Privacy policy

Data Protection Notice pursuant to Article 13 and Article 14 GDPR

Transparency and the protection of your privacy rights are important to us! The following notice describes how we (Wings for Life, Fürstenallee 4, 5020 Salzburg) process your personal data.

1) Our Contact Details

If you have any questions or concerns regarding the processing of your personal data, please feel free to contact us: Wings for Life, Fürstenallee 4, 5020 Salzburg; or via E-Mail at:

2) Purposes of Processing and Their Legal Basis

We use your personal data for the following purposes:

a) Acquisition of donations by attracting new and retaining existing donors for the fulfilment of the statutory purposes of the organisation pursuant to Article 6 (1) (f) GDPR (legitimate interest)

b) Administration of received donations pursuant to Article 6 (1) (b) GDPR (fulfilment on contract)

c) Creation and administration of charity events on our homepage pursuant to Article 6 (1) (f) GDPR (legitimate interest)

d) Creation and administration of fundraising campaigns on our homepage pursuant to Article 6 (1) (f) GDPR (legitimate interest)

e) Administration of contact details when contacting us via the contact form on our homepage pursuant to Article 6 (1) (f) GDPR (legitimate interest)

f) Administration of active and former members pursuant to Article 6 (1) (b) GDPR (fulfilment of contract)

g) Administration of active and former sponsors, partners, and ambassadors pursuant to Article 6 (1) (b) GDPR (fulfilment of contract)

h) Procurement of sponsorship services for the fulfilment of organisational purposes pursuant to Article 6 (1) (f) GDPR (legitimate interest)

i) Fulfilment of tax obligations pursuant to Article 6 (1) (c) in conjunction with Section 18 (8) Income Tax Act

The provision of name data and bank details is required for the conclusion of bestowal contracts (donations/sponsorship services) and due to tax regulations, as well as money laundering regulations. Failure to provide the aforementioned data means that donations and sponsorship services cannot be accepted.

The provision of name data and birth data is also required due to the automated tax assessment for employees in order to ensure the fiscal recognition of the donations. Failure to provide the aforementioned data means that donations cannot be considered as special expenses for tax purposes.

3) Changes of Purpose

Personal data of donors, sponsors, and members processed on a contractual basis will also be used for direct marketing purposes on the legal basis of legitimate interest on behalf of the organisation’s objectives.

4) Description of Legitimate Interest

Personal data for the purpose of acquiring donations, sponsorship services, and general promotional activities to meet the organisation’s objectives will be processed on the basis of legitimate interest on behalf of the organisation in order to realise the statutory goals of the organisation.
The processing of personal data for the purpose of donation procurement constitutes legitimate interest pursuant to recital 47 GDPR if the processing is necessary for the fulfilment of legitimate interest and within reasonable expectations of the individuals concerned. The organisation pursues goals that are in the interest of the public pursuant to §4a Income Tax Act and §§34ff Austrian Federal Fiscal Code. The fulfilment of the organisation’s goals recognised by the public thus constitutes legitimate interest. The fulfilment of these publicly recognised goals is not possible without donations and they are therefore a necessity.
In particular, we process personal data in order to ensure optimal advertising, thus enabling us to undertake targeted actions to fulfil the organisation’s goals. The main focus is on serving the interests of donors and sponsors optimally, as well as on avoiding scatter losses. This should also ensure that funds raised can be used as cost-effectively as possible in the interest of all supporters of the organisation.

5) Processed Categories of Data Based on Legitimate Interest

The following personal data is processed based on legitimate interest pursuant to Article 6 (1) (f) GDPR:

  • Master data
  • Contact details
  • Interests
  • Communication history

6) Transmission of Personal Data

For the purposes mentioned above, we transmit your personal data to the following recipients:

  • IT service providers hired by us
  • Service providers/agencies from the fundraising sector hired by us
  • Printing house
  • In pseudonymised form to US service providers (Cookies, e.g. Google Analytics, Facebook)

The following data is transmitted to countries outside the EU as part of data processing:

Application: Google Analytics

  • Country: USA (EU-US Privacy-Shield)
  • Data types: anonymised IP address, website title, browser-specific information, website usage information

Application: Facebook

  • Country: USA (EU-US Privacy-Shield)
  • Data types: social plug-ins and pixels; IP address, website title, browser-specific information about the website usage with opt-in

The data protection level of Google LLC and Facebook is equivalent to the data protection level in the EU pursuant to the EU-US Privacy-Shield agreement and thus constitutes a level of data protection appropriate to the European area.

Application: Mouseflow

This website uses Mouseflow: a website analytics tool that provides session replay, heatmaps, funnels, form analytics, feedback campaigns, and similar features/functionality. Mouseflow may record your clicks, mouse movements, scrolling, form fills (keystrokes) in non-excluded fields, pages visited and content, time on site, browser, operating system, device type (desktop/tablet/phone), screen resolution, visitor type (first time/returning), referrer, anonymized IP address, location (city/country), language, and similar meta data. Mouseflow does not collect any information on pages where it is not installed, nor does it track or collect information outside your web browser. If you'd like to opt-out, you can do so at If you'd like to obtain a copy of your data, make a correction, or have it erased, please contact us first or, as a secondary option, contact Mouseflow at

For more information, see Mouseflow’s Privacy Policy at

For more information on Mouseflow and GDPR, visit

7) Storage Period

Your personal data is only stored by us as long as it is necessary to achieve the purposes set out in Point 2 and as permitted under applicable law. We store your personal data as long as there are legal retention periods or statutes of limitation regarding potential legal claims that have not yet expired.

8) Your Rights Concerning Personal Data

Pursuant to applicable law, you are - among other things - entitled to the following:

(i) to verify if and what kind of personal data about you has been stores and to request copies of said data

(ii) to request the restriction of the processing of your personal data; this is, in particular, helpful if you don’t want us to contact you in the future

(iii) to request the rectification, addition, or deletion of your personal data that is incorrect or has been improperly processed; the deletion of your data can only take place when all legal tax-related retention periods have expired; deleting your data will not prevent us from contacting you again in the future

(iv) to object to the processing of your data for the purpose of direct advertising/fundraising; in the event of processing taking place with your consent it can be revoked at any time

(v) to request - for the purposes of data transferability - the information you have provided to us in a structured, common, and machine-readably format or - if technically feasible - request the transfer to another person in charge

(vi) to file a complaint at the relevant authority if you believe that the processing of your data is unlawful

Contact details of the supervisory authority in Austria:

Österreichische Datenschutzbehörde
Wickenburggasse 8-10
1080 Wien
Telefon: +43 1 52 152-0
, E-Mail:
Last updated: 14.05.2018