Information in accordance with Article 13 and 14 GDPR
In order to provide certain services to our business and cooperation partners, website users, job applicants as well as other interested parties (in the following collectively referred to as “data subject“, “you“), we process your personal data (in the following also referred to as “data“).
For the purpose of transparency and in accordance with Articles 13 and 14 of the General Data Protection Regulation (“GDPR“), we, therefore, want to inform you about the data processing as follows:
- General information
The controller of the data processing activities as described in this data protection information is
- Next Research GmbH (in the following referred to as “Next”, “we“, “us“), Neutorgasse 9, 1010 Vienna, Company Registry Number 330801y.
For any request and further information regarding the processing of your data, please contact us at email@example.com.
- How and why we process your data
- Business partner relationships
We process your data for the performance of our contractual duties according to our contractual relationship with you (Art 6 (1) lit b GDPR), for compliance with other legal obligations (Art 6 (1) lit c GDPR) and/or for the purpose of legitimate interests, except where such interests are overridden by your interests in the confidentiality of your data (Art 6 (1) lit f GDPR).
We transfer data to third parties as far as this is necessary in order to render our services to you. This includes in particular the following parties: Banks, tax accountants, lawyers and other accounting or consultant firms. Where legally obliged to, we also transfer your data to public authorities and or institutions.
We store the aforementioned data in any case for the duration of active business relationship and beyond that in accordance with the statutory retention and documentation obligations (e.g. in accordance with the Austrian Company Code and the Austrian Federal Tax Code).
- Events & Courses
Next organizes on a regular basis different kinds of (online) events & courses for business partners and other interested parties.
In the course of the event participation, the following data of the participants is processed: name, gender, ID, profession, contact information (email, telephone number), associated medical institution (name, postal address), medical fields practiced, previous congress participations, previous funding for congress attendance, city and country of residence.
The processing of above-mentioned data is necessary to administer the participations, the processing is therefore based on the fulfilment of our contractual obligations according to Art 6 (1) lit b GDPR.
Your data is stored for as long as you remain active with Next (business relationship or participation in events and congresses) and beyond that in accordance with the statutory retention and documentation obligations (e.g. in accordance with the Austrian Company Code and the Austrian Federal Tax Code).
- Contact forms
If you contact us via email or via other contact options offered (e.g. call-back form, project submission form, scientific planning meeting quote form, etc.), the data you provide will be processed in order to handle and respond to your inquiry, in particular: Name, email or phone number, any data provided in the text or conversation. This data will be stored for a maximum of 2 years or, if applicable, during an ongoing business relationship for 7 years from the last business transaction.
We process the data for the purpose of your contact with us in the context of (pre)contractual relationships in accordance with Art 6 para 1 lit b DSGVO.
In addition, your data may be passed on to legal representatives, notaries, courts and administrative authorities in case of need.
- Cookies & Log-files
You can refuse the storage of individual cookies via configuration in the cookie banner or you may withdraw your consent to storage at a later time via configuration of your browser. When cookies are stored on the basis of your voluntary consent, your data may be transferred to recipients in third countries outside the EEA, in particular to the US. The European Court of Justice, however, considers that the US does not offer an adequate level of data protection to data subjects; in particular, there is a potential risk that your data may be viewed by US authorities for control and monitoring purposes. With your consent, you agree that cookies from third-party providers in the US or from other insecure third countries may be used and you accept a possible lower level of data protection (Art 49 (1) lit a GDPR).
Cookies that are absolutely necessary for the structure or functioning of the website (technically necessary cookies) cannot be deactivated. If this involves data, the processing is based on our legitimate interest pursuant to Art 6 (1) lit f GDPR to ensure the functionality of the website.
- Job Applications
If you apply for a job with Next, the data you provide within the application process will be processed (in particular curriculum vitae, contact details). The processing of your data is based on the performance of pre-contractual measures, namely the application procedure aiming to conclude an employment contract according to Art 6 (1) lit b GDPR or your explicit consent if you would like Next to keep your application on file according to Art 6 (1) lit a GDPR.
Your data will be deleted after 7 seven month in accordance with the provisions of the Austrian Equal Treatment Act (Gleichbehandlungsgesetz, GlBG) unless Next will keep your data on file based on your explicit consent.
- Data Storage
Unless otherwise indicated above, your data is stored on the servers of our IT provider, CTI Meeting Technology, Nussdorferstrasse 20/22, 1090, Vienna, which we have contractually obliged to comply with applicable data protection laws according to Art 28 GDPR.
- Data Transfers
If the above-mentioned recipients of your data are located outside the EEA and it has not been established by a decision of the EU Commission that the country concerned has an adequate level of data protection, we will ensure that the transfer takes place on the basis of standard contractual clauses (as amended from time to time) or otherwise in accordance with Articles 46, 47 or 49 GDPR.
- Data Security
Next takes all necessary and appropriate technical and organizational measures to protect the rights and freedoms of data subjects as well as reviews these measures on a regular basis. Accordingly, our IT providers are contractually obliged to adhere to all standards of applicable data protection laws. Please note that e-mails are sent using commercially available software programs, some of which are not encrypted. If contents to be transmitted are particularly confidential or worthy of protection for data subjects, they should be transmitted to Next by post or end-to-end encrypted.
- Your rights
Information and Access
You are entitled to obtain information by Next as to which data are being processed and to get access to that data upon your request. We will provide you with one copy of the data undergoing processing free of charge, unless the disclosure may adversely affect the rights and freedoms of others.
Should you have consented to a specific use of your data by Next, you can withdraw that consent at any time, by contacting us under firstname.lastname@example.org.
Rectification and Erasure
You are entitled to request rectification of inaccurate data or completion of incomplete data concerning you without undue delay.
You are entitled to request erasure of data without undue delay, if
(i) Data are no longer necessary in relation to the purposes for which they were collected,
(ii) You object to the processing
(iii) Data have been unlawfully processed
(iv) Data have to be erased for compliance with a legal obligation applicable to Next
However, Next is not obliged to execute such erasure if processing is necessary
(i) for exercising the right of freedom of expression and information,
(ii) for compliance with a legal obligation to which Next is subject,
(iii) for the establishment, exercise or defence of legal claims.
Restriction of Processing
You are entitled to request the restriction of processing of data in the following circumstances and for the following periods of time:
(i) you contest the accuracy of the data concerning you; restriction of processing may be affected for a period enabling us to verify the accuracy of the relevant data,
(ii) the processing is unlawful and you oppose the erasure of the data and request the restriction of their use instead,
(iii) we do no longer need the data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims,
(iv) you have objected to processing, for the period until the verification whether our legitimate grounds override those of you.
You are entitled to data portability, namely to receive your data which you have provided to Next and which is processed
(i) based on the concluded contract
(ii) and by automated means
in a structured, commonly used and machine-readable format.
You are entitled to request that the data is transmitted directly to another controller by us, where technically feasible. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of data concerning you which is based on our legitimate interests according to Art 6 (1) lit f GDPR. If you object to processing of your data we shall cease to process this data unless our legitimate interests to processing your data prevail.
Right to file complaint
You have the right to file a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde, Barichgasse 40-42, 1030 Vienna, if you believe that your rights to data protection are being infringed.
Last updated August 3, 2021
What is a cookie?
A cookie is a small file that can be stored on your device that allows your browser to remember things about your use of a website. These cookies can be strictly technically necessary for the correct functioning of the website (e.g. by remembering log-ins or previously selected site preferences or feedback information to the host of the website) or just help us understand your browsing behaviour.
What types of cookies do we use?
Our website www.nextresearch.org uses technically strictly necessary cookies – These cookies are essential to provide you with the services of our website. If you set your browser to block all cookies, then the website’s functions and services will not work for you, we would not even be able to save your preferences about cookies.
List of cookies we use:
- wordpress_[hash] (purpose: recognising user)
- wordpress_logged_in_[hash] (purpose: recognising user)
- wordpress_test_cookie (purpose: saving cookie preferences)
- cirse_api_session (purpose: recognising user)
- cirse_api_destination (purpose: redirecting user after login)
- cirse_login_gtm_event (purpose: track user login in Google Analytics)
- cirse_login_matomo_event (purpose: track logged in user status in Matomo)
- cirse_logout_matomo_event (purpose: track user logout in Matomo)
- cirse_user_id (purpose: recognise returning user)
- catAccCookies (purpose: saving cookie preferences)
- woocommerce_cart_hash (purpose: contain information about shopping cart)
- woocommerce_items_in_cart (purpose: contain information about shopping cart)
- wp_woocommerce_session (purpose: identifying cart data in the database for each customer)
- _vs_id (video analytics: recognise returning user)
- metaDCR-user (recognise user after login)
- _pk_id (used to store a few details about the user such as the unique visitor ID)
- _pk_ref (used to store the attribution information, the referrer initially used to visit the website)
- _pk_ses, _pk_cvar, _pk_hsr (short lived cookies used to temporarily store data for the visit)
- ajs_anonymous_id (counts how many people visit this page by tracking previous visits)
- ajs_group_id (does not store anything)
- ajs_user_id (recognise returning user)
- _vs_id (video analytics: recognise returning user)
- _vs_ses (video analytics: short lived cookies used to temporarily store data for the visit)
List of cookies used by Matomo:
- pk_id – 13 months (used to store a few details about the user such as the unique visitor ID)
- pk_ref – 6 months (used to store the attribution information, the referrer initially used to visit the website)
- pk_ses, _pk_cvar, _pk_hsr – 30 minutes (short lived cookies used to temporarily store data for the visit)
- pk_testcookie is created and should be then directly deleted (used to check whether the visitor’s browser supports cookies)
- mtm_consent (or mtm_consent_removed) are created with an expiry date of 30 years to remember that consent was given (or removed) by the user
- mtm_cookie_consent is created with an expiry date of 30 years to remember that consent for storing and using cookies was given by the user
List of cookies used by Google Analytics:
- __utma cookie (purpose: collecting basic anonymised data about your use of cirse.org like log in duration or time of day visited)
- __utmb cookie (purpose: collecting basic anonymised data about your use of cirse.org like log in duration or time of day visited)
- __utmc cookie (purpose: collecting basic anonymised data about your use of cirse.org like log in duration or time of day visited)
- __utmv cookie (purpose: collecting basic anonymised data about your use of cirse.org like log in duration or time of day visited)
- __utmz cookie (purpose: collecting anonymised data on how you reached the website – via link, google search, keyword search etc.)
Regarding technically strictly necessary cookies, which are required for the functioning of the website, it is not possible to reject the use of these cookies on this website. However, you are able to modify the application of technically non-necessary cookies (e.g. Goolge Analytics) in our cookie banner or in your browser settings.
If you do not agree to the storage and use of your data, you can deactivate the storage and use here. In this case, an opt-out cookie will be stored in your browser, which prevents Matomo from storing usage data. If you delete your cookies, the Matomo opt-out cookie will be deleted as well. The opt-out must be reactivated when you visit our site again.
You have the option to reject to the use of the anonymised data on your use of the website we collect and process via Google Analytics and prevent any cookies this tool places on your hard drive. To deactivate Google Analytics on this site (or on others) you are required to install this browser extension/add-on:https://tools.google.com/dlpage/gaoptout?hl=en
Please note that Next is not responsible for the functioning or content of this extension/add-on.
Last updated July 12, 2021