Privacy Policy

Privacy policy for the Roots of Change platform.

1. Controller

The controller responsible for data processing within the Roots of Change platform is:

[Name/Institute/Johannes Kepler University Linz]

2. Purpose of Data Processing

The platform promotes sustainable behavior through challenges. Personal data is processed to:

authenticate users through SSO sign-in
enable participation in challenges
manage progress and rewards
process proof submissions such as images or QR scans
ensure platform functionality and security

3. Data Categories

The following data may be processed when using the platform:

Account data: user ID and, where applicable, name via SSO
Usage data: progress, challenge participation, and activity
Upload data: uploaded images used to verify challenges
Technical data: timestamps, QR scan data, and device information

4. Legal Bases

Processing is based on:

Art. 6 para. 1 lit. b GDPR, performance of a contract through platform use
Art. 6 para. 1 lit. a GDPR, consent, especially for image uploads

5. Data Retention

Personal data is stored only as long as required for platform use or legal retention obligations.

6. Data Sharing

Data is generally not shared with third parties except:

to provide the platform technically, such as hosting
where legally required

7. Data Subject Rights

Users have the right to:

access under Art. 15 GDPR
rectification under Art. 16 GDPR
erasure under Art. 17 GDPR
restriction of processing under Art. 18 GDPR
data portability under Art. 20 GDPR

8. Data Security

The platform uses appropriate technical and organizational measures to protect data against unauthorized access.