General Data Protection Regulation (GDPR)
The University places great value on the protection of the personal data of its suppliers and customers. We treat your personal data confidentially and process it according to the legal data-protection regulations. For this reason, we are informing you about the purpose and scope of data-processing carried out by us.
Responsibility for data processing lies with:
University of Graz
Tel.: +43 (0) 316 380-0
Fax: +43 (0) 316 380-9030
UID-Nr.: ATU 57511277
We process the following personal data: Your personal details such as title, first name, surname, address, phone number, and email address.
Furthermore, this can also include customer authentication data (date of birth), contact data of the contact person, order data (standing orders or direct debit orders), bank details, data about performance of our contractual obligations (sales data, invoice data), creditworthiness data, payment terms, information about your (electronic) correspondence with our organisation (email, business documents) as well as data regarding the fulfilment of legal requirements.
In the case of business partners (business customers), we gather additional public corporate data from the company register and business report as well as the UID number.
We process the personal data which we have received from you in the context of our business relationship. Additionally, we process data from publicly accessible sources, such as the commercial register, ANKÖ (Austrian register of contractors) and the land register as well as websites/internet of business partners.
We process your personal data in accordance with the data protection regulations:
• For the performance of contractual and precontractual obligations (Art. 6 Para. 1 (b) GDPR)
The University of Graz or processors appointed by us process your personal data for the performance of the contract with you. This records the precontractual correspondence, invoicing of all services, the dispatch of invoices and, if necessary, payment reminders as well as communication about the execution of the contract and handling of payments. The legal basis for the processing and provision of your personal data is thus the processing for the performance and execution of the contract.
• For compliance with legal obligations (Art. 6 Para. 1 (c) GDPR):
The processing of personal data can be necessary for the purpose of fulfilling various legal obligations – the preparation of annual accounts, on-going fiscal obligations as well as in the framework of audits at courts of auditors.
• For the purposes of legitimate interests (Art. 6 Para. 1 (f) GDPR)
Where necessary in the context of a balance of interests in favour of the University of Graz or one of its processors, data can be processed with respect to the actual performance of contract and beyond for the purposes of legitimate interests by us or by our processors. In the following cases data can be processed for the purposes of legitimate interests:
- Consultation by and data exchange with credit agencies to determine creditworthiness and credit risks;
- In the context of prosecution for the protection and assertion of legal claims;
- Handling of cases of damage or loss;
- Fiscal and legal advice, such as auditors and appraisers, consultation and IT Services;
- Maintenance of network and information security;
- Necessary administrative purposes (such as compiling lists with specific contact persons).
Your data is received by offices or employees who require it for the performance of contractual and legal obligations and for legitimate interests.
Furthermore, your data is received by processors appointed by us and other recipients: in particular external auditors and appraisers, courts of auditors, arbitration bodies and authorities (including courts or state government and funding authorities), certified public accountants and tax accountants, insurance companies, collection service providers and credit agencies (KSV 1870 Forderungsmanagement GmbH) and consultancy firms, insofar as they require this data to perform their respective services.
All processors are contractually obliged to treat your data confidentially and to process it solely in the framework of a provision of Service.
We process your personal data, as much as is necessary, for the duration of the entire business relationship and beyond that for the duration of legal retention periods and documentation obligations.
You have basic rights of information, correction, deletion, restriction, data portability and appeal. If you wish to exercise these rights, you can do so informally without giving reasons by email to rektorsbuero(at)uni-graz.at.
If you think that the processing of your data impinges on the data protection law or that your entitlements under the data protection law are in some way breached, you can make a complaint to the Data-Protection Authority at Barichgasse 40-42, 1030 Vienna, Phone: +43 1 52 152-0, E-Mail: dsb(at)dsb.gv.at.
You can contact the data-protection officer of the University on datenschutz(at)uni-graz.at.