Privacy policy of the Donation Association of the Diocese of St. Pölten

 

Name and contact details of the person responsible

Donation organisation of the diocese of St. Pölten
Domplatz 1, 3100 St. Pölten
Phone: +43 2742 324 202
E-mail: ordinariat@dsp.at

 

Contact details of the data protection officer of the Diocese of St. Pölten

Cathedral Square 1 
3100 St. Pölten 
E-mail: datenschutz@dsp.at

 

We process your personal data exclusively within the framework of the data protection regulations applicable in Austria (EU General Data Protection Regulation, Data Protection Act, etc.) and provide you with this information in accordance with Article 13 GDPR in order to ensure fair and transparent processing of your data:

 

Donation management and processing

Data processing in connection with the administration and processing of donations is carried out primarily for the purpose of contract fulfilment in accordance with Article 6 (b) GDPR. In addition, there are retention obligations under tax and company law in accordance with Article 6(1)(c) GDPR.
First and last name, country/region, e-mail address, donation amount and payment information (time of transaction, IBAN) are processed in connection with the processing of donations. 

 

This data is passed on to the processing bank for the purpose of payment processing and to the Federal Monuments Office for the purpose of tax deductibility and is otherwise only processed within the church. Within the Catholic Church in the Diocese of St. Pölten, only those departments or employees who need your personal data to process the booking will have access to it.

 

If payment is made by credit or debit card, the credit or debit card details (including expiry date and verification number) are also processed. For the purpose of efficient and secure payment processing, we use the payment service provider Stripe, 354 Oyster Point Blvd, South San Francisco, CA 94080, to process payments by credit or debit card. The transfer of this data to the USA is not excluded. With regard to the transfer to the USA, there is a corresponding data protection adequacy decision adopted by the European Commission on 10 July 2023, whereby the service provider Stripe Inc. is included in the corresponding Data Privacy Framework list: https://www.dataprivacyframework.gov/list Further information on the payment partner Stripe can be found here: https://stripe.com/privacy-center/legal 

 

Otherwise, i.e. when payment is not made by credit or debit card, data processing only takes place within the EU.

 

Finally, we process your data for internal statistical and analytical purposes to improve our services. This processing is based on our legitimate interest in improving internal organisational processes (Article 1(f) GDPR).

 

Duration of storage

We process your personal data until the fulfilment of the contract and beyond, insofar as there are legal obligations (usually of a tax law nature), generally for 7 years.

 

You have the right to information, correction, deletion or restriction of the processing of your personal data processed by us, a right to object to the processing and the right to data portability in accordance with the data protection regulations applicable in Austria.

 

The Catholic Church in the Diocese of St. Pölten does not use automated decision-making, including profiling, in accordance with Article 22(1) and (4) GDPR.

 

Finally, we would like to draw your attention to your right to lodge a complaint with the Austrian Data Protection Authority (Barichgasse 40-42, 1080 Vienna).

Impressum Datenschutzerklärung

Datenschutz

Wir, die Diözese St. Pölten (Firmensitz: Österreich), würden gerne mit externen Diensten personenbezogene Daten verarbeiten. Diese ist für die Nutzung der Website nicht notwendig, ermöglicht uns aber eine noch engere Interaktion mit Ihnen. Falls gewünscht, treffen Sie bitte eine Auswahl:

Google Analytics

Google LLC, USA

Purpose: Error analysis, statistical evaluation of our website

Processing operations: Collection of connection data, data from your web browser and data about the content content accessed; execution of analysis software and storage of data on your end device, anonymisation of the collected data; evaluation of the anonymous data in the form of statistics

Storage duration: data on your end device for up to two years.

Joint controller: Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA

Legal basis for data processing: Voluntary consent that can be revoked at any time

Consequences of non-consent: No direct effect on the function of the website; however limited possibilities for further development and error analysis

Legal basis for the transfer of data to the USA: The legal basis for the data transfer to the USA is your consent in accordance with Art. 49 para. 1 lit a in conjunction with Art. 6 para. 1 lit a GDPR. The USA does not have a level of data protection corresponding to the standards of the EU. In particular, US secret services can access your data without you being informed and without you being able to take legal can take legal action against it. For this reason, the ECJ has issued a judgement declaring the previous adequacy decision declared invalid.