Privacy statement and legal notice

This is the data protection statement of the EUSDR Danube Strategy Point (DSP), issued in accordance with the European Union General Data Protection Regulation (GDPR) (EU) 2016/679.

1. Registrar

Danube Strategy Point
EU-Förderagentur GmbH
on behalf of the City of Vienna
Kaiserstraße 113-115/8
1070 Vienna, Austria
Tel: +43 189 08 088 21 05

2. The person in charge of the register

The controller’s data protection officer is:
Eveline Kräftner

You can also contact the data protection officer by sending a letter to the controller’s postal address, labelling it for the attention of the “Data protection officer”.

3. Name of the register

The register is called the Stakeholder Register of EUSDR/DSP.

4. The purpose of the register / the purpose of handling personal data

The purpose for which the information in the personal data register is used is to give out information about the EUSDR activities and stakeholder communications. We use the personal data register for sending out newsletters, information about activities and invitations to events. We handle personal data in matters related to the management of communications, such as user surveys and responding to feedback.

With the help of the register, we also develop the EUSDR website, services and social media channels. With the help of the register, we are able to target the stakeholder groups with relevant content.

5. The information content of the register and sources of information, in accordance with the rules

a. Legal basis for data processing 

Article 6(1)(f) GDPR provides the legal basis for the temporary storage of data and log files.

b. Purpose of data processing

The temporary storage of the IP address by the system is necessary so as to enable the user’s computer to retrieve and display the website. For this purpose, the user’s IP address must be stored for the duration of the session. 

The data is stored in log files to guarantee the functionality of the website. Furthermore, the data helps us to optimise the website and guarantee the security of our information technology systems. The data is not evaluated in this respect for marketing purposes. 

These purposes also include our legitimate interest in processing data as provided for under Article 6(1)(f) GDPR.

We collect and handle the following personal data:

  • The person’s work e-mail address / e-mail address
  • The name of the person’s employer organisation
  • The surname and given name of the person
  • Information on requests to send communications or marketing communications sent by the person
  • Information on prohibitions on communications and marketing
  • Information fed into contact forms
  • Information fed through blogs
  • User feedback information
  • User feedback in surveys

In the use and development of the services, we may handle the following data:

  • Information on the type of browser and the version being used 
  • Language and version of the browser software
  • Operating system and interface used
  • The user’s internet service provider
  • The user’s IP address
  • Date and time of access and time zone difference to Greenwich Mean Time (GMT)
  • Volume of data transmitted
  • Websites from which the user’s system accesses our website 
  • Access status / HTTP status code
  • Data collected from the use of the web service, offered by Google Analytics

We also receive personal data from the following sources:

  • Information connected with the use of social media, such as LinkedIn, Facebook, Twitter and YouTube
  • Social media services themselves define the kind of information they offer their users and in what time. For further information, visit the above links.

On the basis of the consent of the person involved, we collect and handle other information on a case-by-case basis. We collect personal information primarily from the persons themselves in connection with contacts that are made and order forms. We may collect information about customers from public sources and registers, based on gaining permission from the customer or as set by law.

We collect visitor information from the website for the development of the website and for targeting content that is relevant to visitors with the help of the Google Analytics system and cookies. It is possible to cancel Google Analytics monitoring by following the instructions of the service provider.


In some instances, we engage the services of external service providers (so-called processors) to process personal data. They are authorized personal data operators. were carefully selected and commissioned, are bound by our instructions and are regularly monitored.

The following processors act on our behalf:

  • Modul Media GmbH, Landstraßer-Hauptstraße 76, 1030 Wien. We have concluded a processing agreement with FatCamel s.r.o., under the terms of which the company agrees to provide comprehensive data protection.

7. Data systems using the register / Use of Cookies

a. Definition of cookies

Cookies are small text files stored in your browser. They are downloaded by your browser the first time you visit our website. The next time this website is visited using the same terminal or browser, the cookie and the information stored in it will be sent either to the respective website which set it (first party cookie) or to another website to which it belongs (third party cookie). In this way, the cookie recognises that the website was requested using the respective browser and this changes the way in which content is displayed. For instance, cookies “remember” your preferences, how you use a site, and to some degree they adapt the offers shown to the individual.

b. Functionally necessary cookies

We use the following cookies for the purpose of transmitting messages and providing the services requested by you. The data processing activities undertaken by employing the use of cookies are based on our legitimate interests in providing a fully functioning website and the services requested by you (Article 6(1)(f) GDPR, Section 96 para. 3 of the Telecommunications Act).

  • web service / WordPress (CMS)

c. Third Party cookies

Our register can be used by the following data systems:

  • Google Analytics (Google and the GDPR)
    • This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Data is processed on the basis of the consent given by you (Article 6(1)(a) GDPR, Section 96 para. 3 of the Telecommunications Act). Google Analytics uses what are known as “cookies”, i.e. text files stored on your computer, which make it possible to analyse your use of the website. The information generated by the cookie concerning your use of the website (including a truncated version of your IP address) is – as a general rule – transferred to and stored on a server operated by Google in the United States.
    • This website uses Google Analytics solely with the “(anonymize)” extension, which guarantees the anonymization of the IP address by a process of truncation and eliminates any direct reference to individuals. By using this extension, your IP address will be truncated by Google within the Member States of the European Union or in other states party to the Agreement on the European Economic Area before such transfer of data takes place. Only in exceptional circumstances will the complete IP address be transferred to and stored on a server operated by Google in the United States.
    • The (truncated) IP address transmitted by your browser as part of Google Analytics will not be merged by Google with other data. You can prevent the storage of cookies by changing your browser settings accordingly; however, we wish to draw your attention to the fact that if you do so you will not be able to take full advantage of all of the functions of this website. Furthermore, by clicking on the following link ( you can download and install a browser plugin which will enable you to prevent Google from collecting the data generated by the cookie, which relates to your use of the website (including your IP address), and it therefore also enables you to prevent Google from processing such data.
    • As an alternative to a browser plug-in or within browsers on mobile devices, please click on the button below to prevent any future collection of data by Google Analytics within this website (the opt-out only functions in the browser and only for this domain). By clicking on the link, an opt-out cookie will be set on your device. If you delete your cookies in this browser, you will have to click on this link again.
  • EUSDR social media channels:

d. Your cookie settings on this website

If you block cookies completely or would like to limit the placement of cookies, you can change the settings in your internet browser. Cookies already stored can be deleted at any time. If cookies are deactivated for our website, it is possible that you will not be able to take full advantage of all of the functions of the website.

You can find out how to manage and delete cookies in the help function integrated into the respective browser. Further information on this subject can be found under the following links:

7. Normal handing over of data

Data is not given to outside parties.

8. Passing on information outside the EU or European Economic Area

Data is not passed outside the EU or European Economic Area, except for the non-EU countries part of the EUSDR (Bosnia and Herzegovina, Montenegro, Serbia, Moldova and Ukraine).

We send some data to recipients domiciled outside of the EEA in the following cases:

  • Google LLC (“Google“), which has its registered office at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, processes data on our behalf. We send Google your IP address (in an anonymised format), information on websites accessed (URLs) and estimations regarding demography and age. Our legitimate interest in performing statistical analysis of the user behaviour for optimisation and marketing purposes provides the legal basis for the transfer (Article 6 (1)(f) GDPR).

Google is certified for the US-EU data protection framework “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the European Union. Furthermore, in addition to our general security measures, which are used group-wide, the data will only be transmitted in pseudonymous form. It is thus not possible to associate any specific data with you.

9. Storage time for personal data

We do not store personal data longer than is necessary for the purpose for which it is used, or alternatively, we store it for a period that we have defined with our service providers / cooperative partners in our data security and data protection agreements. The storage times of personal data vary according to the purpose of its use and the situation. We update personal information when necessary and we remove unnecessary information.

10. The principles of the protection of the register

We keep personal data in electronic form on the servers of our service providers. These are protected through agreements that follow general practices made between our service providers and us. We do not disclose used or handled personal data to anyone other than those who need it for their work or our cooperative partners, to whom it is disclosed in confidence and to a limited degree (determined on the basis of agreements). We restrict access to personal data through user codes, passwords and access rights.

11. Right of inspection

Each individual has the right to inspect personal data about herself or himself from our customer and stakeholder register, in accordance with the provisions of GDPR Regulation (Regulation (EU) 2016/679).

Inspection requests are sent to the Lead Partner of the „Danube Strategy Point” project at the following postal address:

EU-Förderagentur GmbH
Kirchberggasse 33/9
A-1070 Wien

or to the following e-mail address:

12.Rights in connection with data processing

The General Data Protection Regulation (Regulation (EU) 2016/679) grants you as a data subject certain rights to which we wish to draw your attention in the following. Please note that these rights are complementary, which means that you can request that your data be corrected/completed/deleted.

Requests to correct a specific error are sent to the Lead Partner of the „Danube Strategy Point” project at the following postal address:

EU-Förderagentur GmbH
Kirchberggasse 33/9
A-1070 Wien

or to the following e-mail address:

13. Revocation of consent

We store and processes your personal data with your consent. You are entitled to revoke such consent at any time. However, this does not affect the lawfulness of the processing of data conducted up until the time at which revocation is issued.

If we process data on the basis of a person’s consent, the person may withdraw consent at any time by giving notice by e-mail to the address:

14. Right to information

You may request information regarding the origin, categories, storage duration, recipients, and purpose of the data relating to you that is processed by EUSDR, as well as information on the type of processing.

15. Right to restrict processing

If it is unclear whether the data relating to you that has been processed is incorrect or incomplete or whether it is being or has been processed unlawfully, you may request that the processing of your data be restricted until this issue is clarified.

16. Right to object

Even if the data relating to you is correct and complete and even if it is being processed lawfully by EUSDR, you can file an objection to the processing of this data. However, you may only do so in situations in which you provide special justification.

17. Right to data portability

You are entitled to receive the data relating to you that has been processed by EUSDR/DSP, which EUSDR/DSP received from you, in a machine-readable format determined by EUSDR/DSP or you may instruct EUSDR/DSP to transfer the data directly to a third party of your choosing provided, however, that EUSDR/DSP makes this possible for the recipient from a technical perspective and that the transfer of data is not hindered or impeded due to it being an unreasonable burden and providing no other confidentiality obligations or considerations on the part of EUSDR/DSP or third parties stand in the way of such transfer.

18. Right to file a complaint

Lastly, you have the right to appeal to the Data Protection Agency if you are of the view that the processing of the personal data relating to you breaches the provisions of the General Data Protection Regulation (Regulation (EU) 2016/679).

18. To whom can you turn to enforce your rights as a data subject?

To assert the aforementioned rights, please write (a letter or email) to the contact person specified under section 1 or directly to the following email address: 

19. Privacy policy & data protection statement update

Updates may be made to this data protection report, for instance, if our operating methods or systems change/develop or if data protection recommendations change. We might also have to make updates if legislation changes.


Vienna, 09/2019