Privacy - General

Name and Contact Details of Maintenance Responsible Organs
Gesellschaft zur Förderung von Alternativen Biomodellen (The 3R Society)
Postfach 0014 
A-8036 Graz

Executive/representative body:
Mag. Dr. Birgit Reininger-Gutmann

Data processing / data processing purposes

Preparation and publication of photos/film clips

The responsible person creates photos/film recordings of members or other participants at various events.
Consent to the creation and subsequent publication of the photos/film recordings (website, print media, member information, newsletter, social media) is obtained from all persons concerned before or during the event, whereby the type of publication is described in detail. If there are persons in a photo who have not consented to the creation or publication of the photo, the photo will be deleted immediately.
When consent is obtained, the persons concerned are also informed that they can revoke their consent at any time with effect for the future. They can also withdraw their consent for individual aspects of the publication (e.g. objection to the publication of photos in social media, but not for photos used in print media or newsletters).
If consent is revoked, the photo will be removed from the desired platforms or completely.

Sensitive data according to DSGVO Art. 9? No

Data protection impact assessment carried out? No
Since no high risks to the rights and freedoms of data subjects.

Legal basis

  • Agreement (Art. 6 Abs. 1 lit. a)

Categories of data subjects

  • Persons who can be seen on photos/film clips

Categories of data processed

  • photos/film clips
  • first name (if applicable)
  • last name (if applicable)
  • event location
  • time of the event
  • type of event

Categories of recipients to whom personal data are disclosed

  • social media
  • recipients of association information


Accounting for the purpose of recording business transactions in order to meet the requirements of §§ 20ff VerG (§21 Income and Expenditure Statement, Balance Sheet, §22 Annual Financial Statements - Balance Sheet, Profit and Loss Account).
Keeping all aspects of the bookkeeping in Excel format and with our own accounting software. The accounting data as well as all related vouchers (e.g. vouchers for expenditure, vouchers for membership fees = income, etc.) are kept either electronically or physically for 7 years.
Depending on the voucher, the data categories listed below are included in full or in part.

Sensitive data according to DSGVO Art. 9? No

Data protection impact assessment carried out? No
Exempted from the data protection impact assessment under the DSFA exemption regulation (DSFA-A01)

Legal basis

  • Necessary for the performance of the contract (Art. 6 Abs. 1 lit. b)
  • Required to fulfil a legal obligation to which the responsible person is subject (Art. 6 Abs. 1 Lit c)

Categories of data subjects

  • Members
  • Administrators
  • Sponsors, business partners (contact persons)

Categories of data processed

  • First name
  • Last name
  • Street (business or private)
  • Postcode (business or private)
  • Place (business or private)
  • Gender
  • Document data (amount of the invoice, invoice object, etc.)

Categories of recipients to whom personal data are disclosed

  • Auditor
  • Authorities
  • Courts
  • Legal representative
  • Tax consultant

Organizational actions

  • Container with accounting documents locked

Information mails / mailings

Members of the association Gesellschaft zur Förderung von Alternativen Biomodellen (The RepRefRed Society) receive regular information e-mails and/or mailings. This is not advertising, but rather current association or group information, e.g. on future meetings, events and notifications concerning the 3Rs, such as new scientific findings.
The basis for the mailing is either the contractual relationship with members or, in the case of mere participants, the (verbal or written) consent to be informed of news via the (email) address provided. In addition, it is in the legitimate interest of the person responsible to ensure that the address data records are passed on to the print shop where the order is processed by informing the printing company.
In the case of electronic deliveries, the e-mail addresses are passed on to the order processing company for newsletter dispatch if necessary.
Members or participants to ensure an active association life through meetings and events.

Sensitive data according to DSGVO Art. 9? No

Data protection impact assessment carried out? No
Excluded from the data protection impact assessment in accordance with the DSFA exception regulation (DSFA-A03 or DSFA-A04)

Order Processor

  • Order processing print shop
  • Order processor newsletter dispatch

Legal basis

  • Agreement (Art. 6 Abs. 1 lit. a)
  • Necessary for the performance of the contract (Art. 6 Abs. 1 lit. b)
  • Processing is necessary to protect the legitimate interests of the controller or of a third party and the interests or fundamental rights and freedoms of the data subject which require the protection of personal data do not prevail (Art. 6 Abs. 1 lit. f)

Categories of data subjects

  • Members
  • Participants
  • other prospective clients
Categories of data processed
  • Title
  • First name
  • Last name
  • E-mail address
  • Street
  • Postcode
  • Place

Member and participant administration

The person responsible keeps a register of members and participants.
Ordinary members are recorded with all contact data, about mere participants in events only first and last names and, if applicable, contact data such as telephone number, e-mail address or residential address (depending on the individual case and the wishes of participants ) are stored.
The basis for the data processing is either the existing membership relationship (contract), the consent of the person concerned, the legitimate interests of the person responsible for the purposeful organization of the association. With regard to special categories of data, the legal basis is the express consent of the data subject or the processing of special categories of data without the intention of making a profit in accordance with Art. 9 Abs. 2 lit. d DSGVO.
The member or participant directory is managed via an Excel list and cloud software. (The data is stored on the server of the order processor member software)

Sensitive data according to DSGVO Art. 9? No

Data protection impact assessment carried out? No
Excluded from the data protection impact assessment in accordance with the DSFA exception regulation (DSFA-A03).

Order Processor

  • Order Processor Member Software / Cloud

Legal basis

  • Agreement (Art. 6 Abs. 1 lit. a) & (Art. 9 Abs. 2 lit. a)
  • Necessary for the performance of the contract (Art. 6 Abs. 1 lit. b)
  • Processing is necessary to protect the legitimate interests of the controller or of a third party and the interests or fundamental rights and freedoms of the data subject which require the protection of personal data do not prevail (Art. 6 Abs. 1 lit. f)
  • Processing by non-profit making organisations in the course of their legitimate activities (Art. 9 Abs. 2 lit. d)

Categories of data subjects

  • Members
  • Participants

Categories of data processed

  • Gender
  • Title
  • First name
  • Last name
  • Street
  • Postcode
  • Place
  • E-mail address
  • Telephone number
  • Institution
  • Position
  • Type of membership

Organizational measures

  • Access restriction (only a restricted group of persons (association board and administrative staff/speakers of the association) has the authorization to access the member/participant database.

Privacy - Website

We have drawn up this data protection declaration (version 25.02.2020-111251138) to explain to you, in accordance with the provisions of the basic data protection regulation (EU) 2016/679, what information we collect, how we use data and what decision-making options you have as a visitor to this website.

Automatic data storage

Nowadays, when you visit websites, certain information is automatically created and stored, as is the case on this website.
When you visit our website as you are doing right now, our web server (the computer on which this website is stored) automatically stores data such as:

  • the address (URL) of the web page accessed
  • Browser and browser version
  • the operating system used
  • the address (URL) of the previously visited page (referrer URL)
  • the host name and IP address of the device from which access is made
  • Date and time in files (web server log files)

Usually web server log files are stored for two weeks and then automatically deleted. We do not pass on this data, but cannot exclude the possibility that this data may be viewed in the event of illegal behaviour.


Our website uses HTTP cookies to store user-specific data. In the following we explain what cookies are and why they are used so that you can better understand the following privacy policy.

What exactly are cookies?

Whenever you surf the Internet, you use a browser. Some well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most web pages store small text files in your browser. These files are called cookies.
One of them cannot be denied: Cookies are really useful little helpers. Almost all websites use cookies. To be more precise, they are HTTP cookies, as there are also other cookies for other applications. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically stored in the cookie folder, quasi the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.
Cookies store certain user data about you, such as language or personal page settings. When you visit our site again, your browser transmits the "user-related" information back to our site. Thanks to the cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner sites (e.g. Google Analytics). Each cookie is evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, trojans or other "malware". Cookies also cannot access information on your PC.

What types of cookies are there?

The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point we would like to briefly discuss the different types of HTTP cookies.

You can distinguish between 4 types of cookies:

Essential cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user places a product in the shopping cart, then continues surfing on other pages and only proceeds to checkout later. These cookies do not delete the shopping cart, even if the user closes his browser window.

Useful cookies
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies also measure the loading time and the behaviour of the website with different browsers.

Target-oriented cookies
These cookies ensure a better user-friendliness. For example, entered locations, font sizes or form data are stored.

Advertising cookies
These cookies are also called targeting cookies. They are used to deliver customized advertising to the user. This can be very practical, but also very annoying.

Usually the first time you visit a website, you are asked which of these types of cookies you would like to allow. And of course this decision is also stored in a cookie.

How can I delete cookies?
How and whether you want to use cookies is up to you. Regardless of the service or website from which the cookies originate, you always have the option to delete, deactivate or only partially allow cookies. For example, you can block third-party cookies, but allow all other cookies.
If you want to find out which cookies are stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

  • Chrome: Delete, activate and manage cookies in Chrome
  • Safari: Manage cookies and website data with Safari
  • Firefox: Delete cookies to remove data that websites have placed on your computer
  • Internet Explorer: Delete and manage cookies
  • Microsoft Edge: Delete and manage cookies

If you do not wish to receive cookies, you can set up your browser so that it always informs you when a cookie is to be set. This way you can decide for each individual cookie whether you want to allow it or not. The procedure varies from browser to browser. The best way to find the instructions is to search Google using the keyword "Delete Chrome cookies" or "Disable Chrome cookies" in the case of a Chrome browser.

What about my privacy?
The so-called "cookie guidelines" have been in place since 2009. These state that the storage of cookies requires the consent of the person you are visiting. Within the EU countries, however, there are still very different reactions to these guidelines. In Austria, however, this directive has been implemented in § 96 Abs. 3 of the Telecommunications Act (TKG).
If you want to know more about cookies and are not afraid of technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called "HTTP State Management Mechanism".

Storage of personal data
Personal data that you transmit to us electronically on this website, such as your name, e-mail address, postal address or other personal details when submitting a form, together with the time and IP address, will only be used by us for the purpose stated in each case, will be stored securely and will not be passed on to third parties.
We therefore use your personal data only for communication with those visitors who expressly wish to contact us and for the processing of the services offered on this website. We will not pass on your personal data without your consent, but we cannot exclude the possibility that this data may be viewed in the event of unlawful behaviour.
If you send us personal data by e-mail - thus off this website - we cannot guarantee secure transmission and the protection of your data. We recommend that you never send confidential data by e-mail without encryption.

Rights under the basic data protection regulation
According to the provisions of the DSGVO and the Austrian Data Protection Act (DSG), you are basically entitled to the following rights:

  • Right of rectification (Article 16 DSGVO) Right of deletion ("right to be forgotten") (Article 17 DSGVO)
  • Right to restrict processing (Article 18 DSGVO)
  • Right of notification - obligation to notify in connection with the rectification or erasure of personal data or the restriction of processing (Article 19 DPA)
  • Right to data transferability (Article 20 DSGVO)

Right of objection (Article 21 DSGVO)
Right not to be subject to a decision based solely on automated processing, including profiling (Article 22 DSGVO)
If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been violated in any way, you can complain to the supervisory authority, which in Austria is the data protection authority, whose website you can find at https://www.dsb.gv.at/.

Evaluation of the visitor behaviour
In the following data protection declaration we inform you whether and how we evaluate data from your visit to this website. The evaluation of the collected data is usually anonymous and we cannot deduce your identity from your behaviour on this website.
You can find out more about how to object to this evaluation of visit data in the following data protection declaration.

TLS encryption with https
We use https to transmit data tap-proof on the Internet (data protection through technology design article 25 paragraph 1 DSGVO). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data. You can recognize the use of this data transmission security by the small lock symbol in the upper left corner of the browser and the use of the https scheme (instead of http) as part of our Internet address.

Google Maps Privacy Policy
On our website we use Google Maps from the company Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). With Google Maps we can show you locations better and thus adapt our service to your needs. By using Google Maps, data is transferred to Google and stored on servers of Google. Here we would like to go into more detail about what Google Maps is, why we use this Google service, what data is stored and how you can prevent this.

Google Analytics Privacy Policy
On our website we use the analysis tracking tool Google Analytics (GA) from the American company Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). Google Analytics collects data about your actions on our website. For example, when you click on a link, that action is stored in a cookie and sent to Google Analytics. The reports we receive from Google Analytics enable us to better tailor our website and services to your needs. In the following we will go into more detail about the tracking tool and inform you in particular about what data is stored and how you can prevent this.

What is Google Analytics?
Google Analytics is a tracking tool that is used to analyze the traffic on our website. To make Google Analytics work, a tracking code is built into the code of our website. When you visit our website, this code records various actions that you perform on our website. As soon as you leave our website, this data is sent to the Google Analytics servers and stored there.
Google processes the data and we receive reports about your user behaviour. These reports may include the following:

  • Target group reports: Through target group reports we get to know our users better and know more precisely who is interested in our service.
  • Advertising reports: Advertising reports help us to analyse and improve our online advertising.
  • Acquisition reports: Acquisition reports give us helpful information on how we can get more people interested in our service.
  • Behavioral Reports: Here we learn how you interact with our website. We can track the path you take on our site and which links you click on.
  • Conversion reports: Conversion is the process by which you perform a desired action based on a marketing message. For example, when you go from being a mere website visitor to a buyer or newsletter subscriber. We use these reports to learn more about how our marketing activities are received by you. This is how we want to increase our conversion rate.
  • Real-time reports: Here we always know immediately what is happening on our website. For example, we see how many users are reading this text.

Why do we use Google Analytics on our website?
Our goal with this website is clear: We want to offer you the best possible service. The statistics and data from Google Analytics help us to achieve this goal.
The statistically evaluated data give us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimise our site so that it is easier for interested people to find it on Google. On the other hand, the data helps us to better understand you as a visitor. We therefore know exactly what we need to improve on our website in order to offer you the best possible service. The data also helps us to carry out our advertising and marketing measures more individually and cost-effectively. After all, it only makes sense to show our products and services to people who are interested.

Which data is stored by Google Analytics?
Google Analytics uses a tracking code to create a random, unique ID associated with your browser cookie. This allows Google Analytics to recognize you as a new user. The next time you visit our site, you will be recognized as a "returning" user. All collected data is stored together with this User ID. This is the only way to evaluate pseudonymous user profiles.
Through identifiers such as cookies and app instance IDs, your interactions on our website are measured. Interactions are all kinds of actions you perform on our website. If you also use other Google systems (such as a Google account), data generated by Google Analytics can be linked to third-party cookies. Google does not share any Google Analytics data unless we, as the website operator, authorise it. Exceptions may be made if required by law.
Here we show you an overview of the most important data that is collected with Google Analytics:

  • Heatmaps: Google creates so-called heat maps. With Heatmaps you can see exactly those areas that you click on. This way we get information where you are "on the road" on our site.
  • Session duration: Google defines session duration as the time you spend on our site without leaving the site. If you have been inactive for 20 minutes, the session ends automatically.
  • Bouncerate: We talk about a bouncer if you only look at one page on our website and then leave our website again.
  • IP address: The IP address is only shown in abbreviated form so that no clear assignment is possible.
  • Location: The IP address can be used to determine the country and your approximate location. This process is also known as IP location determination.
  • Technical Information: Technical information includes your browser type, your Internet provider or your screen resolution.
  • Source of origin: Google Analytics or we are of course also interested in which website or which advertisement brought you to our site.
  • Other data includes contact details, any ratings, media playback (e.g. if you play a video on our site), sharing content via social media or adding to your favourites. This list is not intended to be exhaustive and serves only as a general guide to data storage by Google Analytics.

How long and where is the data stored?
Google has distributed your servers around the world. Most servers are located in America and therefore your data is usually stored on American servers. Here you can find out exactly where the Google data centers are located: https://www.google.com/about/datacenters/inside/locations/?hl=de
Your data is distributed on different physical media. This has the advantage that the data can be retrieved more quickly and is better protected against manipulation. In every Google data centre there are appropriate emergency programs for your data. For example, if hardware of Google fails or natural disasters paralyse servers, the risk of a service interruption at Google remains low.
Google Analytics has a standard retention period of 26 months for your user data. Then your user data will be deleted. However, we have the option of choosing the retention period for user data ourselves. We have five options for this:

  • Deletion after 14 months
  • Deletion after 26 months
  • Deletion after 38 months
  • Deletion after 50 months
  • No automatic deletion

When the specified period has expired, the data is deleted once a month. This retention period applies to your data linked to cookies, user recognition and advertising IDs (e.g. cookies from the DoubleClick domain). Reporting results are based on aggregated data and are stored independently of user data. Aggregated data is a fusion of individual data into a larger entity.

How can I delete my data or prevent data storage?
Under European Union data protection law, you have the right to access, update, delete or restrict your data. You can use the browser add-on to disable Google Analytics JavaScript (ga.js, analytics.js, dc.js) to prevent Google Analytics from using your information. You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only disables the data collection by Google Analytics.

If you basically want to deactivate, delete or manage cookies (independently of Google Analytics), there are separate instructions for each browser:

  • Chrome: Delete, activate and manage cookies in Chrome
  • Safari: Manage cookies and website data with Safari
  • Firefox: Delete cookies to remove data that websites have placed on your computer
  • Internet Explorer: Delete and manage cookies
  • Microsoft Edge: Delete and manage cookies

Google Analytics is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. You can find more information about this at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&tid=111251138. We hope we have been able to provide you with the most important information about data processing by Google Analytics. If you want to learn more about the tracking service, we recommend these two links: http://www.google.com/analytics/terms/de.html und https://support.google.com/analytics/answer/6004245?hl=de.

Google Analytics IP anonymisation
We have implemented the IP address anonymisation of Google Analytics on this website. This function was developed by Google so that this website can comply with the applicable data protection regulations and recommendations of local data protection authorities if they prohibit the storage of the complete IP address. The anonymization or masking of the IP takes place as soon as the IP addresses arrive in the Google Analytics data collection network and before the data is saved or processed.
You can find more information on IP anonymization at https://support.google.com/analytics/answer/2763052?hl=de.

Google Analytics reports on demographic characteristics and interests
We have enabled the advertising reporting features in Google Analytics. The demographic and interest reports include information about age, gender and interests.
This allows us to get a better picture of our users without having to associate this data with individual people. You can learn more about the advertising features at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.
You can stop using the activities and information in your Google Account by checking the box under "Advertising Settings" on https://adssettings.google.com/authenticated.

Google Analytics deactivation link
If you click on the following deactivation link, you can prevent Google from recording further visits to this website. Attention: Deleting cookies, using the incognito/private mode of your browser, or using another browser will result in data being collected again.

Google Analytics Google Signals Privacy Policy
We have activated the Google signals in Google Analytics. This updates existing Google Analytics features (advertising reports, remarketing, cross-device reports, and reports on interests and demographics) to provide aggregated and anonymous information about you, if you have allowed personalized ads in your Google Account.
What is special about this is that it is cross-device tracking. This means that your data can be analyzed across devices. By enabling Google signals, data is collected and linked to your Google Account. Google can thus recognize, for example, when you view a product on our website via a smartphone and only later purchase the product via a laptop. By activating Google signals, we can launch cross-device remarketing campaigns that would otherwise not be possible in this form. Remarketing means that we can also show you our offer on other websites.
In Google Analytics, the Google signals also collect additional visitor data such as location, search history, YouTube history and data about your actions on our website. This allows Google to provide us with better advertising reports and more useful information about your interests and demographics. These include your age, what language you speak, where you live, and what gender you are. In addition, social criteria such as your occupation, marital status and income are also collected. All these characteristics help Google Analytics to define groups of people or target groups.
The reports also help us to better assess your behaviour, wishes and interests. This enables us to optimise and adapt our services and products for you. These data expire by default after 26 months. Please note that this data is only collected if you have allowed personalised advertising in your Google Account. It is always aggregated and anonymous data and never data about individual people. You can manage or delete this data in your Google Account.

Contact form
If you send us enquiries via the contact form, your details from the enquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent. The processing of the data entered in the contact form is therefore exclusively based on your consent (Art. 6 Abs. 1 lit. a DSGVO). You can revoke this consent at any time. For this purpose, an informal notification by e-mail to us is sufficient. The legality of the data processing procedures carried out up to the time of revocation remains unaffected by the revocation. The data entered by you in the contact form will remain with us until you request us to delete it, revoke your consent for storage or the purpose for which the data was stored ceases to apply (e.g. after your request has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.

Embedded Social Media Elements Privacy Policy
We integrate elements of social media services on our website to display pictures, videos and text.
When you visit pages that display these elements, data is transferred from your browser to the respective social media service and stored there. We have no access to this data.
The following links will take you to the pages of the respective social media services where it is explained how they handle your data:

Source: Created with the data protection generator of www.adsimple.at in cooperation with hd-dental.net. Translated with deepl.

facebook    linkedin    xing
Gesellschaft zur Förderung von Alternativen
Biomodellen (The 3R Society)
Postfach 0014
A-8036 Graz