Privacy Statement

Joint Controllers

Know-Center GmbH Research Center for Data Driven Business & Big Data Analytics

Inffeldgasse 13/6

8010 Graz



Silicon Austria Labs GmbH

(formerly CTR Carinthian Tech Research AG)

Inffeldgasse 33

8010 Graz


EAM Systems GmbH

Ludwig Benedek-Gasse 2

8054 Graz


Technische Universität Graz

Institut für Wärmetechnik

Inffeldgasse 25/B

8010 Graz


EUDT Energie- u. Umweltdaten Treuhand GmbH

Flughafenstraße 8

9020 Klagenfurt


Fachhochschule Salzburg GmbH

Urstein Süd 1

5412 Puch


Thomas Lorenz ZT GmbH

Raiffeisenstraße 30

8010 Graz


IKK Engineering GmbH

Reininghausstraße 78

8020 Graz

Contact point

Know-Center GmbH Research Center for Data Driven Business & Big Data Analytics

Inffeldgasse 13/6

8010 Graz


Purpose of processing

Research on aggregated and enriched information extracted from sensors and simulation data to quantify, evaluate and optimise the human comfort, taking economic considerations into account.


First and last names, contact data, log-data, expert opinions (in the sense of surveys on the comfort)

Basis in law

  • Consent pursuant to Art 6 para 1 lit a GDPR;
  • Necessity for the performance of a contract pursuant to Art 6 para 1 lit b GDPR;
  • (Overriding) legitimate interests of the joint controllers (pursuant to Art 6 para 1 lit f GDPR) in achieving the above-mentioned purposes.


Funding authorities or bodies appointed by them (e.g. as part of contract monitoring);

No external contractors are used to process the data.

Transfer to third countries

No transfer to third countries

Duration of storage

Until the time at which consent is withdrawn. Irrespective of withdrawal of consent, the data will be stored no longer than necessary for the purpose of processing, unless legal or contractual retention obligations or (overriding) legitimate interests justify a longer storage period (e.g. for the assertion or defence of legal claims; in this regard it should also be pointed out that – if no longer storage is required – the data will be archived for 10 years from the end of the project or publication in order to prove good scientific practice).

Data subject rights

You have a right to:

  • Information and access, to find out whether we have personal data of yours stored and what data it is.
  • Rectification – correction and/or completion of your personal data that are inaccurate or incomplete
  • Erasure of your personal data that are being processed in a manner which is not lawful or is no longer lawful
  • Restriction of processing
  • Data portability
  • Withdraw the consent that you have given at any time without stating a reason, effective for the future: i.e. further processing of your data is then not allowed from that point in time onwards, unless there is an overriding legitimate reason for doing so.
  • Object to any assertion by the joint controllers of an overriding legitimate interest in processing the data


To exercise these rights please contact

You also have a right to make a complaint to the Data Protection Authority.

In this regard, we also refer to its homepage, which can be accessed under the link

Overview of the distribution of tasks among the joint controllers

Obligations under the GDPR KNOW CTR EAM TUG IWT EUDT FH Salzburg ZT IKK
Determining the purposes and means of data processing and the nature of the personal data and categories of data subjects X X X X X X X X
Dealing with withdrawal-notifications (cf. Art 7 GDPR), requests for information (cf. Art 15 GDPR), requests for rectification (cf. Art 16 GDPR), requests for erasure, restriction requests and related notifications (cf. Art 17 to 19 GDPR); dealing with requests for data portability (cf. Art 20 GDPR); dealing with objections (cf. Art 21 GDPR); observing the right to non-automated individual decision-making (cf. Art 22 GDPR) X              
Information where personal data are collected including information where data have not been obtained from the data subject (cf. Art 13 and 14 GDPR); making available the “essence” of the joint controllership arrangement (cf. Art 26 para 2 GDPR) X X X X X X X X
Notification to the supervisory authority and communication to the data subjects in the event of a data breach (cf. Art 33 and 34 GDPR) X              
Definition and implementation of technical and organisational measures according to risk assessment (cf. Art 24 in conj. with Art 32 GDPR) X X X X X X X X
Maintenance of the record of processing activities (cf. Art. 30 GDPR) X X X X X X X X
Involvement of processors or subprocessors and their auditing (cf. Art 28 GDPR) X X X X X X X X
Determination of the responsibilities under the GDPR in a transparent manner (cf. Art 26 para 1 GDPR) X