Academic Staff Council

Data Protection

Our daily work is characterized by an ever-increasing number of forms of electronic communication and digital systems, which on the one hand inevitably require a minimum amount of personal data for their use, and on the other hand transmit and process personal data in their own right.

These currently include:

Printer systems
Communication systems
Access systems
Surveillance cameras
the Electronic Personnel File
ALMA (the digital library system) and
many other operational systems (BACH, SAP, etc.)

How employees' personal data is used in these systems must be carefully scrutinized. Corresponding operational agreements have been established to ensure that these systems are only used to the extent agreed upon, that personal rights are protected, and that employees are not monitored under any circumstances. The operational agreements regulate the data access given to the respective systems and/or the employer and also contain regulations regarding the protection and secure storage of personal data in all these systems.

The required transition to digital platforms in both teaching and administration in the wake of the Corona crisis has brought many new challenges in this area.

It is the task of the respective parties to the operational agreement to check in advance if the implementation of new systems (such as Teams or Zoom) is covered by the existing regulations. If not, appropriate amendments to the relevant operational agreement must be negotiated and agreed on. The introduction of new operating systems – and sometimes even the implementation of updates to them - also necessitates this prior evaluation and, depending on the results, the conclusion of new agreements between the Academic Staff Council and the employer.

In order to streamline this procedure without compromising the protection of personal employee data or the protection of WU employees from unauthorized control, negotiations are currently underway for a new comprehensive IT operational agreement, which should replace the current operational agreement "Operational Systems" in the near future. The current version of the "Operational Systems" operational agreement and its amendments, including side letters, can be found here.

A particular data protection task of the Academic Staff Council is occasionally the inspection of door-key entry data or security camera recordings on campus. Access to such data is only permitted in justified cases (eg to investigate theft or vandalism) and the inspections (which are announced sporadically at relatively short notice) can only take place in the presence of members of the Academic Staff Council.

Your contact persons:

Stefan Sobernig, Rony Flatscher, Mark Strembeck und Karin Burger-Ehrnhofer

back to overview

Name	Purpose	Lifetime	Provider
CookieConsent	Saves your consent to using cookies.	30 days	WU
site-popup	Saves if popup was filled or closed.	30 days	WU
BACH_PRXY_ID	To be able to display some WU-specific content, it is necessary that some information must be accessed by back-end WU systems. Required to assign the appropriate answer to a request.	20 years	WU
BACH_PRXY_SN	To be able to display some WU-specific content, it is necessary that some information must be accessed by back-end WU systems. Required to assign the appropriate answer to a request.	session	WU
fe_typo_user	Required for login and access to protected content or for editing the user’s personal profile.	session	WU
be_typo_user	Required for login and editing content in the TYPO3 back end.	session	WU
be_lastLoginProvider	Stores the last method used for logging in to the TYPO3 back end.	90 days	WU
ASP.NET_SessionId	Required for assigning visitors to forms.	session	WU (forms.wu.ac.at)
__RequestVerificationToken	Required to protect forms against attacks.	session	WU (forms.wu.ac.at)
ESRASOFTSID	Required for identifying the logged-in user in the Business Language Center’s course registration system.	session	WU (esrasoft.wu.ac.at)
esraSoftWiData	Required to track the language and language courses selected by the user.	session	WU (esrasoft.wu.ac.at)
esraSimpleSAMLAuthToken	Required for identifying WU employees during the course registration process.	session	WU (esrasoft.wu.ac.at)
esraSimpleSAML	Required for identifying WU employees during the course registration process.	session	WU (esrasoft.wu.ac.at)
SimpleSAML	Required for identifying WU employees during the course registration process.	session	WU (esrasoft.wu.ac.at)

Name	Purpose	Lifetime	Provider
_pk_id	Used by Matomo Analytics to store a few details about the user, such as the unique visitor ID.	30 days	WU (piwik.wu.ac.at)
_pk_ref	Used by Matomo Analytics to store the attribution information, the referrer initially used to visit the website.	6 months	WU (piwik.wu.ac.at)
_pk_ses	Created by Matomo Analytics, short-lived cookies used to temporarily store data for the current visit.	1 hours	WU (piwik.wu.ac.at)
_gcl_au	Contains a randomly generated user ID.	3 months	Google
AMP_TOKEN	Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, request in progress or an error retrieving a Client ID from AMP Client ID service.	1 year	Google
_dc_gtm_--property-id--	Used by DoubleClick (Google Tag Manager) to help identify the visitors by either age, gender or interests.	2 years	Google
_ga	Contains a randomly generated user ID. Using this ID, Google Analytics can recognize returning users on this website and merge the data from previous visits.	2 year	Google
_gat_gtag	Certain data is only sent to Google Analytics a maximum of once per minute. As long as it is set, certain data transfers are prevented.	1 minute	Google
_gid	Contains a randomly generated user ID. Using this ID, Google Analytics can recognize returning users on this website and merge the data from previous visits.	24 hour	Google
_gac_gb	Contains campaign-related information for the user. If Google Analytics and Google Ads accounts are linked, the conversion tags on the Google Ads website read this cookie.	90 day	Google
_dc_gtm	Used to throttle the request rate.	1 minute	Google
IDE	Contains a randomly generated user ID. Using this ID, Google can recognize the user across different websites across domains and display personalized advertising.	1 year	Google
player	This cookie saves user-specific settings before an embedded Vimeo video is played. This means that the next time you watch a Vimeo video, your preferred settings will be loaded.	1 year	Vimeo
vuid	This cookie is used to save the usage history of the user.	2 year	Vimeo
__cf_bm	This cookie is used to distinguish between humans and bots. This is necessary for Vimeo to collect valid data about the use of the service.	1 day	Vimeo
_uetvid	This cookie is set to enable the use of the Vimeo video player.	1 year	Vimeo
_tt_enable_cookie	This cookie is used to enable the vimeo video embedding on the WU Website and for other unspecified purposes.	1 year	Vimeo
afUserId	This cookie collects data from users who interact with embedded Vimeo videos.	2 years	Vimeo
_abexps	This cookie saves settings made by the user, e.g. Default language, region or username as well as interaction data of the user with Vimeo	10 months	Vimeo
_clck	This cookie enables the use of the embedded Vimeo video player	1 year	Vimeo
has_logged_in	This cookie stores login information and if the user has ever logged in.	10 years	Vimeo
language	This cookie remembers the language setting of a user. This ensures that Vimeo appears in the language selected by the user.	11 years	Vimeo
_ttp	This cookie is set to enable the use of the Vimeo video player	1 year	Vimeo
sd_client_id	This cookie stores data about the users current video settings and a personal identification token	2 year	Vimeo
_rdt_uuid	This cookie collects data about the users actions on websites that have a vimeo video embedded.	3 months	Vimeo
vimeo_cart	This cookie is used to check how many times a video has been played by the user.	10 years	Vimeo
OptanonConsent	This cookie stores information about the consent status of a visitor.	1 year	Vimeo
_scid	This cookie is used to assign a unique ID to a user	10 months	Vimeo
hjSessionBenutzer_	Set when a user first lands on a page. Persists the Hotjar User ID which is unique to that site. Hotjar does not track users across different sites. Ensures data from subsequent visits to the same site are attributed to the same user ID.	1 year	Hotjar
_hjid	This is an old cookie which is not set anymore, but if a user has it unexpired in their browser. It will be reused and migrated to _hjSessionUser_{site_id}. Set when a user first lands on a page. Persists the Hotjar User ID which is unique to that site. Ensures data from subsequent visits to the same site are attributed to the same user ID.	1 year	Hotjar
_hjFirstSeen	Identifies a new users first session. Used by Recording filters to identify new user sessions.	30 minutes	Hotjar
_hjHasCachedUserAttributes	Enables us to know whether the data set in _hjUserAttributes Local Storage item is up to date or not.	session	Hotjar
_hjUserAttributesHash	Enables us to know when any User Attribute has changed and needs to be updated.	2 minutes	Hotjar
_hjBenutzerAttribute	Stores User Attributes sent through the Hotjar Identify API. No explicit expiration.	session	Hotjar
hjViewportId	Stores user viewport details such as size and dimensions.	session	Hotjar
hjActiveViewportIds	Stores user active viewports IDs. Stores an expirationTimestamp that is used to validate active viewports on script initialization.	session	Hotjar
_hjSession_	Holds current session data. Ensures subsequent requests in the session window are attributed to the same session.	30 minutes	Hotjar
_hjSessionTooLarge	Causes Hotjar to stop collecting data if a session becomes too large. Determined automatically by a signal from the server if the session size exceeds the limit.	1 hour	Hotjar
_hjSessionResumed	Set when a session/recording is reconnected to Hotjar servers after a break in connection.	session	Hotjar
_hjCookieTest	Checks to see if the Hotjar Tracking Code can use cookies. If it can, a value of 1 is set. Deleted almost immediately after it is created.	session	Hotjar
_hjLocalStorageTest	Checks if the Hotjar Tracking Code can use Local Storage. If it can, a value of 1 is set. Data stored in _hjLocalStorageTest has no expiration time, but it is deleted almost immediately after it is created.	none	Hotjar
_hjSessionStorageTest	Checks if the Hotjar Tracking Code can use Session Storage. If it can, a value of 1 is set. Data stored in _hjSessionStorageTest has no expiration time, but it is deleted almost immediately after it is created.	none	Hotjar
_hjIncludedInPageviewSample	Set to determine if a user is included in the data sampling defined by your site's pageview limit.	2 minutes	Hotjar
_hjIncludedInSessionSample_	Set to determine if a user is included in the data sampling defined by your site's daily session limit.	2 minutes	Hotjar
_hjAbsoluteSessionInProgress	Used to detect the first pageview session of a user.	30 minutes	Hotjar
_hjTLDTest	We try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. Enables us to try to determine the most generic cookie path to use, instead of page hostname. It means that cookies can be shared across subdomains (where applicable). After this check, the cookie is removed.	session	Hotjar

Name	Purpose	Lifetime	Provider
test_cookie	Is set as a test to check whether the browser allows cookies to be set. Does not contain any identification features.	15 minute	Google
IDE	Contains a randomly generated user ID. Using this ID, Google can recognize the user across different websites across domains and display personalized advertising.	1 year	Google
_gcl_au	Contains a randomly generated user ID.	90 day	Google
_gcl_aw	This cookie is set when a user clicks on a Google ad on the website. It contains information about which ad was clicked.	90 day	Google
xs	Used to maintain a Facebook session. It works in combination with the c_user cookie to authenticate the user's identity on Facebook.	1 year	Facebook
fr	Used to serve advertisements and measure and improve their relevance.	90 day	Facebook
m_pixel_ratio	Performance cookie used by Facebook with Facebook pixels.	session	Facebook
wd	Used for analysis purposes. Technical parameters are logged (e.g. aspect ratio and dimensions of the screen) so that Facebook apps can be displayed correctly.	7 day	Facebook
dpr	Used for analysis purposes. Technical parameters are logged (e.g. aspect ratio and dimensions of the screen) so that Facebook apps can be displayed correctly.	7 day	Facebook
sb	Used to save browser details and Facebook account security information.	2 year	Facebook
dbln	Used to save browser details and Facebook account security information.	2 year	Facebook
spin	Cookie for advertising purposes and reporting on social campaigns.	session	Facebook
presence	Contains the "Chat" status of a logged in user.	1 month	Facebook
x-referer	Performance cookie that is used by Facebook in combination with Facebook pixels.	session	Facebook
cppo	Cookie for statistical purposes.	90 day	Facebook
datr	Identifies the browser for security and website integrity purposes, including account recovery and identification of potentially compromised accounts.	2 year	Facebook
locale	Saves language settings.	session	Facebook
_fbp	A cookie for Facebook advertising that is used to track and improve relevance and to serve ads on Facebook.	90 day	Facebook
_fbc	A cookie for Facebook advertising that is used to track and improve relevance and to serve ads on Facebook.	90 day	Facebook
UserMatchHistory	This cookie is used to synchronize the LinkedIn Ads IDs.	30 day	LinkedIn
AnalyticsSyncHistory	This cookie saves the time at which the user was synchronized with the "lms_analytics" cookie.	30 day	LinkedIn
li_oatml	This cookie is used to identify LinkedIn members outside of LinkedIn for advertising and analysis purposes.	30 day	LinkedIn
lms_ads	This cookie is used to identify LinkedIn members outside of LinkedIn.	30 day	LinkedIn
lms_analytics	This cookie is used to identify LinkedIn members for analysis purposes.	30 day	LinkedIn
li_fat_id	This cookie is an indirect member identification that is used for conversion tracking, retargeting and analysis.	30 day	LinkedIn
li_sugr	This cookie is used to determine probabilistic matches of the identity of a user.	90 day	LinkedIn
U	This cookie identifies the user’s browser.	3 month	LinkedIn
_guid	This cookie is used to identify a LinkedIn member for advertising via Google Ads.	90 day	LinkedIn
BizographicsOptOut	This cookie is used to determine the rejection status for tracking by third-party providers.	10 year	LinkedIn
lidc	This cookie makes it easier to select LinkedIn's data center.	24 hours	LinkedIn
aam_uuid	This cookie is used for ID synchronization with Adobe Audience Manager.	30 days	LinkedIn
AMCV_XXX_at_AdobeOrg	This cookie contains a unique identifier for the Adobe Experience Cloud.	180 days	LinkedIn
li_mc	This cookie is used as a temporary cache. It is used to have the user's consent information from the database available client side.	2 years	LinkedIn
lang	This cookie stores the language settings of a user. This ensures that the LinkedIn.com website appears in the language selected by the user.	session	LinkedIn
twll	This cookie is set when X is embedded on the page. X collects data that is mainly used for tracking and targeting.	4 year	X
secure_session	This cookie is set when X is embedded on the page. E.g. X's like or sharing functions.	14 year	X
guest_id	This cookie is set by X when a visitor shares content from the WU website on X.	2 year	X
personalization_id	This cookie is set by X to measure the performance of X advertising campaigns in a user's browsers and devices	2 year	X
remember_checked	This cookie is set by when X is embedded on the page. X collects data that is mainly used for tracking and targeting.	4 year	X
remember_checked_on	This cookie is set when X is embedded on the page. E.g. X's like or sharing functions.	4 year	X
mbox	This cookie is intended for identifying X users, for analyzing interaction with the X Service and advertising whitin the service.	2 years	X
guest_id_ads	This cookie is set due to X integration and for sharing content to social media.	10 months	X
d_prefs	This cookie ist used to check referral links and the login status.	90 days	X
ct0	This cookie is set due to X integration and sharing capabilities for the social media.	10 months	X
kdt	This cookie is used to monitor the users login status on X.	10 months	X
guest_id_marketing	This cookie is set for tracking and analytics purposes.	10 months	X
twid	This cookie checks if you are logged in to X during a browser session.	1 year	X
auth_token	This cookie is required for authentication and checks whether the user is logged in.	10 months	X
external_referer	This cookie collects statistical data, including how often you visit X and how long a user stays on X.	1 day	X
NID	This cookie contains a unique ID that is used to save user-specific settings and other information, in particular your preferred language, how many search results should be displayed per page and whether the Google SafeSearch filter should be activated.	6 month	YouTube
1P_JAR	This Google cookie is used to optimize advertising, to provide ads that are relevant to users, to improve reports on campaign performance or to prevent a user from seeing the same ads multiple times.	1 month	YouTube
CONSENT	This cookie is used to support Google's advertising services.	20 year	YouTube
OTZ	Aggregated analysis of website visitors.	17 day	YouTube

Academic Staff Council

Data Protection

Your contact persons:

Programs

Research

The University

Jobs