Privacy Policy Sharing Stories, Sharing Life

 

This website (https://www.story-tree.eu/ ) / web app (https://app.story-tree.eu/login) is operated within the framework of the research project until 01.09.2021 by Netural GmbH, hereinafter "we", based in Linz. In this data protection declaration, we inform you as the responsible party according to Art. 4 Z 7 EU-DSGVO which data we collect when you visit our website and for which purposes we process it. For all relevant contact details, please refer to points 6. and 7. of this data protection declaration.

Sharing Stories, Sharing Life is a research project in the period 01.09.2018 - 31.08.2021. The consortium consists of the following international partner organisations: Ouderenfonds, LIFEtool, Cambridge Country Council, RBS Centre and Netural. Data will only be collected in the context of the project. If users wish their data to remain stored after the end of the project, this requires a separate arrangement.

 

Sharing Stories, Sharing Life aims to train volunteers and organisations in the use of storytelling interventions with the aim of reducing loneliness and isolation in older people. The storytelling training aims to help volunteers become good listeners and use storytelling interventions to socially engage older people. Training materials and questionnaires give organisations the documents for workshops to train volunteers and evaluate storytelling interventions. The Stor-E Tree, a special tool available as a printable manual or as a digital web app, gives Story Tellers and Story Listeners an attractive tool for recording stories.

 

As an organisation, Story Teller or Story Listener, they get all the general information and training materials on the website https://www.story-tree.eu/. To use the web app allows the user to tell stories and share them with an audience. Registration is required in advance to use it.

 

Organisation:

As an organisation you will be officially added by Netural to use the app and then have the possibility to manage Story Listeners.

 

Story Teller:

The data will be used for your profile creation. In your profile you can collect your personal stories and share them with your Story Listeners.

 

Story Listener:

As a Story Listener you work for an organisation. The data is used for your profile creation. In your profile, you will see an overview of the Story Tellers who are assigned to you and you can access their personal stories

 

As the protection of your personal data is of particular concern to us, we naturally adhere to the legal requirements of the Data Protection Act (DSG) and the EU General Data Protection Regulation (DSGVO) when collecting and processing your personal data.

In the following, we inform you in detail about the scope and purpose of our data processing as well as your rights as a data subject. Therefore, please read our data protection declaration carefully before you continue to use our website and, if applicable, agree to data processing.

 

1. Use of cookies

 

a. In general, certain information is automatically transmitted and stored when you visit a website. This also applies to our website: If you do not register on our website or otherwise transmit information to us, we only store the personal data that your browser transmits to our server (server logs). This is the following data, which is technically necessary to display the website to you and to ensure its stability and security in accordance with Art. 6 para. 1 p. 1 lit. f EU-DSGVO:

o IP address

o Date and time of the request

o Time zone difference to Greenwich Mean Time (GMT)

o Content of the request

o Access status / http status code

o Amount of data transferred in each case

o Website from which the request came

o Browser used

o Operating system and its interface

o Language and version of the browser software

 

b. In addition to the aforementioned data, cookies are placed on your computer when you use our website; cookies are stored in your browser as small text files and transmit certain information to us that serves to make the internet offer more user-friendly and effective for you. According to the current state of technology, cookies can neither execute programs nor transfer viruses to your computer.

 

c. Our website uses the following types of cookies, the scope and function of which are explained below:

 

Transient cookies

Transient cookies are automatically deleted when you close your browser. This type of cookies includes, in particular, session cookies, which store a so-called session ID and with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognised when you return to our website. These session cookies are deleted when you log out or close the browser.

 

Persistent cookies

Persistent cookies are automatically deleted after a specified period of time, which may vary from cookie to cookie. However, you can delete the cookies yourself at any time in your browser settings.

 

d. You have the option of changing your browser settings so that, for example, third-party cookies or all cookies are automatically rejected. If the latter is the case, we would like to point out that it may no longer be possible to use all the functions of our website.

 

2 Collection and processing of personal data

 

When using our web app and website, personal data is stored as part of the research project - depending on the service you use. Personal data is any information relating to an identified or identifiable natural person (Art 4 Z1 DSGVO). This includes, for example, your name or address. In the following, you will find out which personal data is processed when you use the individual services.

Apart from the cookies described in point 1, we only collect and store the data that you actively and voluntarily provide to us - in particular by filling in our input masks. You confirm that you have provided all information correctly and completely.

We use the personal data you provide exclusively to achieve the research purpose and/or if the processing is permitted by law (esp. pursuant to Art. 6 DSGVO). Your personal data will only be passed on to third parties in the cases mentioned in this privacy policy.

 

Sharing Stories uses three different roles within the web app, which are associated with two different scenarios. Within the website and web app, the following personal data is stored, as follows, if provided:

 

Role: Organisation

A name and an e-mail address must be entered as the organisation. The name is displayed to all invited Story Listeners. The e-mail address is only visible to the organisation itself.

 

Role: Story Listener

The Story Listener must enter a name, an e-mail address and can enter a year of birth and a personal profile picture. The data is only displayed in the Story Listener's own profile or to a linked user.

 

Role: Story Teller

The Story Teller must enter a name, an e-mail address and can set a year of birth as well as a personal profile picture. The data is only displayed in their own profile or a linked user.

 

Within the use of the web app Sharing Stories, Sharing Life different data processing occurs:

 

Registration:

In the course of registration, the user must set a name, an e-mail address and a password. The e-mail address serves as a unique user name for the login. This address must be verified before using the web app. The name is saved to the user's own profile and, without being linked to another user, is only displayed to the user's own user.

 

Tell stories:

The personally created stories (story, pictures, audio or video if applicable) are only visible to the user himself. After a confirmed link with another user, the linked user can also access and edit the stories.

 

User link 1 - Organisation invites Story Listener:

An organisation invites a user to become a Story Listener. The organisation must already know the user's email address. If the invited user is already registered, the organisation can see the name and email address. If the invited user is not yet registered, only the already known e-mail address is shown to the organisation.

 

User link 2 – Story Teller invites Story Listener:

A Story Teller wants to invite a Story Listener to view their stories. Both users see each other's names. An email is sent to the respective Story Listener. In the web app, the Story Listener can accept or reject the request. Only after confirmation can further data of the Story Teller such as year of birth, profile picture and e-mail address be viewed. Likewise, only after confirmation can the Story Listener view and edit the Story Teller's stories.

 

User link 3 – Story Listener invites Story Teller:

A Story Listener wants to be able to view a Story Teller's stories and sends a request to the Story Teller. Both users see each other's name. An email is sent to the respective Story Teller. In the web app, the Story Teller can accept or reject the request.  Only after confirmation can further data of the Story Teller such as year of birth, profile picture and email address be viewed. Likewise, the Story Listener can only view and edit the Story Teller's stories after confirmation by the Story Teller.

 

The legal basis for the processing is your consent (Art. 6 para. 1 lit. a DSGVO and Art. 9 para. 2 lit. a DSGVO).

 

3. Tools and applications used

 

a.  External links

On our website we also set links to other websites, in particular to the websites of our partners. These websites are not under our control and therefore do not fall under the provisions of this privacy policy. If you activate a link, it is possible that the operator of this website will collect data about you and process it in accordance with its data protection declaration, which may differ from ours.

 

b. Firebase hosting and back-end infrastructure

The purpose of these types of services is to host data and files so that this application can be managed and used. Furthermore, these services may provide a pre-built infrastructure that handles specific functions or entire components for this application. Some of these services operate with geographically dispersed servers, making it difficult to determine where personal data is stored.

 

Google Cloud Storage (Google Inc.)

Google Cloud Storage is a web hosting service provided by Google Inc.

Personal data collected: different types of data as described in the privacy policy of the service.

Processing location: USA - Google Privacy Policy

 

Cloud Functions for Firebase (Google Inc.).

Firebase Cloud Functions is a web hosting and backend service provided by Google Inc.

Personal data collected: Usage data and various types of data as described in the privacy policy of the service.

Processing location: USA - Google Privacy Policy / Firebase Privacy Policy.

 

Cloud Storage for Firebase (Google Inc.).

Firebase Cloud Storage is a web hosting service provided by Google Inc.

Personal data collected: Usage data and various types of data as described in the privacy policy of the service.

Processing location: USA - Privacy Policy Google / Privacy Policy Firebase

 

Cloud Firestore / Database (Google Inc.)

Firebase Firestore is a web hosting and backend service provided by Google Inc.

Personal data collected: Usage data and various types of data as described in the privacy policy of the service.

Processing location: USA - Google privacy policy / Firebase privacy policy.

Legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the optimisation and economic operation of our website.

 

c. Firebase Authentication (Google Inc.)

Firebase Authentication is a login and authentication service provided by Google Inc. To simplify the login and authentication process, Firebase Authentication may use third-party identity services and store the information on its platform.

Processing location: USA - Google Privacy Policy / Firebase Privacy Policy.

The legal basis for this data processing is your consent. (Art. 6 para. 1 lit. a DSGVO).

 

d. SendGrid/ Twilio

This website uses the services of SendGrid/Twilio for sending e-mails via website forms. The provider is Twilio Ireland Limited, 25-28 North Wall Quay, Dublin 1, Ireland.

SendGrid is a service that allows emails to be sent and analysed. Data that you enter in a website form (e.g. e-mail address) is transmitted to SendGrid's servers and stored.

The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time by contacting us. The legality of the data processing operations already carried out remains unaffected by the revocation. For more details, please refer to the data protection provisions of SendGrid.

 

e. Google Fonts

We use Google Fonts on our website to display external fonts. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google".

 

To enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is accessed.

The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the optimisation and economic operation of our website.

The connection to Google established when you call up our website enables Google to determine which website sent your request and to which IP address the display of the font is to be transmitted.

Google offers further information at https://adssettings.google.com/authenticated and https://policies.google.com/privacy, in particular on the possibilities of preventing the use of data.

 

4. Data transmission

 

As a matter of principle, your data will not be transferred to third parties unless we are obliged to do so by law or on the basis of an official decision, the transfer of data is necessary for the performance of a contractual relationship concluded between us or you have previously given your express consent to the transfer of your data. External order processors or other cooperation partners only receive your data if this is necessary for the execution of the contract or if we have a legitimate interest in doing so. We use numerous technical and organisational security measures to protect your data against manipulation, loss, destruction and against access by third parties. Our security measures are continuously improved in line with technological developments on the Internet. If one of our order processors comes into contact with your personal data, we ensure that they comply with the relevant data protection regulations in the same way as we do.

Your personal data will not be disclosed, sold or otherwise marketed by us to third parties other than as defined in the data processing procedures within this statement.

If our contractual partners or processors are based in a third country, i.e. a country outside the European Economic Area (EEA), data will only be transferred if an adequacy decision has been issued by the European Commission (Article 45(3) of the GDPR) or if the contractual partner/processor undertakes to comply with measures that ensure a level of protection that is essentially equivalent to that in the EU or if you have given us your consent to the transfer of data.

You can find out which services we use and for what purpose in point 3 "Tools and applications used".

 

5 Security

 

We use numerous technical and organisational security measures to protect your data against manipulation, loss, destruction and against access by third parties. Our security measures are continuously improved in line with technological developments on the Internet.

 

6. Your rights

 

In accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA), you have the following rights as a person affected by our data processing, which you can assert via office@netural.com:

 

Right to information (Art. 15 EU-DSGVO).

As a data subject, you have the right to request information about whether and, if so, which personal data about you are being processed. For your own protection - so that no one else receives information about your data - it may be necessary for us to verify your identity in an appropriate form.

 

Right to rectification (Art. 16) and deletion (Art. 17 EU-DSGVO)

You have the right to request without undue delay the rectification of inaccurate personal data concerning you or - taking into account the purposes of the data processing - the completion of incomplete personal data, as well as the erasure of your data, provided that the criteria of Art. 17 EU-DSGVO are met.

 

Right to restriction of processing (Art. 18 EU-DSGVO)

Subject to the legal requirements, you have the right to restrict the processing of all personal data collected. As of the restriction request, this data will only be processed with individual consent or for the assertion and enforcement of legal claims.

 

Right to data portability (Art. 20 EU-DSGVO)

You may request the unhindered and unrestricted transfer of collected personal data to a third party.

 

Right of objection (Art. 21 EU-DSGVO)

You may object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is necessary for the purposes of protecting our legitimate interests or those of a third party. Your data will no longer be processed after objection, unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims. You may object to data processing for the purpose of direct marketing at any time with effect for the future.

 

Withdrawal of consent

If you have given your consent to the processing of your data, you may revoke it at any time. Such a revocation will affect the permissibility of processing your personal data after we have received it.

 

If you take a measure to enforce your rights under the GDPR as listed above, the website operator must respond to the requested measure or comply with the request without undue delay, but no later than one month after receiving your request.

We will respond to all reasonable requests within the legal framework as promptly as possible.

The data protection authority is responsible for requests concerning infringement of the right to information, infringement of the rights to confidentiality, to rectification or to deletion. You can reach them at:

 

Austrian Data Protection Authority

Barichgasse 40-42

1030 Vienna

Telephone: +43 1 52 152-0

E-mail: dsb@dsb.gv.at

 

7. Contact information

 

Netural GmbH

Phone: +43-732-790903-0

Fax: -

E-mail: office@netural.com

Management: Dr. Stephan Lechner

 

8. Up-to-dateness

 

We always keep this privacy policy up to date. Therefore, we reserve the right to change it from time to time. The current version of the data protection declaration is always available at https://www.story-tree.eu/de/data-protection.

Status: 29.03.2021