v1.0, 2025-04-30
The protection of your personal data is very important to us. We therefore process your data exclusively on the basis of the applicable legal provisions for the protection, lawful handling, and confidentiality of personal data, as well as for data security, such as the EU General Data Protection Regulation (“GDPR”), the Austrian Data Protection Act (Datenschutzgesetz, “DSG”), and the Telecommunications Act (Telekommunikationsgesetz, “TKG”) in their currently valid versions.
In this privacy policy, we inform you about the most important aspects such as the type, scope, and purposes of the collection and use of personal data in connection with your visit to and use of our web platform “Visual History of the Holocaust Media Management and Search Infrastructure (VHH-MMSI)” (https://www.vhh-mmsi.eu).
This includes the historical documents digitized in the course of the EU Horizon 2020 project “Visual History of the Holocaust: Rethinking Curation in the Digital Age (VHH)” (https://www.vhh-project.eu) (films, photos, text documents), as well as the annotations, bookmarks, and vocabularies generated in the project and the digital tools developed in the project for viewing and editing the documents.
What is personal data?
Personal data is any information relating to a natural person. It is essential that the data is considered personal data as soon as the natural person can be identified on the basis of the data (e.g., by assigning a user ID). Personal data includes, for example, your name, address, telephone number, or date of birth. Statistical information that cannot be linked to you either directly or indirectly (such as the popularity of individual pages on our web platform or the number of users of a page) is not personal data.
Who is responsible for collecting and processing your personal data?
The Ludwig Boltzmann Gesellschaft (“LBG”) collects and processes your data as the responsible body. If you have any questions or suggestions, please feel free to contact us:
Ludwig Boltzmann Gesellschaft – Österreichische Vereinigung zur Förderung der wissenschaftlichen Forschung (LBG) (Ludwig Boltzmann Society – Austrian Association for the Promotion of Scientific Research)
Nußdorfer Straße 64, 6th floor
1090 Vienna, Austria
Email: office@lbg.ac.at
https://lbg.ac.at
ZVR number: 875209001
VAT number: ATU 37866608
LBG Data Protection Officer
Mag. Dr. Bernd M. Schauer
Email: dsba@lbg.ac.at
Contact
If you, as a user of the web platform, contact us via our websites, by email, or by telephone, we will process the personal data you provide (last name, first name, telephone number, email address, institution, and your specific inquiry and, if applicable, the relevant documents) in order to process your inquiry and respond accordingly.
For the purpose of processing enquiries and in the event of follow-up questions, the personal data collected for this purpose will be processed for the fulfilment of (pre-)contractual obligations or on the basis of legitimate interests. We will not pass on this data to third parties without your consent.
We store this data for a period of six months for the purpose of processing your contact/request so that we can respond appropriately to any follow-up questions, unless other legal provisions require a longer storage period.
Use of the web platform
When using our web platform, the following personal data is automatically processed by a user:
• Date and time of access to a page of the web platform, as well as data on interaction with the web platform (number of visits and duration of stay, as well as the language selected)
• Data on the end device (screen resolution, ISP, and operating system)
• IP address and IP location
• Referrer URL
• Name and version of the web browser used
• Session ID
• Search engines and keywords used by the visitor to find the web platform
• Log files (using necessary cookies)
The legal basis for the processing of this personal data, which is processed in the context of your visit to our web platform and online services, is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR, which consists of offering our web platform securely to our visitors and protecting them from cyber attacks.
In this context, we process your data for the following purposes:
• to provide our visitors with a web platform
• to further develop the web platform and optimize its usability
• to detect, prevent, and investigate attacks on the web platform
• to compile usage statistics for statistical analysis in anonymous form
We generally store your data for a period of three months when you visit the web platform.
Map services that can be used on the web platform:
- Google Maps
Google Maps can be used on our web platform to display interactive maps. Google Maps is a map service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
Google Maps can be used on the web platform with your consent to enable the locations specified by us on the web platform to be found on a map. With your consent, when you visit a page with an embedded Google Maps map, your IP address will be transmitted to Google and a cookie may be set.
Further information can be found in Google’s privacy policy: https://policies.google.com/privacy
- Open Street Map
The open source map service “OpenStreetMap” (= “OSM”) can be used for display on the web platform. The provider is the OpenStreetMap Foundation CLG, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom.
With your consent, OSM can be used to provide an interactive map on our web platform to enable the locations specified by us on the web platform to be found on a map. When you use OSM, the IP address of your device is stored by the provider and the map material is loaded from an external server.
Information on the handling of user data can be found in OSM’s privacy policy at https://wiki.osmfoundation.org/wiki/Privacy_Policy.
- Basemap
Users can display maps on the web platform that are provided by https://basemap.at, the administrative base map of Austria. basemap.at is a freely available mapping provider. basemap.at is based on a cooperation between the GIS offices of Austria’s federal states (geoland.at) and its partners, the Austrian Association of Cities and Towns (Österreichischer Städtebund), ÖVDAT, and BEV.
The map is integrated into our website using JavaScript or by retrieving the so-called tiles (map images) from the provider’s server. When you access the map, your IP address and possibly other connection data relating to your visit are transmitted to the basemap.at server.
No other personal data is collected, processed, or displayed on basemap.at (according to its own information). When integrating the map data, we refer to Art. 6 (1) lit. f GDPR, i.e., as the operator of the web platform, we have a legitimate interest in improving the user-friendliness of our website.
Additional services and applications on the web platform:
PDF.js Express (display of PDF documents)
To display PDF documents within the web platform, we use PDF.js Express, a service provided by Apryse Systems Inc. based in Canada. The integration is dynamic via a CDN structure.
As things stand at present, the provider does not store or analyze any personal data through the use of this service.
Keycloak, Elasticsearch, and Collective Access (storage of user data)
User accounts are authenticated and managed via Keycloak, an open-source identity management system that is operated on our own servers within the EU. It enables secure user login, user role management, and access controls within the web platform.
Content generated by users within the project (e.g., annotations, bookmarks, vocabulary entries) is stored in the Elasticsearch and Collective Access applications.
Collective Access is a web-based open-source system for archiving, cataloguing and managing digital collections. It was developed specifically for cultural institutions such as museums, archives and research projects and enables structured storage and contextual linking of data and metadata. Collective Access is installed and configured on our own servers within the EU.
Elasticsearch, a server-side search technology operated on our own servers within the EU. Elasticsearch is used to index and deliver content in a fast full-text search.
All three systems (Keycloak, Collective Access, and Elasticsearch) are implemented in such a way that they comply with the requirements of the GDPR and are protected against unauthorized access by appropriate technical and organizational measures. Access to personal data within these systems is restricted to authorized project staff who are bound to confidentiality.
Cookies (general information on the use of cookies):
Our website uses cookies to improve the user experience, present content in a more user-friendly way, and enable certain technical functions. Cookies are small text files that are stored on your device and transmitted when you visit our website.
Cookies used:
• Technically necessary cookies:
o GATEWAY_SESSION: Session ID used by Keycloak to manage logged-in users
o XSRF-TOKEN: Security token against CSRF attacks (also generated by Keycloak)
• Other non-essential cookies:
o __ga, __gid, __gat: Cookies from Google Analytics for analyzing website usage, distinguishing users, session duration, and throttling requests
When you visit the web platform for the first time, you can decide via a cookie banner whether you agree to the use of non-essential cookies. You can adjust your consent at any time or revoke it at any time.
Google Analytics (web analysis):
Our web platform uses Google Analytics, a web analysis service provided by Google LLC. This involves information about your use of our website (including your IP address in anonymized form) being transmitted to Google servers. IP anonymization is activated so that your IP address is truncated within the EU/EEA.
Google uses this information to evaluate the use of the web platform, to compile reports on website activity, and to provide other services. Processing is only carried out on the basis of your voluntary consent in accordance with Art. 6 para. 1 lit. a GDPR.
Registration and creation of a user account on the web platform
By registering and creating a user account, a user agreement is concluded between you and the Ludwig Boltzmann Gesellschaft (see User Agreement and Terms of Use). The following personal data is processed when creating a user account:
• Last name
• First name
• Email address
• Institutional affiliation
• Field of activity
• Data provided to the user in connection with the functionalities of the web platform (e.g., annotations, bookmarks, and vocabularies)
The data listed is provided by you voluntarily during registration and use. This data is necessary for the fulfillment of the user agreement or for the implementation of pre-contractual measures. Without this data, we cannot conclude the user agreement with you. We process this data for the following purposes:
• Setting up a user account
• Activating the corresponding permissions on the web platform
• Transmitting information on the use of the web platform
We store your user data required for access to the web platform for the duration of the contractual relationship.
Transfer of data
We regularly use IT service providers as processors to operate and manage our web platform. These service providers may also have access to personal data in order to provide the IT services they have been commissioned to perform, in accordance with our instructions and on our behalf.
In addition, we transfer personal data of users to the following recipients:
• to external third parties to the extent necessary on the basis of our legitimate interests, such as, in particular, to auditors, insurance companies in the event of an insurance claim, legal representatives in the event of a legal dispute
• furthermore, to authorities and other public bodies to the extent required by law, such as, in particular, security authorities, tax authorities, or courts
Otherwise, user data will not be passed on to other third parties for their own purposes without consent of the respective users.
The data is processed within the EU or the EEA.
Storage period
We only store personal data for as long as we need it to fulfill the purposes outlined above and our contractual or legal obligations. If personal data is no longer needed, we delete it from our systems and records or anonymize it so that users can no longer be identified.
Data security
We do our utmost to make visiting and using our web platform as secure as possible. In particular, we comply with the provisions of Art. 32 GDPR to ensure the confidentiality and security of personal data and take appropriate technical and organizational security measures.
Your rights
You have the right to information, correction, deletion, restriction, data portability, revocation, and objection. If you believe that the processing of your data violates applicable data protection law or that your data protection rights are otherwise violated, you can lodge a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde):
Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Vienna, Austria
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Further information on the data protection measures of the Ludwig Boltzmann Gesellschaft can be found at: https://lbg.ac.at/privacy-policy/
Please note that this privacy policy may be amended at any time due to legal or factual requirements.
