Citizen Science Vienna is a Citizen Science project by the Department of Media and Communication of the University of Vienna.

Project name: Citizen Science Vienna

Responsible for the Website/Media Holder: University of Vienna, Department of Media and Communication, Währinger Straße 29, 1090 Wien

Purpose of data processing:

• Scientific analysis of anonymized data.
• Anonymized data will be published on the website.
• Sharing of information between the users in the forum.

Data protection officer of the project: Data protection officers of the University of Vienna, This email address is being protected from spambots. You need JavaScript enabled to view it., https://dsba.univie.ac.at/.

Provision of web hosting for the project website

For providing the hosting, we use the IT services of one or more web hosting providers from whose servers (or servers or ICT infrastructure they operate) the services can be accessed.

We may use storage and database services, infrastructure, provider services, computing power, and provided safety and technical maintenance service for these purposes.

The data processed within these services may include content, data, and information in relation to the users of the IT services, which are collected during usage, access, and communication. This regularly consists of the IP address, which is required to deliver IT services to browsers or apps or external websites, services, and integrated tools.

Internal eMail Sending over the website or domain and Hosting: The IT hosting services we are utilizing can also include sending, receiving, and processing emails. The addresses of the recipients and senders and other data relating to the sending of emails (for example, involved providers) and the emails' contents are processed for these purposes. The processed data may also be used and processed for SPAM detection. Please note: emails on the Internet are commonly not transmitted in an encrypted form. In practice, emails are only encrypted during transport but not on the servers from which they are received or sent (without an end-to-end encryption method in place). Therefore, we cannot accept any accountability or liability for the transmission route of emails between the sender and reception on our IT services.

Collection of Log Files and Access Data: Ourselves, the service, or the web hosting provider, do collect data based on each access to the server in so-called server logs or server log files as it is the nature of the technological practice on the Internet. These server logs files can include the URL address. The name of the web pages and files/pages accessed, the date and time of access, browser types and version numbers, data volumes and transferred traffic, the accessor's operating system, information, and notifications about successful or unsuccessful access, URLs which refer to pages or the website and in general the IP addresses and the identification of the access provider of the user.

Such server logs and log files can also be used for IT security and audit purposes, e.g., to avoid overloading the service or servers (particularly in the circumstance of abusive attacks like DDoS attacks) and ensure the servers' stability and optimal load balancing.

Processed data types: Usage-data (e.g., entry points, access times, websites visited, content interest), Content-data (e.g., text input, photographs, web-form inputs, videos), Meta- and IT communication data (e.g., device information, GEO-spatial information, IP addresses, access providers)

Data subjects: Website visitors, registered users, users of online services

Purposes of Data Processing: Provision of the IT services, app, and website functionality Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR)

Webhosting/Websites:

HostEurope: Webhosting: Host Europe GmbH, c/o WeWork, Friesenplatz 4, 50672 Köln, DE; Privacy Policy: https://www.hosteurope.de/en/terms-and-conditions/privacy/
Microsoft Cloud Services/Azure: Cloud storage, cloud infrastructure services and cloud-based application software; Service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Website: https://microsoft.com; Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement, Security information: https://www.microsoft.com/de-de/trustcenter.

Email Sending of automated website-based internal emails: easyname: easyname GmbH, Canettistraße 5/10, A-1100 Wien, Austria; Website: https://www.easyname.at/; Privacy Policy: https://www.easyname.at/download/data-protection-policy-de-v2.pdf

OpenStreetMap: We integrate the maps of the service "OpenStreetMap" in apps and websites, which are offered by the OpenStreetMap Foundation (OSMF) based on the Open Data Commons Open Database License (ODbL). OpenStreetMap utilizes user- and visitor data exclusively to display maps, map functions, and temporarily store selected settings. The processed data can include, in particular, IP addresses and location data of users, which are not collected without their consent (usually within the context of the settings of the accessing device). Service provider: OpenStreetMap Foundation (OSMF); Website: https://www.openstreetmap.de; Privacy Policy: https://wiki.openstreetmap.org/wiki/Privacy_Policy.

Data Processing in Third Countries
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third party services or disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements.
Subject to express consent or transfer required by contract or law, we process or have processed the data only in third countries with a recognized level of data protection, on the basis of special guarantees, such as a contractual obligation through so-called standard protection clauses of the EU Commission or if certifications or binding internal data protection regulations justify the processing (Article 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension- data-protection_en).

Community Functions

The community functions provided by us in the website allow users to engage in conversations and other forms of interaction with each other. Please note that the use of the community functions is only permitted in compliance with the applicable legal situation, our terms and guidelines, and the rights of other users and third parties.

Processed data types: Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
Data subjects: Users (e.g., website visitors, users of online services).
Purposes of Processing: Provision of contractual services and customer support; Security measures.
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

User contributions are public: The posts and content created by users are publicly visible and accessible.
Setting the visibility of posts: By using their settings, users can determine the extent to which the posts and content they create are visible or accessible to the public or only to certain persons or groups.
Storage of data for security purposes: The posts and other entries of the users are processed for the purposes of the community and conversation functions and, subject to legal obligations or legal permission, are not disclosed to third parties. An obligation to disclosure may arise in particular in the case of unlawful posts for the purposes of legal prosecution. We would like to point out that, in addition to the content of the posts, their time and the IP address of the user are also stored. This is done in order to be able to take appropriate measures to protect other users and the community.
Right to delete content and information: The deletion of posts, content or information provided by users is possible in the CMS Administration Interfaces to the extent necessary after proper consideration if there are concrete indications that they could represent a violation of legal regulations, our provisions or the rights of third parties.
Protection of own data: Users decide for themselves what data they disclose about themselves within our online services. For example, when users provide personal information in a user profile or participate in conversation threads. We ask users to protect their data and to publish personal data only with caution and only to the extent necessary. In particular, we ask users to note that they must protect their login credentials in particular and use secure passwords (preferably long and random combinations of characters).

Registration, Login and User Account

Users can create a user account via Single Sign-On service or via manual account registration. Within the scope of registration, the required mandatory information is communicated to the users and processed for the purposes of providing the user account on the basis of contractual fulfillment of obligations. The processed data includes in particular the login information (name, password and an email address).
Within the scope of using our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.
Users may be informed by email of information relevant to their user account, such as technical changes.

Processed data types: Inventory data (e.g., names, addresses); Contact data (e.g., e-mail, telephone numbers); Content data (e.g., text input, photographs, videos); Meta/communication data (e.g., device information, IP addresses).
Data subjects: Users (e.g., website visitors, users of online services).
Purposes of Processing: Provision of contractual services and customer support; Security measures; Managing and responding to inquiries.
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

Registration with pseudonyms: Users may use pseudonyms as usernames instead of real names.
Users' profiles are public: Users' profiles are publicly visible and accessible.
Setting the visibility of profiles: By setting preferences, users can determine the extent to which their profiles are visible or accessible to the public or only to certain groups of people.
Deletion of data after termination: If users decide to terminate their user account, the user themselves or you will delete their data relating to the user account, subject to any legal permission, obligation or consent of the users.
No obligation to retain data: It is the responsibility of the users to secure their data before the end of the contract in the event of termination. We are entitled to irretrievably delete all user data stored during the term of the contract.

You can get in touch with us via email to exercise your right to be forgotten. We will erase your account and all personal data with it. Please contact us via email to exercise your right to receive a machine-readable copy of your personal data we process and store for the provision of the website and its services.