Privacy policy

1. Data Controller

The entity responsible for the processing of personal data on this website within the meaning of the General Data Protection Regulation (GDPR) and applicable national data protection law is:

International Centre for Migration Policy Development (ICMPD)
Rothschildplatz 4
1020 Vienna, Austria
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

For all data protection enquiries, please contact the Data Protection Focal Point:

Data Protection Focal Point – ICMPD
Rothschildplatz 4
1020 Vienna, Austria
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

The competent supervisory authority is:

Austrian Data Protection Authority (Datenschutzbehörde)
Barichgasse 40–42, 1030 Vienna, Austria
https://www.dsb.gv.at
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

As the project is also implemented in Germany, the German Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragter für den Datenschutz und die Informationsfreiheit, BfDI) may additionally have supervisory jurisdiction. Users residing in Germany may also lodge a complaint with the competent German state supervisory authority (Landesbeauftragter für den Datenschutz).

Note on website development: This website was developed by a service provider based in Hungary (EU). The provider acts as a data processor within the meaning of Art. 4(8) GDPR and is bound by a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR.

2. Scope and Purpose of this Privacy Policy

This Privacy Policy explains how ICMPD collects, uses, stores, and shares personal data in connection with the CORE-UA project website (www.UkrainianCentres.org). It applies to all visitors and users of the website and to individuals who contact ICMPD through the website.

ICMPD processes personal data exclusively in accordance with applicable data protection law, in particular the GDPR, the Austrian Data Protection Act (Datenschutzgesetz, DSG), and where applicable, the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

3. Categories of Personal Data We Process

3.1 Website Visitors

When you visit this website, the following data is automatically processed by our web server and analytics tools:

  • IP address (anonymised before further processing)
  • Date and time of the visit
  • Pages viewed and navigation paths
  • Referring URL (previously visited page)
  • Browser type, version, and language
  • Operating system and device type
  • Approximate geographic location (country/region level only)

This data is processed to ensure the technical operation and security of the website. Where analytics are activated, it is also used in aggregated, anonymised form to understand usage patterns and improve content.

3.2 Contact Form Enquiries

If you contact us via the website contact form, we process the following data:

  • First name and last name
  • Email address
  • Subject and content of your enquiry
  • Any other information you voluntarily provide

This data is used solely to respond to your enquiry. It is not used for marketing purposes without your separate consent.

3.3 Project Partners, Beneficiaries, and Contractors

In the context of project implementation, ICMPD processes the following data relating to natural persons who are partners, beneficiaries, or contractors:

  • First name, last name
  • Postal address (street, postcode, city, country)
  • Email address and telephone number
  • Any further information provided in the course of the working relationship

3.4 Suppliers and Service Providers

For procurement and supplier management, ICMPD processes limited data, including:

  • Organisation name (as per registration)
  • Contact person (first name, last name)
  • Contact details (address, email, telephone)
  • Bank account details (for payment processing only)

3.5 Data from Publicly Accessible Sources

ICMPD may also process data that has been legitimately obtained from publicly accessible sources, such as official company registers, land registries, or published project documentation. In each case, the applicable legal basis under Art. 6 GDPR applies.

3.6 No Special Categories of Data

ICMPD does not intentionally collect special categories of personal data (as defined under Art. 9 GDPR), such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data, via this website. If you believe you have accidentally submitted such data, please contact us immediately at This email address is being protected from spambots. You need JavaScript enabled to view it..

4. Legal Bases for Processing

All personal data is processed on one of the following legal bases, as set out in Art. 6 GDPR:

Processing Purpose

Legal Basis (GDPR)

Details

Website functionality

Art. 6(1)(f) – Legitimate interests

Ensuring secure and stable operation of the website

Contact form enquiries

Art. 6(1)(b) – Pre-contractual / contractual measures; Art. 6(1)(f) – Legitimate interests

Responding to enquiries submitted by users

Analytics (Google Analytics 4)

Art. 6(1)(a) – Consent

Only where user has provided explicit consent via cookie banner

Project partner / contractor management

Art. 6(1)(b) – Contract performance; Art. 6(1)(c) – Legal obligation

Data necessary for project implementation, accounting, and compliance

Supplier / procurement records

Art. 6(1)(b) – Contract performance

Name, contact details, bank details for business relationships

Where processing is based on consent (Art. 6(1)(a) GDPR), you have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

5. Cookies and Tracking Technologies

5.1 What Are Cookies?

Cookies are small text files stored on your device by your browser when you visit a website. They allow the website to recognise your device on subsequent visits and store certain preferences or session data.

5.2 Your Consent and Choices

When you first visit this website, you will be presented with a cookie consent banner. Non-essential cookies (including analytics cookies) are only activated after you have given your explicit consent. You can modify or withdraw your cookie preferences at any time by accessing the cookie settings on this website.

You may also control cookies directly through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling certain cookies may affect the functionality of this website. Guidance on cookie management is available from your browser provider.

5.3 Cookies Used on This Website

The following cookies are currently used on this website:

Cookie Name

Provider

Retention

Purpose

cookieconsent_status

This website

1 year

Stores the user's cookie consent choice

_ga

Google Analytics

400 days

Identifies unique visitors (anonymised user ID)

_gid

Google Analytics

24 hours

Distinguishes users within a single session

_ga_XXXXXX

Google Analytics

400 days

Retains current session state information

We do not use advertising cookies, tracking pixels for remarketing, or any third-party social media plug-ins that set cookies without consent.

6. Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics 4 is activated only where you have given your explicit consent (Art. 6(1)(a) GDPR). If you do not consent, no analytics cookies are set and no data is transmitted to Google.

When active, Google Analytics 4 collects data about your usage of the website, including pages visited, session duration, referring URLs, device information, and approximate location. We have activated IP anonymisation, so IP addresses are shortened before any processing by Google.

We have configured Google Analytics 4 with the following privacy settings:

  • IP address anonymisation: enabled
  • Advertising features: disabled
  • Personalised advertising: disabled
  • Remarketing: disabled
  • Data retention period: 2 months (no reset on new activity)
  • Cross-device tracking (Google Signals): disabled
  • Data sharing with Google products and services: disabled

Data may be transferred to the United States on the basis of EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR. For more information, see Google's Privacy Policy and the Google Analytics Privacy Overview.

You can opt out of Google Analytics tracking at any time by adjusting your cookie preferences on this website, or by installing the Google Analytics opt-out browser add-on available at: https://tools.google.com/dlpage/gaoptout.

7. Google Tag Manager

This website uses Google Tag Manager, a tag management system provided by Google Ireland Limited. Google Tag Manager itself does not collect personal data and does not set cookies. It is used solely to manage and deploy other scripts and tags (such as the Google Analytics 4 tag) on the website.

However, Google Tag Manager facilitates the loading of third-party tools. These tools are only activated in accordance with your cookie consent preferences.

8. Disclosure and Transfer to Third Parties

8.1 General Principle

ICMPD does not sell personal data. Personal data is only disclosed to third parties where:

  • it is necessary to perform a contract to which you are a party (Art. 6(1)(b) GDPR),
  • we are required to do so by law or a binding decision of a public authority (Art. 6(1)(c) GDPR),
  • you have given your prior consent (Art. 6(1)(a) GDPR), or
  • it is necessary to protect our or a third party's legitimate interests (Art. 6(1)(f) GDPR), provided your interests do not override this.

8.2 Data Processors

ICMPD engages third-party service providers (data processors) to assist with specific functions, including IT infrastructure and website hosting. These processors are:

  • Contractually bound to process personal data only on ICMPD's instructions
  • Required to implement appropriate technical and organisational security measures
  • Bound by data processing agreements in accordance with Art. 28 GDPR

Key processors engaged in connection with this website include:

  • Website developer / hosting provider (Hungary-based, EU): for website development, maintenance, and hosting
  • Google Ireland Limited: for Google Analytics 4 and Google Tag Manager

8.3 International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA) – for example, to Google's servers in the United States – ICMPD ensures that appropriate safeguards are in place, in particular EU Standard Contractual Clauses (Art. 46(2)(c) GDPR). Data transfer to the Hungarian website developer remains within the EU/EEA and does not require additional safeguards.

9. Data Retention

Personal data is retained only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law. The following general retention periods apply:

  • Server log files: up to 7 days, unless longer retention is required for security or legal purposes
  • Contact form enquiries: deleted or anonymised within 12 months of the enquiry being resolved, unless an ongoing legal or contractual relationship requires longer retention
  • Google Analytics data: 2 months (as configured)
  • Project partner and contractor data: retained for the duration of the project and for the legally required period thereafter (typically 7–10 years under Austrian and German accounting law)
  • Cookie consent records: 1 year from the date of consent

Data that is required for accounting, contract documentation, or other legal obligations is not affected by a request for deletion during the applicable retention period.

10. Technical and Organisational Security Measures

ICMPD implements appropriate technical and organisational security measures to protect personal data against unauthorised access, loss, destruction, or alteration. These include:

  • Encrypted data transmission using TLS/HTTPS
  • Access controls limiting data access to authorised personnel only
  • Firewall and malware protection systems
  • Regular security reviews and updates

Despite these measures, no data transmission over the internet can be guaranteed to be completely secure. If you believe your data has been compromised, please notify us immediately at This email address is being protected from spambots. You need JavaScript enabled to view it..

11. Automated Decision-Making and Profiling

ICMPD does not use automated decision-making processes, including profiling, within the meaning of Art. 22 GDPR that would produce legal or similarly significant effects on you.

Google Analytics 4 uses machine learning to model and enrich aggregated usage data (e.g. conversion modelling). This does not constitute automated decision-making affecting individual users, as it operates on anonymised aggregate data only.

12. Your Rights as a Data Subject

Under the GDPR, you have the following rights in relation to your personal data:

  • Right of access (Art. 15 GDPR): You may request confirmation of whether we process your personal data and, if so, obtain a copy of it.
  • Right to rectification (Art. 16 GDPR): You may request that inaccurate or incomplete personal data be corrected.
  • Right to erasure (Art. 17 GDPR): You may request deletion of your personal data where the conditions of Art. 17 GDPR are met.
  • Right to restriction of processing (Art. 18 GDPR): You may request that processing be restricted in certain circumstances.
  • Right to data portability (Art. 20 GDPR): Where processing is based on consent or contract and carried out by automated means, you may receive your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests (Art. 6(1)(f) GDPR), including profiling. We will then cease processing unless we can demonstrate compelling legitimate grounds.
  • Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
  • Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or the place of the alleged infringement.

To exercise any of the above rights, please contact:

This email address is being protected from spambots. You need JavaScript enabled to view it.

We will respond to your request within one month of receipt. In complex cases or where a large number of requests is received, this period may be extended by a further two months; you will be informed of any extension. We may ask you to verify your identity before processing your request, to protect your data from unauthorised access.

Please note that certain data cannot be deleted during mandatory legal retention periods, even upon request.

13. Right to Lodge a Complaint

If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. The competent authority in Austria is:

Austrian Data Protection Authority (Datenschutzbehörde)
Barichgasse 40–42, 1030 Vienna, Austria
https://www.dsb.gv.at
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

If you reside in Germany, you may alternatively contact the competent German state data protection authority (Landesbeauftragter für den Datenschutz) or the BfDI (www.bfdi.bund.de). The right to complain exists without prejudice to any other administrative or judicial remedy.

14. Links to Third-Party Websites

This website may contain links to external websites that are not operated or controlled by ICMPD. This Privacy Policy does not apply to those websites. ICMPD is not responsible for the privacy practices or content of third-party websites and recommends that you review the privacy policy of any external site you visit.

15. Copyright and Disclaimer

The content of this website is protected by copyright. Text, photographs, and other materials attributed to ICMPD may be reproduced for non-commercial purposes without charge, provided that ICMPD is credited as the source.

Where content is attributed to an external source, permission for reproduction must be obtained from the originating organisation. The content on this website is the sole responsibility of ICMPD and does not necessarily reflect the views of ICMPD Member States or project donors.

ICMPD does not guarantee the accuracy, completeness, or reliability of the information on this website. ICMPD is not liable for any loss or damage resulting from use of this website or any linked websites, including damage caused by software viruses or similar threats.

16. Updates to This Privacy Policy

ICMPD may update this Privacy Policy from time to time to reflect changes in applicable law, technology, or organisational practice. Any material changes will be published on this page with an updated "last updated" date. We encourage you to review this policy periodically.

This policy is available in English, German, and Ukrainian. In the event of any inconsistency between the language versions, the English version shall prevail.

Cookies user preferences
We use cookies to ensure you to get the best experience on our website. If you decline the use of cookies, this website may not function as expected.
Accept all
Decline all
Analytics
Tools used to analyze the data to measure the effectiveness of a website and to understand how it works.
Google Analytics
Accept
Decline
Save