IMPRINT & PRIVACY
Media owner, publisher
Responsible for the content according to the Austrian Mediengesetz (MedienG):
ZSI – Centre for Social Innovation Ltd.
ZSI – Zentrum für Soziale Innovation GmbH
Linke Wienzeile 246,
A-1150 Vienna, Austria
institut@zsi.at
+43 / 1 / 495 04 42 – 0
ZSI – Centre for Social Innovation is responsible for the planning, realisation, support and administration of the domain zsi.at. The website informs in a comprehensive way about the activities of ZSI. The information contained herein is subject to change without notice. It is in no way fit for any legal or policy advice. Contents of www.zsi.at have been established with high accuracy. However, ZSI makes no warranty of any kind with regard to this domain, including, but not limited to, the correctness, completeness and up-to-dateness of the contents, implied warranties of merchantability and fitness for a particular purpose. ZSI shall not be held liable for errors contained herein or direct, indirect, special, incidental or consequential damages in connection with the furnishing, performance, or use of this material. In particular, the ZSI is not responsible for contents of any other websites which we refer to by hyperlinks.
Contents published under www.zsi.at are copyright protected. We make every effort to respect the copyrights of others.
Technical maintenance: webmaster@zsi.at
Declaration on data processing
Last update:September 2025
The following information describes how the Centre for Social Innovation (Zentrum für Soziale Innovation GmbH – ZSI) processes your personal data.
Content
1 Responsible body
2 General information on data processing
3 Individual processing operations
3.1 Data collection on our website
3.1.1 Use of cookies
3.1.2 Social Media Plug-Ins
3.1.3 Subscription to our newsletter
3.2 Contacting the ZSI
3.2.1 By email
3.2.2 Job applications
3.2.3 Event registration
3.3 Research and consulting activities
3.3.1 Data storage, storage location, and data recipient
3.4 Conducting online meetings
3.5 Photos and video recordings at events
3.6 Miscellaneous
3.6.1 Your business card / contact details
3.6.2 Postal dispatch
4 Your rights
1 Responsible body
Responsible for the processing of your personal data is
ZSI – Centre for Social Innovation
Linke Wienzeile 246
1150 Vienna
T +43 1 495 04 42-41
Email: dpo@zsi.at
Website: http://www.zsi.at
For questions and information on data protection, please contact the data protection officer of ZSI at dpo@zsi.at.
2 General information on data processing
The Centre for Social Innovation GmbH (ZSI) is a social science institute that contributes to the development and application of knowledge on social innovation through research, education, coordination of networks and consulting. ZSI maintains various, partly automation-supported systems for the administration, storage and processing of personal data and uses them for different purposes (e.g. research activities, consulting or sending a newsletter).
ZSI collects and processes personal data exclusively in accordance with the legal provisions (GDPR, DSG, TKG 2003). In this data protection information, we inform you in accordance with Art. 13 and Art. 14 GDPR about the most important aspects regarding the collection and processing of personal data within the scope of our activities.
ZSI ensures that your personal data are processed in compliance with data protection regulations. The data is processed using electronic means as well as in paper form. In doing so, we comply with security standards to protect your privacy and from the risk of access to this data by unauthorised persons. We comply with the requirements of the Austrian Information Security Manual as amended. This means that we have taken extensive technical and organisational precautions to protect the data you have made available to us from loss, manipulation, destruction and unauthorised access.
Your personal data will be deleted or locked by ZSI as soon as the purpose of storage and processing no longer applies, provided that a legal obligation cannot be cited for longer storage, or legal claims still exist that can be asserted against us and require storage.
In the case of some data processing, ZSI is not the sole data controller within the meaning of the GDPR. This is stated directly below with the data applications concerned.
Applying these principles, the following processing of personal data exists in detail:
3 Individual processing operations
3.1 Data collection on our website
3.1.1 Use of cookies
Our website uses so-called cookies. These are small text files that are stored on your terminal device with the help of the browser. They do not cause any damage. We use cookies to make our website user-friendly. Some cookies may remain stored on your terminal device until you delete them. They enable us to recognise your browser the next time you visit our website.
If you do not wish this, you can set your browser so that it informs you about the setting of cookies and you only allow this in individual cases. If you deactivate cookies, the functionality of our website may be limited.
3.1.2 Social Media Plug-Ins
ZSI uses so-called social media plug-ins on the website, i.e. interfaces to social networks. When visiting the website, the system automatically establishes a connection with the respective social network due to the integration of the social media plug-ins and transmits data (IP address, visit to the website, etc.).
The data transfer occurs without the intervention and outside the responsibility of ZSI. We would like to point out that you can prevent this data transmission by using suitable browser extensions. For further information on this, including the content of the data collection by the social networks, please refer directly to the website of the relevant social network. As a rule, you can also adjust your privacy settings there.
The social networks integrated on the website are:
Facebook: Meta Platforms Ireland Limited (Facebook), ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland. Facebook’s applicable privacy policy can be found at https://www.facebook.com/privacy/policy/.
LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Plaza, Dublin 2, Ireland. LinkedIn’s applicable privacy policy can be found at https://www.linkedin.com/legal/privacy/eu.
3.1.3 Subscription to our newsletter
You have the possibility to subscribe to our newsletter via our website. For this we need your email address. As soon as you have registered for the newsletter, we will send you a confirmation email with a link to confirm your registration. By registering, you declare that you agree to receive the newsletter. You can cancel your subscription to the newsletter at any time by clicking on the unsubscribe link in the newsletter. For our newsletter, we use Mailchimp as a service. Mailchimp’s applicable privacy policy can be found here: https://mailchimp.com/de/about/privacy-rights/ .
3.2 Contacting the ZSI
3.2.1 By email
If you contact us via email, the data contained therein (first name, last name, email address, etc.) will be stored by us until the purpose for which you entrusted us with your data has been fulfilled. By contacting us you agree that we are entitled to store, process and use your data to the extent necessary to respond to your request.
3.2.2 Job applications
The data of interested applicants submitted to ZSI will be collected, stored and processed exclusively for the purpose of handling your application and consideration in the application process as well as for the decision on filling the position for which you have applied. If you separately consent to the retention of your application documents, the storage of your application data is necessary in order to be able to inform you about a suitable vacancy at a later date.
The following personal data are processed if they are transmitted to the ZSI for the purpose of processing your application:
· (academic) title
· first and last name
· date of birth
· citizenship
· postal address
· telephone number
· email address
· marital status
· resume
· photograph
· education data
· credentials and certificates
· letter of motivation
· information from Xing profile
· information from LinkedIn profile
· details on military service
· salary expectations
The provision of this data by you is voluntary and serves to assess your suitability for a position.
The legal basis for the joint processing of the application data is Art. 6 (1) (b) GDPR and therefore the processing for the fulfilment of a contract or the implementation of pre-contractual measures. By applying, you make a corresponding request to us to process your applicant data in the context of the application, which requires the described data processing.
Your data will not be passed on to third parties for their own purposes without your consent.
3.2.3 Event registration
In the context of events organised by ZSI, data of participants and interested parties may be collected for the purpose of planning and organising events, sending invitations and managing participation in events.
Depending on the requirements of the event, ZSI collects and processes various personal data, eg:
· salutation
· first and last name
· email address
· telephone number
· postal address
· billing address
· related organisation (company name/designation)
· participant’s functions in the organisation
· designation of profession, industry or business
· consent to receive promotions
· special needs
· permission to use event photos on website and social media pages to market the event and/or for reporting purposes
Please note that the personal data requested during registration may vary depending on the event.
As a legal basis for the collection and processing of personal data, consent is obtained within the scope of the registration form in accordance with Art. 6 (1) (a) GDPR. Likewise, the legitimate interests of the responsible party according to Art. 6 (1) (f) GDPR must be mentioned as a processing element. The legitimate interest here is the efficient and targeted handling of the event by ZSI and its cooperation partners or co-organisers.
The deletion of personal data is carried out in accordance with the legal requirements. In any case, the data will be kept until the end of the event, its follow-up or until consent is revoked.
Certain data will be passed on to cooperation partners of ZSI or co-organisers of the events for the purpose of organising and managing the respective events. Unfortunately, a complete list of co-organisers and cooperation partners is not possible here. Please refer to the specific description of the event and the event-organisers involved. In all other cases, your personal data will not be passed on to third parties without your consent.
3.3 Research and consulting activities
The legal basis for data collection and processing in the context of our research activities is your consent according to Art. 6 (1) (a) and Art 9 (2) (a) GDPR. All personal data is treated as strictly confidential. Data collection is carried out by appropriately trained employees in strict compliance with GDPR and the Austrian Data Protection Act. ZSI only collects personal data that is necessary for the processing of research and consulting activities (principle of data economy).
Within the framework of research activities, personal data is collected in various ways, e.g. through:
· studies
· interviews
· focus groups
· surveys (online and offline)
· other methods
Depending on the object of research, ZSI collects and processes various personal data that you actively provide (in person, by telephone, by mail, by email or web-based), such as:
· (academic) title
· first and last name
· postal address
· date of birth, age, or age group
· sex or gender
· nationality
· telephone number
· email address
· your contributions/responses (in the course of the interview, focus group, survey, etc.)
· text, audio and video data
· log files of questionnaire activities, e.g.:
– IP address of the user
– time of the request
– called object (HTTP method and object path)
– status code
– transferred data volume of the HTTP request in bytes
– referrer (previously visited URL)
– user-agent-string = identifier containing the browser type and operating system on the user’s side.
If required by the object of investigation, special categories of personal data are also collected in accordance with Art. 9 GDPR (e.g. political opinion, religious or ideological convictions, race or ethnic origin, health data, etc.). Here, too, the legal basis for data collection and processing is your consent according to Art. 9 (2) (a) GDPR.
Please note that depending on the object of investigation, the personal data requested in the survey may vary greatly.
The software used for surveys (eg Limesurvey) offers the possibility of conducting anonymous surveys as well as non-anonymous surveys. In both cases, this is explained in the text of the respective letter to the survey participants.
The data transfer between the user’s terminal device and the ZSI servers is encrypted (according to common standards). No third parties are involved in the data transmission. The online survey sets a cookie for the purpose of temporarily storing the questionnaire activities and to avoid repeated completion. To ensure the stability and security of the service, it is necessary to keep log files for a limited period of time.
3.3.1 Data storage, storage location, and data recipient
The collecting agency is ZSI. We store all data necessary for our research activities in our secure IT systems. Your personal data will be stored for the duration of the research activity and beyond, as far as they are needed for the validity of the study results, to prove compliance with good scientific practice and as a basis for further scientific research. Hence, your personal data will be deleted as soon as the purpose of the storage and processing ceases to apply, provided that there is no legal obligation for the longer storage. Your data will also be deleted as soon as you successfully object or revoke your consent to data processing.
In order to provide our contractual services, evaluated and processed datasets are passed on to our clients or project partners where appropriate. Aggregated and fully anonymised datasets may also be made available to the scientific community under a CC BY licence after completion of the contract or project. However, these do not contain any personal data and do not allow any conclusions to be drawn about your participation in our research. Any further transfer of data to third parties commissioned by us will not take place unless your express consent has been obtained. Your data may be passed on to the following recipients in particular:
· funding bodies
· co-organisers
· media owners for publication
· marketing service providers
· other data processors
ZSI endeavours to select storage locations for individual IT services that ensure data is stored within the EU. However, if storage within the EU is not possible and this service is still used or offered, ZSI will conclude appropriate standard contractual clauses (SCCs) and, if necessary, carry out a data protection impact assessment (DPIA) and/or a transfer impact assessment (TIA).
Since 2024, ZSI has been using Microsoft 365 as the primary storage location for collected data. Following a series of corrective measures, the use of Microsoft 365 has been classified as compliant with data protection regulations by the European Commission since July 2025. Microsoft stores the data entered by users in Microsoft 365 redundantly in four data centres within the European Union (located in Ireland, the Netherlands, Finland and Austria). This includes, among other things, content from Office applications stored in OneDrive or SharePoint online.
Microsoft encrypts both the transport of data and the data at rest. The comprehensive implementation of encryption mechanisms – as well as Microsoft’s data storage concept – prevents third parties from gaining access to the processed personal data, both during storage and during transmission. Existing residual risks relevant to data protection can be significantly reduced by two measures:
• Introduction of multi-factor authentication
• Introduction of logging of administrative activities (audit log).
The data protection officer conducts regular training for employees on data protection and data security.
The data protection requirements for Microsoft 365 have been configured by ZSI as follows:
• Two-factor authentication for all users where possible and feasible
• Audit log enabled
• End-to-end encryption activated in Teams for all users (currently only available for 1:1 calls and in the desktop app and mobile apps)
• Optional connected experiences are deactivated
• Transmission of diagnostic data is configured by policy to the minimum necessary data (‘neither’)
• Reports in the Teams Admin Centre and Microsoft 365 Admin Centre are displayed in pseudonymised form
• Microsoft 365 Adoption Score and Microsoft Viva Insights, formerly MyAnalytics, are disabled (features that enable performance and attendance monitoring)
• If recordings or transcriptions of video conferences are to be made in the Teams app, the consent of the participants must be obtained
3.4 Conducting online meetings
The purpose of processing is communication via a video conferencing and web conferencing platform (eg Zoom, GoToMeeting, Skype, Microsoft Teams, etc) for the purpose of conducting telephone conferences, online meetings, video conferences and/or webinars (hereinafter: “online meetings”). The scope of the data collected also depends on the data you share before or during participation in an online meeting.
The following personal data may be subject to processing:
Users:
· first and last name
· telephone number
· email address
· password (if single sign-on is not used)
· profile picture
· department
· text, audio and video data
You may have the opportunity to use the chat, question or survey functions in an online meeting. In this respect, the text entries you make are processed in order to display them in the online meeting and, if necessary, to record them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device as well as from any video camera of the terminal device are processed accordingly for the duration of the meeting.
Meeting metadata:
· topic
· description (optional)
· IP addresses and/or usernames of participants
· device/hardware information
If dialing in with a telephone:
· incoming and outgoing telephone number information
· country name
· start and end time
· if necessary, further connection data such as the IP address of the device can be stored
For recordings (optional):
· video file of all video, audio and presentation recordings
· audio file of all audio recordings
· text file of the online meeting chat
The legal basis for the data collection is the legitimate interest according to Art. 6 (1) (f) GDPR. The legitimate interest here is the effective conduct of online meetings and the associated communication on the part of the responsible party. If recordings are made as part of the meeting, the consent of the persons concerned will be obtained beforehand in accordance with Art. 6 (1) (a) GDPR. Your personal data will be deleted by us as soon as the purpose of the storage and processing no longer applies, provided that there is no legal obligation for the longer storage.
3.5 Photos and video recordings at events
Image data is processed for the purpose of reporting on events of ZSI. This includes the recording, storage and transmission of photos and video recordings in word and image reporting in connection with the activities of the responsible body, whereby the data can be published for this purpose in various media (analogue and digital).
If consent is obtained in advance (e.g. during registration), processing is based on consent pursuant to Art. 6 (1) (a) GDPR. In all other cases, the recordings are made on the basis of the legitimate interest pursuant to Art. 6 (1) (f) GDPR. The legitimate interest of the responsible party in the taking and dissemination of the photographs taken consists in the public relations work of the responsible party, the effective presentation of its activities and the fulfilment of the tasks assigned to it within the framework of various funding agreements. The ZSI handles photos of children and young people with particular sensitivity and obtains separate consent from their legal guardians.
If you do not agree to your person being photographed or videotaped, you can object at any time (e.g. to the person taking the pictures or to other staff members on site).
3.6 Miscellaneous
3.6.1 Your business card / contact details
If we receive a business card or contact details from you (at events, conferences, by email, etc), the data listed will be processed for the purpose of informing you about our research activities or invitations to events by means of addressed postal dispatch and/or by email until revocation or objection.
3.6.2 Postal dispatch
In the case of postal dispatch, your address data will be passed on to a dispatch service provider.
4 Your rights
ZSI preserves and protects your rights in accordance with the GDPR. In particular, you have the right
· to receive information from ZSI about your personal data, as well as all processing and usage purposes presented in this information, and to insist on the correction, deletion or restriction of the processing of your personal data, insofar as this does not conflict with any legal requirements.
· request the return of your data in a structured, common and machine-readable format.
To assert your rights, please contact us in writing, stating your name and email address, at
ZSI – Centre for Social Innovation
Linke Wienzeile 246
1150 Vienna
T +43 1 495 04 42-41
Email: data-protection@zsi.at
Website: http://www.zsi.at
If you believe that the processing of your personal data is in breach of the GDPR, you may lodge a complaint with a supervisory authority, in particular in the EU Member State of your residence, workplace or the place of the alleged infringement.
The supervisory authority responsible for us is:
Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Tel: +43 1 52 152-0
Email: dsb@dsb.gv.at
