iPSN Privacy Policy


The Institute for Medical Informatics, Statistics and Documentation of the Medical University of Graz has developed this Privacy Policy to explain how we may collect, retain, process, share and transfer your Personal Data when you visit our Sites or use our Services. This Privacy Policy applies to your Personal Data when you visit our Sites or use our Services, and does not apply to online websites or services that we do not own or control. This Privacy Policy is designed solely to help you obtain information about our privacy practices and to help you understand your privacy choices when you use our Sites and Services. The meaning of some (capitalized) terms used throughout the Privacy Policy is explained in the Definitions section.

For further questions on data protection aspects, please refer to the section Contact for Data Protection Issues.

What Personal Data Do We Collect?

We collect Personal Data about you when you visit our Sites or use our Services, including the following:

  • Registration and use information: When you register to use our Services by establishing an account, we will collect the Personal Data necessary to provide the requested Services. Depending on the Services selected, it may be necessary to provide name, address, phone number, email address and other identification information in order to set up an account. We may require you to provide us with additional Personal Data as you use our Services.
  • Action information: When you access our Sites or use our Services, we collect information about the actions performed and other information related to the actions, such as Device Information and Technical Usage Data.
  • Other data collected: We may collect additional information from or about you when you communicate with us, contact our Customer Support team or participate in a survey.

Why Do We Retain Personal Data?

We retain Personal Data in an identifiable format for the least amount of time necessary to fulfill our legal or regulatory obligations and for our business purposes. If an account has been deactivated, we can take measures to continue using data in anonymous form.

How Do We Process Personal Data?

We may Process your Personal Data for the following reasons, which are permitted under the data protection laws of the European Union:

  • To operate the Sites and provide the Services, including to:
    • authenticate access to an account,
    • manage the association of user accounts to different trials,
    • communicate with Users regarding their account and our Services, for example, to respond to questions you have directed to our Customer Support team.
  • To manage our business needs, such as billing, monitoring, analyzing and improving the performance and functionality of Sites and Services. For example, we analyze user behavior and the use of our Services.
  • For our legitimate interests, including to enforce the Terms and Conditions of our Sites and Services.

When is Personal Data Shared?

For business reasons, we may share Personal Data with third parties if such disclosure is legally permissible or necessary. This applies in particular in the following cases:

  • if we are obliged to comply with the law, legal process or regulations, for example in the context of criminal prosecution, a court order or other legal processes, if the Medical University of Graz is affected;
  • if we believe that the disclosure of Personal Data is necessary and appropriate to prevent physical damage or financial loss or to support the investigation of a possible or actual illegal activity;
  • to investigate violations of the terms or other legal provisions applicable to our Services or to enforce these legal instruments;
  • to protect our assets, services and legal rights;
  • to our banking partners;
  • to credit reporting and collection agencies, and
  • to support our audit, compliance and corporate management functions.

In addition, we may share aggregated statistical information with third parties to understand how, when and why Users access our Sites and use our Services. Users cannot be personally identified with this data. The data does not contain any information on the use of the Sites or Services by identifiable individuals. We do not share Personal Data with third parties for their marketing activities without the consent of the respective persons.

How are Cookies and Tracking Technologies Used?

When you visit our Sites or use our Services, we may use cookies and other tracking technologies (from now on collectively referred to as "Cookies") to identify you as a User. Some aspects and functions of our Sites and Services are only available using Cookies. If you deactivate or reject Cookies, the use of the Sites and services may be restricted or may no longer be possible.

Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third parties. We do not respond to DNT signals.

What Privacy Choices Are Available To You?

You have certain choices when it comes to the privacy practices and communications described in this Privacy Policy. Many of your choices may be explained at the time when using the Site or registering for or using a Service. You may be provided with instructions as you navigate through the Site or Service.

  • Choices relating to registration and account information: If you have an Account, you generally may review and edit Personal Data by logging in and updating the information directly or by contacting us. If you do not have an account or if you have questions about account information or other Personal Data, please contact us.
  • Choices relating to the collection of Personal Data: You may refuse to provide Personal Data when it is requested by the Services. In this case, however, certain or all Services may be unavailable to you.
  • Choices relating to communication: We will send messages to you that are required or necessary for all customers of our Services, notifications that contain important information, and other messages that you request from us. You may not opt out of receiving some of these communications.
  • Choices relating to Cookies: You have several options to manage your Cookie settings. Depending on the browser or Internet device, you can delete, deactivate or block certain Cookies or tracking technologies. You can use these options; however, this may prevent you from using basic functions of our Sites or Services. Further information can be found at www.aboutcookies.org.

What Are Your Rights?

Subject to limitations set out in the European GDPR, you have certain rights in respect of your Personal Data. In particular, you have a right of access, rectification, restriction, opposition, erasure, and data portability. Please contact us if you wish to exercise these rights; credible proof of your identity must be provided.

If you have an account with one of our Services, you can usually check and edit personal information in that account by logging in and directly updating the information.

How Do We Protect Personal Data?

We maintain organizational, physical, technical and administrative security measures designed to provide reasonable protection for Personal Data against loss, misuse, unauthorized access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access restrictions to our data centers, and authorization controls for access to data. While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of your password(s) and account registration information and verifying that the Personal Data we maintain about you is accurate and current.

Contact Regarding Data Protection Issues

You may contact us at any time if you have questions or concerns regarding this Privacy Policy, additional notices or the handling of Personal Data. Our Data Protection Officer can be reached at datenschutz@medunigraz.at.

If you are not satisfied with the way in which we address your concerns, you have the right to lodge a complaint with the supervisory authority for data protection in your country.

Changes to this Privacy Policy

We may revise this Privacy Policy from time to time to reflect changes to the Sites and Services or to the legal framework. The revised version is effective from the date of publication.

If the revised version includes a substantial change, we will provide you with 14 days prior notice by posting notice of the change on our Sites. We also may notify Users of the change using email or other means.

This version of the Privacy Policy was last modified on 2018-04-12.


  • Device Information means data that can be automatically collected from any device used to access the Site or Services. Such information may include, but is not limited to, the device type; the device's network connections; the device's name; the device's IP address; information about the web browser and internet connection used to access the Site or Services.
  • Personal Data means information that can be associated with an identified or directly or indirectly identifiable natural person. Personal Data can include, but is not limited to, name, postal address (including billing and shipping addresses), telephone number, email address, payment card number, other financial account information, account number, date of birth, and government-issued credentials (e.g., driver's license number, national ID, passport number).
  • Services means any products, services, content, features, technologies, or functions, and all related websites, applications and services offered to you by the Institute for Medical Informatics, Statistics and Documentation of the Medical University of Graz with an account.
  • Sites means the websites, mobile apps, official social media platforms, or other online properties through which the Institute for Medical Informatics, Statistics and Documentation of the Medical University of Graz offers the Services and which has posted or linked to this Privacy Policy.
  • Technical Usage Data means information collected from the User's phone, computer or other device that is used to access the Sites or Service. Technical Usage Data tells us how Users use our Sites and Services, such as what they have searched for and viewed on the websites and the way they use the Services, including the IP address, statistics regarding how pages are loaded or viewed, the websites visited before coming to the websites and other usage and browsing information collected through cookies.
  • User means an individual who uses the Services or accesses the Sites and has established a relationship with us (for example, by opening an account and agreeing to the Terms & Conditions) or otherwise uses the Services.