Every time you visit our website, our server automatically collects data and information from the computer system of the visiting device.

Processed data:

• Date and time of the visit
• Your browser type
• Your browser settings
• The operating system used
• The last page you visited
• The amount of data transferred and the access status (file transferred, file not found, etc.)
• Your IP address

Purpose: Data is stored in log files to ensure the website functions properly. Additionally, we use the data to optimize the website and ensure the security of our IT systems. The data is not analyzed for marketing purposes.

Legal basis: Our legitimate interest (Art. 6(1)(f) GDPR) in maintaining IT security and the smooth operation of our website.

Retention period: The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This occurs no later than four weeks after collection, provided there is no legal obligation to retain it beyond that period. At the same time, the data may be stored for a longer period if necessary to investigate detected attacks on our website.

When you contact us via email, mail, or phone, your information will be processed for the purpose of handling your inquiry.

Data processed:

• First and last name
• Contact information (email, phone number)
• Content of your message
• as well as any additional information you voluntarily provide (in the message field)

Purpose: Professional handling and response to your inquiry.

Legal basis: Implementation of pre-contractual measures or fulfillment of a contract (Art. 6(1)(b) GDPR) as well as our legitimate interest in responding to inquiries (Art. 6(1)(f) GDPR). Our interest prevails because you have actively provided us with the data and we use it exclusively to respond to your inquiry.

Retention period: The data will be deleted as soon as your inquiry has been fully resolved and there are no legal retention periods that prevent this.

We regularly organize events.

Data processed: When you register, we process data such as your name, academic degree, university/company, email address, and, if applicable, billing information. If relevant for catering purposes, we may ask about dietary preferences or allergies (health data).

Purpose: Planning, conducting, and managing the event.

Legal basis: Implementation of pre-contractual measures or performance of a contract (Art. 6(1)(b) GDPR). The processing of health data (allergies) takes place exclusively with your explicit consent (Art. 9(2)(a) GDPR).

Recipients: As part of the organization, we may need to share participant data with co-organizers (e.g., cooperation partners, sponsors), event agencies, or hotels for room blocks we have arranged.

Retention period: We generally store your registration data for the duration of the preparation, execution, and follow-up of the respective event.

• Billing data: We are required to retain invoices, contracts, and payment-related documents for 7 years (from the end of the respective calendar year) due to statutory retention periods (BAO, UGB).
• General organizational data: We also retain your name and contact information until the expiration of the general statutory limitation periods (typically 3 years pursuant to § 1489 ABGB) in order to be able to defend against or assert any legal claims.
• Health data (catering): Information regarding allergies or dietary preferences is deleted immediately after the conclusion of the event.

When you submit entries for awards (e.g., INI Award, TU Austria Prize, Future Prize) or applications (e.g., for the Innovation Marathon), we process the documents you provide.

Data processed:

• First and last name
• Contact information (email, phone number)
• Personal information (date of birth, language, gender, current residence, hometown)
• Education data (school education, current or completed degree program, employment status)
• Experience, interests, and hobbies, self-description
• Travel details (Klimaticket, train, other) and accommodation details
• Resume, short introductory video, photos
• Content of free-text fields

Purpose: Planning, conducting, and managing the event or competition.

Legal basis: Implementation of pre-contractual measures or fulfillment of the contract within the scope of the terms and conditions of participation (Art. 6(1)(b) GDPR).

Recipients: As part of the organization, we may need to share participant data with co-organizers (e.g., cooperation partners, sponsors), event agencies, or hotels for room blocks we have arranged. Your data will be forwarded to internal and, where applicable, external jury members (e.g., industry representatives, sponsors) for evaluation.

Retention period: We will store the application documents you submit (resumes, project outlines, concepts) for the duration of the selection and evaluation process.

• In case of rejection: After the winners or finalists are announced, your documents will be deleted no later than 3 years from that date, unless you have consented to longer retention (e.g., for future calls for entries). This retention period serves to protect our legal interests in the event of inquiries or legal disputes.
• For winners: Data regarding the winners (name, project title, photos) will be stored permanently or until further notice as part of TU Austria’s documentation (e.g., in the archive of our website).

As a university consortium, the transparent documentation of our academic activities and our public relations efforts are central to our work. We therefore regularly publish information about our events and awards on our website. We divide this data processing activity into two categories:

Speakers, Presenters & Award Recipients

If you appear as a speaker at our events (e.g., conferences) or win one of our awards, we will publish related information in consultation with you.

Data processed: Name, academic degree, short CV, institution/company, presentation materials, and information on awarded projects.

Purpose: Announcement of the event program, provision of technical information (downloads) for participants, and public documentation of our scientific work.

Legal basis: We base the publication of general information (such as name, institution, title of the presentation, or award) on our legitimate interest (Art. 6(1)(f) GDPR) in transparent scientific reporting and the documentation of our events. If publications go beyond this (e.g., making complete presentation slides available for download or providing detailed CVs), this is based on the fulfillment of (pre-)contractual obligations in connection with your speaking engagement (Art. 6(1)(b) GDPR) or your explicit consent (Art. 6(1)(a) GDPR).

Retention period: The profiles, presentations, and event materials remain published on the website as part of our event archive for as long as they are necessary for the historical documentation of TU Austria. Early deletion will occur if you submit a legitimate request for deletion to us in accordance with Art. 17 GDPR (e.g., if you revoke previously granted consent and no other legal basis for storage applies).

Photo and Video Recordings at Events

Photos and videos are regularly taken at our events to document the proceedings.

Processed Data: Image and audio recordings (photos, videos) of individuals participating in our events.

Purpose: Press and public relations, reporting on the event on our website and social media channels, as well as for documentation.

Legal basis: For overview shots (atmosphere, audience): Our legitimate interest (Art. 6(1)(f) GDPR) in visual PR work.For portrait shots or individual interviews: Your prior, explicit consent (Art. 6(1)(a) GDPR).

Retention period: Photos based on our legitimate interest will remain published until you object on grounds relating to your particular situation (Art. 21 GDPR) and no compelling legitimate grounds on our part for further processing prevail. We will delete recordings based on your consent from our website as soon as you revoke this consent (no reason needs to be given). Note: We have no further influence over materials that have already been printed or redistributed by third parties on the internet after the lawful removal from our website.

When you visit our website, you will be informed about the use of cookies and tracking tools. Using the consent management banner, you can individually decide which cookie categories you consent to. Your selection will be saved so that you do not have to make the same decision every time you visit the site.

Processed Data: Your cookie settings (consent or refusal per category), time of consent, technical and functional information.

Purpose and Legal Basis: We process this data to comply with your selections and to be able to demonstrate that consent was given. The legal basis is your consent (Art. 6(1)(c) GDPR). Additionally, we base the processing on our legitimate interest in maintaining a legally compliant website (Art. 6(1)(f) GDPR).

Retention period: We store your consent settings for 12 months; after that, you will be asked to make your selection again.

We use Google Tag Manager from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter “Google”) on our website. Google Tag Manager is a container solution that allows us to centrally manage and deploy marketing and analytics tags—such as Google Analytics or the Meta Pixel.

Processed Data: IP address, technical information about your browser and device, time of visit. Google Tag Manager itself does not store any personal data for marketing or analytics purposes; it acts solely as a technical control mechanism for the marketing and analytics tools described separately in this Privacy Policy.

Purpose and Legal Basis: We process this data for the technical control of the integrated tags exclusively on the basis of your consent (Section 165(3) TKG 2021 and Article 6(1)(a) GDPR). You may revoke your consent at any time via the cookie settings with future effect.

Recipients: Google Ireland Limited (processor); Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a subprocessor.

Transfer to the USA: Data is transferred to the USA. For details, see the section “Transfer to the USA.”

Retention period: Google Tag Manager does not permanently store any data of its own. Connection data is processed for the duration of the session.

We use the Meta Pixel from Meta Platforms Ireland Ltd. (Merrion Road, Dublin 4, D04 X2K5, Ireland; hereinafter “Meta”) on our website. The Meta Pixel enables us to measure the effectiveness of our advertising campaigns on Facebook and Instagram and to deliver advertising content that is more tailored to our target audience.

Processed Data: IP address, device and browser information, pages visited, interactions with advertisements, an identifier assigned by Meta. For users who are simultaneously logged into a Meta account, Meta may associate the data with the respective account.

Purpose and Legal Basis: We process this data to measure the success of our advertising campaigns and to deliver targeted advertising exclusively on the basis of your consent (Section 165(3) TKG 2021 and Article 6(1)(a) GDPR). You may revoke your consent at any time via the cookie settings with future effect.

Joint controllership: We and Meta are joint controllers within the meaning of Art. 26 GDPR for certain phases of processing. We have entered into an agreement with Meta that sets out our respective responsibilities. The key terms of this agreement can be viewed at https://www.facebook.com/legal/controller_addendum. Meta is also independently responsible for processing the data for its own purposes (in particular to improve its own advertising infrastructure).

Recipients: Meta Platforms Ireland Ltd. (joint controller and independent controller); Meta Platforms, Inc. (1601 Willow Road, Menlo Park, CA 94025, USA) as a subprocessor and independent controller.

Transfer to the U.S.: Data is transferred to the U.S. For details, see the section “Transfer to the U.S.”

Retention period: The cookie is stored in the browser for 3 months.

More information can be found in the Meta Privacy Policy.

We use Google Analytics 4, a web analytics service provided by Google, on our website. Google Analytics helps us understand how visitors use our website, which content is particularly popular, and where there is room for improvement.

Data processed: truncated IP address, device and browser information, approximate location (country/region, derived from the truncated IP), pages visited, time spent on the site, interactions with the website, a pseudonymous user identifier.

IP anonymization: We use Google Analytics exclusively with IP anonymization enabled. Your IP address is truncated before storage, so that no direct personal reference can be established.

Purpose and legal basis: We process this data to analyze and improve our website exclusively on the basis of your consent (Section 165(3) TKG 2021 and Art. 6(1)(a) GDPR). You may revoke your consent at any time via the cookie settings with future effect.

Recipients: Google Ireland Limited (data processor); Google LLC as a sub-processor and, in some cases, as an independent controller for the improvement of analytics services.

Transfer to the U.S.: Data is transferred to the U.S. For details, see the section “Transfer to the U.S.”

Retention Period: Usage data stored in Google Analytics is automatically deleted after 13 months. Aggregated, non-personal analyses may be retained beyond this period.

For more information, see the Google Privacy Policy.

We use the web analytics software Microsoft Clarity for our website. The contractual partner and service provider in the EU is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Any transfer of data by this European company to its parent company, the U.S.-based Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, is governed as follows:

Microsoft processes your data, among other places, in the USA. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks regarding the lawfulness and security of data processing.

As the basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, and Norway—specifically, in the U.S.) or for data transfers to such countries, Microsoft uses so-called Standard Contractual Clauses (SCCs) (Art. 46(2) and (3) of the GDPR). Standard Contractual Clauses (SCCs) are model templates provided by the European Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the U.S.). Through these clauses, Microsoft commits to adhering to European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the U.S. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

You can find more information about Microsoft’s standard contractual clauses at https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses.

Microsoft is also listed under the Data Privacy Framework (see: https://www.dataprivacyframework.gov/list). For this reason as well, data transfers to the U.S. are currently legally permissible under the GDPR.

You can learn more about the data processed through the use of Microsoft in the privacy policy at https://privacy.microsoft.com/de-de/privacystatement.

We embed third-party videos on our website to provide you with visual content, such as reports from our events. As soon as you play one of these videos, a connection is established with the provider’s servers.

Processed Data: According to YouTube, the enhanced privacy mode prevents cookies from being set to analyze user behavior. However, as soon as you consent to playback and start the video, a connection is established with YouTube’s servers. In doing so, your IP address, the date and time of the visit, as well as device and browser information are necessarily transmitted to the provider. In addition, YouTube may store information in your browser’s local storage to maintain technical functions (such as video resolution).

Purpose: The user-friendly, visually appealing, and multimedia presentation of our activities, events, and projects directly on our website.

Legal basis: Since your IP address is transmitted and the local storage of your device is accessed even in enhanced privacy mode, data processing is carried out exclusively on the basis of your explicit consent (Art. 6(1)(a) GDPR in conjunction with § 165(3) TKG 2021).

Recipients: Google Ireland Limited (data processor); Google LLC as a sub-processor and, in some cases, as an independent controller for the improvement of analytics services.

Transfer to the U.S.: Data is transferred to the U.S. For details, please refer to the section “Transfer to the U.S.”

Retention period: The data stored by YouTube in your browser’s “local storage” remains there until you clear the cache/browser history on your device. We have no influence over the continued storage of IP data on Google’s servers; this is governed by Google’s privacy policy.

For more information, please see Google’s Privacy Policy.