Together for a circular future.

Privacy policy

1. RESPONSIBLE PERSON AND CONTACT DETAILS

Controller within the meaning of the General Data Protection Regulation (GDPR):

Circular Economy Forum Austria

Eschenbach Palace

Eschenbachgasse 11

1010 Vienna, Austria

Contact details:

- E-mail: office[@]circulareconomyforum.at

- Board of directors: vorstand[@]circulareconomyforum.at

- Phone: +43 681 20743281

Data Protection Officer:

For all questions regarding data protection and the exercise of your rights, please contact:

Werner Kössler

E-mail: werner.koessler[@]circulareconomyforum.at

Phone: +43 681 20743281

Other jointly responsible parties:

- Karin Huber-Heim (President)

- Anna-Vera Deinhammer (Deputy President)

- Werner Kössler (Financial Officer)

- Gregor Gluttig (Deputy Financial Officer)

- Elena Stelzig (Secretary)

- Valerie-Sophie Schönberg (Deputy Secretary)

- Alexandra Ciarnau (Auditor)

- Fabian Holly (Auditor)

 

2. PRINCIPLES OF DATA PROCESSING

The Circular Economy Forum Austria processes your personal data in accordance with the

Provisions of the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act

(DSG). In particular, we observe the principles of:

- Lawfulness, processing in good faith, transparency

- Purpose limitation - data is only collected for specified, clear and legitimate purposes

- Data minimisation - processing is limited to what is necessary

- Accuracy - Incorrect data will be corrected or deleted immediately

- Storage limitation - data is only stored for as long as necessary

- Integrity and confidentiality - Adequate security through technical and organisational measures

- Accountability - We can demonstrate compliance with all principles

 

3. PROCESSING ACTIVITIES AND LEGAL BASES

3.1 CLUB MEMBERSHIP MANAGEMENT

Purpose of the processing:

Admission and administration of association members, advisors, funding partners and competence partners

of the CEFA.

Persons concerned:

- Club members

- Funding partners and competence partners

- Potential association members and partners

- Board members

Categories of processed data:

- Association members: name, address, telephone number, e-mail address, professional activity/function,

Company name

- Partners: Company name, address, website URL, logo, name of contact person, telephone number,

E-mail address, characteristics of the anchoring of the circular economy in the company, annual turnover

- Potential members/partners: Corresponding basic data for checking admission

- Board members: Name, address, telephone number, e-mail address, professional activity/functionLegal basis:

- Art. 6 para. 1 lit. a GDPR (consent of the data subject)

- Art. 6 para. 1 lit. b GDPR (fulfilment of the contract/membership)

- Art. 6 para. 1 lit. f GDPR (protection of legitimate interests of the controller)

Recipient of the data:

- Internal recipients: Board members for the assessment of new members

- External recipients: Private individuals, companies, NGOs and educational institutions for

Exchange of information, tax consultant for legal obligations

- Processor: HubSpot, Inc. (2 Canal Park, Cambridge, MA 02141, USA) for master data maintenance

Storage duration:

The data is stored for the duration of the membership or partnership. After leaving the

the association, the data will be deleted.

3.2 WEBSITE USE

Purpose of the processing:

Provision and maintenance of the CEFA website, analysis of user behaviour in order to improve the website's user-friendliness.

Functionality.

Persons concerned:

Visitors to the CEFA website

Categories of processed data:

- Visitor tracking (analytics data)

- Serial number (user_id)

- IP address and browsing footprint (temporary with the service provider)

- Name data (when contacting us)

- Address and communication data (when contacting us)

- Correspondence language, other agreements

- Support data (user behaviour, frequency of visits)

Legal bases:

- Art. 6 para. 1 lit. a GDPR (consent of the data subject)

- Art. 6 para. 1 lit. f GDPR (protection of legitimate interests)

- Art. 6 para. 1 lit. c GDPR (legal obligations)

Special notes:

It is generally possible to use the website without providing personal data. IP addresses

are only temporarily logged by the service provider, cookies are not stored. The Analytics

Data is processed exclusively by our service provider Matomo.

Recipient of the data:

- Internal recipients: Board members and assistance for website maintenance

- External recipients: Tax consultants for auditing

- Processor:

- Matomo (InnoCraft Limited, 7 Waterloo Quay, PO625, 6140 Wellington, New Zealand) for analytics

- ALL-INKL.COM (Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany) as e-mail address.

Provider (replaced by Microsoft as of 01.07.2025)

- NDA Web Solutions GmbH for homepage maintenance

- Microsoft Ireland Operations Ltd for e-mail services

Storage duration:

Personal data will be deleted or anonymised no later than one year after the website visit.

3.3 E-MAIL MARKETING AND SUPPORT REQUESTS

Purpose of the processing:

Sending e-mail newsletters to persons who have given their consent, processing support enquiries and

Customer communication.

Persons concerned:

- Members and interested parties who have given their consent to receive the newsletter

- Persons who contact the controller by e-mail or contact form

Categories of processed data:

- E-mail address

- IP address

- Support requests and associated data

- Other data provided by the data subject himself/herself

Legal bases:

- Art. 6 para. 1 lit. a GDPR (consent of the data subject)

- Art. 6 para. 1 lit. b GDPR (fulfilment of contract)

Recipients of the data:- Internal recipients: Board members for customer communication

- Processor:

- The Rocket Science Group LLC d/b/a Mailchimp (675 Ponce De Leon Ave NE Suite 5000, Atlanta, GA,

30308, USA) for newsletter dispatch

- Eventbrite (95 Third Street, 2nd Floor, San Francisco, California, 94103, USA) for event invitations

- HubSpot, Inc. for CRM management

- Microsoft Ireland Operations Ltd for e-mail services

Storage duration:

Consent can be revoked at any time. Data is stored for a maximum of three years from the last

Contact saved.

 

4. TRANSMISSION TO THIRD COUNTRIES

Some of our processors are based outside the European Economic Area (EEA),

especially in the USA. The data transfer takes place on the basis of:

- Adequacy decisions of the European Commission

- Standard contractual clauses of the EU Commission

- Processor contracts with corresponding data protection guarantees

Processors concerned:

- HubSpot, Inc (USA)

- Mailchimp/Rocket Science Group LLC (USA)

- Eventbrite (USA)

 

5. YOUR RIGHTS AS A DATA SUBJECT

As a data subject, you have the following rights:

5.1 RIGHT TO INFORMATION (Art. 15 GDPR)

You can request information about the personal data concerning you.

5.2 RIGHT TO CORRECTION (Art. 16 GDPR)

You may request the rectification of inaccurate personal data or the completion of incomplete personal data.

demand.

5.3 RIGHT TO ERASE (Art. 17 GDPR)

You can request the erasure of your personal data if the legal requirements are met.

are fulfilled.

5.4 RESTRICTION OF PROCESSING (Art. 18 GDPR)

You can request the restriction of the processing of your personal data.

5.5 DATA TRANSMISSIBILITY (Art. 20 GDPR)

You have the right to receive the personal data concerning you in a structured, commonly used and

machine-readable format.

5.6 RIGHT OF OBJECTION (Art. 21 GDPR)

You can object to the processing of your personal data at any time, provided that

this is based on legitimate interests (Art. 6 para. 1 lit. f GDPR).

5.7 REVOCATION OF CONSENTS

If the processing is based on your consent, you can withdraw this consent at any time with effect for the future.

revoked.

5.8 RIGHT TO LODGE A COMPLAINT

You have the right to complain to a data protection supervisory authority about the processing of your data.

personal data.

Austrian Data Protection Authority:

Barichgasse 40-42, 1030 Vienna

Phone: +43 1 52 152-0

E-mail: dsb@dsb.gv.at

 

6. DATA SECURITY

6.1 TECHNICAL AND ORGANISATIONAL MEASURES

We have taken comprehensive technical and organisational measures to protect your personal data.

data from unauthorised access, loss, destruction or modification:

Access control:

- Chip card/transponder locking systems

- Video surveillance of the entrances

- Personnel checks and visitor logging

- Obligation to carry authorisation cards

Access control:- Individual user profiles with access authorisations

- Authentication with user name/password

- Use of hardware and software firewalls

- Anti-virus software and intrusion detection systems

Access control:

- Authorisation concept with individual access system

- Encryption of data and data carriers

- Logging of access and unauthorised access attempts

- Password guidelines with regular password changes

Transfer control:

- Encryption for data transmission

- VPN technology for secure connections

- E-mail encryption

- Logging of all transmission processes

Input control:

- Traceability of entries, changes and deletions

- Assignment of rights based on authorisation concepts

- Logging of all data manipulations

Availability control:

- Regular backups with secure storage

- Uninterruptible power supply (UPS)

- Air conditioning and monitoring systems in server rooms

- Emergency plans and recovery concepts

Separation requirement:

- Logical and physical separation of different data sets

- Encryption and pseudonymisation

- Separation of production and test systems

6.2 ORDER PROCESSING

All processors are carefully selected and must provide appropriate data protection guarantees.

offer. Data processing agreements are concluded with all service providers in accordance with Art. 28 GDPR.

 

7. AUTOMATED DECISION MAKING

We do not use automated decision-making, including profiling in accordance with Art. 22 GDPR, which

has a legal effect on you or significantly impairs you in a similar way.

 

8. COOKIES AND TRACKING

The website uses cookies. User behaviour is analysed by our analytics tool Matomo,

whereby IP addresses are only logged temporarily and locally by the service provider. Cookies are

Text files containing data from websites or domains visited and stored by a browser on the user's computer.

stored on the user's computer. A cookie is primarily used to store information about

save a user during or after their visit to an online offer. To the

stored information can be, for example, the language settings on a website, the login status, a

shopping basket or the place where a video was watched. The term cookies includes

Furthermore, other technologies that fulfil the same functions as cookies (e.g. when user information is

stored using pseudonymous online identifiers, also known as "user IDs")

A distinction is made between the following cookie types and functions:

Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest,

after a user has left an online service and closed their browser. Persistent cookies:

Permanent cookies remain stored even after the browser is closed. For example, the

login status is saved or favourite content is displayed directly when the user visits a website.

visited again. Likewise, the interests of users who are used for reach measurement or for

marketing purposes are stored in such a cookie. First-party cookies: First-

Party cookies are set by us. Third-party cookies (also: third-party cookies): Third-party cookies

Cookies are mainly used by advertisers (so-called third parties) to store user information.

process. Necessary (also: essential or absolutely necessary) cookies: Cookies can on the one hand

be absolutely necessary for the operation of a website (e.g. to process logins or other user input).

store or for security reasons).

Statistics, marketing and personalisation cookies: Furthermore, cookies are generally also used in the context of the

reach measurement is used and when the interests of a user or his behaviour (e.g.

Viewing certain content, using functions, etc.) on individual websites in a user profile

are stored. Such profiles are used, for example, to show users content that matches their potential interests. This process is also known as "tracking", i.e. the tracking of potential users.

interests of the users. Insofar as we use cookies or "tracking" technologies, we will inform you

separately in our privacy policy or when obtaining consent.

Information on legal bases: The legal basis on which we process your personal data with the help of

cookies depends on whether we ask for your consent. If this is the case and you consent to the

If you consent to the use of cookies, the legal basis for the processing of your data is the declared consent.

consent. Otherwise, the data processed with the help of cookies will be stored on the basis of our

legitimate interests (e.g. in the commercial operation of our online offering and its

improvement) or, if the use of cookies is necessary in order to fulfil our contractual obligations

fulfil its obligations.

Storage duration: If we do not provide you with any explicit information on the storage duration of permanent cookies

(e.g. in the context of a so-called cookie opt-in), please assume that the storage period is until

can be up to two years. General information on cancellation and objection (opt-out): Depending on,

whether the processing is based on consent or legal permission, you have the right to object at any time.

the option of withdrawing consent you have given or objecting to the processing of your data by cookie

technologies (collectively referred to as "opt-out"). You can exercise your objection

first by means of the settings of your browser, e.g. by allowing the use of cookies

deactivate (whereby this may also restrict the functionality of our online offer).

can). An objection to the use of cookies for online marketing purposes can also be raised by means of

a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info

and https://www.youronlinechoices.com/. In addition, you can find further objection notices

as part of the information on the service providers and cookies used. Processing of cookie data

Data on the basis of consent: Before we process data in the context of the use of cookies

or have them processed, we ask users for their consent, which can be revoked at any time. Before the

consent has not been given, cookies may be used that are necessary for the operation of our website.

online offer are absolutely necessary.

Processed data types: Usage data (e.g. websites visited, interest in content, access times), meta-/

Communication data (e.g. device information, IP addresses).

 

9. NEWSLETTER AND E-MAIL MARKETING

The newsletter is only sent out with your express consent (double opt-in procedure). You can

Your consent at any time by:

- Click on the unsubscribe link in every e-mail

- E-mail to office@circulareconomyforum.at

- Written notification to our postal address revoked.

 

10. UPDATES AND CHANGES

This privacy policy is regularly reviewed and updated as necessary. The current version is

always available on our website.

Last update: 22 May 2025

Always informed.
Always connected.

Newsletter

Receive updates on projects, events and the most important developments in the circular economy in Austria and Europe - straight to your inbox.
Register now!
The Circular Economy Forum Austria is Austria's largest independent multi-stakeholder platform for the promotion of the circular economy. The forum supports companies and their environment on the path to the circular economy and connects key players to create innovative value creation cycles. The creation of value creation cycles that address social and environmental challenges requires a systemic approach.
Home About the forum Board of Directors & Advisor Events Resources & Downloads News Join the Circle Contact us Imprint Data protection
Contact us
them to us!
Let's network!
LinkedIn
Eventbrite
Copyright © 2025 Circular Economy Forum Austria. All rights reserved.

Site by Mad Nice Group GmbH

Newsletter


en_GBEnglish
de_DEGerman en_GBEnglish