Privacy Policy

Privacy Policy

Protecting your personal data is very important to us. We process your data exclusively on the basis of the applicable legal provisions (General Data Protection Regulation – GDPR, Telecommunications Act – TKG 2021). Below we inform you about the most important aspects of data processing in connection with our website and our association’s activities

1. Data Controller

MedInUnity – Association for the Promotion of Intersectional Women’s Health and Gender Medicine
Schottenfeldgasse 72, 1070 Vienna, Austria
Email: office@medinunity.at

2. Data Security

Our website uses TLS encryption for security reasons (recognizable by “https://” and the padlock symbol in your browser).

3. Server Log Files

When visiting our website, the following information is automatically collected and stored in so-called server log files:

  • IP address
  • Date and time of access
  • Browser and operating system used
  • Referrer URL (previously visited page)

These data are technically necessary to display our website and to ensure stability and security.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest).
Storage period: 14 days, then automatically deleted.

4. Contact

If you contact us by email, we will process the data you provide exclusively for handling your inquiry.


Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures/contract performance) or Art. 6(1)(f) GDPR (legitimate interest in communication).

5. Registration via our Website

If you register directly on our website (outside of Eventbrite) for events or activities, we process the personal data you provide (e.g. name, email address, phone number, address, and other necessary details).

Purpose: To manage registration, carry out the event, and ensure necessary follow-up communication.

Legal basis:

  • Art. 6(1)(b) GDPR (contract/participation)
  • Art. 6(1)(f) GDPR (legitimate interest in organization and communication)
  • Art. 6(1)(a) GDPR (consent), e.g. for newsletter subscription.

Recipients:

  • Our hosting provider, Hostinger International Ltd. (Cyprus), processes website and form data on our behalf. We have a Data Processing Agreement in accordance with Art. 28 GDPR.
  • No data will be shared with third parties without your consent, except where necessary for contract performance or legal obligations.

Storage period: For the duration of participation and in accordance with statutory retention obligations (e.g. 7 years for invoice data under Austrian law).

6. Event Bookings via Eventbrite

For certain events, we use the ticketing service Eventbrite, operated by:

  • Eventbrite Operations Ltd., 25–28 North Wall Quay, Dublin 1, Ireland
  • Parent company: Eventbrite Inc., 155 5th Street, San Francisco, CA 94103, USA

Eventbrite collects the necessary data for participation (e.g. name, email address, payment data).

Legal basis: Art. 6(1)(b) GDPR (contract performance)

Recipient: Eventbrite processes these data under its own responsibility.
Privacy Policy: Eventbrite Datenschutzrichtlinien

Data transfer: Transfers to the USA are based on the EU–US Data Privacy Framework (adequacy decision of the European Commission).

7. Cookies

Our website uses cookies — small text files stored on your device via your browser. They help make our website more user-friendly, efficient, and secure.

Types of cookies we use:

  • Technically necessary cookies: Required for site operation (e.g. session cookies, CSRF protection, form submissions).
    Legal basis: Art. 6(1)(f) GDPR (legitimate interest). These cannot be disabled.
  • Consent cookies: Store your decision when you consent to certain cookies via our banner.
    Legal basis: Art. 6(1)(a) GDPR (consent).
  • External media (e.g. Instagram, YouTube, Google Maps, Vimeo): When loading embedded content, connections to third-party servers are made and cookies may be set, even if you don’t have an account with these providers.
    Legal basis: Art. 6(1)(a) GDPR, §174 TKG 2021 (consent).

You can configure your browser to inform you about cookies, allow cookies only in individual cases, or block them entirely. You may also revoke your consent at any time via our cookie settings. Please note that disabling cookies may limit the functionality of our website.

8. Google Analytics

We use Google Analytics 4, a web analytics service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), to analyze website usage. Google Analytics uses cookies and similar technologies to collect information such as:

  • Device type and browser
  • IP address (anonymized before storage)
  • Usage data such as visited pages, visit duration, interactions

Data may be transmitted to Google servers, including in the USA, under the EU–US Data Privacy Framework.

Purpose: Analyze visitor behavior to improve our website and services.
Legal basis: Art. 6(1)(a) GDPR, §174 TKG 2021 (consent via cookie banner). Google Analytics is only activated with your consent.
Storage period: Data linked to cookies, user IDs, or advertising IDs are stored for a maximum of 14 months.
Processor agreement: We have a Data Processing Agreement with Google (Art. 28 GDPR).

More info:

9. Spam & Security Check for Forms

To secure our contact forms, we use mechanisms such as spam and abuse filters. Data entered may be automatically checked against external services to prevent misuse.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in website protection).
If we use services such as Google reCAPTCHA, these providers are explicitly named in this policy.

10. Internal Data Processing within the Association

In the course of our association’s activities, we process personal data of members, donors, and business partners solely to fulfill our association’s purposes and legal obligations.

Legal bases:

  • Art. 6(1)(b) GDPR (contract/membership)
  • Art. 6(1)(c) GDPR (legal obligations, e.g. tax retention)

11. Your Rights

In accordance with applicable legal provisions, in particular Articles 15–21 GDPR, you have the right to:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR)

If you wish to exercise any of these rights, please contact us at: office@medinunity.at

12. Right to Lodge a Complaint

If you believe that the processing of your personal data violates data protection law, you have the right, in accordance with applicable legal provisions, to lodge a complaint with a supervisory authority. In Austria, this is the Data Protection Authority (DSB): www.dsb.gv.at

13. No Automated Decision-Making

We do not use automated decision-making or profiling.