Switch Language

Data Protection and Cookie Policy

Context and overview

Key details

  • Policy prepared by: Priska Feichtenschlager
  • Approved by the chairman on: 29/06/2021
  • Policy became becomes operational on: 01/07/2021
  • Next review date: May, 2022

Introduction

Buddy needs to gather and use certain information about individuals.
These can include delegates and other customers, suppliers, business contacts, volunteers, committee members and other people the organisation has a relationship with or may need to contact.
This policy describes how this personal data is collected, handled and stored to meet the association’s data protection standards – and to comply with the law.

Why this policy exists

This data protection policy ensures Buddy:

  • Complies with data protection law and follows good practice
  • Protects the rights of its committee members, customers and partners
  • Is open about how it stores and processes individuals’ data
  • Protects itself from the risks of a data breach

Policy scope

This policy applies to:

  • Organisation team of Buddy

It applies to all data that the association holds relating to identifiable individuals, even if that information technically falls outside of the Data Protection Act 1998. This can include:

  • Names of individuals
  • e-Mail addresses
  • Phone Number
  • website
  • Roles

The person provides this data on a voluntary basis to Buddy. Buddywill not sell, rent, trade or lease any of the collected personal information. All information shall be kept absolutely confidential unless consent is obtained from the data subject authorising a different use of his or her personal data. In other words, Buddy will not share your personal information with others, unless it has obtained your consent to do so.

Data protection risks

  • Buddyin processing personal information uses secure data networks that are protected by firewalls and password protection systems that are consistent with industry standards.
  • In case of voluntary subscriptions by the natural person to online communities initiated or endorsed by Buddy, such as Facebook, LinkedIn, Twitter or other so called social media, the responsibility of your data treatment remains with the service provider and Buddy declines any responsibility of the use that may be made of your data.
  • Buddy  does not collect any genetic or biometric related data.

Responsibilities

Everyone who works for or with Buddy has some responsibility for ensuring data is collected, stored and handled appropriately.
Each member of the organisation team must ensure that it is handled and processed in line with this policy and data protection principles.
The Buddy board is ultimately responsible for ensuring that Buddy meets its legal obligations. This includes:

  • To be updated about data protection responsibilities, risks and issues.
  • Reviewing all data protection procedures and related policies, in line with an agreed schedule.
  • Arranging data protection training and advice for the people covered by this policy.
  • Handling data protection questions from organisation team and anyone else covered by this policy
  • Dealing with requests from individuals to see the data Buddy holds about them (also called “subject access requests”).
  • Checking and approving any contracts or agreements with third parties that may handle Buddy's sensitive data.
  • Ensuring all systems, services and equipment used for storing data meet acceptable security standards.
  • Performing regular checks and scans to ensure security hardware and software is functioning properly.
  • Evaluating any third-party services Buddy is considering using to store or process data. For instance, cloud computing services.
  • Approving any data protection statements attached to communications such as emails and letters.
  • Addressing any data protection queries from journalists or media outlets like newspapers.

Data storage

Questions about storing data safely can be directed to the board.
When data is stored on paper, they are kept in a lockable filing cabinet in a lockable room where unauthorised people cannot see it.
These guidelines also apply to data that is usually stored electronically but has been printed out for some reason:

  • When not required, the paper or files are kept in locked filing cabinet.
  • Whilst this data is being used it is ensured that paper and printouts are not left where unauthorised people could see them, like on a printer.
  • Data printouts are shredded and disposed of securely when no longer required.

When data is stored electronically, it is protected from unauthorised access, accidental deletion and malicious hacking attempts:

  • Data is protected by strong passwords that are changed regularly and never shared.
  • If data is stored on removable media (like a CD or DVD), these are kept locked away in a drawer when not being used.
  • Data are only stored on designated drivers and servers and they are only uploaded to approved cloud services.
  • Servers containing personal data are sited in a secure location, away from general office space.
  • Data are backed up frequently. Those backups are tested regularly, in line with Buddy's standard backup procedures.
  • Data are never saved directly to laptops or other mobile devices like tablets or smart phones.
  • All servers and computers containing data are protected by approved security software and a firewall.

Data use

Personal data is of no value to Buddy. However, it is when personal data is accessed and used that it can be at the greatest risk of loss corruption or theft:

  • When working with personal data, we ensure the screens of our computers are always locked when left unattended.
  • Personal data are not shared informally. In particular, they are never sent by email.
  • Data are encrypted before being transferred electronically.
  • Personal data are never transferred outside of the European Economic Area.
  • People working with the data never save copies of personal data to their own computers.
  • Data might be made available to providers of services such as the editor Springer.

Cookies

The Buddy website uses cookies. Cookies are text files stored on your device and sometimes remain on your device after visiting our website. This allows our system to identify your device during following visits and helps us remember visitors' details and searches regarding our website, thus giving us the opportunity to improve our website's content and presentation. The information generated by cookies is used solely for the purposes of our own analysis.
You can set your browser to adapt the use of cookies according to your needs. Click on the help button in your specific browser for additional information. By not agreeing to the use of cookies on this website, you may experience some functional impairment in connection with this website.

Server Log Files

Information on this website is automatically ascertained and stored in server log files which your browser then transmits to us without our assistance. These are:

  • Browser types / browser versions
  • IP addresses
  • Time of server request

This information does not allow us to identify a specific individual. Buddy does not link this data with other data sources. However, in the event of any specific indication regarding any illegal use of our website, we reserve the right to retrospectively review the collected data.

Data accuracy

It is the responsibility of all people who work with data of Buddy to take reasonable steps to ensure it is kept as accurate and up to date as possible.

  • Data are held in as few places as necessary.
  • People working with data take every opportunity to ensure data are updated. For instance, by confirming a customer’s details when they call.
  • Data are updated as inaccuracies are discovered. For instance, if a customer can not longer be reached on their stored telephone number, it will be removed from the database.

Subject access requests

All individuals who are the subject of personal data held by Buddy are entitled to:

  • Ask what information the association holds about them and why.
  • Ask how to gain access to it.
  • Be informed how to keep it up to date.
  • Be informed how Buddy is meeting its data protection obligations.

If an individual contacts Buddy requesting this information, this is called a subject access request.
Subject access requests from individuals should be made by email, addressed at integriert-studieren@jku.at
Buddy will aim to provide the relevant data within 14 days.
The responsible person will always verify the identity of anyone making a subject access request before handling over any information.

Disclosing data for other reason

In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.
Under these circumstances, Buddy will disclose requested data. However, the responsible person will ensure the request is legitimate, seeking assistance from the board where necessary.

Providing information

Buddy aims to ensure that individuals are aware that their data is being processed and that they understand:

  • How the data is being used
  • How to exercise their rights