Data Protection Declaration

General Statement

Data protection is our objective and our legal obligation. In order to adequately protect the security of your data during transmission, we use appropriate encryption methods (e.g. SSL/TLS) and secure technical systems based on the current state of technology. Javascript is used as an active component for the web pages. If you have deactivated this function in your browser, you will be notified appropriately to reactivate the function.

Who we are

SOP Hilmbauer & Mauberger GmbH, having its registered office at Siemensstraße 5, 3300 Amstetten, Austria and duly represented by Managing Directors Johann Hilmbauer and Gerald Mauberger

SOP Imprint

For any questions about data protection, please contact us via e-mail or on the phone +43 50 529.

Your Rights

According to the Basic Data Protection Regulation, you have the following rights:
If your personal data is processed, you have the right to obtain information about the data stored on your person (Article 15 GDPR).
Should incorrect personal data be processed, you have a right to correction (Article 16 GDPR).
If the legal prerequisites exist, you may request the deletion or restriction of the processing and file an objection against the processing (Articles 17, 18 and 21 GDPR).
If you have consented to the data processing or a data-processing contract and the data processing is carried out using automated procedures, you may be entitled to data transferability (Article 20 GDPR).
If you make use of your above-mentioned right, the public authority will check whether the legal requirements for this have been met.


Data privacy policy for the use of the website provided by our company (,

Contact to us

Should you contact us by means of a contact form on the website or via e-mail, the data you provide will be stored for five years or until further notice for the purpose of processing your inquiry as well as for further communication. Your data will not be passed on to any third party unless we are legally obliged to do so.


Our website uses the so-called cookies. These are small text files that are stored on your device by means of a browser. They don’t do any damage. We use cookies to make our website user-friendly. Some cookies remain stored on your device until you delete them. They make it possible for us to recognize your browser the next time you visit us.

If you do not wish this, you can set your browser so that it informs you about cookies and you allow this only in individual cases. When cookies are deactivated, the functionality of our website may be limited.

We greatly respect every person´s privacy. If you received marketing emails from us and would like to unsubscribe from any further information on our side, please send us an email. with the subject Unsubscribe. We will immediately remove you from any mailing lists.

For any questions about data protection, please contact us via e-mail or on the phone +43 50 529.


Mobility-Online Privacy Policy


When using Mobility-Online, the Client / Licensee acts as Data Controller.

SOP Hilmbauer & Mauberger GmbH, being a Contractor, acts as a Data Processor. The Data Processing is contractually regulated between each Client / Licensee and the company SOP Hilmbauer & Mauberger GmbH.

Single Sign-on (SSO)

SOP Hilmbauer & Mauberger GmbH provides SSO (Single Sign On) functionality for fully automatic data exchange between the clients´ ICT Services and Mobility-Online.

eduGAIN Platform Service Agreement

Name of the service


Description of the service

Complete provision of the software product "Mobility-Online" by the Contractor for the administration of the Client's international educational cooperation, including maintenance and support work.

Data controller and contact person

Data controller is the Institution where applicants send their applications to using Mobility-Online software. Contact persons are International Office staff responsible for processing the applications.


Any suit, action or proceeding in connection with the use of Mobility-Online shall be brought in the Court of the country of the Institution applicants are applying to via Mobility-Online.

Personal data processed

In case if the company SOP Hilmbauer & Mauberger GmbH is involved, it shall be AT, Austria, Amstetten. This set of attributes is the default and can vary between different Institutions.

For reference please see

Any one unique attribute for mapping uid




For creation of user account and personalized e-mail communication:

   common Name (urn:oid:

Optional attributes for pre filling application data:


Purpose of the processing of personal data

Offering the possibility to sign in to Mobility-Online with the credentials used at the relevant Institution.

Third parties to whom personal data is disclosed

Personal Data are not disclosed to Third Party Entities and are only aggregated and used within the context of an application or work in Mobility-Online.

How to access, rectify and delete the personal data

To access, modify, rectify or delete the data stored in Mobility-Online or released by an Institution, International Office Staff at s relevant Institution responsible for the application is to be contacted.

Data retention

Personal data is deleted on request of the user. Accounts may be suspended after the user completed the mobility or stopped working with Mobility-Online.

Data Protection Code of Conduct

Personal data will be protected according to the Code of Conduct for Service Providers, a common standard for the research and higher education sector for privacy protection.



While using Mobility-Online, the customer/licensee acts as the data controller. They are the institutions to which the applicants submit their application documents using the Mobility-Online software. Contact persons are the relevant employees of the international office who are responsible for processing the applications. SOP Hilmbauer & Mauberger GmbH as contractor acts as the data processor. By contractual agreement, data processing is regulated between each customer/licensee and SOP Hilmbauer & Mauberger GmbH (hereinafter SOP).

Login per eIDAS

As part of the application process, Mobility-Online provides the option of logging in with a European eID. Personal data is processed while logging in.

The purpose of processing

Data provided by the respective eID systems is used to create a user account in Mobility-Online; this enables the applicant to log in to Mobility-Online with his/her eID. If this data is not provided, logging in via eID is not possible and a user account needs to be created alternatively. The data will only be processed by the institution which is responsible for the data and the SOP company within the scope of their contract. Data will not be passed on to third parties.

Processed personal data

The unique ID, as well as the first name, last name, and date of birth, are processed.

Legal background

The processing of data serves to initiate an agreement between the applicant and the data controller (Art. 6 para. 1 letter b) GDPR).

Rights of data subjects

A data subject has the right to obtain information about personal data concerning him or her, to have such data transferred, and to rectify, erase, restrict or object to processing.

Should a data subject believe that his or her rights have been insufficiently complied with, he or she has the right to submit a complaint to a data protection authority.


For any access, modification, correction, or deletion of data stored in Mobility-Online, the staff of the institution's international office responsible for applications should be contacted.

Any legal claim, action, or proceeding related to the use of Mobility-Online will be handled by the court in the country of the institution to which the applicant is applying using Mobility-Online.

In the event that the company SOP Hilmbauer & Mauberger GmbH is involved, this will be in AT, Austria, Amstetten. This set of attributes is the default setting and may vary from institution to institution.

Duration of storage

The data is used to manage the application process. In addition, personal data is stored depending on the legal requirements of the institution which is responsible for the data.