Privacy Policy

Privacy Policy

We take the protection of your personal data very seriously. Therefore we process your personal data exclusively on the basis of the statutory provisions in accordance with the General Data Protection Regulation ("GDPR"), the Austrian Federal Act concerning the Protection of Personal Data (“DSG”) and the Austrian Federal Telecommunications Act (“TKG”).

If you want to change your privacy settings (grant consent or revoke your previously granted consent), click here to change your settings.


1. Scope

With the following data protection declaration of the St. Anna Kinderkrebsforschung GmbH (St. Anna Children's Cancer Research Institute) (hereinafter referred to as "We" or " St. Anna Kinderkrebsforschung"), we would like to inform you about data processing in the course of our business relationship with you and in connection with the usage of our websites or in any other context. Personal data means any information relating to an identified or identifiable natural person.


2. Who is responsible for data processing?

  • Responsible for data processing is:

    St. Anna Kinderkrebsforschung GmbH
    St. Anna Children's Cancer Research Institute
    Company register number: 540726 k
    Zimmermannplatz 10
    1090 Vienna
    Phone: +43 (0)1 40470

    You can reach us at any time at the above-mentioned contact details.

    For data protection concerns, you can reach us as follows:

    • Internal contacts of the St. Anna Kinderkrebsforschung: legal(at) and DI(FH) Ingomar Schmickl (Head of IT):
    • External data protection officer: RedHammer Consulting e.U. – owned by Ing. Arnold Redhammer:


3. Data processing by the St. Anna Kinderkrebsforschung

 3.1. Websites

 We process your personal data for the purposes of our legitimate interests (Art 6 para 1 lit f GDPR), in particular to ensure the operation, security and optimization of our website. The following websites belong to the St. Anna Kinderkrebsforschung:


In the context of the usage of our websites, we collect the following information: the date and time you access a page on our website, your IP address, the name and version of your web browser, the website (URL) you visited before accessing this website, certain cookies. User web server is located in Austria and your data will not be used to personally identify the visitor of this website.

Your personal data, which you submit voluntarily and explicitly while visiting our website, will also be collected in connection with the usage of services offered on the website, such as newsletters and our career portal. By doing so, you express your consent to the data processing. Your personal data will be processed by us in this context exclusively for the corresponding purpose and in compliance with the applicable legal provisions.


Operator: HubaX IT & Electronic Systems OG
Privacy Policy:

Server Log Files

Connection data are processed to monitor the technical function and to increase the reliability of our webhost. The duration of processing is limited to 365 days.

The legal basis of processing is the legitimate interest (absolute technical necessity of a server log file as fundamental data basis for failure analysis and for security measures in connection with the "website" service which you have explicitly requested by visiting the website) according to Art. 6 (1) (f) GDPR.

Contact Form

You can contact us by using a contact form provided on our website. After submission of the contact form, the controller will process the personal data you have provided for the purpose of handling your request on the basis of your consent which you have given by submitting the form according to Art. 6 (1) (a) GDPR, until revocation. You have no legal or contractual obligation to provide personal data. If you do not provide such data, you are simply not able to submit and we are not able to process your request.

Google Fonts

We process connection data and browser data in cooperation with our processor Google Fonts, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, in order to provide the fonts which the web browser needs to display the website. This data is processed only for the time needed to select and transfer the fonts.

The legal basis of processing is the legitimate interest (absolute technical necessity to provide and to deliver the “website” service which you have explicitly requested by visiting the website according to Article 6 (1) (f) GDPR.

Any further independent processing of data by Google Fonts is carried out by Google as sole controller. Detailed information is provided in the Data privacy policy and in the FAQ of Google Fonts.

Font Awesome

We process connection data and browser data in cooperation with our processor Fontawesome, Fonticons, Inc., 6 Porter Road, Apartment 3R, Cambridge, MA 02140, USA, in order to provide the fonts which the web browser needs to display the website. This data is processed only for the time needed to select and transfer the fonts.

The legal basis of processing is the legitimate interest (absolute technical necessity to provide and to deliver the “website” service which you have explicitly requested by visiting the website according to Article 6 (1) (f) GDPR.

Any further independent processing of data by Fontawesome is carried out by Fontawesome as sole controller. Detailed information is provided in the Data privacy policy of Fontawesome.

Google Analytics

If you give your consent, we will process your personal data in cooperation with the service Google Analytics, Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA, as joint controllers for the purpose of failure analysis and statistical analysis of our website. A failure to give consent will have no immediate impact on the function of the website, although a lack of statistic data will make it more difficult for us to sophisticate the website. You can revoke your consent by changing the settings at Privacy settings.

We will enable the service to collect connection data, data of your web browser and data of accessed content and to execute analysis software and to store data on your terminal device. The service anonymizes collected data immediately after such data were collected and provides us with statistics for analysis containing anonymous data. We use these statistics for failure analysis and for the sophistication of our website. Data on your terminal device are kept for up to two years. The legal basis of processing is your consent according to Article 6 (1) (a) GDPR. The Google group transfers your personal data to the USA.

The legal basis for data transfer to the USA is your consent in accordance with Art. 49 Para. 1 a in conjunction with Art. 6 Para. 1 a GDPR. Before you gave your consent, you were informed that the USA does not have a data protection level that complies with EU standards. In particular, US intelligence agencies can access your data without being informed about it and without you being able to take legal action against it. For this reason, the European Court of Justice ruled in a judgment that the previous adequacy decision (Privacy Shield) was invalid.


3.2. Applications

You can submit your application on our career portal. We look forward to receiving your application. In order to determine whether we can offer you a suitable position, we need certain information about you.

We only process the personal data which you enter yourself when submitting your application (Art. 6 para. 1 lit. a GDPR), such as: academic degree, name, contact details, CV, letter of motivation, letter of recommendation, salary requirements, certificates and other information and documents that you provide to us. For more information on the processing of your data in connection with applications, please visit our career portal. You can find our vacancies at the following link: .

For our digital candidate management, we rely on the Austrian company Prescreen International GmbH, Mariahilfer Straße 17, 1060 Vienna. For more details, please refer to Prescreen's privacy declaration:


3.3. Requests

If you contact us by email, the data you provide will be stored by us for the purpose of processing your request. We do not pass on this data without your consent. After processing the request, your data will be deleted, unless the data is still needed for the purpose of request.


3.4. Events / Fair

We will gladly invite you to our events, if you have registered for an event, workshop or lecture. In this case, we ground the invitation on your consent (Art. 6 para. 1 lit. a GDPR), which you can revoke at any time.

If you already have or have had a contractual relationship with us, we have a legitimate interest (Art. 6 (1) (f) GDPR) in inviting you to events as part of maintaining the contract. You can object to receiving any further invitations any time.

In the course of various events such as career fairs, events, etc., you are welcome to get to know our company better and to provide us with your name, e-mail address, telephone number or business card for the purpose of initiating or fulfilling a contract. We will subsequently contact you for the desired purpose.


3.5. Donations

Our online payment processing is operated by state of the art technology. The transmission of your account and payment information is encrypted. For your own security, we would like to advise you to use up-to-date security mechanisms such as antivirus software on your terminal device.

We use RaiseNow, a PCI-DSS certified online fundraising tool from the company RaiseNow AG, Hardturmstrasse 101, 8005 Zurich or RaiseNow GmbH, Schlesische Str. 12, 10997 Berlin. All data transfers in connection with payments are made via RaiseNow, subsequently your data, namely the amount, first and last name, e-mail, address, the purpose of your donation are submitted into our internal donor database.


3.6 Newsletter

Our newsletter (on voluntary basis) keeps you informed about the latest information of the St. Anna Kinderkrebsforschung. Therefore we need your email address, title, first name and last name and a declaration that you agree to receive the newsletter. As soon as you have registered for the newsletter, we will send you an email with a link to confirm your registration.

For the dispatch we use a newsletter dispatch partner, currently SENDINBLUE. You can learn more about the privacy declaration of our newsletter provider here.

If you no longer wish to receive newsletters automatically, you can unsubscribe at any time by sending an email to Furthermore, you can also unsubscribe at any time in each newsletter using the inserted link. We will then delete your data in connection with the newsletter dispatch. This revocation does not affect the legality of the processing carried out on the basis of the consent until the revocation.


3.7 Video surveillance

To protect our research facility and in particular to protect the information entrusted to us, we monitor our research institute by a video system. Therefore it is possible that images of you might be recorded during your visit to our research institute, if you enter the video monitoring area. The video-monitored areas are specially marked.

We have a (predominantly) legitimate interest (Art. 6 para. 1 lit. f GDPR) in the processing and usage of the image recordings in order to protect our property as well as data and research results; in addition, we are obligated to take special care in handling research material.

Image recordings are only accessed if there is a special reason or suspicion (e.g. a judicial crime occurs directly in the field of vision of one of our video systems).

The deletion of the image recordings takes place no later than 72 hours after recording. If the images are stored for longer than 72 hours, it will be documented separately and will be justified by us. In the event that the end of the period falls on a Saturday, Sunday, public holiday, Good Friday or December 24th, the deletion period shall be extended until the next working day.


4. Duration of storage

We will store your data only as long as necessary for the purposes for which we collected your data or for legal requirements.

For tax law reasons, we must generally store documents as well as related correspondence for a period of ten years.

Data that you have provided in the context of an request will be deleted by us after the request has been processed, unless this data is used for further purposes or in case of legal requirements (e.g. compensation for damages, warranty claims, etc.) that justify the continued storage of this data.

Data that you disclose to us in the course of initiating or executing a contract will be stored in any case for the duration of the contractual relationship and beyond that for the assertion of or defense against any claims arising from the contractual relationship (e.g. warranty claims, claims for damages and/or product liability claims) or if legal requirements impose on us the obligation to retain such data (e.g. accounting records).

You will remain on our newsletter distribution list until you unsubscribe.

Data of applicants, who are not hired, will be deleted seven months after completion of the application process, unless we ask them for consent to store the application. For hired applicants, our internal data protection information for employees applies.

Insofar as we process personal data on the basis of your consent, this personal data be deleted after your possible revocation of consent, unless other reasons (see above) require the further storage of the data.


5. Cookies

In order to adjust our content to your interests, our website uses cookies. If you do not agree, you can disable this feature in your browser settings. The information collected is also used to compile statistics. In this context, general, non-personal data may be collected and passed on to third parties for evaluation and quality assurance purposes. You can deactivate the "cookies" function in your browser, but we would like to point out that in this case some functions of our website may be restricted. For more detailed information on the cookies used, please refer to our Cookie Policy.


6. Data recipient

In order to fulfill your request or our obligations, it may be necessary to forward your data to third parties (e.g. insurance companies, IT services, service providers we use and to whom we provide data, etc.). Your data will only be forwarded on the basis of data protection regulations, especially to fulfill your request or on the basis of your prior consent.

It might be that recipients of your personal data are located outside your country or outside the EU/EEA, who process your personal data there. The level of data protection in other countries may not be the same as in Austria. We take care to ensure that the European level of data protection and European data security standards are maintained. Therefore, we only transfer your personal data to countries for which the EU Commission has decided that they have an adequate level of data protection or we take measures to ensure that all recipients have an adequate level of data protection, for which we conclude standard contractual clauses.


7. Liability

Our website may contain links to other third-party websites in order to refer to third-party content. If you leave our website via such a link, we cannot guarantee for the content, availability or advertisements of other websites, nor can we accept any liability for damages or losses incurred as a result of visiting these websites. We are only liable for our website in cases of gross negligence or intent on our part. This limitation of liability applies to all claims for damages. Should any disputes arise in relation to liability, the place of jurisdiction shall be Vienna - Austria.


8. Miscellaneous

The St. Anna Kinderkrebsforschung reserves the right to change or delete content on the website. The information contained on this website or in related documents does not constitute legal or investment advice but merely information.

Furthermore, copying and reproduction of texts, images, audio-visual or graphic elements for commercial, inappropriate or illegal activities is not allowed. The name St. Anna Kinderkrebsforschung "St. Anna Children's Cancer Research Institute" and the logo are protected by trademark/genuine rights. The use of the name and logo, regardless of language or form, requires the prior written consent St. Anna Kinderkrebsforschung.


9. Your rights

You have the following rights towards the St. Anna Kinderkrebsforschung as data controller under the GDPR:

Related to the data processing, you have the right to information according to Art. 15 GDPR, correction according to Art. 16 GDPR, deletion according to Art. 17 GDPR, restriction of processing according to Art. 18 GDPR, data portability according to Art. 20 GDPR, revocation and objection according to Art. 21 GDPR.

If you wish to exercise any of the stated rights, or if you believe that the processing of your data violates data protection law, you are welcome to contact us at

In addition to that, you are entitled to contact the Austrian data protection authority in accordance with Art. 77 GDPR in the event of complaints about data protection violations.

If you have given us your consent to process your personal data, you may revoke this consent at any time. Please send an email to the following address, or send us a letter to the following address: Zimmermannplatz 10, 1090 Vienna.

The revocation of consent does not affect the legality of the data processing carried out on the basis of the consent until the revocation.