Data Protection

The picture shows a boy in a camp

Change settings for cookies

You can adjust your cookie consent at any time using the "Cookie settings" button:

Cookie Settings

Data Protection Declaration

Current state: 07.05.2024

It is important to us in all business areas to protect personal data when it is collected, processed and used during a visit to our website and its use. The privacy policy also applies to products that link to this page.

Table of content

1. General

We, the Caritas Österreich/Caritas Austria (called Caritas in the following), feel obliged to protect your personal data – from collecting and processing data to storing it – in the best way possible and will do so with the highest diligence during your visit on our website. The basis for this is the Austrian and European law provisions on data protection law.

This privacy statement is only concerned with the website of Caritas. Individual sites can refer to internal and external hosts which are not covered by the privacy statement at hand. Hence, the Caritas does not assume liability for these contents or the usage and processing of data in these terms. 

2. Contact

The following organisation is responsible for the handling of data.
Caritas Österreich (Caritas Austria)
Storchengasse 1/E1 05
1150 Wien
Tel.: +43/ 1 488 31 - 400

Data Protection Officer: Cloud Company (Kontakt: Josef Himmelbauer)

Information in regards to the handling of data according to Art 13 and 14 GDPR.
In the following you will also find information on how we use your data, how and why we collect your data and to which extent this data collection is undertaken.

3. Collection and storage of personal data

For technical reasons your browser transmits the below listed data to our webserver automatically every time you visit our website. Saving these data serves technical and statistical purposes only so that we can e.g. analyze the frequency of visits on our website or determine technical failures of our servers. The following data will be collected and analyzed:

  • Request (name of the requested file)
  • Browser type and browser version
  • Used operating system
  • Referrer URL, i.e. the website from which you are visiting our internet presence
  • IP-address
  • Date and time of your visit
  • The particular sites you visit on our website
  • Username and password (at registration)

Any further personal data, such as name, post code, email address, date of birth or business related data will only be collected if you provide them voluntarily. On our website this information can only be disclosed via our contact form, applying online, making a donation, creating an online account, or subscribing to a newsletter. Caritas does not store any card or bank data, and your payment data goes directly through Mpay24, an external certified online payment partner. Our contractors are allowed to use this information solely to perform their tasks and are obliged to abide by the Austrian data protection regulations.

4. Use and Disclosure of Personal Data (incl. Newsletter, Plaudernetz and Corona Emergency Hotline)

Personal data transmitted by you will only be used to process your request, in the context of the fulfillment of contracts concluded with you or for technical administration.

If you have given us your consent to process your personal data, it will only be processed in accordance with the purposes and to the extent agreed in the declaration of consent. You may therefore receive advertising or e-mail newsletters from us on the basis of your consent. For this purpose, we process your first and last name, title and e-mail address. You can revoke your consent at any time free of charge with effect for the future: In electronic newsletters via the unsubscribe link provided, via written and telephone notification to all contact details provided.

The open and click rate can be recorded to evaluate the newsletter interaction. An open rate shows how many of the recipients actually opened the email sent. For this purpose, a so-called "web beacon" with an individual recipient ID (also known as a "measurement or tracking pixel") is integrated into the HTML code of the email. In order to find out which links in the emails were clicked on by the recipients and how often, the links contain an individual recipient ID, which is registered on the server when selected.  This evaluation enables us to adapt our newsletter offer according to the use and wishes of the subscribers.

In addition, only those Caritas departments or employees who need your data to fulfill contractual, legal and supervisory obligations and legitimate interests will receive it. We also use selected processors for the technical and organizational implementation of our website and newsletter distribution. All processors are contractually obliged to treat your personal data confidentially and to process it only in the context of providing services in accordance with our instructions.

Caritas of the Archdiocese of Vienna - Help in Need, as the responsible party, collects and processes the data provided via the Corona Emergency Hotline (name, contact details, financial and social circumstances, health data) for the purpose of mediating and coordinating assistance offered by the diocesan Caritas centres. This data may originate from you personally or from a person calling on your behalf. Your data will be transmitted to the regional diocesan charity centre responsible for you in order to contact you and communicate the relevant offers of help. You can find a list of the diocesan Caritas centres and their contacts at Processing is carried out on the basis of Article 6(1)(a) GDPR and, with regard to your health data, on the basis of consent (Article 9(2)(a) GDPR).  You can withdraw your consent at any time by contacting the controller or the data protection officer. Your data will be stored for a period of 6 months and then anonymised.

Caritas of the Archdiocese of Vienna (Caritas Association) collects and processes the data provided during registration (name, telephone number, ...) for the purpose of mediating conversations (telephone calls) in the course of the chat network and to be able to trace who was connected to whom in order to be able to follow up on any misunderstandings or claims arising from the conversations held.

The data will be deleted after deregistration from the chat network, otherwise one year after the last contact, unless there is a specific reason for further processing (e.g. processing a complaint). 

Caritas Austria is part of a group of companies. In order to fulfil its extensive obligations, Caritas Austria also makes use of affiliated companies in a division of labour. Caritas Austria has an overriding legitimate interest in this (Recital 48 of the GDPR).

5. Direct advertising to contracting parties

Caritas also uses your personal information to provide you, as long as you are a contracting party and not object to the use of your data for that purpose, for direct marketing purposes and to provide you with general information about Caritas' own activities, products and services.

Direct marketing of this personal data is a legitimate interest of Caritas in order to reach the customers in the best possible way and to align the marketing strategies accordingly. The legal basis for the processing is therefore the existence of a legitimate interest according to Article 6 (1) lit f DSGVO. When using data for this purpose, the requirements of communication law, in particular § 107 TKG 2003, are complied with.

Unless you object to the use of your data for this purpose beforehand, your data will be deleted after 3 years from your last contact with Caritas or earlier in the event of a cancellation. Your data will not be passed on to third parties for their own purposes without your consent.

6. Transmission of application data

By submitting your application documents, you agree that personal data such as name, title, address, telephone number, date of birth, education, professional experience, salary expectations and the data and images contained in the motivational letter, curriculum vitae, certificates or other sent documents will be processed by Caritas for the purpose of processing the enquiry and handling the application procedure.

You also agree that the aforementioned data may be transferred by the Austrian Caritas Central to its subsidiaries listed below for the purpose of using this data in the subsidiaries for filling vacant positions:

  • Caritas Österreich Kommunikation & Service GmbH, Storchengasse 1/E1 05, 1150 Vienna,
  • Caritas Foundation Austria, Storchengasse 1/E1 05, 1150 Vienna,
  • Caritas Foundation Österreich GmbH, Storchengasse 1/E1 05, 1150 Vienna, Austria

With your consent, you accept that you can be contacted by employees by telephone and/or e-mail to ensure that the application process runs smoothly. You confirm that all information provided is true and correct. Wrong information, even after a possible employment, can lead to dismissal.

If the Austrian Caritas Centre or a subsidiary concludes an employment contract with an applicant, the data transmitted will be stored for purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be deleted six months after notification of the rejection decision, unless consent has been obtained pursuant to Art. 6 (1) lit a DSGVO for 2 years.

Your consent may be revoked at any time without giving reasons by contacting the above-mentioned contacts. Data processing is carried out on the basis of the legal provisions of § 96 (3) TKG and Art. 6 (1) lit a (consent) and lit b (necessary for fulfilment of the contract) of the DSGVO.

Your data will not be passed on to third parties.

7. Donation data

Caritas protects the privacy of all persons who use online donation facilities on, by SMS or by bank transfer and to treat personal data provided to us by users confidentially.

Caritas requires the stored data (name, date of birth, address, contact details, donation amount and donation purpose, bank details, communication and donation history, classifications (donation amount, frequency, last donation), consents) for the smooth processing of your donation, compliance with tax regulations (BAO, UGB), for transmission to the tax office so that you can claim your donation for tax purposes and to fulfil the non-profit or charitable organisational objectives. We also process data that we have legitimately received from address publishers. This involves basic personal data such as your name and address. These address publishers are authorised to collect data for the purpose of preparing and implementing third-party marketing campaigns or for list broking (§151 GewO).

Caritas does not sell any personal data and does not pass this data on to third parties who do not belong to Caritas or its group or who have been commissioned by Caritas to provide services. For example, we are supported by service providers in carrying out postal and telephone donation communications, who may gain access to your personal data in the course of their activities if they require the data to fulfil their respective services. These service providers have undertaken to comply with the applicable data protection regulations. Order processing contracts have been concluded in accordance with Art 28 GDPR.

The legal basis for data processing is Article 6(1)(f) GDPR and Recital 47 GDPR, our legitimate interest in the acquisition of donations by winning new donors and winning back donors to fulfil the non-profit or charitable objectives of the organisation. The organisation pursues objectives in the public interest in accordance with Section 4a EStG and Sections 34 ff BAO. The fulfilment of the organisational objectives recognised by the public therefore represents legitimate interests. The fulfilment of these publicly recognised organisational objectives is not possible without donations and is therefore necessary. Furthermore, the legal basis for this data processing is the fulfilment of a contract pursuant to Art. 6 para. 1 lit. b GDPR and legal obligations pursuant to Art. 6 para. 1 lit. c GDPR, in particular the Federal Fiscal Code (BAO). The provision of name data and dates of birth is necessary for the donation to be taken into account in the automated employee tax assessment. If these data are not provided, the donations cannot be recognised as special expenses for tax purposes.

Your donor data and the donation amount will be sent to the regional diocesan Caritas office responsible for you. The responsibility is determined by the postcode you provide. The recipient of your data therefore depends on the address given.

Vienna: Caritas of the Archdiocese Vienna, Albrechtskreithgasse 19-21, 1160 Vienna, 

Lower Austria: Caritas Diocese St. Pölten, Hasnerstraße 4, 3100 St. Pölten,

Burgenland: Caritas of the Diocese Eisenstadt, St. Rochus-Straße 21, 7000 Eisenstadt, 

Styria: Caritas of the diocese Graz-Seckau, Grabenstraße 39, 8010 Graz, 

Carinthia: Caritas Carinthia, Sandwirtgasse 2, 9010 Klagenfurt, 

Upper Austria: Caritas of the Diocese of Linz, Kapuzinerstr. 84, 4021 Linz,  

Salzburg: Caritas Association of the Archdiocese of Salzburg, Friedensstraße 7, 5020 Salzburg,  

Tyrol: Caritas - Diocese of Innsbruck, Heiliggeiststraße 16, 6020 Innsbruck,  

Vorarlberg: Caritas of the diocese Feldkirch, Wichnergasse 22, 6800 Feldkirch, 

By submitting your data (name, address, e-mail address, ...), you consent to their storage and use by the Austrian Caritas Centre, as well as to their disclosure to other Austrian regional Caritas organisations for the purpose of informing them about their activities and projects to be supported.

We process your personal data, if available and as far as necessary for the purposes mentioned, until your objection, as well as beyond that in accordance with the legal storage and documentation obligations, which result from the Federal Fiscal Code (BAO), among others.

Personal data provided voluntarily when completing forms is subject to the Data Protection Act. Consent to the use of data can be revoked at any time in writing, by telephone at +43 1/488 31-400 or by e-mail at However, if the data subject expressly requests it, it will be deleted with immediate effect or the data can be corrected at any time.

8. Right to information, amendment, deletion or restriction of processing data, to dissent as well as transferability of data

You have the right to information, amendment, deletion or restriction of processing your stored data at any point. Furthermore you have both the right to object the processing of the data, and the right to data portability according to legal prerequisites of the data protection law.

9. Data safety

The security of your data in our systems is very important to us. Our aim is to manage your data with the utmost care and to take all necessary technical and organisational security measures to protect your personal data from loss and misuse.

Access to almost all of our websites is secured via HTTPS if your browser supports SSL. This means that communication between your end device and our servers is encrypted. If you wish to contact us or our employees by e-mail, we would like to point out that the confidentiality of the information transmitted is not guaranteed. Due to their technical design, the content of e-mails can be viewed by third parties unless special technical security measures are taken.

We use an error management tool for our website. The service provider is the American company Functional Software, Inc. (hereinafter referred to as "Sentry"), 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA. Sentry is used on the basis of our legitimate interest pursuant to Article 6(1)(f) GDPR in the effective and efficient error detection, error analysis and error correction of our website in order to ensure technical stability.

The standard contractual clauses ( were concluded with Sentry in accordance with Art. 46 para. 2 and 3 GDPR and further measures/settings were made to limit the transfer of data to the necessary minimum (IP address, device details, browser details, stack trace) and to delete the data immediately after error analysis.

10. Web analysis & Cookies (change settings)

We use analysis tools on our website to analyse and improve the structure and navigation of our website and to tailor it to your needs.

This website uses Google Analytics. This is a web analysis service provided by Google Inc ("Google"). This analysis service uses cookies, i.e. small files that are stored on your computer and enable us to analyse the use of our website. Information about the use of our website, which is collected using cookies, is used to evaluate the general use of the website, to enable us to compile reports on website activity and thus to be able to further optimise our website and to provide other services associated with website and Internet use. The information generated by Google Analytics with the help of cookies about the use of the website - including the anonymised IP address - is transmitted to a Google Inc. server in the USA. Anonymisation is carried out by removing the last eight bits of the IP address, which means that it is no longer possible to clearly assign the data collected to a specific IP address. This information is transmitted to authorities or third parties if this transmission is required by law or if third parties act as service providers on behalf of Google. However, it is possible to prevent the storage of cookies by making the appropriate settings in the browser. However, if consent to the storage of cookies is denied in the browser settings, certain functions of our website may no longer be available. By using our website, you consent to the use of Google Analytics. Further information on Google Analytics can be found at: Information on Google's privacy policy can be found at Here you can find a way to prevent the use of Google Analytics and the associated data transfer to Google

 We also use cookies to make our website as user-friendly as possible for you. Cookies are small text files that are stored on your device in order to recognise you the next time you use our website. Cookies can be stored permanently or only during a session. Two types of cookies are used: necessary cookies to provide basic website functions and targeted cookies that help us to optimise the structure and navigation of our website and thereby improve the quality of service. With both cookie applications, your IP address is immediately shortened and thus anonymised so that it can no longer be assigned to you. This means that no personal data is collected or analysed, nor is it linked to other such data. You can also prevent the installation of all types of cookies by adjusting your browser settings accordingly. If you make such a setting, it is possible that not all functions of our website can be made available in full.

Change settings for cookies

You can adjust your cookie consent at any time using the "Cookie settings" button:

Cookie Settings

11. Logging of e-mails

We save protocol data in regards to emails to ensure the recognition of malware on the one hand and proper system and information security on the other. If you send an email to one of the email addresses below we save the following data: email and IP-addresses of the sender and the recipient, number of recipients, subject, date and time when the data arrives at the server, filename of attachments if applicable, size of the message, classification of the risk in terms of spam and status of delivery. In a first step emails are only checked in an automated way. Is there a suspected risk for the IT-systems’ security, selected emails are manually checked by people responsible..

In addition, we process your personal data in connection with e-mails, if necessary, for the duration of the entire business initiation as well as beyond that in accordance with the legal storage and documentation obligations.

12. Social Media

We integrate social media plug-ins, iFrames and the services of various social networks or operate social platforms. These are Facebook, Twitter, Instagram, Google+, Pinterest and YouTube.

Where possible, we prevent data transmission to these services. Only if you click on an icon of one of these services and therewith actively access the before mentioned, your IP-address as well as Cookies will be transmitted. The services will then learn that you visited our website with your IP-address. If you are actively logged in to one of the social media networks, this information is assigned to your user account. Please be aware that we do not have any assured knowledge or influence how and which particular data will be transmitted to these services. With activating and using a social media plug-in you therefore agree with the concomitant transmission of your personal data to the selected services.

Please refer to the data protection declaration of the selected service provider for current information on the type, purpose, scope, use and protection of your data by these networks as well as your associated rights. According to our information, this is as follows. We assume no liability for the completeness and correctness of this information:

Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA Facebook's Privacy Notice: 

Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Google's privacy policy (YouTube and Google+): 

Twitter, Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA Twitter Privacy Policy:

Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA Pinterest's privacy policy: 

Vimeo, Inc. 555 West 18th Street, New York, NY 10011, USA Vimeo's Privacy Policy:   

Conversion Tracking with the Facebook Pixel

We also use the "visitor action pixel" of Facebook INc. 1601 S. California Ave, Palo Alto, CA 94304, USA (following as "Facebook") within our Internet presence. This allows us to track behavior of users after they click on a Facebook ad to redirect them to the provider's website: This process is used to evaluate effectiveness of Facebook advertisements for statistical and market research purposes and may help optimize future advertising efforts. The collected data is anonymous, so it doesn’t allow us to identify users. The data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Guidelines (

You may enable Facebook and its affiliates to serve advertisements on and off Facebook. A cookie may also be stored on your computer for these purposes. Consent to the use of the Visitor Action Pixel may only be given by users older than 13 years of age. If you are younger, we ask you to ask your legal guardian for permission. You can revoke your consent here:

13. Messenger services

With your consent (pursuant to Art. 6 (1) lit. a DSGVO), Caritas WhatsApp uses Facebook Messenger for the purpose of informing you about current campaigns and responding to your enquiries and inviting you to group chats. The following information is collected in course of communication: Date and time of a communication, name, user name, telephone number and content of the communication as well as any information you transmit. There is no obligation to use Messenger services or provide us with information about them. You have the right to revoke your consent at any time without giving reasons. Your data will be stored for duration of your consent. You expressly consent the transfer of your above personal data to third parties.

WhatsApp Inc. 1601 Willow Road Menlo Park, California 94025, USA. Privacy Notice from WhatsApp Inc.: 

Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA Privacy Notice from Facebook:

14. Soundcloud

On our pages plugins of the social network SoundCloud (SoundCloud Limited, Berners House, 47-48 Berners Street, London W1T 3NF, Great Britain.) can be integrated. You can recognize the SoundCloud plugins by the SoundCloud logo on the affected pages.

If you visit our pages, a direct connection will be established between your browser and the SoundCloud server after activation of the plugin. SoundCloud receives information that you have visited our site with your IP address. If you click the "Like" or "Share" button while logged into your SoundCloud account, you can link and/or share the content of our pages with your SoundCloud profile. This allows SoundCloud to associate visit of our pages with your user account. We would like to point out that, as the provider of the pages, we do not have any knowledge of the content of the transmitted data or its use by SoundCloud. Further information can be found in SoundCloud's privacy policy at: 

If you do not want SoundCloud to associate visiting our pages with your SoundCloud account, please log out before activating the SoundCloud plugin content.

15. Issuu

If you give us your consent in accordance with Art. 6 para. 1 lit a GDPR, an application of the company Issuu Inc, 131 Lytton Ave, Palo Alto, CA 94301, USA, is integrated on our website, which enables you to call up and read publications as e-paper / PDF. Issuu uses cookies that enable your use of the website to be analysed. In this way, Issuu collects and stores personal data such as your IP address and information about the time and duration of use. If you have an Issuu account, Issuu can assign this data to your personal account. If you do not wish this to happen, please log out of Issuu. Your data is stored in the USA. There is a risk that your transmitted data may be subject to access by authorities in this third country for control and monitoring purposes and that no effective legal remedies are available against this. Further information on Issuu's terms of use and data protection can be found at

16. Contacting us

If you contact us or a Caritas diocese using the contact options offered (e.g. via contact form, telephone, email or social media), your details (name, contact details, subject and inquiry, further correspondence) will be processed for the purpose of processing and responding to your inquiry.

Depending on the region selected in the menu, the regionally responsible diocese is generally responsible for this data processing. Below you will find an overview and a link to the privacy policy of the respective Caritas diocese.

The legal basis is the fulfillment of (pre-)contractual measures pursuant to Art. 6 para. 1 lit. b GDPR or on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in processing and answering inquiries from customers, interested parties and partners.

Your data will be stored for the duration of the treatment and beyond that for a maximum of 3 years.
This data will not be passed on to third parties without your consent.

17. Publication of data

As a matter of principle we do not publish the data we were provided with, nor do we provide it for other users. Some website-features’ purpose is to publish certain data and provide other users with it as well. Should you use such a feature and would publish your data by clicking on a particular button, you will both be notified before such action is taken and your consent will be explicitly obtained too before you can publish/provide any data.

18. Updating our privacy policy

We reserve for ourselves to adapt statement to technical developments and legal changes where applicable, and update it if we offer new services or products.