The University of Graz considers the protection of personal data to be particularly important. We treat all data to be processed as confidential and handle it in compliance with the relevant legal provisions.
This Data Protection Declaration is designed to inform you as a user of the “CarbonTracer” service of the purpose, legal basis/bases and your rights in connection with the processing of personal data in the context of the provision of this service by the University of Graz, in accordance with Articles 12 and 13 of the General Data Protection Regulation (GDPR).
The University of Graz has made a free web service available for calculating greenhouse gas emissions in the field of mobility. The service is freely available to all organisations, institutions and private individuals and can be used after registering at https://carbontracer.uni-graz.at. Once they have registered, users receive a unique API key that is required to retrieve data via the web service. The API key can be changed at any time in the user portal and a certain quota of queries per minute or per day is available for each API key. The precise quotas can be found in the Terms of Use or on the website. An overview of the quotas used is available for each user in the user portal.
The web service allows greenhouse gas emissions to be calculated for the following modes of transport (types):
In addition, the web service also provides a geocoding function, which is based both on the town/city or location level as well as on the address level:
Individuals registered on the website who use the web service for private or business purposes.
Information on data processing within the scope of accessing our website can be found at: https://www.uni-graz.at/en/data-protection/
The following personal data is collected when registering on the website:
The words “private use” can be entered under “Organisation” if the web service is being used for private purposes. The personal data stated above (first name, last name, e-mail address) is required to activate the account, assign API requests and reset the password.
A unique API key with a length of 40 characters is generated for each account during the registration process, and this is required to use the API. This API key can be “regenerated” at any time in the user portal. Each account has precisely one valid API key.
The following data is also logged with each API request:
This information is required to check the available quotas for each API key.
All of the results calculated successfully for individual requests are stored by the web service in a database. The results are processed anonymously, i.e. the start and target values are saved as hash values and no connection is made at any time that could link which request was made via which API key.
Processing of the data stated under points 2 (Account) and 3 (Use of the API) is required in order to access and use the web service and takes place based on the accepted Terms of Use, and therefore for the performance of a contract or in order to take steps prior to entering into a contract in accordance with Article 6 (1) (b) GDPR. You will not be able to use the service if you do not provide the data to us. Furthermore, the data is processed in the overriding legitimate interests of the University of Graz in fulfilling or providing a response to support requests as well as of data security and system improvement (Article 6 (1) (f) GDPR).
We will store your personal data for as long as necessary for performance of the contract. The data will therefore be processed until you request its erasure. Erasure of the account can be requested at any time via e-mail (see contact on the website). All requests relating to the API key (i.e. time of the request and whether the request was successful or unsuccessful) and the information about the account itself will be erased by the operators of this web service within one week of the request for erasure being received, provided that there are no statutory retention periods or potential open legal claims that would exclude this. Inactive accounts (accounts that have not carried out any requests for more than two years) will be erased by the operator of the service after one year.
The website makes a donation form available that organisations and/or private individuals can use to make monetary donations to the operators of the web service. Donations have no influence on any request quotas or other services (e.g. support requests, etc.) relating to the web service.
The following personal data of (potential) donors is processed within the scope of managing donations:
The following data must be passed on to the payment service provider in order for the payment to be allocated:
Additional personal data may be collected by the payment service providers as necessary.
The processing of the data stated above is necessary for the performance of a contract with you or in order to take steps prior to entering into a contract in accordance with Article 6 (1) (b) GDPR and due to tax regulations (in particular data retention obligations) in accordance with Article 6 (1) (c) GDPR.
Provision of the data is necessary for entering into the gift agreement (donation) and due to tax regulations. Donations cannot be accepted if you do not provide this data to us.
We will store your personal data within the scope of donation processing for as long as this is required to achieve the purpose. Aside from this we only store your data if statutory retention periods are applicable or if the limitation periods related to potential legal claims are open.
Your data (name, gender, contact, donation amount) will be transmitted to the tax office due to the obligation of the University of Graz to report your donation to the tax office. The transmission is based on legal obligations in accordance with Article 6 (1) (c) GDPR. Furthermore, your personal data will be processed exclusively within the university when using the web service and will not be passed on to external recipients.
This also applies to all subsequent services offered as part of the web service. The web service is exclusively based on other free services and/or data sets as well as algorithms developed in-house. All data and/or instances are stored locally on the University of Graz server and no data is transmitted to third parties.
1. OpenStreetMap (https://www.openstreetmap.org/)All pathways and hubs required to calculate and display the route are provided based on OpenStreetMap. Data related to train travel was uploaded to the server once with this before being calculated. Data resulting from these calculations is stored locally on the server in a database. Road travel data is loaded directly from the server from a local Docker instance
2. OpenRouteService (ORS) (https://openrouteservice.org)The ORS routing engine is operated locally on the server via a Docker instance. Requests are processed locally by the server.
3. Geonames (https://www.geonames.org)Data sets for all major towns, cities and locations are stored locally on the server and processed to enable structured request options. Requests are processed locally on the server.
4. Pelias (https://github.com/pelias/pelias)Pelias is an opensource geocoder and is operated locally on the server via a Docking instance. The encoder enables geocoding at the address level
5. Airports worldwide (https://www.abflug.info/)A list of all airports is stored locally on the server.
6. In-house developmentsCalculations relating to the flight route and rail travel have been implemented independently and take place directly via the API.
The web service provides the following features in detail:
1. GeocodingSpecifying town/city or place names (worldwide) and/or addresses (in Austria) allows translations to be made to geocoordinates (latitude, longitude).
2. Routing and greenhouse gas emissionsRouting and greenhouse gas calculations can be implemented using geocoding and/or through transmission of geocoordinates. The following modes of transport (types) are available for selection:
Where the processing of your personal data is concerned, you have the following rights at all times with regard to the University of Graz Human Resources department as controller; these rights can be exercised by emailing hr-applications@uni-graz.at
Our contact details are: University of Graz, Human Resources, Halbärthgasse 8, 8010 Graz, e-mail: hr-applications@uni-graz.at
Our data protection officer can be contacted at: dsba@uni-graz.at
Please send any general queries regarding data protection to datenschutz@uni-graz.at