End of this page section.

Begin of page section: Contents:

General Data Protection Regulation (GDPR)

Information regarding data-processing pursuant to GDPR

The University places great value on the protection of the personal data of its suppliers and customers. We treat your personal data confidentially and process it according to the legal data-protection regulations. For this reason, we are informing you about the purpose and scope of data-processing carried out by us.

Who is responsible for data processing and who can you contact about it?

Responsibility for data processing lies with:
University of Graz
Universitätsplatz 3
8010 Graz
Tel.: +43 (0) 316 380-0
Fax: +43 (0) 316 380-9030
Email: rektorsbuero(at)uni-graz.at
UID-Nr.: ATU 57511277

Which data is processed?

We process the following personal data: Your personal details such as title, first name, surname, address, phone number, and email address.

Furthermore, this can also include customer authentication data (date of birth), contact data of the contact person, order data (standing orders or direct debit orders), bank details, data about performance of our contractual obligations (sales data, invoice data), creditworthiness data, payment terms, information about your (electronic) correspondence with our organisation (email, business documents) as well as data regarding the fulfilment of legal requirements.

In the case of business partners (business customers), we gather additional public corporate data from the company register and business report as well as the UID number.

What sources does this data come from?

We process the personal data which we have received from you in the context of our business relationship. Additionally, we process data from publicly accessible sources, such as the commercial register, ANKÖ (Austrian register of contractors) and the land register as well as websites/internet of business partners. 

For what purposes and on what legal basis is the data processed?

We process your personal data in accordance with the data protection regulations:
• For the performance of contractual and precontractual obligations (Art. 6 Para. 1 (b) GDPR)

The University of Graz or processors appointed by us process your personal data for the performance of the contract with you. This records the precontractual correspondence, invoicing of all services, the dispatch of invoices and, if necessary, payment reminders as well as communication about the execution of the contract and handling of payments. The legal basis for the processing and provision of your personal data is thus the processing for the performance and execution of the contract.

• For compliance with legal obligations (Art. 6 Para. 1 (c) GDPR):
The processing of personal data can be necessary for the purpose of fulfilling various legal obligations – the preparation of annual accounts, on-going fiscal obligations as well as in the framework of audits at courts of auditors.

• For the purposes of legitimate interests (Art. 6 Para. 1 (f) GDPR)
Where necessary in the context of a balance of interests in favour of the University of Graz or one of its processors, data can be processed with respect to the actual performance of contract and beyond for the purposes of legitimate interests by us or by our processors. In the following cases data can be processed for the purposes of legitimate interests:

  • Consultation by and data exchange with credit agencies to determine creditworthiness and credit risks;
  • In the context of prosecution for the protection and assertion of legal claims;
  • Handling of cases of damage or loss;
  • Fiscal and legal advice, such as auditors and appraisers, consultation and IT Services;
  • Maintenance of network and information security;
  • Necessary administrative purposes (such as compiling lists with specific contact persons).

Who receives your data?

Your data is received by offices or employees who require it for the performance of contractual and legal obligations and for legitimate interests.
Furthermore, your data is received by processors appointed by us and other recipients: in particular external auditors and appraisers, courts of auditors, arbitration bodies and authorities (including courts or state government and funding authorities), certified public accountants and tax accountants, insurance companies, collection service providers and credit agencies (KSV 1870 Forderungsmanagement GmbH) and consultancy firms, insofar as they require this data to perform their respective services.
All processors are contractually obliged to treat your data confidentially and to process it solely in the framework of a provision of Service.

How long is your data stored?

We process your personal data, as much as is necessary, for the duration of the entire business relationship and beyond that for the duration of legal retention periods and documentation obligations. 

What data protection rights do you have?

You have basic rights of information, correction, deletion, restriction, data portability and appeal. If you wish to exercise these rights, you can do so informally without giving reasons by email to rektorsbuero(at)uni-graz.at.

If you think that the processing of your data impinges on the data protection law or that your entitlements under the data protection law are in some way breached, you can make a complaint to the Data-Protection Authority at Barichgasse 40-42, 1030 Vienna, Phone: +43 1 52 152-0, E-Mail: dsb(at)dsb.gv.at.

You can contact the data-protection officer of the University on datenschutz(at)uni-graz.at.

To top


Economic Department
Attemsgasse 8/I, 8010 Graz
Phone:+43 (0)316 380 - 1178
Fax:+43 (0)316 380 - 9120

End of this page section.

Begin of page section: Additional information:

End of this page section.