Privacy Policy
© Shutterstock
AustriaTech AustriaTech auf Facebook AustriaTech auf Twitter AustriaTech auf LinkedIn AustriaTech auf Xing AustriaTech auf YouTube

Privacy policy

(information according to art 13 and 14 DSGVO)

AustriaTech - Federal Agency for Technological Measures Ltd. (hereinafter "AustriaTech" or „we “) is obligated to protection of personal data and privacy as well as data minimisation. The responsible handling of personal data is a top priority. AustriaTech has taken appropriate technical and organisational measures to ensure that the rules on the protection of natural persons with regard to the processing of their personal data are complied, from AustriaTech as well as our external processors. In the context of our professional activities, we process, as the controller within the meaning of Article 4 (7) of the General Data Protection Regulation 2016/679 (GDPR), your personal data.

Within this privacy policy, we want to inform you in a transparent manner, how your personal data is processed as well as your rights in connection with data processing. Personal data is all information which relates to an identified or identifiable person (e.g. name, date of birth). In case you have any questions please find our contact information below.

Who we are and how you can contact us

The controller within the meaning of the General Data Protection Regulation, other data protection legislation enacted at the national level by Member States and other data protection rules, is:

AustriaTech - Federal Agency for Technological Measures Ltd.
Raimundgasse 1/6
1020 Wien, Österreich
T: +43 1 26 33 444
F: +43 1 26 33 444-10

You can in touch with our data protection officer via:
AustriaTech - Federal Agency for Technological Measures Ltd.
Raimundgasse 1/6
1020 Wien, Österreich

Data processing in connection with our business activities

We process personal data in compliance with the relevant data protection rules, especially General Data Protection Regulation and the Austrian Data Protection Act. Processing by us therefore only takes place based on a legal basis (art 6 (1) lit a - f DSGVO). All our employees entrusted with the processing are obliged to maintain the confidentiality of your data (data secrecy). AustriaTech does not carry out automated decision-making.

Purposes and legal basis

We process personal data for the purposes of the provision of our services/ performance of a contract, compliance with a legal obligation (e.g. storage obligations or IVS law) as well as administration and business operations (internal documentation and administration).

The legal basis for processing personal data are performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract (art 6 (1) lit b DSGVO); the fulfilment of legal obligations (art 6 (1) lit c DSGVO) as well as our legitimate interests (art 6 (1) lit f DSGVO), in particular the interests of asserting or defending our own legal claims as well as the internal administration in the company.

For the conclusion of a contract, the provision of certain personal data is required by law or contract, to which the person concerned is obligated; otherwise no conclusion of a contract (and therefore no provision of services) is possible.

Who receives your data?

We will only disclose your data if there is a valid legal basis for such disclosure. In any case, your data will only be disclosed to the extent necessary for the respective purpose, required by the respective legal provision, specified by you in the case of consent or covered by any legitimate interests. In principle, AustriaTech does not intend to transmit personal data to recipients in third countries or international organizations.

We disclosure your personal data only to the extent necessary, in particular to the following recipients:
Legal representatives, Tax consultants or auditors, Fiscal authorities, Courts and authorities, Austrian Court of Auditors, Banks, Social insurance agencies, Insurances, Service providers, Accounting and Controlling

Data processing in connection with the operation of our website

Provision of the website and creation of log files

Each time you access our website (, your terminal device (e.g. computer) or browser automatically transmits certain information in order to enable you to visit and operate the website:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (page/content to be retrieved)
  • Access Status/HTTP(S) Status Code
  • Browser and browser version
  • Operating system and its interface

These data are stored only temporarily stored in log files of our system. The legal basis for the processing of the data and their temporary storage in log files is our legitimate interest pursuant to art 6 (1) lit f DSGVO. Temporary storage of the data provided by the system is necessary to enable delivery of the website to the user's computer. The data is stored in log files in order to ensure the functionality of the website. In addition, the data serve to optimise the website and to ensure the security of our information technology systems, in particular to guarantee the integrity, confidentiality and availability of the data processed via our website. These data are not stored together with other personal data of the user.

Third party websites: Some parts of our website (e.g. in our news) contain hyperlinks to and from third party websites. If you follow a hyperlink to one of these websites, please note that we cannot assume any responsibility or guarantee for third-party content or data protection conditions.

Use of cookies

Our website uses cookies. Cookies are tiny text files that are stored in your browser. When a user visits a website, a cookie can be stored on the user's system. This cookie contains a characteristic string of characters that uniquely identifies the browser when you return to the site. The stored information is either sent back to the website that generated it (First Party Cookie) or to another website to which it belongs (Third Party Cookie). This makes it possible to recognise that the website was called up with the respective browser and changes e.g. the display of content or similar.

Some functions of our website may no longer be fully usable without the use of cookies. In this context, our legitimate interest lies in the processing of personal data pursuant to art 6 (1) lit f DSGVO. The first party cookies used by us, can only be recognised by the page from which the cookie originates, but not across several domains.

We use the cookie consent banner of the service JuraFox, of the law firm Rahel Fischer-Battermann, Kirchring 55, 26831 Bunde, Germany, on our website for cookie consent management. A cookie consent banner is used to obtain the legally required consents for the use of cookies and tracking tools. JuraFox stores your consents and settings that you have given when entering the website. For this cookie consent banner, JuraFox uses cookies. The cookies are stored across devices for the purpose of analysing your usage behaviour while visiting our website. The following personal data is collected by JuraFox:

- date and time of your request
- (IP) address used

This data is usually transmitted to a JuraFox server in Germany and stored in Germany. Germany is a member state of the European Union (EU) and the European Economic Area (EEA) and therefore not a so-called third country. The legal basis for the processing of personal data is Art. 6 I lit. c DS-GVO, as we are obliged to obtain your legally required consent for the use of cookies. The collected data will be stored until you request us to delete it or until you delete the JuraFox cookie yourself or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. If you wish to revoke these consents, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked again for your cookie consent. Further information on the use of data for advertising purposes by JuraFox, setting and objection options are available on the JuraFox website at

Our website uses functions of the web analysis service MATOMO (formerly PIWIK) of InnoCraft Ltd. (150 Willis St, 6011 Wellington, New Zealand). Cookies are used to analyse the use of the website by its users. Matomo is installed on a server at AustriaTech. Your IP address is recorded, but immediately anonymised (deletion of the last 2 bytes). This means that only a rough localisation is possible. Therefore, no personal data is stored for statistical evaluations.

Data processing is based on the legal provisions of § 96 (3) TKG and art 6 (1) lit a (given consent) and/or f (legitimate interest) of the DSGVO. Our legitimate interest is the improvement of our offer and our website.

As a user, you have the possibility to block or restrict cookies completely. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can longer be used to their full extent.

Contact us by email

When you contact us by e-mail, we collect and process your e-mail address and the request you have given us, as well as any data that you additionally provide or which you make available to us by attaching documents. The purpose of data processing is to document, process and respond to your contact enquiry. Data processing is carried out based on AustriaTech's legitimate interest in communication with the users of the website (art 6 (1) lit. f DSGVO).

The basis for this is our legitimate interest in the proper documentation, processing and answering of the request (art 6 (1) lit. f DSGVO). In the event of contact being established in an upright customer relationship or the initiation of a business relationship, we rely on the performance of a contract or pre-contractual measures (art 6 (1) lit b DSGVO).

Personal data which you voluntarily disclose to us in response to inquiries will be stored by us for the purpose of providing the associated processing and keeping of records (up to 3 years after completion or termination), unless a longer storage period is also necessary for purposes of fulfilling a legal obligation or for asserting or defending legal claims.


You can subscribe to our newsletter via our website by giving your consent, with which we will keep you informed about our latest news. To do this, we need your e-mail address and your declaration that you agree to receive the newsletter. As soon as you have subscribed to the newsletter, we will send you a confirmation e-mail with a link to confirm your subscription. For this purpose, we process the email address you provide.

In addition, we analyse the newsletter in aggregated form by analysing on whether the newsletter was opend (yes/no) ("opening rate"), which articles of the newsletter were clicked on ("click behaviour"). For analysis, the tool Effairs of the company 1701 digital solutions GMBH (1701 digital solutions GMBH, Rechte Kremszeile 62a/13, 3500 Krems), a cloud hosting service, is used, which tracks anonymously by default and generates DSGVO-compliant statistics. The privacy policy of Effairs can be found here:

The processing of your email address is based on your consent according to § 107 Telecommunications Act and art 6 (1) lit a DSGVO. You have the right to revoke your consent at any time. To declare your revocation, please click on the unsubscribe link in the respective newsletter or contact us at This revocation does not affect the lawfulness of the processing which took place due to the consent up to the revocation.

Your unsubscription from the newsletter will automatically be noted in the newsletter database. This note means that you will not receive any further newsletters from the time you unsubscribe. The final deletion of your data will take place within one month calculated from the day you unsubscribe, as long as there are no legal obligations to store the data and we do not need the data in individual cases to defend against or enforce legal claims.

Your consent to receive the newsletter will be stored for a period of 12 months from the date you unsubscribe from the newsletter.

We base the processing of your voluntarily given information as well as the analysis of the data on the legitimate interests of AustriaTech (art 6 (1) lit f DSGVO). After unsubscribing from the newsletter, your declaration of consent will continue to be stored on the basis of legitimate interests (art 6 (1) lit f DSGVO). The legitimate interests of AustriaTech consist in the necessary documentation of your consent given for evidence purposes.

Social Networks

There are no social media plugins integrated on our website. However, AustriaTech uses the following services: Twitter (AustriaTech), Facebook(Austriatech), LinkedIn(AustriaTech Gesellschaft des Bundes für technologiepolitische Maßnahmen GmbH), XING(AustriaTech - Gesellschaft des Bundes für technologiepolitische Maßnahmen GmbH) and YouTube(austriatech).

When using these services, please note that this data will be stored and used for business purposes in accordance with the service's data privacy policy. AustriaTech has no influence on data collection and its further use by the social networks. Thus, there is no knowledge of the extent to which, where, and for how long the data will be stored, the extent to which the networks will comply with existing deletion obligations, which evaluations and links will be made with the data, or to whom the data will be passed on. We may process the data you publish on our services to the extent that we retweet/share/reply/reference public content (e.g. messages).

Twitter: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 USA. Responsible for data processing (for persons living outside the USA) is: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. For more information on Twitter processing, please refer to Twitter's Privacy Policy: Twitter Inc. is committed to the principles of the EU-US Privacy Shield. You can find out more here:

Facebook: Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025 For more information about Facebook's processing, please refer to Facebook's Privacy Policy:

Facebook, Inc. is committed to the principles of the EU-US Privacy Shield. You can find out more here:

LinkedIn: LinkedIn Corporation, Legal Department - Privacy, 1000 W. Maude Ave.

Sunnyvale, California 94085. For more information about LinkedIn's processing, please see LinkedIn's privacy statement:

LinkedIn Corporation is committed to the principles of the EU-US Privacy Shield. You can find out more here:

XING: XING SE, Dammtorstrasse 30, 20354 Hamburg, Germany. For more information on processing by XING, please refer to XING's Privacy Policy:

YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Please see YouTube's Privacy Policy for more information about YouTube's processing:

Your rights in connection with data processing

In principle, data subjects have the rights to information, correction, deletion, restrict processing, data portability, object and to file a complaint.

If the respective statutory requirements are met, you can assert the following data subject rights.

Right to information:
Once your identity has been verified, you may request confirmation from AustriaTech as to whether your personal data is processed and request access to the data and information pursuant to art 15 DSGVO.

Right to correction:
You can request correction of data if we process incorrect or incomplete data about you (art 16 DSGVO).

Right to deletion:
You can request the deletion of the personal data concerned if the requirements of art 17 DSGVO are met.

Right to restrict processing:
You can request the restriction of the processing of your data if it is not clear whether they are incorrect or incomplete or are processed unlawfully until the question has been finally clarified (art 18 DSGVO).

Right to object
In the case of processing based on legitimate interests (art 6 (1) lit. f DSGVO), you have the right to object to the processing of your personal data pursuant to art 21 DSGVO if there are reasons for doing so which arise from your particular situation. In the case of processing for the purpose of direct marketing, this right exists without restrictions.

Revocation of consent
You are entitled to revoke your consent to the processing of personal data at any time. The revocation of consent does not affect the legality of the processing carried out based on consent until revocation.

Right to data portability
You have the right to data portability of your data, provided that the processing is based on your consent (art 6 (1) lit a) or on a contract (art 6 (1) lit b) to which you are a party and the processing is carried out using automated procedures (art 20 DSGVO).

Right to file a complaint
You have the right to complain to the Data Protection Agency responsible for you (in Austria this is the data protection authority, if you are of the opinion that the processing of your personal data violates the DSGVO or your affected rights have been violated.

To assert the aforementioned rights of data subjects, please contact us by letter or e-mail at the above-mentioned contact (“Who we are and how you can contact us") or directly at the following e-mail address:

Validity and amendment of this data privacy policy

We always keep our privacy policy up to date and make adjustments where necessary. The current version of our Privacy policy can be found at

Last updated 17.07.2019