses below we save the following data: email and IP-addresses of the sender and the recipient, number of recipients, subject, date and time when the data arrives at the server, filename of attachments if applicable, size of the message, classification of the risk in terms of spam and status of delivery. In a first step emails are only checked in an automated way. Is there a suspected risk for the IT-systems’ security, selected emails are manually checked by people responsible..
In addition, we process your personal data in connection with e-mails, if necessary, for the duration of the entire business initiation as well as beyond that in accordance with the legal storage and documentation obligations.
12. Social Media
We integrate social media plug-ins, iFrames and the services of various social networks or operate social platforms. These are Facebook, Twitter, Instagram, Google+, Pinterest and YouTube.
Where possible, we prevent data transmission to these services. Only if you click on an icon of one of these services and therewith actively access the before mentioned, your IP-address as well as Cookies will be transmitted. The services will then learn that you visited our website with your IP-address. If you are actively logged in to one of the social media networks, this information is assigned to your user account. Please be aware that we do not have any assured knowledge or influence how and which particular data will be transmitted to these services. With activating and using a social media plug-in you therefore agree with the concomitant transmission of your personal data to the selected services.
Please refer to the data protection declaration of the selected service provider for current information on the type, purpose, scope, use and protection of your data by these networks as well as your associated rights. According to our information, this is as follows. We assume no liability for the completeness and correctness of this information:
Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA Facebook's Privacy Notice: www.facebook.com/about/privacy/
Conversion Tracking with the Facebook Pixel
We also use the "visitor action pixel" of Facebook INc. 1601 S. California Ave, Palo Alto, CA 94304, USA (following as "Facebook") within our Internet presence. This allows us to track behavior of users after they click on a Facebook ad to redirect them to the provider's website: This process is used to evaluate effectiveness of Facebook advertisements for statistical and market research purposes and may help optimize future advertising efforts. The collected data is anonymous, so it doesn’t allow us to identify users. The data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Guidelines (https://www.facebook.com/about/privacy). You may enable Facebook and its affiliates to serve advertisements on and off Facebook. A cookie may also be stored on your computer for these purposes. Consent to the use of the Visitor Action Pixel may only be given by users older than 13 years of age. If you are younger, we ask you to ask your legal guardian for permission. You can revoke your consent here: www.aboutads.info/choices
13. Messenger services
With your consent (pursuant to Art. 6 (1) lit. a DSGVO), Caritas WhatsApp uses Facebook Messenger for the purpose of informing you about current campaigns and responding to your enquiries and inviting you to group chats. The following information is collected in course of communication: Date and time of a communication, name, user name, telephone number and content of the communication as well as any information you transmit. There is no obligation to use Messenger services or provide us with information about them. You have the right to revoke your consent at any time without giving reasons. Your data will be stored for duration of your consent. You expressly consent the transfer of your above personal data to third parties.
WhatsApp Inc. 1601 Willow Road Menlo Park, California 94025, USA. Privacy Notice from WhatsApp Inc.: www.whatsapp.com/legal/
Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA Privacy Notice from Facebook: https://www.facebook.com/about/privacy/
On our pages plugins of the social network SoundCloud (SoundCloud Limited, Berners House, 47-48 Berners Street, London W1T 3NF, Great Britain.) can be integrated. You can recognize the SoundCloud plugins by the SoundCloud logo on the affected pages.
If you do not want SoundCloud to associate visiting our pages with your SoundCloud account, please log out before activating the SoundCloud plugin content.
15. Publication of data
As a matter of principle we do not publish the data we were provided with, nor do we provide it for other users. Some website-features’ purpose is to publish certain data and provide other users with it as well. Should you use such a feature and would publish your data by clicking on a particular button, you will both be notified before such action is taken and your consent will be explicitly obtained too before you can publish/provide any data.
We reserve for ourselves to adapt statement to technical developments and legal changes where applicable, and update it if we offer new services or products.