Implemented security measures

The domain ‘fh-kaernten.at’ implements measures to ensure data security in accordance with Article 25 and Article 32 of the GDPR. We have set extensive security measures to protect your data from unauthorized access by third parties.
In this sense, the following measures, among others, are taken to protect and secure your data against loss, destruction, access, alteration and dissemination by unauthorized persons:

• Ensure the confidentiality, integrity, availability and resilience of systems and services related to data processing
• Ensure rapid recovery of personal data availability in the event of a physical or technical incident
• Implement procedures to regularly review, assess and evaluate the effectiveness of technical and organizational measures to ensure the security of data being processed.

The "Live Chat" on our website is used to contact you and/or allow you to send comments to us.

Processing purpose and storage period

The data you provide will be used to process your request and to be able to contact you in this regard. Your personal data will be stored by CUAS until your request has been processed. Beyond that, only absolutely necessary data will be stored due to the applicable legal provisions or retention obligations. Contacting us requires the entry of data such as

• First and last name
• E-mail address
• Your request.

Legal basis

The processing of personal data based on your request is a pre-contractual measure within the meaning of Article 6, paragraph 1, lit b of the General Data Protection Regulations (GDPR). The personal data you send us is necessary to process your request posed to CUAS. Without disclosure of your data, it is not possible to process your request.

In special cases, a recording and protocolling of users of an online event can take place. You will be informed about this as well as about a subsequent use of the recording in advance and can recognize during the meeting that it is being recorded.

The settings have been pre-selected so that you must actively turn on audio, video, or chat. If you do not agree with the use of audio, video or chat, please do not turn on your microphone or video camera and do not participate in chats. In this case, you can send us questions about and during the event by e-mail.

At our events open to the public, photos and video recordings are made of the event and the participants, which we use exclusively for reports about our events.

The legal basis for the processing of personal data is pre-contractual or contractual measures in accordance with Article 6, paragraph 1 lit b of the GDPR.

The legal basis for the use of video conferencing systems for online events is pre-contractual or contractual measures in accordance with Article 6, paragraph 1 lit b of the GDPR. In the case of open events or if no contractual relationship exists regarding participation in the event, we rely on Article 6, paragraph  1 lit f of the GDPR (legitimate interest). In this case, our legitimate interest is to conduct a timely, functional and effective online event.

The legal basis for any recording and protocolling of meetings as well as the provision of the recording (or parts thereof, e.g., screenshots) to a larger group of persons is Article 6, paragraph 1 lit f of the GDPR (legitimate interest); in this case, our legitimate interests lie in the documentation, reporting, image promotion and provision of the meeting to a larger circle of interested persons.

The creation of the visual material (photos and video recordings) is also based on our legitimate interest according to Article 6, paragraph 1 lit f of the GDPR to publish photos and video recordings for our reporting on our website or our social media channels. We do not share the photos and video recordings of events with third parties.

If you are interested in a study place or applying for a study place (online), we process the personal data that you have provided to us in the course of contacting us or applying via the online application tool or in person as well as the data that becomes known in the course of the admission procedure.
Processing purpose and storage period

We process your personal data in order to respond to your requests, to assess your suitability and the fulfillment of the admission requirements with regard to the desired study place, and/or to be able to carry out the intended admission procedure. You, as a prospective student, provide us with your data in the course of your request/inquiry; you, as an applicant, provide us with your data in the course of your pre-contractual obligations. If you do not provide us with the necessary data, we cannot process your request.
Your data will also be used for the purposes of further developing the admission procedure in accordance with the provisions of the Research Organization Act (FOG). In this process, your data will be anonymized at the earliest possible time.

For student applicants: if an educational relationship is subsequently established between you and us, your personal data from your application will automatically be transferred to your student file. If your application is rejected, the data provided will be deleted within three years of the start of the semester for which you applied.
The application account you created on bewerbung.cuas.at will be automatically deleted after one year before the start of the new application phase.

Legal basis
The legal basis for data processing is the pre-contractual obligation associated with your request (Article 6, paragraph 1 lit b of the GDPR).

Recipients
In certain cases, it is necessary to forward your submitted certificates to the responsible Federal Ministry of Education, Science and Research, the ENIC NARIC Austria located there, or the foreign (university) school that issued the certificates for verification purposes. If we conduct (online) admission tests as part of the admission procedure, your data (name, date of birth, e-mail address and your test results) may be passed on to service providers (so-called "order processors") such as Hogrefe Austria GmbH for the purpose of conducting and evaluating the admission tests, or may be collected by them.
Processors used by us may also process data for us in order to fulfill the purposes described if they offer sufficient guarantees for the security of the data (e.g., cloud services, IT service providers, printers, dispatch of newsletters or postal items).

If you apply for a position at CUAS, we process te personal data that you have disclosed to us in the course of your application as well as those that become known in the course of the selection process.

Processing purposes and storage period
If you apply to us (online) for a job, we process your data in order to assess your suitability, qualifications and professional performance with regard to the job for which you are applying and to carry out the application procedure. We need the data we ask you to provide in order to carry out the application process.

Failure to provide or incomplete provision of your personal data may result in us being unable to consider your application.

If you wish for CUAS to keep a record of your documents, we will process and store your data for future contact.

We will only process your data for as long as is necessary to carry out the application process. If an employment relationship does not arise between you and us, we will store your data for 7 months after the rejection of the application within the framework of our legitimate interest in the justification of rejection and defense of legal claims.
In the event of entering into an employment relationship, your personal data from your application will automatically be transferred to your personnel file.
If you have consented to the record keeping of your documents, we will store your data for up to twelve months or until your consent is revoked - whichever comes first - and provided that the seven-month period following a refusal has expired.

Legal basis
The processing of your data takes place for the implementation of pre-contractual measures. The processing of your data in the context of record keeping is based on your consent. You can revoke your consent at any time at jobs[at]fh-kaernten[dot]at.

Recipients
Your data will not be transferred to third parties or only under the condition that you have separately consented to the transfer.

If you have submitted an application for nostrification of your education, we process the personal data that you have disclosed to us with your application for nostrification as well as those that are added in the course of the nostrification procedure to be carried out.
Failure to provide the required information will prevent the nostrification process from being completed.

Processing purpose and storage period
Your personal data is processed on the basis of and for the purpose of fulfilling your nostrification application in connection with the legal obligation to carry out nostrification procedures as well as to fulfill legal reporting obligations.

Your data will be stored in accordance with legal retention periods. According to the Fachhochschulgesetz (Universities of Applied Sciences Act) (FHG), storage periods of up to a maximum of 80 years from the end of the nostrification procedure may result.

Recipients
Your data will be passed on to the corresponding federal ministry responsible for science, to Statistics Austria or to the Agency for Quality Assurance and Accreditation Austria due to legal obligations.
It is possible that, in order to verify your submitted documents, we are required to send them to the respective federal ministry responsible for science, the ENIC NARIC Austria located there and/or the foreign (secondary or tertiary) school pass on.
Contracted processors employed by us may also process data for us in order to fulfil the purposes described if these data processing companies offer sufficient guarantees for the security of the data (e.g., cloud services, IT service providers, printing companies, sending of newsletters or mail items).

When you submit an application for a performance-based or needs-based scholarship, we process the personal data that you have provided with your application as well as those data that are added in the course of processing your application.

Processing purposes and storage period
We process your personal data in order to be able to process your application and to be able to decide on the awarding of a performance-based or needs-based scholarship in accordance with the StudFG. In addition to your name, personal identification number/matriculation number, address, citizenship, bank details, etc., we also process your grade point average in the relevant period and, if applicable, information on social need as defined by the StudFG (Student Support Act).

In the event of being awarded a scholarship, your personal data will be retained  based on legal obligations pursuant to Section 36e of the Transparency Data Bank Act (TDBG)  for a period of 10 years from the end of the academic year in which a performance-based or needs-based scholarship is awarded; after this period your data will be deleted. If the application is rejected, the personal data will be deleted at the end of the academic year in which you submitted your application.

Legal basis
The processing is based on legal obligations to handle the awarding of merit scholarships according to the Student Support Act (StudFG). There is no obligation to provide your data, but without it the processing of your application is not possible.

Recipients
Your personal data will be treated confidentially and will only be processed internally by CUAS employees. The awarding of performance-based or needs-based scholarships is carried out in accordance with § 61 StudFG (Student Support Act) and § 67 StudFG (Student Support Act).
According to the TDBG, the personal data of students and graduates who have been awarded a performance-based or needs-based scholarship must be reported to the transparency database.
Contracted processors employed by us may also process data for us in order to fulfil the purposes described if these data processing companies offer sufficient guarantees for the security of the data (e.g., cloud services, IT service providers, printing companies, sending of newsletters or mail items).

Your data is processed for the purpose of implementing and managing your employment relationship. This includes, for example, personnel and organizational administration, payroll accounting as well as the implementation of study programs, teaching and research and/or administrative operations.
Personal data from the personnel file is retained for seven years from the termination of the employment relationship. This does not apply to data required for issuing employment references. These data are stored for 30 years from the end of the employment relationship.

If you are active in the fields of study support and teaching, longer statutory retention periods apply to the data processed by you for the purposes of study support and teaching.
If you are involved in (funded) research projects, retention periods are applicable, which result from the corresponding funding requirements or from legal provisions, especially from the Research Organization Act (FOG).

The legal basis for the processing of your personal data is the employment relationship concluded between you and us and the fulfillment of legal obligations. If you have expressly given your consent to the processing of your data in individual cases, this consent is the legal basis for the data processing.

Your personal data is accessible to those employees who are responsible for carrying out the activities associated with the employment relationship.
Some of your data will be passed on to external bodies due to legal reporting requirements. These are for example:

• Social insurance institutions, general accident insurance Institution and pension insurance institutions
• Labor Inspectorate
• Bodies representing (company) interests (e.g., works council, safety representatives, election committee for works council elections)
• Occupational physician and safety specialists
• Apprenticeship Office, Labor Market Service, Federal Office for Social Affairs and Disability, Tax Office,
• Chamber of Labor
• respective bank where you have set up your banking account
• Agency for Quality Assurance and Accreditation Austria

If you are active in research, your personal data will also be transmitted to the respective research funding institutions and, if applicable, also to the consortium leaders for the purpose of reviewing and controlling research projects.

Contracted processors employed by us may also process data for us in order to fulfil the purposes described if these data processing companies offer sufficient guarantees for the security of the data (e.g., cloud services, IT service providers, printing companies, sending of newsletters or mail items).

Your data is processed for the purpose of carrying out activities related to the use of the library.
In the process, the following personal data will be processed from you:

• all data made known through use and provided by you, such as name, address, telephone number, e-mail address, date of birth, gender, user number, borrowed items and borrowing period (borrowing history), any advance orders, return reminders, and, in the case of overdue borrowing, information in connection with reminders, if applicable.
• Study program or further education course as well as personal identification number/matriculation number, if you are a student

Your personal data is automatically subject to deletion after three years from the last library return contact (media return).

Your data is processed for the purpose of fulfilling the contractual obligations arising from the use of the library. The automated transfer of your data from your student or personnel file is carried out to protect legitimate interests. Our legitimate interest lies in the effective and efficient performance of the services associated with the use of the Library related activities.

For the administration of the library we use the software application "ALEPH" of the Österreichischen Bibliothekenverbund und Service GmbH (Austrian Library Association and Service). The data processed in the library system is therefore passed on in accordance with the contractual obligation of Österreichische Bibliothekenverbund und Service GmbH (Austrian Library Association and Service).

Contracted processors employed by us may also process data for us in order to fulfil the purposes described if these data processing companies offer sufficient guarantees for the security of the data (e.g., cloud services, IT service providers, printing companies, sending of newsletters or mail items).

External recipients will only receive your data if this is necessary in individual cases to fulfill a specific purpose. For example, other participants in an online event can see your picture if you have switched on the video camera.

In individual cases, any recordings (or parts thereof, e.g., screenshots) may be used or published for the purposes of documentation, reporting, image promotion and making the event available to a larger circle of interested persons.

Contracted processors employed by us may also process data for us in order to fulfil the purposes described if these data processing companies offer sufficient guarantees for the security of the data (e.g., cloud services, IT service providers, printing companies, sending of newsletters or mail items).

We use Microsoft 365 for our internal and external communication. Microsoft 365 is a Microsoft product that is operated in the Microsoft Cloud. Due to the processing of personal data on our behalf, the Microsoft Cloud is a data processor pursuant to Art 4 Z 8 GDPR. The prerequisite for permissible processing is a data processor contract pursuant to Art 28 GDPR. Microsoft stipulates in its processor contracts that the processing of personal data takes place in principle in the EU, but Microsoft reserves the right to process data in third countries or for its own purposes. We base the permissibility of use on the standard contractual clauses concluded between CUAS and Microsoft pursuant to Art. 46 GDPR.

Automated decision-making including profiling does not take place.

RIGHTS OF PERSONS CONCERNED

As a data subject, you have the following rights:

Right of access (Art 15 GDPR)
You have the right to request information about whether we process personal data about you. If this is the case, you have a right to information about this personal data and other information related to the processing of said data.

Right of rectification (Art 16 GDPR)
In the event that personal data that we process about you is not (or no longer) accurate or incomplete, you may request that this data be corrected and, if necessary, fully completed.

Right to deletion (Art 17 GDPR)
You have the right to request the deletion of your personal data if the legal requirements are met.

Right to restriction of processing (Art 18 GDPR)
In the cases mentioned in Art. 18 of the GDPR (e.g., you dispute the accuracy of the personal data or the processing is unlawful), you have the right to request the restriction of the processing of the data.

Right to data portability (Art 20 GDPR)
If the legal requirements are met, you can request the transfer of your data in a structured, standard and machine-readable format.

Right to object to unreasonable data processing (Art 21 GDPR)
For reasons arising from your particular situation, you may object on the basis of a legitimate interest pursuant to Art 6(1)(f) GDPR at any time to the processing of data relating to you that we process.

Right to withdraw consent (Art 7 GDPR)
If the processing of your data is based on a declaration of consent, you have the option to revoke this consent at any time without affecting the lawfulness of the data processing carried out on the basis of the consent until revocation.

Measures in connection with automated decisions in individual cases including profiling (Art 22 GDPR)
Automated decision-making including profiling does not take place.

Right of appeal
In addition, you may at any time address a complaint to the
Austrian Data Protection Authority Barichgasse 40-42 1030 Vienna Phone: +43 1 521 52-25 69 E Mail: dsb[at]dsb.gv[dot]at

You can assert your data subject rights - with the exception of the right to lodge a complaint with the Austrian Data Protection Authority – to the CUAS at the following address:
FH Kärnten - gemeinnützige Gesellschaft mbH
Europastraße 4
9524 Villach
+43 5 90500-0

Österreichische Datenschutzbehörde Barichgasse 40-42 1030 Wien Telefon: +43 1 521 52-25 69 E Mail:
Ihre Betroffenenrechte können Sie – mit Ausnahme des Beschwerderechts an die Österreichische Datenschutzbehörde – gegenüber der FH KÄRNTEN unter folgender Adresse geltend machen:
FH Kärnten – gemeinnützige Gesellschaft mbH, Europastraße 4, 9524 Villach, +43 5 90500-0