The aspern.mobil LAB is pleased that you are visiting our websites. When you use our website, data protection and data security is very important to us. We would therefore like to inform you at this point, which of your personal data we collect when you visit our websites and for what purposes it is used.

Since changes in the law or changes in our internal processes may make it necessary to adapt this data protection declaration, we ask you to read it regularly. The data protection declaration can be accessed, saved and printed out at any time under “Data protection declaration” (https://www.mobillab.wien/en/privacy-policy/).

Person responsible and scope

The responsible person and data protection officer within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection legal provisions is:

Vienna University of Technology

Institute of Spatial Planning, Research Unit of Transportation System Planning

Univ.Prof. Dipl.-Ing. Dr.-Ing. Martin Berger

Project Manager aspern.mobil LAB

Karlsgasse 11 | 3rd floor

1040 Vienna

Tel: +43/1/ 58801-280510

E-Mail: martin.berger@mobillab.wien

This privacy policy applies to the aspern.mobil LAB website, which can be accessed under the domain mobillab.wien and its various subdomains (hereinafter referred to as “our websites” or “Internet presence”).

If data subject rights within the meaning of this data protection declaration (e.g. right to information, right to deletion, etc.) are asserted, these requests or applications are to be directed to info@mobillab.wien without exception.

What is personal data?

Personal data is individual information about personal or factual circumstances of a specific or identifiable natural person (data subject). This includes, for example, information such as your name, address, telephone number, date of birth or e-mail address. Information for which we cannot (or can only with disproportionate effort) establish a link to your person, e.g. by anonymizing the information, is not personal data.

General information on data processing

Extent

As a matter of principle, we collect and use personal data of our users only to the extent necessary to provide functional websites and our content and services. We use your personal data to provide the information and products we offer, the services you request, to answer your questions and to operate and improve our websites and applications.

The collection and use of personal data of our users is only carried out according to the corresponding legal basis of the Datenschutzgrundverordnung (DSGVO), e.g. on the basis of a legal obligation (for example, pursuant to the Universities Act 2002), a contractual obligation, public interest or after consent of the user.

No further use of your personal data will take place. A transfer of your personal data to third parties or a use of your data for advertising purposes without your consent will not take place, except in the cases described below, unless we are legally obliged to release data.

Legal basis

As far as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) lit. a EU General Data Protection Regulation (DSGVO) serves as the legal basis for the processing of personal data. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. If processing of personal data is necessary for compliance with a legal obligation to which aspern.mobil LAB (or TU Wien as operator) is subject, Art. 6 (1) c DSGVO serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 para. 1 lit. d DSGVO serves as the legal basis. If processing is necessary to protect a legitimate interest of aspern.mobil LAB or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1) (f) DSGVO serves as the legal basis for the processing.

Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.

Individual processing operations

As far as you wish to make use of services offered by us on our website, it is necessary for you to provide further data for this purpose. Details can be found below in the description of the specific data processing operations. In particular, personal data is used as follows:

a – Provision of the websites and creation of log files.

Each time our websites are called up, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the accessed file
  • Amount of data transferred
  • Message as to whether the retrieval was successful
  • Identification data of the accessing browser as well as the operating system
  • Internet page from which the access was made

The log files contain IP addresses or other data that allow an assignment to a user. This could be the case, for example, if the link to the website from which the user accesses the website, or the link to the website to which the user goes, contains personal data.

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f DSGVO.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes are also our legitimate interest in data processing according to Art. 6 Para. 1 lit. f DSGVO.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The collection of data for the provision of the website is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

b – Newsletter of the aspern.mobil LAB

On our websites there is the possibility to subscribe to free newsletters. When registering for the respective newsletter, the data from the input mask is transmitted to us. In order to be able to subscribe to our e-mail newsletter service, we need at least your e-mail address to which the newsletter is to be sent. Any further information is voluntary and will be used to address you personally and to be able to personalize the content of the newsletter as well as to clarify queries regarding the e-mail address.

It is your free decision whether you provide us with this data. However, we cannot send our newsletter to you without this information.

The processing of personal data is based on Art. 6 para. 1 lit. a or lit. c. The collection of the user’s e-mail address serves to deliver the respective newsletter.

When registering for the respective newsletter, your e-mail address will be used for our own (advertising) purposes until you unsubscribe from the newsletter.

The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user’s e-mail address is stored as long as the subscription to the respective newsletter is active.

No data is passed on to third parties in connection with the data processing for sending newsletters. The data is used exclusively for sending the respective newsletter.

c – Mailings from the aspern.mobil LAB

In connection with the use of offers and services of the aspern.mobil LAB, mailings are made which do not require the active consent of the data subject and therefore do not constitute newsletters pursuant to section 5c) of this Privacy Policy.

In any case, the e-mail address is processed as personal data in the case of such mailings. Further personal data is processed depending on the type and legal basis of the mailing.

Legal obligation

For mailings that are necessary in connection with the implementation of legal obligations, Art. 6 para 1 lit. c DSGVO is the legal basis.

If personal data is not subject to any further legal retention period, it will be deleted as soon as the purpose of the data processing has been achieved.

With the complete execution of the contract and full payment of the purchase price, your data will be blocked for further use and deleted after the expiry of the retention periods under tax and company law, unless you have expressly consented to the further use of your data.

 (Pre-)contractual measures

For mailings that are required in connection with the implementation of contractual or pre-contractual measures, Art. 6 para 1 lit. b DSGVO is the legal basis.

If personal data is not subject to any further legal retention period, it will be deleted as soon as the purpose of the data processing has been achieved.

With complete execution of the contract and full payment of the purchase price, your data will be blocked for further use and deleted after expiry of the retention periods under tax and company law, unless you have expressly consented to the further use of your data.

Overriding legitimate interest of aspern.mobil LAB

If the sending is necessary to protect a legitimate interest of aspern.mobil LAB or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.

An objection to such processing can be raised. If no separate contact address is given for the

processing, this objection can be sent by e-mail to info@mobillab.wien.

Personal data will be deleted as soon as the legitimate interest of aspern.mobil LAB no longer exists.

If personal data is not subject to any further legal retention period, it will be deleted as soon as the purpose of the data processing has been achieved.

Transfer of personal data to third parties

Personal data will only be transmitted to third parties in the context of mailings if this is necessary for (pre-)contractual measures or due to a legal obligation or if it is in the overriding legitimate interest of aspern.mobil LAB.

If data is transferred to third parties, this will be indicated in connection with the respective mailing.

d – Contact forms

Our websites contain contact forms that can be used for electronic contact. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. The following data can be collected within the framework of the contact forms:

  • Name
  • e-mail address
  • Telephone number
  • Message
  • Admission to the research community
  • Role / background / relation to aspern.mobil LAB (resident, company, science and research, city and administration)
  • Region (Urban Lakeside, Danube City, Vienna, Austria, International)

The following data is also collected as part of the InnovationsKick-form:

  • Name of the company
  • Main location of the company
  • Size of the company
  • Brief description of the idea / project / product
  • Technology Readiness Level of the idea / project / product

The following data is also stored at the time of sending the message:

  • Date and time of access
  • Amount of data transferred

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent, otherwise Art. 6 para. 1 lit. c DSGVO.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO.

The processing of personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

e – Matomo

This website uses Matomo, an open source, self-hosted software to collect anonymous usage data for this website. The data on visitor behaviour is collected to find out any problems, such as pages not found, search engine problems or unpopular pages. Once the data is processed, Matomo generates reports for website owners to act on. (Layout changes, new content, etc.).

Matomo processes the following data:

  • Cookies
  • Anonymized IP addresses by removing the last 2 bytes (i.e. 198.51.0.0 instead of 198.51.100.54)
  • Pseudo-anonymized location (based on the anonymized IP address
  • Date and time
  • Title of the accessed page
  • URL of the accessed page
  • URL of the previous page (if it allows it)
  • Screen resolution
  • Local time
  • Files that were clicked and downloaded
  • External links
  • Duration of page load
  • Country, region, city (with low accuracy due to IP address)
  • Main language of the browser
  • User agent of the browser
  • Interactions with forms (but not their content)

Use of cookies

We use so-called “Cookies”. Cookies are small text files that are sent to your browser by our web server when you visit our website and are stored on your computer for later retrieval. Cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. We mainly use so-called session cookies (also known as temporary cookies), i.e. cookies that are temporarily stored exclusively for the duration of your use of one of our Internet pages.

However, the usage data collected does not allow any conclusions to be drawn about the user – apart from those cookies that are used to store data in connection with an active login. All of this anonymously collected usage data is not merged with your personal data and is deleted immediately after the end of the statistical evaluation. As soon as you clear your browser cache, the cookies are deleted.

The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f DSGVO.

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) lit. f DSGVO.

The cookies used serve in particular to determine the frequency of use and the number of users of our websites and to continue to identify your computer during a visit to our website when switching from one of our websites to another of our websites and to be able to determine the end of your visit. In this way, we learn which area of our websites and which other websites our users have visited.

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

The user data collected through technically necessary cookies are not used to create user profiles.

Security measures to protect the data stored with us

We are committed to protecting your privacy and treating your personal data confidentially. To prevent loss or misuse of the data stored with us, we take extensive technical and organizational security precautions, which are regularly reviewed and adapted to technological progress. However, we would like to point out that, due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions outside our sphere of responsibility. In particular, data disclosed in unencrypted form – e.g. if this is done by e-mail – can be read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data he/she provides against misuse by encrypting it or in any other way.

Hyperlinks to external websites

Our websites contain so-called hyperlinks to websites of other providers. When you activate these hyperlinks, you will be redirected from one of our websites directly to the website of the other provider. You will recognize this, among other things, by the change of URL. We cannot accept any responsibility for the confidential handling of your data on these third-party websites, as we have no influence on whether these companies comply with data protection regulations. Please inform yourself about the handling of your personal data by these companies directly on these websites.

 Objection

When your personal data is processed on the basis of legitimate interests, you have the right to object to the processing of your personal data if there are grounds for doing so that arise from your particular situation or if the objection is directed against direct advertising. In the case of direct advertising, you have a general right to object, which is implemented by us without specifying a particular situation.

Data subject rights

The following rights arise from the GDPR for you as a data subject of a processing of personal data:

  • Right to information
  • Right to rectification
  • Right to deletion
  • Right to restriction of processing
  • Right to data portability
  • Right of revocation

If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in any way, you may lodge a complaint with the data protection authority.