We Value Your Privacy

Protecting your data is important to us!

A. General

Thank you for your visit to our website dp-uni.ac.at as well as to the student platform. Danube Private University GmbH (hereinafter referred to as “We” or “DPU”) takes data protection very seriously. Data is processed and used in accordance with the EU General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG) [österreichische Datenschutzgesetz (DSG)].

Due to the further development of our website or legal changes, it may become necessary to amend this Privacy Policy. The valid version is that published on www.dp-uni.ac.at/de/meta/datenschutz.

How to contact us:

The controller pursuant to Article 4(7) GDPR is Danube Private University GmbH, Steiner Landstraße 124, 3500 Krems an der Donau, Datenschutz@DP-Uni.ac.at.

Use these contact details if you have any concerns or questions in connection with the processing of personal data relating to you or if you wish to exercise your rights as a data subject (see point C.).

Here you will find more detailed information about the use of your data:


B. Collection and use of personal data

Personal data
Personal data is any information relating to an identified or identifiable natural person, such as name, address, phone number, date of birth, email address, access data and study course data. Information that cannot be linked to an identified or identifiable natural person (such as the number of users of a site) is not personal data.

Legal basis
We always process personal data on a permissible basis according to Article 6 GDPR (e.g. based on your consent, to fulfil contracts or legal obligations) and only to fulfil legitimate purposes.

In some cases, we use external service providers (“processors”) to process personal data. They have been carefully selected and commissioned by us, are bound by our instructions and are regularly inspected. We have ensured that these processors have implemented appropriate organisational and technical measures to guarantee the security of your data.

We have commissioned a processor for the technical implementation and maintenance of our website including associated services and our student platform:

Agentur Nikolaus Pichler
Lehargasse 3A/7,
1060 Vienna

We have commissioned the following (sub-)processors to host our website and the student platform:

Angerner Strasse 275
2252 Ollersdorf

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen

If we also use other processors for individual data processing, please refer to the description of the individual data processing (point D. below) for more detailed information on the processors used.

Transfer outside the EEA
If our processors or other recipients are based in a country outside the European Economic Area (EEA), we will inform you of this fact in the description of the individual data processing (point D. below) and the measures taken to ensure data protection in the respective description of the offer.

Retention period
We retain your personal data for as long as is necessary for the specific purpose. Please refer to the description of the respective data processing (point D. below) for the individual planned deletion deadlines.

We may also store your personal data in accordance with Article 6(1)(f) GDPR for the purpose of preserving evidence for as long as legal claims can be asserted in connection with the data processing activity.

Automated decision-making
We do not use your data for automated decision-making including profiling in the sense of Article 13(2)(f) and Article 14(2)(g) GDPR.


C. Your rights

You have the following rights in relation to any personal data we process which relates to you: Right of access, rectification or erasure, right to restrict processing, right to object to processing and right to data portability. If we process your data on the basis of your consent, you may revoke your consent at any time, although this does not affect the lawfulness of the data processing until the time of revocation.

To exercise your rights, please contact Datenschutz@DP-Uni.ac.at.

If you believe that the processing of personal data relating to you is in breach of the GDPR, please do not hesitate to inform us of your concerns. In such a case, you also have the right to lodge a complaint with the data protection authority.


D. Data processing

We undertake the following data processing activities specifically:

1) Data processing when you contact us

Whenever you contact us by email or via the form on the website dp-uni.ac.at, the data you provide (name, email address, phone number and correspondence with you) will be stored and processed by us on the basis of our legitimate interest (Article 6(1)(f) GDPR) in order to process your message and your request.

The data will be deleted one year after the last correspondence. However, if you subsequently become a student at DPU, all correspondence with you will be deleted six months after graduation.

2) Newsletter registration

If you register for our newsletter, we process the personal data you provided during registration (title, name, email address, title) in order to send you the respective DPU newsletter by email.

The legal basis for this data processing is your consent (Article 6(1) (a) GDPR). You can revoke this consent at any time by clicking on the link provided in each newsletter or by contacting us. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent prior to the revocation.

Your data will be deleted 18 months after you unsubscribe from the newsletter.

This data will not be passed on to third parties other than our commissioned processor mentioned above.

3) Visiting the website dp-uni.ac.at or the student platform

Each time you use our websites, we collect data that your browser transmits to our server. This is the following data:

  • IP address
  • Browser type and browser version (if transmitted by the user)
  • Operating system
  • Date and time of the server request
  • Number of visits
  • Time spent on the website
  • Previously visited website (if transmitted by the user)

This data is technically necessary for us to display the website and to ensure its stability and security. The legal basis for this data processing is our legitimate interest (Article 6(1)(f) GDPR).

After collection, the data is anonymised and stored only in anonymised form and the anonymised data is deleted after one month.  

4) Video surveillance

The buildings used by DPU, the DPU Dental Clinic in Krems and the access areas to the same are under video surveillance. The area under surveillance also includes the parking spaces used exclusively by DPU. The following data may be collected:

  • Image data of data subjects (appearance, behaviour)
  • Location of the image recording (space, location of the camera)
  • Motor vehicle registration number

The purpose of this processing is to secure buildings and other DPU property in order to be able to document criminal offences or violations of the law. Insofar as video surveillance is carried out in the access areas, the data is processed for the purpose of controlling the authorisation of access to buildings, properties and demarcated areas.

The legal basis for data processing is the overriding legitimate interest in achieving these purposes (Article 6(1)(f) GDPR). Video surveillance therefore also serves the preventive protection of persons and property within the meaning of section 12(3)(2) of the Austrian Data Protection Act (DSG).

Video recordings are generally retained for a maximum period of 72 hours and then deleted. Longer retention may occur in individual cases if the video recordings are required for the prosecution of legal infringements, the assertion, exercise or prosecution of legal claims or for the purposes of protection or preservation of evidence.

The data is evaluated only for cause (prosecution of legal violations, assertion, exercise or prosecution of legal claims or for protection or preservation of evidence purposes). In the process, the video recordings are evaluated and, in addition to the above-mentioned data, the identity of the data subjects and their role (e.g. perpetrator, victim, witness) are collected, if recognisable from the recording.

This data may be transmitted to the following recipients in the event of cause (prosecution of infringements of the law, and the assertion, exercise or prosecution of legal claims or for protection or preservation of evidence purposes), provided that this is proportionate and necessary in the individual case:

  • Competent authorities or competent courts (for securing evidence in criminal cases)
  • Competent courts (for securing evidence in civil cases)
  • Insurance companies (exclusively for the settlement of insurance claims)

We do not use automatic facial recognition or similar technical means of automated decision-making.

5) Functional cookies

Our websites sometimes use so-called “cookies”, which are either necessary for the functionality of our website or make our website more user-friendly and effective.

When you visit our websites, we place small files, also known as cookies, on your computer or mobile device. Cookies do not cause any damage to your computer and do not contain viruses.

Our pages use session function cookies that are necessary for the operation of our website. The legal basis for processing your data in this context is our legitimate interest in the functionality of our pages (Article 6(1)(f) GDPR).

You can find which cookies these are, the purpose of the individual cookies, the respective storage period and who receives this data in the following table. The storage of these cookies is limited in time; they are deleted when you close your browser or delete the browser cache. If you do not accept the storage of these cookies, the full use of our websites cannot be guaranteed.

Cookie IDPurposeStorage period
Cookie settingsStorage of your cookie settings180 days
PHPSESSIDStorage of your session IDUntil end of session

These cookies contain the following information:

Information that allows us to perform web analytics (which pages you visited, how long you were on each page, how you found our websites, etc.)

The web analytics cookie information is not used to identify you personally, and the data collected about your browsing behaviour on our website is not shared. The cookies do not serve any other purposes than those mentioned here.

You can manage and/or delete cookies as you wish. You can delete all cookies stored on your computer or mobile device and set most browsers to block cookies. In the latter case, however, you may have to accept the impairment of some functions of our websites.

In addition, our website also uses non-functional cookies, which we discuss in more detail in the points below.

6) Matomo web analysis

To improve the user-friendliness of our website, we use the open-source web analysis tool “Matomo”, which sets non-functional cookies. When using non-functional cookies and the subsequent analysis of user data, we process personal data in order to learn about the preferences of our website visitors and to better personalise our offer. You can find the specific purpose of the individual cookies in the table below.

The legal basis for the processing of your data when using non-functional cookies is your express consent (Article 6(1)(a) GDPR).

You can declare your consent by ticking the corresponding box in our cookie banner or subsequently when calling up the application. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent prior to the revocation.

The following non-functional cookies are used for web analysis on our website:

CookiesData typesPurpose(s)Storage period
_pk_refRefferer URLRecords the website from which you visit us.6 months
_pk_cvarSessionContains visitor-defined variables set during the previous page view30 minutes
_pk_idUser IDStores a unique user ID.13 months
_pk_sesSessionShows the visitor’s active session.30 minutes

The raw data for all visits and actions as well as all aggregated reports are automatically deleted after 12 months.

7) Open Street Map

We use an Open Street Map plugin on our website. Open Street Map is a web service for displaying interactive maps to visually present geographical information.

When using this plugin, information about the use of the website (such as the user’s IP address) is collected. We therefore only use this plugin with your express prior consent in accordance with Article 6(1)(a) GDPR. No data will be collected from you without this consent.

You can declare your consent by ticking the corresponding box in our cookie banner or subsequently when calling up the application. If no consent has been given for this, then the map content will not be displayed.

We do not store any personal data in this context.

If you have given your consent, your data will be shared with the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The European Commission has stated in an adequacy decision that the United Kingdom ensures an adequate level of data protection in accordance with the GDPR.