VASP Software GmbH (hereinafter referred to as "VASP" or "we"), who is responsible for the processing of data explained in this Privacy Policy, takes the protection of your personal data very seriously. We treat your personal data in accordance with the statutory data protection regulations, in particular the European General Data Protection Regulation (GDPR) and the Austrian Data Protection Act, and this privacy policy. Personal information is any data with which you could be personally identified.

This privacy policy explains what personal data we process, when you visit our website, contact us or use additional functions offered on our website as well as what personal data we process when we grant and administer licences.

Content

  1. Data processing when visiting our website

    1.1. Server log files

    1.2. Cookies

    1.3. Google Tools

    1.3.1. Google Web Fonts

    1.3.2. Google ReCaptcha

  2. Data processing when contacting us

  3. Data processing when using the additional functions offered on our website

    3.1. VASP Community Portal

    3.2. VASP Support Forum

  4. Data processing when granting and administering licences

  5. Recipients of collected data

  6. Data Security and Liability for External Links

  7. Data Subject Rights

  8. Contact

1. Data processing when visiting our website

1.1. Server log files

In line with common practice, VASP collects those data that are transmitted automatically during visits of its publicly accessible website. These data are recorded in "server log files". This applies to the following types of data:

  • The IP address from which the website is accessed
  • Browser type and browser version
  • Operating system used Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • Access protocol (e.g. HTTP/1.1)
  • HTTP response code
  • File size

These data will not be combined with data from other sources. Log files are saved for a period of 6 weeks.

VASP uses this information to generate anonymized usage statistics, to ensure correct operation, and to monitor website performance. VASP's legitimate interests are the legal basis for processing this data.

1.2. Cookies

The VASP website uses cookies. Cookies do not harm your device and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your device and saved by your browser.

Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site. Cookies are also used for analytical purposes (more information in paragraph 5.3.), to optimize VASP's systems and improve the quality of its web pages.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

When browsing on the VASP website, without disabling cookies, you agree to the usage of cookies. The processing is based on the legal provision of Section 96 para 3 Austrian Telecommunications Act (TKG 2003). Furthermore the data is processed based on VASP's legitimate interests (Art 6 para 1 lit f GDPR).

1.3. Google Tools

This website uses tools provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and/or its parent company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The integration of these tools requires that Google processes the IP address of the user, since Google could not send the content to the user's browser without the IP address. Processing the IP address is therefore required for the integration of these tools.

The data is processed based on VASP's legitimate interests (Art 6 para 1 lit f GDPR), as explained in more detail below.

Google is certified under the EU-US Privacy Shield (https://www.privacyshield.gov). For the transfer of data to Google servers in the USA, an adequate level of data protection is therefore guaranteed.

You can find further information about the processing of data by Google in Google's Privacy Statement: https://policies.google.com/privacy .

1.3.1. Google Web Fonts

For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 para 1 lit f GDPR.

If your browser does not support web fonts, a standard font is used by your computer.

1.3.2. Google ReCaptcha

This page uses the function "ReCaptcha" for the recognition of bots, e.g. when entering data in online forms. The behavioural data of the users (e.g. mouse movements or queries) are evaluated in order to differentiate between people and bots. The use of Google Recaptcha is done in the interest of a safe use of our online forms. This constitutes a justified interest pursuant to Art. 6 para 1 lit f GDPR.

2. Data processing when contacting us

If a person contacts VASP via e-mail the disclosed personal data of this person will be stored and processed for the purpose of answering his/her query(ies) and of contacting the person concerned. Legal basis for the data processing is the legitimate interest of VASP in accordance with Art 6 para 1 lit f GDPR.

3. Data processing when using the additional functions offered on our website

Via the VASP website the VASP Support Forum and the VASP Community Portal can be accessed. The VASP Support Forum and the VASP Community Portals constitute additional voluntary services provided by VASP for users of the VASP software.

In order to leave comments on the VASP Support Forum and in order to access the VASP Community Portal a user account is required. For the purpose of verifying the authorization to leave comments on the VASP Support Forum and to access the VASP Community Portal the following "registration data" are processed: Login-Data, which is made up of the Username (self-chosen alias =unique user ID) and of the self-chosen Password, the full name, affiliation, affiliation-address and email address as well as the user's assignment to the respective licence holder of the VASP Software.

The data is processed based on VASP's legitimate interests (Art 6 para 1 lit f GDPR). The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.

We will use the email address specified during registration to inform you about important changes concerning the VASP Community Portal and/or the VASP Support Forum.

We will continue to store the data collected during registration for as long as you remain registered for the additional voluntary services accessible on our website. Statutory retention periods remain unaffected. Users remain registered for the additional voluntary services even after the termination of the license of the respective licence holder of the VASP Software and in case the user is being unsubscribed from the list of authorized VASP software users by the respective licence holder (see 4.). The users, which are no longer assigned to a licence holder, are able to delete their "registration data" any time by clicking the delete button, except for their self-chosen alias (=unique user ID).

3.1. VASP Community Portal

License holders and its registered users may enter the Community Portal to access the download area and/or to access precompiled VASP executables on high performance computer centres.

3.2. VASP Support Forum

When browsing the VASP Support Forum cookies are downloaded on to your device's web browser temporary files. The cookies contain a user identifier (hereinafter "user-id") and a session identifier (hereinafter "session-id"), automatically assigned to you. Cookies are also created once you browse topics within the forum. In combination with a data base stored on our servers, these cookies are used to determine which topics have been read, thereby improving your user experience.

Leaving comments on the VASP Support Forum is restricted to registered users only. If you leave a comment, the time at which you created the comment and your email address will be stored along with your comment, as well as your username. Our comment function also stores the IP addresses of those users who post comments. Since we do not check comments on our site before they go live, we need this information to be able to pursue action for illegal or slanderous content.

The comments, the self-chosen alias (=unique user ID) and the associated data (e.g. log files) are stored and remain on the VASP Support Forum for an indefinite period until the content commented upon has been deleted by us in our sole discretion or the comments are required to be removed for legal reasons (slander, etc.). When the user's "registration data" is deleted by the user (see 3. above), the comments, the self-chosen alias (=unique user ID) and the associated data (e.g. log files) will not be deleted automatically and remain on the VASP Support Forum. The user may request deletion of his data subject to his statutory rights under the GDPR (see 7. below)

4. Data processing when granting and administering licences

We collect, process, and use personal data for the purpose of granting and administering licenses in the VASP software. This is done based on Art 6 para 1 lit b GDPR, which allows the processing of data to fulfil a contract or for measures preliminary to a contract, if the software license agreement is concluded with the data subject, or, if the contract is concluded with an academic institution, based on our legitimate interests pursuant to Art 6 para 1 lit f GDPR, in order to fulfil the software license agreement with the academic institution and enable the use of the VASP software for the licensed named users as data subjects.

If an institution registers for VASP via the license application form on the VASP website, the disclosed personal data will be saved and processed for the purpose of assessing the granting of a license.

VASP will store the names, addresses, and email addresses of the licensee, research group leader, primary contact person and of the named users, who are subscribed to the licensee's list of users authorized to use the VASP software, electronically in a database. The primary contact person can delete and add new users, as long as the licensed number of users is not exceeded. In order to verify the authorization to use the VASP software, the data of the licensee and the names and email addresses, as well as the affiliation and affiliation addresses of the named users need to be processed.

VASP also uses the database to communicate updates, bug fixes, and VASP related events to the research group leader and primary contact-person. Upon request, the name of the signatories and primary contact-person will be removed from the database. In this case it will no longer be possible to access the download account of VASP (see also 3.1. VASP Community Portal) and the Licensee will not receive access to any further updates and new releases of VASP.6.X. The Licensee can continue to use already downloaded copies of the software as long as the contract is not infringed.

Licence holder's data (master data) will be stored during the term of the license and shall be deleted 7 years after termination of the licence rights. Any longer legal retention periods shall remain unaffected. Personal data which is necessary for the establishment, exercise or defence of legal claims will be stored for a period of 30 years and will then be deleted.

When the licence holder, to whom the respective user had been assigned to, unsubscribes a user from their list of authorized VASP software users, the user's data will not be deleted automatically and will be further kept in order to enable an assignment to another licence holder at a later point if required. If a former authorized VASP software user does not wish for his/her data being stored after having being unsubscribed from the list of authorized VASP software users, he/she is able to delete his/her VASP dataset by clicking the delete button or may contact VASP and request deletion.

5. Recipients of collected data

VASP does not transmit collected personal data to third parties, unless otherwise specified in statutory provisions or in this Data Privacy Policy.

In case an authorized user of the VASP Software wants to use precompiled VASP executables on high performance computer centres, VASP will transfer certain user data to these centres upon their request in order to verify the user's authorization to use the VASP Software at these centres.

For the setup and maintenance of the VASP website, the VASP Community Portal and the VASP Support Forum we use external data processors (IT service providers; e.g. init.at Informationstechnologie GmbH). In all cases, we demand that our processors implement appropriate data security measures.

VASP takes appropriate technical and organizational measures to protect the data subjects' personal data against accidental or unlawful destruction, loss, and unauthorized access.

The VASP website (including the VASP Community Portal and the VASP Support Forum) uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar. If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

The VASP website, the VASP Community Portal and the VASP Support Forum may contain links to external, i.e. third-party websites that are not under VASP's control. VASP has no influence over the contents and data protection standards of linked pages. VASP shall therefore not be held liable for any external links.

7. Data Subject Rights

Pursuant to the applicable data protection laws, in particular Articles 15 through 21 of the General Data Protection Regulation (GDPR), data subjects at all times have the following rights:

  • The right to obtain information about any of their personal data that are being processed
  • The right to rectification of inaccurate information and the completion of incomplete data
  • The right to erasure of personal data, which may however be limited in certain cases specified by law, especially due to statutory data retention periods VASP is subject to, the right of freedom of expression, archiving purposes in the public interest, or scientific research purposes
  • The right to restriction of processing
  • The right to receive the personal data they have provided in a structured, commonly used, and machine-readable format (right to data portability)
  • The right to object, on grounds relating to the data subject's particular situation, to the processing of personal data. This applies if the data are processed for the performance of a task carried out in the public interest, in the exercise of official authority, or based on a comparative assessment of interests. If a data subject lodges such an objection, VASP will no longer process his or her personal data, unless VASP demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or unless the data processing is required for the establishment, exercise, or defense of legal claims.
  • The right to object to the processing of personal data concerning the data subject for purposes of direct marketing. If a data subject lodges such an objection, VASP will no longer process his or her personal data for these purposes.

Requests to exercise any of these rights can be directed to the office indicated in the "Contact" section below.

Some of the services offered on the VASP website that require a login allow the user to delete their personal data themselves.

In addition, data subjects have the right to file a complaint with the supervisory authority if they feel that their rights may have been violated or that VASP may have violated its obligations under data protection law. In Austria, the appropriate supervisory authority is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, dsb@dsb.gv.at .

8. Contact

VASP Software GmbH (hereinafter referred to as "VASP")
Sensengasse 8/17
A-1090, Vienna, Austria
Tel: +43 1 4277 51402
Email: office@vasp.at