Privacy Policy

Zur deutschsprachigen Version dieses Dokumentes wechseln.

Last review: 24 May 2018

Privacy Policy of Ärzte ohne Grenzen Österreich (“Ärzte ohne Grenzen” (Doctors Without Borders); “we”), Taborstrasse 10, 1020 Vienna, for the website (“Website”).

Thank you very much for your interest in our work. The following is a comprehensive information about the way in which we process your data and about the rights that you have in this respect. The protection of your privacy is very important to us, and accordingly we want to inform you about your rights and options, in order to sustainably establish a trusting business relationship. Our practice of ensuring privacy is in accordance with the General Data Protection Regulation of the European Union (GDPR) along with the Austrian Data Protection Amendment Act 2018 (DS-AG), the Telecommunications Act (TKG) and other relevant legal provisions.

As a general rule, data protection regulations must always be observed whenever personal data are processed. The terms used in this Privacy Policy are as defined in the GDPR. Thus, the “processing” of personal data essentially comprises any handling of the same. To the extent that data processed by us refer to a person and – even if only through third parties, in a synopsis or by means of additional knowledge – make you identifiable as a person (in particular, if they allow your full name to be revealed), we are essentially dealing with personal data.

1.Data processing during the use of our Website

Whenever you visit our Website, we automatically collect the following data: IP address and access information.

You may visit our Website without having to indicate any details about your person. Upon calling up the Website, only certain access data (your IP address and other metadata, e.g. date/time of request, requesting provider, browser version) will be processed by automated means, especially for security purposes and for improving the Website quality. However, this information does not enable us to draw any conclusions as to your person. IP addresses are collected and stored exclusively in anonymised form, truncating them by the last three (3) digits.  Accordingly, as a mere Website visitor, you can inform yourself about our work without engagement.

2.Data processing in case of online donations via the Website

Should you have decided to use the online donation option offered by us, you need to provide certain details for the purpose of contract processing. Both for one-time and for regular online donations, you must/may indicate the following personal data:

  1. Salutation, first name, surname
  2. E-mail address
  3. Payment details depending on the mode of payment selected: PayPal, credit card, Sofort transfer, debit order, payment form
  4. Date of birth (mandatory if tax deductibility is desired)
  5. Address (not mandatory)
  6. Telephone number (not mandatory)
  7. Donator number (if available; not mandatory)
  8. Other notices (not mandatory)

This information is required by us in order to perform the contract that you have concluded with us (Art. 6 (1) (b) GDPR). The data will also be stored by us, and we shall keep them only for so long as this is reasonably considered necessary to accomplish the purpose of contract performance and to the extent admissible under applicable law. In any case, we will store the personal data for as long as statutory retention periods apply or statutes of limitation in respect of potential legal claims have not yet expired. To the extent that the storage of the data is no longer required for the purposes of their original collection (or within the scope of any legally admissible change of purpose) and no statutory provisions are opposed, we shall arrange for erasure of the same.

For the purpose of contract performance, we shall cooperate with different so-called processors, depending on the mode of payment selected, who carry out the payment transactions for us. For this purpose, we shall pass on your full name and information about the selected mode of payment to the selected processor exclusively. This transmission of your data is an indispensable prerequisite for contract performance.

We have almost no or only very little influence on the storage and processing of the data by the processor, but the processors are contractually bound by our data protection procedures. Sometimes, however, the selected payment service providers will also collect the data themselves, especially if you (must) create an account with them. To that extent, the privacy policy of the respective provider shall apply; our Privacy Policy is only meant to provide you with information as to which recipients may receive your payment data, if applicable.

We use Fundraisingbox, a PCI DSS certified online fundraising tool of Wikando GmbH, Schießgrabenstr. 32, 86150 Augsburg. All transmissions of data in connection with payments shall take place viaFundraisingbox; subsequently the data will be entered in our internal donator data base. 

If you select PayPal as the mode of payment, data will be transmitted to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, and processed there. Please also note the privacy statement and the General Terms and Conditions of PayPal in this respect.

If you select credit card as the mode of payment, you will submit your credit card details together with the order, which however will not be processed by us, but passed on directly to the credit card company. We will subsequently send a request to the credit card company to initiate the payment transaction. The payment transaction will be carried out automatically by the credit card company and debited to your card. In the process, certain data will be transmitted to the respective credit card company and processed by the same. We shall not transmit any personal data to the credit card company that go beyond that specific payment transaction; for the processing of data by the credit card company in general, please also note the latter’s privacy policy and GTC.

If you select Sofort transfer as the mode of payment, you will be linked through to the website of the online provider Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany, a member of the Swedish Klarna Group, after entering the data. In this way, Sofort GmbH is instructed to forward the payment order to your bank and to inform the vendor about the successful transfer. Within the scope of the payment transaction, Sofort GmbH will also carry out an automated check of account cover. Please note the complementary data protection information of Sofort GmbH in this respect, which will be pointed out to you during use of the service.

If you select debit order as the mode of payment, only Fundraisingbox and we will receive your payment details; the same applies in the event that payment form is selected: in that case, we will send the payment form to any address indicated by you.

As described, our processors are contractually bound to observe our privacy practices and will treat your personal data as strictly confidential. Without your consent, they will not, under any circumstances, transfer your data to third parties or use them for purposes other than those required to perform their duties vis-à-vis Ärzte ohne Grenzen and as expressly authorised by us.

3.Data processing in case of a change of your personal data via the Website

If you click on the button “Update Online Data”, you can initiate a change of your personal data already collected. As soon as you click on “Send”, we will collect such data and process them to comply with your request (Art. 6 (1) (b) GDPR). Your data will then be stored in our donator database and are subject to our erasure scheme. We can provide you with more information upon request, among others by means of an extract from our records of processing.

4.Data processing in connection with job applications via the Website

We appreciate your interest in working for our organisation. Our Website contains information about the options of working for Ärzte ohne Grenzen. Should you decide to send an unsolicited job application, we must process the personal data transmitted by you within the scope of your application in order to consider the same (Art. 6 (1) (b) GDPR). Please find detailed information about data processing in connection with job applications in the information sheet for applicants, available on the Website at:

5.Data processing in case of enquiries relating to donations (donators’ service)

Should you require any further information regarding your donations, or in case of any concerns relating thereto, we offer you various options to get into contact with us, all of which we have indicated on our Website. If you contact us and provide us with any personal data within the scope of your request, we will process the same in order to deal with your request in the best possible way (e.g. dispatch of information material to notified address, change of amount of donation). Your personal data that you notify in the course of this correspondence will be processed by us for organisational purposes, also by including them in the donator database, if applicable. You will find detailed information about data processing in connection with donations in the DATENSCHUTZ-INFORMATIONSBLATT für Spenderinnen und Spender  [DATA PROTECTION INFORMATION SHEET for donators].

6.Data processing for use of the contact forms on the Website

On our Website, you are also offered the possibility to complete the contact forms provided to submit individual requests or to get into contact with us. The information that you enter in those forms will be processed by us to answer your request. Should it turn out in the course of replying to your request that the latter relates to donations, it will be processed within the scope of the donators’ service, and accordingly Item 5 shall apply. The data of other requests will not be processed beyond the scope of replying to the request.


On our Website, you are offered the possibility to register for our newsletter. For this purpose, you must notify your name (first name, surname), salutation and your e-mail address. These data are required for dispatching the newsletter and to address you correctly. Among others, the newsletter will provide you with information about our missions and how you can support them, and it contains current reports and information about events and campaigns; it will be sent exclusively to the e-mail addresses provided by the interested persons themselves. If you no longer want to receive the newsletter, you may of course deregister at any time by clicking on the “unsubscribe newsletter” button. The data collected for the dispatch of the newsletter will be deleted after any deregistration – unless otherwise provided for under the law, and unless the data are processed on any other legal basis.

We use the newsletter service MailChimp, operated by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA (hereinafter “MailChimp”). For this purpose, data voluntarily provided by you (name, address and e-mail address) will be stored on MailChimp servers in the USA. Your data will only be used to send you the newsletter that you have subscribed to or any other information about our work, if applicable, that you are interested in. However, in that case, your data may also be used for statistical analyses. MailChimp disposes of a Privacy Shield certification and accordingly of a level of protection equivalent to EU standards. We also use Mandrill, an e-mail delivery service developed by MailChimp. In contrast to MailChimp, the application does not send e-mails to several recipients at the same time, but only to individual addressees. As it is a MailChimp add-on, it essentially uses the same infrastructure, meaning that the same remarks on data protection also apply to Mandrill. The dispatch of newsletters is also controlled through our donator data base; this is why we process your personal data, voluntarily provided by you, (name, address and e-mail address) there.

You may also read the data privacy statement of MailChimp for more information as to how your data are handled.

8.Rights of data subjects

An essential aspect of data protection legislation is to grant you certain rights of disposition over your personal data even once data processing has already begun. For this purpose, there are a number of data subject rights, which we will comply with immediately upon request, but at the latest within one (1) month. In order to exercise your rights, please contact us via the following e-mail address: [email protected]. Specifically, the following rights have been provided for:

  1. If you exercise your right of access and there are no legal restrictions, we will inform you comprehensively about our processing of your data. To this end, we will send you (i) copies of the data (e-mails, database extracts, etc.), as well as information about (ii) data specifically processed, (iii) processing purposes, (iv) categories of processed data, (v) recipients, (vi) the retention periods or criteria for their determination, (vii) the source of the data and (viii) if necessary, further information depending on the individual case. Please note, however, that we cannot provide documents that could negatively affect the rights of others.
  2. With the right to rectification, you can request that we correct inaccurately recorded, obsolete or (for the respective processing purpose) incomplete data. Your request will then be reviewed and the processing of such data may be restricted for the duration of the review upon request.
  3. The right to erasure (of data) may be exercised (i) for lack of necessity with respect to the processing purpose, (ii) in case of revocation of the consent granted by you, (iii) in case of a special objection, to the extent that the data processing concerned is based on the legitimate interests of Ärzte ohne Grenzen, (iv) in case of unlawful data processing, (v) if there is a legal erasure obligation as well as (vi) when processing the data of minors under 16 years.
  4. An accessory right of restriction of processing, after the exercise of which the data concerned may only be stored, exists in certain instances. Apart from the option to restrict processing for the duration of checking data rectifications, (i) unlawful data processing (unless erasure is demanded) and (ii) the duration of the examination of any special objection are subject to this right.
  5. In addition, you have a fundamental right to object to data processing at any time. However, this only applies if the processing is based on the legitimate interests of Ärzte ohne Grenzen. Please note, however, that legitimate interests as the legal basis for processing operations may only be used in individual cases.
  6. You may also exercise your right to lodge a complaint with the supervisory authority (see item 13).

Please also note that we may be unable to comply with your request due to compelling, legitimate reasons for processing (balance of interests) or processing due to the establishment, exercise or defence of legal claims (on our part). The same applies in case of excessive (unreasonable) requests, although in that case, as well as for complying with unjustified enquiries, a fee may be charged.

9.Data security

Ärzte ohne Grenzen will take all suitable technical and organisational measures to ensure that only those personal data are processed on the basis of presettings whose processing is absolutely required for the business purpose. The measures taken by us concern both the amount of data collected, the scope of processing and the storage period and accessibility of the data. Through these measures we ensure that personal data are only made accessible, through presettings, to a closely restricted, absolutely necessary number of persons. Other persons will not be granted access to personal data, under any circumstances, without the express consent of the data subject. Moreover, we use various protective mechanisms (backups, encryption) to secure our online presence and other systems. This is meant to protect your (personal) data against loss or theft, destruction, unauthorised access, modification and dissemination in the best possible way.

All employees of Ärzte ohne Grenzen were adequately informed about all applicable provisions under data protection legislation, about internal privacy regulations and data security precautions, and are instructed to keep confidential all the information entrusted or made accessible to them within the scope of their professional activity. In this context, the requirements of the GDPR will strictly be observed and personal data will only be provided to individual employees to the extent this is required for the purpose of data collection and our obligations resulting therefrom. To the extent that processors are employed by us, they are obliged under specific framework contracts concluded with us to act in compliance with our data privacy procedures.

10.Social plug-ins

So-called social plug-ins or pixels of the following social networks are used on our Website: Facebook, Instagram, Twitter and YouTube.

We use the so-called Facebook pixel for the purpose of analysing, optimising and efficiently operating our online presence with a view to remarketing (prevailing legitimate interests, Art 6 (1) (f) GDPR). Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA; the contracts with users in Europe are concluded with Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”). The Facebook pixel allows for the identification of the visitors of our Website as a target group for the presentation of advertisements on Facebook. We, in turn, use the Facebook pixel to show the Facebook advertisements linked through to our Website only to those Facebook users who are interested in our work (which they have expressed by visiting our Website). You may also disable the remarketing function of Facebook yourself by clicking on this link: You must be logged in with Facebook to do so.

See the following link for the data privacy information provided by Facebook:

Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”), the data privacy information of Twitter is available here:

We have a link to our Instagram profile on our Website. Instagram is operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA, the privacy policy is available here:

We have also implemented a link to our German and Austrian YouTube channel and embedded some YouTube videos on our Website. YouTube is operated by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Plug-ins generally allow for the content of Internet pages to be recommended to other Internet users via a social network, to be added to your personal profile in a social network, or otherwise to be displayed. For this purpose, cookies (third-party provider cookies) and other technologies (e.g. pixel tags) are used. The content of the respective plug-in is embedded directly in our websites by the relevant provider. In the process, your browser establishes a connection with the servers of the plug-in provider whenever you call up a website of where such a plug-in is incorporated. In this way, the providers receive the information that your browser has called up the relevant page of our online presence, even if you have no profile with the social network of the relevant provider or if you are not logged in at that time. Your browser will transmit this information, including your IP address, directly to a server of the respective provider in the USA, where it will be stored. As your browser will send unsolicited information every time a connection is established with a provider server, this could be used to create profiles of websites that the user behind the identifier has called up. If you are logged in with any of the social networks, the providers can directly match the visit on our Website with your profile. If you interact with the plug-ins, for instance activating the “Like”, the “+1” or the “Twitter” button, the corresponding information will also be sent directly to a server of the provider and stored there. The information will also be published within the social network and/or in your Twitter account and displayed to your contacts there.

If you do not want the social network to match the data collected about our web presence directly with your profile in the respective service, you must log out from the relevant service prior to activating the plug-ins.

Please note that Facebook, Google and Twitter participate in the EU-US Privacy Shield and are accordingly obliged to observe the treaty and to permanently maintain a level of data privacy equivalent to European data protection standards. The EU-US Privacy Shield was attested an adequate level of data protection by the adequacy decision of the European Commission; accordingly, transfers of data to certified companies in the USA (third country) are basically admissible. See for Privacy Shield certifications.


We use so-called cookies, small text files, that are stored on your computer whenever you access our Website. They help us make our online offer more user-friendly, more interesting and more secure. Many of them are “session cookies” that are deleted again without any action on your part, as soon as you terminate your current browser session. Other cookies (for instance, to save your language settings) are stored for longer periods or until you remove them manually. Generally, cookies do not contain any personal data.

Most browsers accept cookies automatically. However, you can adjust your browser settings so that cookies are either rejected in general or that only certain types are admitted (e.g. restricting rejection to third-party cookies). If you change the cookie settings of your browser, you may no longer be able to use all functions of our Website in full. The optional settings for the most commonly used browsers are available through the following links:

12.Google Analytics

Our Website uses Universal Analytics, the new generation of the Google Analytics web analysis tool of Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”), a subsidiary of the holding company Alphabet, Inc. It uses cookies that enable an analysis of your use of the Website. We process your associated data on the basis of our prevailing legitimate interest to prepare cost-efficient and convenient website access statistics (Art 6 (1) (f) GDPR).

As a rule, the information generated by the cookie regarding your use of the Website is transferred to and stored on a server in the USA that is operated by Google. We will not store any of your data collected in connection with Google Analytics. However, if IP anonymisation is enabled on this Website, your IP address will first be truncated by Google within the member states of the European Union or in other signatories of the treaty on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA to be truncated there. Google will use this information to analyse your use of the Website for us, to compile reports on Website activities, and to provide additional services associated with the use of the Website and the use of the Internet in general for us. No connection will be established between the IP address sent by your browser within the scope of Google Analytics and any other Google data. This will not put Google in a position to identify your person.

Google participates in the EU-US Privacy Shield and is accordingly obliged to observe the treaty and to permanently maintain a level of data privacy equivalent to European data protection standards. See for the Privacy Shield certification.

Using the procedure described in Item 11, you can prevent cookies from being stored by adjusting your browser settings accordingly (restriction to third-party provider cookies, if applicable). You can also prevent Google from collecting and processing data relating to your use of the Website (incl. your IP address) that is generated by the cookie by downloading and installing an appropriate browser plug-in ( Alternatively, you may also click here to place a so-called opt-out cookie that is filed on your terminal device and will prevent the collection of your data by Google Analytics. However, if you delete the cookies stored on your computer, this step will have to be repeated. But please note that you may not be able to use all functions of the Website in full, if you do so.

For more information about data protection in connection with Google Analytics and your relevant options, please go to

13.Right to lodge a complaint

If you believe that we violate applicable data protection legislation when processing your data, you have the right to lodge a complaint with the Austrian Data Protection Authority. The requirements for such a complaint are based on Sec. 24 et seq. of the Data Protection Amendment Act. However, we ask you to contact us in advance in order to clarify any questions or problems.