Privacy Policy

1. General

At Graz University of Technology (TU Graz), protecting your data is a top priority. All of our procedures and processes are compliant with the applicable data protection regulations. If you take part in the TU Graz event (Graz Security Week 2023), it is necessary to process your personal data for certain purposes. In accordance with our statutory obligations, we have prepared this statement to inform you about the nature, purpose and legal basis of our data processing activities.

2. Data Controller

The data controller is Graz University of Technology, Rechbauerstraße 12, 8010 Graz.

3. Categories of Persons and Data

TU Graz processes the following personal data in connection with the event:

1. Participants: title, first and last names, position, e-mail address, company/organisation, billing address,
VAT ID number, photographs, videos, details of payments, country.

4. Purpose and Legal Basis

  1. Sending invitations to persons in existing contact databases
  2. Organising and running the event
  3. Publicity work and documentation of the event (making pictures, describing the activities of the university and informing the general public)
  4. Sending strictly relevant information on events in the same area of research

The sending of invitations to people from existing contact databases who have not yet taken part in any event or events that are similar in terms of content is done on the basis of Art 6 (1) (a) GDPR.
The sending of invitations to people from existing contact databases who have already taken part in the same series of events or a similar event is done by TU Graz in public interest in the context of the tasks outlined in the Universities Act 2002 (UG 2002) in accordance with Art 6 (1) (e) GDPR.

In the process of organising and running of chargeable events, we process the personal data of the participants and speakers, which they provide on registration, in order to fulfil the contract to hold the event and to carry out pre- contractual steps, based on Art 6 (1) (b) GDPR. In the process of organising and running of free events, we process the personal data of the participants and speakers which they provide on registration, based on Art 6 (1) (e) GDPR.

The Austrian Universities Act 2002 assigns TU Graz the task of supporting national and international collaboration in research, teaching and art and also that of informing the public about how the university fulfils its tasks.
In order to fulfil these obligations and in order to promote networking between researchers within the various research disciplines, TU Graz has to hold events as part of its public service mission. The legal basis for publicity

work and the documentation of the event, in particular by means of making pictures and the provision of lists of participants to the participants is Art 6 (1) (e) GDPR in conjunction with § 3 UG 2002.

5. Recipients

Your pictures will be published on central university media channels (, Please pay attention to the information signs at the event.
Your data will not be transmitted to any third parties.
To administer payments for the event, the following payment service is used: stripe, Inc.(

6. Storage Periods

In fulfilment of contractual obligations (chargeable events): We will store your personal data for as long as is necessary to fulfil the contract (the event contract).

In the public interest: We will process the data for as long as this is necessary to serve the public interest or until justified objections are raised.

If you have given us your consent to the processing of your data, your personal data will be stored until you withdraw your consent. Only those data will be saved that are needed to document your consent and your withdrawal of consent. From the moment at which you withdraw your consent, these data will be stored for three years.

Furthermore, your data is only stored if statutory retention periods or limitation periods regarding potential legal claims apply.

7. Rights of Data Subjects

You have the rights to information and access, rectification, data portability, restriction, objection and erasure of data. Besides these, you also have the right to withdraw your consent to the processing of data. However, bear in mind that withdrawal of consent does not affect the legality of the processing of your data retrospectively. Also, the exercise of these rights cannot override contractual or statutory obligations.

If you do not wish any photographs to be made of you, please inform the organizer(s) or the photographer(s) of this at the beginning of the event.

If you have any questions or concerns on matters of data protection or if you wish to exercise these rights, please contact All other information on data protection can be found at

You also have a right to make a complaint to the Austrian Data Protection Authority.

8. Data Protection Officer

The data protection officer of TU Graz is x-tention Informationstechnologie GmbH, Römerstraße 80A, 4600 Wels.