Privacy policy - Information to be provided under Art. 13 and 14 GDPR

Note that this document only refers to types of processing applicable to visitors of the English website. The Website in German language offers more functions and has a more extensive declaration.

a) The controller is the Austrian data protection authority (Österreichische Datenschutzbehörde), Wickenburggasse 8, 1080 Wien, Telefon: +43 1 52 152-0, E-Mail: dsb@dsb.gv.at

b) The data protection officer is Thomas Sonnenschein (E-Mail: dsb@dsb.gv.at or telephone +43 1 52 152-0). The data protection officer does not answer general inquiries.

c) The data are processed for the following purposes under the given legal basis:

ca) Processing of requests and complaints (GDPR, Austrian legislation on data protection and administrative procedure).

cb) Organisation of conferences, meetings and other events (Art. 57 para. 1 lit. c GDPR).

cc) Administration of the website of the Austrian DPA (Art. 57 para. 1 lit. c GDPR).

d) The following categories of data are processed:

da) Processing of requests and complaints: Name, address, function in the case (party, witness, other), the information contained in the requests or complaints and information gained in the course of the procedure.

db) Organisation of conferences, meetings and other events: Name, address, telephone a fax number, cause for invitation or participation, attendance.

dc) Administration of the website of the Austrian DPA: IP-Address, visited pages, date and time, Information about attack or illegal access.

e) The recipients of case data are other parties, other authorities, witnesses or experts.

Data can be used to query external databases (telephone directories, WHOIS-databases or similar). The data transmitted in these cases is limited to the name or other properties needed for the query. The cause for the query is not transmitted.

The data of the recipients of our newsletter are not transmitted to other parties. The data is hosted by the Federal Ministry of Constitutional Affairs, Reforms, Deregulation and Justice as a processor.

Data about website visitors is only transmitted if an attack or illegal access must be investigated.

f) The data is normally not transmitted to other parties. Transfers can occur during legal proceedings, as per the applicable laws.

g) The data will be stored and deleted according to the administrative provisions.

h) The right of access can be exercised (Art. 15 GDPR). The right to Right to rectification is available, but cannot be used to change decisions (Art. 16 GDPR).

The right to erasure exists, but will be inapplicable in most cases because the data protection authority processes data in compliance with legal obligations which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Art. 17 para. 3 lit. b and d GDPR).

The right to object (art. 21 GDPR) is available and can be used to

i) A complaint to the data protection authority is possible.

j) The provision of personal data can a statutory requirement in some legal proceedings. Failure to provide such data can lead to dismissal of a complaint (content of a complaint, sect. 24 para. 2 Datenschutzgesetz).

k) No automated decision-making takes place.

l) No further processing takes place. Decisions can be published in anonymized form.