Privacy Policy

Last updated: Dec 2020

This Privacy Policy describes Our policies and procedures on the collection, use, and disclosure of your information when you use the Service and tells you about your privacy rights and how the law protects you. We process your data exclusively on the basis of the relevant legal provisions (in Austria: EU-GDPR, Data Protection Act, and Telecommunications Act 2003 and EU-GDPR). This data protection declaration informs you about the type, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within the framework of our Website and the associated websites, about functions and content of these websites, as well as about our external online presence, such as our Social Media Profiles.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Who we are

“Open Research Behind Closed Doors” is a Project by the Boltzmann Institute of Fundamental and Human Rights and its partners from Austria, Italy, and Germany that aims to gain insight into the lived experiences of persons with psychosocial and intellectual disabilities, who are detained as a preventive measure during the Covid-19 pandemic. Moreover, it aims to identify paths for future research on the challenges of pandemics in closed institutions and develop recommendations on how the situation can be improved.

Should you have any concerns or questions regarding the processing of your personal data by our project, we kindly ask you to either contact us at datenschutz@humanrights.at.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in the plural.

Definitions

For the purposes of this Privacy Policy:

Institute (referred to as either "the Institute", "We", "Us" or "Our" in this Agreement) refers to Ludwig Boltzmann Institute of Fundamental and Human Rights, Freyung 6, 1010 Vienna.
Country refers to the territory of the European Union, Israel or a third country, territory or one or more specified sectors within that third country of which the European Commission has decided that it ensures an adequate level of data management and protection.
Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
Personal Data is any information that relates to an identified or identifiable individual.
Service Provider means any natural or legal person who processes the data on behalf of the Institute. It refers to Third Party companies like the Website host or individuals employed by the Institute to facilitate the Service, to provide the Service on behalf of the institute, to perform services related to the Service, or to assist the Company in analyzing how the Service is used.
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Website refers to openresearchbehindcloseddoors.com, accessible from https://www.openresearchbehindcloseddoors.com/
You means the individual accessing or using the Website.
Cookies are small files that are stored on the user's computer. A cookie is primarily used to store information about a user (or, more precisely, about the device on which the cookie is stored) during or after the user's visit to an online service. Different data can be stored within the cookies
- Necessary / Essential Cookies: These cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.
- Cookies Policy / Notice Acceptance Cookies
- Persistent Cookies: Purpose: These Cookies identify if users have
- accepted the use of Cookies on the Website.
- Functionality Cookies: These cookies allow Us to remember choices
- You make when You use the Website, such as remembering Your login details or language preference. The purpose of these cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

Legal statement

In accordance with art. 6 1. (f) GDPR the processing of data is lawful if the “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a Third Party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.” The legitimate interest in processing the data pursued by wx.com and third-party partners is constituted by its nature of being a research project affiliated to a scientific research institute. Therefore, the legitimate interest relates to the general work of the Ludwig Boltzmann Institute of Fundamental and Human Rights in dealing with relevant human rights issues in a national, European, and international context. In addition, this interest also entails the relevance of raising awareness on the lived experiences of persons with psychosocial and intellectual disabilities, who are detained as a result of their criminal behavior and/or as a result of exemption of criminal responsibility due to their disability during the Covid-19 pandemic.

Collecting and Using Your Personal Data

Types of Data Collected

Collection and processing of your personal data:
The legislator's definitions of the following terms can also be found in art. 4 GDPR.

Personal data

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or with one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

In order to improve our online services, we store access data to this Website without personal reference.

Sensitive data

Personal data revealing ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, health data, or data relating to sex life or sexual orientation of a natural person.

Processing

The term "processing" shall mean any operation or set of operations that is carried out with or without the aid of automated procedures and which is related to personal data. The term is broad and covers practically every handling of data. We process your personal data only with the explicit permission of the users concerned or only on the basis of one of the cases provided for by law pursuant to art. 6 1. GDPR (lawfulness of processing).

Purpose:

In accordance with art. 14 1. (c), the data subject has the right to be provided with “the purposes of the processing for which the personal data are intended as well as the legal basis for the processing”. Besides the substantial purpose (see 2. Purpose), the platform wix.com and Third Party Service Providers have access to the personal data that have been obtained from the data subject for the purpose of optimizing the online offer, its functions, and contents. The legal basis for processing this data is the legitimate interest of the wix.com team and its Third Party Service Providers of being a research project affiliated to a scientific research institute (art. 6 1. (f) GDPR).

Categories of data:

The personal data that have not been obtained from the data subject but is processed by the _ platform wix.com and Third Party Service Providers (art. 14 1. (d) GDPR). The processing of this data is within the legitimate interest of the service providers, being a research project affiliated to a scientific research institute, to ensure the operational basis of the Website (art. 14 2. (b) & art. 6 1. (f) GDPR).

Data subjects have the rights listed in art.s 15 – 22 GDPR; the procedure for exercising these rights is regulated in art. 12 GDPR:

Especially, you are entitled to request information about whether and which personal data we have stored about you, to request the rectification of incorrect data or erasure of your personal data, which are not processed in accordance with the law; moreover, you may request under certain circumstances the restriction of the processing of your personal data. Further rights are the right to object to the processing of your personal data processed on grounds of art. 6 (1)(e) or (f) or for marketing purposes. Under certain circumstances, you have a right to recover data provided by you (right to data portability). If you are of the opinion that your data is processed contrary to the applicable data protection law, you have the right to lodge a complaint before the competent data protection authority.
Below you will find the legal basis authorizing you to undertake the steps mentioned above:

Right of access by the data subject (art. 15 GDPR)
Right to rectification (art. 16 GDPR)
Right to erasure (‘right to be forgotten’) (art. 17 GDPR)
Right to restriction of processing (art. 18 GDPR)
Notification obligation regarding rectification or erasure of
personal data or restriction of processing (art. 19 GDPR)
Right to data portability (art. 20 GDPR)
Right to object (art. 21 GDPR)
Automated individual decision-making, including profiling (art. 22 GDPR)

Collection and processing of your access data

We, the Website operator, collect data on access to the Website based on our legitimate interest (see art. 6 1. (f) GDPR) (see 3. Legal basis) and store these as "server log files" on the server of the Website.
The following data is logged in this way:

Visited Website
Time of access
Source/reference from which you came to the page
Browser used
Operating system used
IP address used

The server log files are usually stored for 24 hours, specific information will be stored for a maximum of 3 months and then deleted (see 4. Duration of data storage). The data is stored for security reasons, e.g. to clarify cases of misuse. If data have to be kept for reasons of proof, they are excluded from deletion until the incident has been finally clarified.

Transfer of data to third parties

Wix

Wix is a web development platform that enables its users to create a Website using simple cloud-based creation and management tools. Wix claims to truly respect the privacy of its users and is fully committed to protecting users’ personal information (e.g., name, email address, locations) and use it properly. They collect and use users’ personal information and non-personal information in order to provide their services and make them better and safer.

The Open Research Behind Closed Doors Website shares information with third parties or service providers. If Wix.com will transfer your Personal Information to the United States or anywhere outside Europe, they will make sure that (i) there is a level of protection deemed adequate by the European Commission or (ii) that the relevant Model Standard Contractual Clauses are in place. Wix participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List here. For further information please visit the Wix privacy policy.

Usage Data

Usage Data is collected automatically when using the Website. Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device, your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data. We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Tracking Technologies and Cookies

We use cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies we use may include:

Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse cookies, our Service may use Cookies.
Flash Cookies. Certain features of our Service may use local stored objects (or Flash cookies) to collect and store information about Your preferences or Your activity on our Service. Flash Cookies are not managed by the same browser settings as those used for Browser Cookies. For more information on how you can delete Flash Cookies, please read "Where can I change the settings for disabling, or deleting local shared objects?" available here

We use both Session and Persistent Cookies for the purposes set out below:

For more information about the cookies we use and your choices regarding cookies, please visit the Wix Cookies Policy

Use of Your Personal Data

The Website may use Personal Data for the following purposes:

To provide and maintain our Service, including to monitor the usage

of our Service.
For other purposes: We may use Your information for other purposes,

such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, and to evaluate and improve our Service, products, services, marketing, and your experience.

Retention of Your Personal Data

We will retain Your Personal Data only for as long as 3 months or the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or we are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Organization's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from Your jurisdiction.

Deletion of data

The Website may retain your Personal Information for as long as 3 months, as indicated in this Privacy Policy and in accordance with the cookies policy, or as otherwise needed to provide you with our Services.

You may request to access, receive a copy of, update, amend, delete, or limit the use of your Personal Information you have stored with us. Just send us an e-mail and we will get directly in contact with the service provider to validate the petition.

Social Media Features

Our Services include certain Social Media features, widgets, and single sign-on features, such as the “Share this” button or other interactive mini-programs (“Social Media Features”). These Social Media Features may collect certain Personal Information such as your IP address or which page you are visiting on our Website and may set a cookie to enable them to function properly. Social Media Features are either hosted by a Third Party or hosted directly on our Services. Your interactions with these third parties’ Social Media Features are governed by their policies and not ours. In addition, our Services may enable you to share your Personal Information with third parties directly, such as via page framing techniques to serve content to or from Third-Party Service Providers or other parties, while preserving the look and user experience of our Website and Services (“Frames”). Please be aware that if you choose to interact or share any Personal Information via such Frames, you are in fact providing it to these third parties and not to us, and such interactions and sharing are governed by those third parties’ policies and not ours.

On the Use of social plugins basis on our legitimate interests (i.e. interest in the analysis, optimization, and economic operation of our online offer in the sense of art. 6 para. 1 lit. f. GDPR) we use Social Plugins ("Plugins") of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), as well as of twitter.com, which is operated by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“Twitter”). The plugins can display interaction elements or content (e.g. videos, graphics, or text contributions) and can be recognized by one of the Facebook logos (white "f" on a blue tile, the terms "like", "like" or a "thumb up" sign), are marked with the addition "Facebook Social Plugin" or by the Twitter, Inc.’s Twitter buttons. The list and appearance of the Facebook Plugins can be viewed here:

https://developers.facebook.com/docs/plugins/
The list and appearance of the Twitter Plugins can be viewed here:

https://developer.twitter.com/en/docs/twitter-for-websites/overview.html.

Facebook is established in the EU (Ireland) and thus is subject to the GDPR; moreover Facebook Inc., situated in the U.S., is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection
law: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Ac tive. Twitter is also established in the EU (Ireland) and thus is subject to the GDPR; Twitter Inc. is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law, too: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO#privacy- policy-1

When a user calls up a function of these online services containing such a plugin, his device establishes a direct connection with the Facebook and/or Twitter servers. The content of the plugin is transmitted directly from Facebook and/or Twitter to the user's device and integrated into the online service by the user. User profiles can be created from the processed data. We, therefore, have no influence on the extent to which Facebook and/or Twitter collects data with the help of this plugin.

By integrating the plugins, Facebook and/or Twitter uses third-party plugins to receive the information that a user has called up the corresponding page of the online offer. If the user is logged into Facebook and/or Twitter, Facebook and/or Twitter can assign the visit to his Facebook and/or Twitter account. When users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transferred directly from your device to Facebook and/or Twitter and stored there. If a user is not a member of Facebook and/or Twitter, it is still possible for Facebook and/or Twitter to find out his IP address and save it.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the relevant rights and setting options to protect the privacy of users can be found in Facebook's data protection information: https://www.facebook.com/about/privacy.

The purpose and scope of the data collection and the further processing and use of the data by Twitter as well as the relevant rights and setting options to protect the privacy of users can be found in Twitter’s data protection information: https://twitter.com/en/privacy.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer. We will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Disclosure of Your Personal Data

What rights do users of the websites of the Ludwig Boltzmann Institute of Human Rights have?

They have the right to information, correction, deletion, restriction, data transferability, revocation, and objection. If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been violated in any way, you can complain to the supervisory authority. In Austria, this is the data protection authority. If you have any questions, please feel free to contact the Ludwig Boltzmann Institute of Fundamental and Human Rights.

Law enforcement

Under certain circumstances, the organization may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

We may disclose Your Personal Data in the good faith belief that such action is necessary to:

Comply with a legal obligation
Protect and defend the rights or property
Prevent or investigate possible wrongdoing in connection with the

Service
Protect the personal safety of users of the Service or the public
Protect against legal liability

Security of Your Personal Data

The security of Your Personal Data is important to Us and we strive to use commercially acceptable means to protect Your Personal Data. The measures for ensuring appropriate data security include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical access to the data as well as access to input, transmission, availability, and separation of the data concerning them. In addition, the service provider Wix and third parties, have established procedures to ensure the exercise of data subjects' rights, especially concerning the deletion of data and response to data breaches.

The protection of personal data is taken into account as early as the development or selection of hardware, software, and processes, in accordance with the principle of data protection through technology design and data protection-friendly default settings (art. 25 GDPR).

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a Third Party link, You will be directed to that Third Party's site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any Third Party sites or services.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last Updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, You can contact us:

By email: nora.katona@univie.ac.at