/ Privacy Policy

Privacy Policy of Stopline

nic.at GmbH operates the www.stopline.at portal.  Stopline is a centre for reporting illegal content (child sexual abuse material within the meaning of section 207a Austrian Criminal Code and evidence of endorsement with National Socialist ideology on the internet, according to the National Socialism and Insignia Act) on the internet. We help to protect the public interest.

nic.at GmbH is obligated to use your personal data in accordance with the law, in connection with reports submitted via stopline.at. We handle your data with the utmost care and in accordance with the principles of the GDPR. 

What is the GDPR?

The GDPR is the European General Data Protection Regulation, which applies directly in all EU member states as of 25 May 2018. It protects natural persons with regard to the processing of personal data, and sets out a range of obligations for those who process personal data to provide information and clarification. This means data controllers and those who process data for them. The GDPR also establishes numerous rights and legal remedies for persons whose data is processed (“data subjects”). Austria has enacted additional measures to the GDPR in its Datenschutzgesetz (Data Protection Act).

The text of the GDPR can be found here: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679.

The text of the Austrian Data Protection Act, together with a translation, can be found here: https://www.ris.bka.gv.at/Dokumente/Erv/ERV_1999_1_165/ERV_1999_1_165.pdf.

We are committed to transparent communication about the processing of your data. Below you will find details regarding the way we handle your personal data as well as your individual data protection rights.

Controller according to the GDPR

Stopline c/o nic.at GmbH

Jakob-Haringer-Straße 8/V
5020 Salzburg
Austria

E: office@stopline.at 

1 How we handle your data

1.1 Data collection on our website

Protecting the personal data of the people who report potentially illegal material is very important to us. The following statement gives you an overview of what we do to safeguard your privacy. We inform visitors to our website what data we collect and for which purposes, and the means by which their data is used at any time.

You can either report illegal content anonymously, or, if you prefer, by using your e-mail address. An online form is provided which you can use to give details of the source or URL (i.e. web address) of the content and any additional information you wish to share. We use this information to check whether the content is in fact illegal. Any personal data relating to the individual who made the report are treated with confidentially and – as necessary – only processed in connection with locating and assessing illegal content. Such data will be deleted at the earliest possible opportunity.

All data is processed exclusively by selected, specially-trained employees. It will not be used for any other purpose than checking and reporting any illegal content on the internet.

The only possible recipients of such data are – provided the checked content is deemed illegal – the executive bodies responsible for prosecuting such cases, i.e. the Austrian Federal Criminal Police Office (BK) and the Federal Office for Protection of the Constitution and Counterterrorism (BVT), the affected providers and any affected members of the INHOPE umbrella organisation (https://www.inhope.org/).

1.2 Contact/ordering brochures

If you contact Stopline via e-mail, using the website contact form or to order brochures from www.stopline.at, the data you provide will be save for the purposes of processing your request and dealing with any follow-up questions.

1.3 Cookies on our website

Data are also collected and processed when you visit our website. The extent to which and the purposes for which we collect and analyse anonymous data on our website are described under point 4.1 "Cookies”. Among other things, you have the option of revoking your consent to the use of cookies on our website with effect for the future by calling up our Cookie Einstellungen...Cookie Settings.

1.4 Legal basis and purpose of data processing

Data are collected and processed first and foremost as follows:

  • reported URL for a purposeful retransmission, in which we have a legitimate interest
  • for the purpose of sending requested Stopline material (e.g. folder, annual report, etc.)
  • anonymous user behaviour provides the basis for optimising the performance of our website, in which we have a legitimate interest

1.5 Our processors

nic.at GmbH carefully selects the service providers who process personal data on our behalf. If we commission third parties to process personal data on the basis of a data processing agreement, this is done in accordance with Art. 28 of the GDPR.

2 Your data protection rights

You have the right to receive information at no cost regarding personal data of yours that has been saved, the right to correct incorrect personal data relating to you, and to the erasure of your personal data, to the extent that it is not subject to statutory storage obligations. You also have the right to restrict processing and a right to withdraw consent to the processing of your personal data. 

Right to lodge a complaint with a supervisory authority
In accordance with Art. 77 of the GDPR, you have the right to complain to a data protection authority regarding the illegal processing of your data by us. As a rule, you can contact the data protection authority at your usual place of residence or workplace or at the headquarters of our company. 

The responsible data protection authority for Stopline is:
Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Wien, Österreich
Tel.: +43 1 52 152-0, dsb@dsb.gv.at

3 Security of personal data

The security of your personal data is of particular concern to us. Therefore, in accordance with Art. 32 of the GDPR and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.

These measures shall include, but not be limited to, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, disclosure, safeguarding of availability and segregation of data relating to them. Furthermore, we have established procedures to ensure that data subjects' rights are exercised, data is deleted, and we respond to data threats. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware and software, in accordance with the principle of privacy by design and through data protection-friendly pre-settings in accordance with Art. 25 of the GDPR. 

Information security is of considerable importance for the protection of data. Therefore, nic.at GmbH is certified according to the international standard ISO 27001 in order to be able to offer the greatest possible security.

Our understanding of security is also requested from the processors we use.

4 Technologies on our website

Cookies and Local Storage

We use cookies to make our website as user-friendly and functional as possible for you. Some of these cookies are stored on the device you use to access the site. 

Cookies are small packages of data that are exchanged between your browser and our web server whenever you visit our website. They do not cause any damage and are used solely to recognise website visitors. Cookies can only store information provided by your browser, e.g. information that you have entered into your browser or that is available on the website. Cookies cannot execute code and cannot be used to access your terminal device. 

The next time you access our website using the same device, the information stored in the cookies can then either be sent back to us (“first-party cookie”) or to a web application of third party to whom the cookie belongs (“third-party cookie”).  The information that is stored and sent back allows each web application to recognise that you have already accessed and visited the website using the browser on your device. 

Cookies contain the following information:

  • Cookie name
  • Name of the server from which the cookie originates
  • Cookie ID number
  • An expiry date, after which the cookie will be automatically deleted

We classify cookies in the following categories depending on their purpose and function:  

  • Technically necessary cookies, to ensure the technical operation and basic functions of our website. These types of cookies are used, for example, to maintain your settings while you navigate our website; or they can ensure that important information is retained throughout the session (e.g. login, shopping cart). 
  • Statistics cookies, to understand how visitors interact with our website by collecting and analysing information on an anonymous basis only. In this way we gain valuable insights to optimize both the website and our products and services. 
  • Marketing cookies, to provide targeted promotional and marketing activities for users on our website.
  • Unclassified cookies are cookies that we are trying to classify together with individual cookie providers.

Depending on the storage period, we also divide cookies into session and persistent cookies. Session cookies store information that is used during your current browser session. These cookies are automatically deleted when the browser is closed. No information remains on your device. Persistent cookies store information between two visits to the website. Based on this information, you will be recognized as a returning visitor on your next visit and the website will react accordingly. The lifespan of a persistent cookie is determined by the provider of the cookie.

The legal basis for using technically necessary cookies is our legitimate interest in the technically fault-free operation and smooth functionality of our website. The use of statistics and marketing cookies is subject to your consent. You can withdraw your consent for the future use of cookies at any time. Your consent is voluntary. If consent is not given, no disadvantages arise. For more information about the cookies we actually use (specifically, their purpose and lifespan), refer to this Privacy Policy and to the information in our cookie banner about the cookies we use.

You can also set your web browser so that it does not store any cookies in general on your device or so that you will be asked each time you visit the site whether you accept the use of cookies. Cookies that have already been stored can be deleted at any time. Refer to the Help section of your browser to learn how to do this.

  
Please note that a general deactivation of cookies may lead to functional restrictions on our website. 

On our website, we also use so-called local storage functions (also called "local data"). This means that data is stored locally in the cache of your browser, which continues to exist and can be read even after you close the browser - as long as you do not delete the cache or data is stored within the session storage. 

Third parties cannot access the data stored in the local storage. If special plug-ins or tools use the local storage functions, you are informed within the description of the respective plug-in or tool. 

If you do not wish plug-ins or tools to use local storage functions, you can control this in the settings of your respective browser. We would like to point out that this may result in functional restrictions.

Hosting

In the context of hosting our website, all data that arises in connection with the operation and use of the website is processed. This includes, in particular, content data, usage data, communication data, and technical data that are necessary for providing and securely operating the website.

The storage and processing of this data is necessary to enable access to the website, ensure the stability and security of the online offering, and to technically optimize the website.

To provide our online presence, we use the services of external web hosting providers. In this context, the data generated during the operation of the website is transmitted to these service providers or processed by them on our behalf. Processing is carried out exclusively in accordance with legal requirements and based on contractual agreements for data processing on behalf.

Further information on the handling of personal data in connection with hosting can be found in the privacy policy of this website.

JQuery Content Delivery Network

Provider: Fastly Inc, 475 Brannan St. Suite 300 San Francisco, CA 94107, USA
Purpose: Optimization of the loading speed of the website
Category: technically required
Recipient country: USA (third country)
Processed data: IP address
Data subjects: Website visitors
Technology: JavaScript libraries, Content Delivery Network (CDN)
Legal basis: legitimate interest (improvement of the website), US Data Privacy Framework certification.
Website: https://www.fastly.com/
Further information:
https://www.fastly.com/privacy/
https://www.fastly.com/data-processing/
https://www.fastly.com/terms/
https://www.fastly.com/acceptable-use/

We use the JavaScript library jQuery on our website. jQuery is provided via a Content Delivery Network (CDN). This service enables our website to load much faster, especially for users from abroad, as our website can be delivered from a server nearby.

The jQuery library primarily enables a modern design of our websites.
The developer of the jQuery JavaScript library is the jQuery team of the Open JS Foundation: https://jquery.org/team/, https://js.foundation/contact. To increase the loading speed of our website, we use the provider's CDN (Content Delivery Network) to load the jQuery library. Even if your browser already has a copy of the jQuery library in its cache, a connection to the jQuery server is established and your IP address is transmitted to the service provider.

The provider has distributed servers in various countries and a user's data can therefore be stored both in the USA and within the EU. The provider stores personal data on our behalf for as long as is necessary for the provision of our services and to fulfill our legal obligations.

Matomo Analytics

Provider: Matomo GmbH, Schönhauser Allee 36, 10435 Berlin, Germany
Responsible for technical development: InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand
E-mail address: privacy@matomo.org
Purpose: Web analytics, event tracking, conversion tracking, user-centered analysis
Category: Statistics
Recipient: New Zealand (cloud version), on-premise (self-hosting)
Processed data: Visit data (e.g. number of page views, dwell time, bounce rate), user behavior (e.g. clicks, conversions), anonymized IP addresses, browser and device data
Data subjects: Users of the website
Technology: Cookies (details in the cookie list), JavaScript, tracking pixels, local storage
Legal basis: Consent
Website: https://matomo.org
Further information:
https://matomo.org/gdpr-analytics/
https://matomo.org/100-data-ownership/
https://matomo.org/security/
https://matomo.org/matomo-cloud-privacy-policy/
https://matomo.org/privacy-policy/
https://matomo.org/terms/

We use the Matomo Analytics service on our website to gain detailed insights into the behavior of our users. The technical purpose is to measure the success of our website and our marketing measures and to optimize user-friendliness.

Matomo works by collecting data via JavaScript and tracking pixels. 

The following data is processed as part of the reach measurement: 

  • the browser type and version used
  • the operating system used
  • country of origin
  • date and time of the server request
  • the number of visits
  • time spent on the website 
  • and the external links clicked on

The information collected is stored either locally on a dedicated server or in the cloud. Matomo anonymizes IP addresses and uses cookies to recognize users without compromising their privacy. All relevant information about the cookies, including name, purpose of use and storage duration, is included in our detailed list of cookies used.

The storage period depends on the configurations. As a rule, the data is deleted after the expiry of statutory retention obligations. Additional details can be found in the linked further information. We recommend that you check these links regularly for changes.

Additional information on the rights of data subjects and the relevant contact details can be found in the general section of this privacy policy.

Server Log Files

For technical reasons, particularly to ensure a functioning and secure website, we process the technically necessary data about accesses to our website in so-called server log files which your browser automatically sends to us. 

The access data we process includes:

  • The name of the website you are accessing  
  • The browser type (including version) you use
  • The operating system you use
  • The site you visited before  accessing our site (referrer URL)
  • The time of your server request
  • The amount of data transferred
  • The host name of computer (IP address) you are using to access the site

This data cannot be traced back to any natural person and is used solely to perform statistical analyses and to operate and improve our website while also optimising our site and keeping it secure. This data is sent exclusively to our website operator. The data is neither connected nor aggregated with other data sources. In case of suspicion of unlawful use of our website, we reserve the right to examine the data retroactively. This data processing takes place on the legal grounds of our legitimate interest in maintaining a technically fault-free and optimal website.

The access data is deleted within a short period of time after serving its purpose (usually within a few days) unless further storage is required for evidence purposes. In such cases, the data is stored until the incident is definitively resolved.

SSL Encryption

Within your visit to our website, we use the widespread SSL procedure (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser. We use this encryption procedure on the basis of our justified interest in the use of suitable encryption techniques.

We also make use of suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments and kept state-of-the-art.

YouTube

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC (USA)
Purpose: Integration of Video Content, Collection of Statistical Data
Category: Statistics
Recipients: EU, USA
Data processed: IP Address, Website Visit Details, User Data
Data subjects: Users
Technology: JavaScript Call, Cookies, Device Fingerprinting, Local Storage
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.youtube.com
Further information: https://www.youtube.com/intl/ALL_at/howyoutubeworks/user-settings/privacy/
https://policies.google.com/privacy
https://safety.google/intl/en/principles/
https://support.google.com/youtube/answer/10364219?hl=en

On our website, we use the YouTube service to embed videos.

We have activated the extended data protection mode on YouTube. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch a video. However, the disclosure of data to YouTube partners is not excluded by the extended data protection mode.

As soon as you start a YouTube video, a connection to YouTube's servers is established. This tells YouTube which of our pages you have visited. If you are logged into your YouTube account, you thereby enable YouTube to assign your surfing behaviour directly to your personal profile. This can be prevented by logging out of your account.

Furthermore, YouTube can save various cookies on your end device after starting a video or use comparable technologies (e.g. device fingerprinting). YouTube also uses the local storage on your end device. In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts

5 Manage cookie settings

 


About cookies

You can set your browser so that the storage of cookies is generally prevented or you are asked each time whether you agree to the setting of cookies. Once set, you can delete cookies at any time. How this works can be found in the help function of your browser. 

Required

Technically necessary cookies are used to enable the technical operation of a website and make it functional for you. The use is based on our legitimate interest to provide a technically flawless website. However, you can generally disable the use of cookies in your browser. 

SurnamePurposeCreatorStorage timeDomain
cookieconsent_modeensures the functionality and usability of the page and is used to track errors.DataReporter GmbH12 monthswww.stopline.at
cookieconsent_statusensures the functionality and usability of the page and is used to track errors.DataReporter GmbH12 monthswww.stopline.at
stopline_sessioncounts the number of sessions and assigns an anonymous identifier to each visitor.2 hourswww.stopline.at
XSRF-TOKENensures the functionality and usability of the page and is used to track errors.2 hourswww.stopline.at

Statistics

Statistics cookies collect information about how websites are used to improve their attractiveness, content and functionality. A use takes place only with your consent and only as long as you have not deactivated the respective cookie.

SurnamePurposeCreatorStorage timeDomain
_pk_(ID)Contains information to help distinguish users from the page. Gathers data about user visits, such as which pages are relevant.Matomo/Piwik1 yearwww.stopline.at
_pk_ref.(ID)Contains information to help distinguish users from the page. Gathers data about user visits, such as which pages are relevant.Matomo/PiwikSessionwww.stopline.at
_pk_ses.(ID)Contains information to help distinguish users from the page. Gathers data about user visits, such as which pages are relevant.Matomo/Piwik30 minuteswww.stopline.at

Marketing

Marketing cookies come from external advertising companies and are used to collect information about the websites visited by the user. A use takes place only with your consent and only as long as you have not deactivated the respective cookie.

SurnamePurposeCreatorStorage timeDomain
NIDregisters a unique ID that identifies and recognizes the user. Used for targeted advertising.Googlewww.youtube.com

6 Actuality of this Privacy Policy

Due to further developments or changes in legal requirements, it may become necessary to adapt this Privacy Policy from time to time. The current Privacy Policy can be found and printed out by you at any time here on this website.

For questions regarding data privacy, you can reach us at office@stopline.at or at the other contact details stated in this Privacy Policy.

Salzburg,  18. June 2025

Download as PDF