Protection of personal data
The Austrian Energy Agency respects the privacy of its users. All information is treated confidentially in accordance with the applicable data protection regulations (General Data Protection Regulation, Austrian Federal Data Protection Act, Austrian Federal Telecommunications Act). Data will not be passed on to third parties without your consent. Data processing is carried out in any case and according to the applicable legal situation on the basis of the legal provisions of § 96 para. 3 of the Austrian Federal Telecommunications Act (TKG) as well as Art. 6 para. 1 lit. a (consent) and/or f (legitimate interest) of the General Data Protection Regulation (GDPR).
The Austrian Energy Agency collects personal data only to the extent necessary for a specific purpose. The information will not be further used for a purpose incompatible with this purpose. Although you can view most Internet pages without providing any personal information, in some cases personal information is required in order to provide the online services you have requested.
For all privacy related inquiries please contact datenschutz(at)energyagency.at.
In order to be able to evaluate user behavior on the websites, we uses an open source web application for web analytics called Matomo. We use Matomo to obtain information about the use of the individual component of the website. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR.
Matomo processes these data:
- IP address, so that the last two numbers of your IP address are encrypted (2-bit encryption).
- city, region, country, longitude/latitude,
- browser, browser version, device type, operating system,
- user agent, pages visited files clicked and downloaded
- links to an outside domain that were clicked
- screen resolution
- session recording storing the HTML page, and all mouse events (movements, scrolls, locations and clicks), and keypresses
- search terms used on an internal mobile’s or web properties’ search engine
- custom dimensions and custom variables (any personal or non personal data the controller wishes to process)
- custom events
- content pieces
- User ID
- ecommerce order ID, order dDate
- ecommerce abandoned carts
- media titles and URLs
- participation in A/B tests.
Cookies are small data packets that are exchanged between your browser and the/our web server when you visit our website. They do not cause any damage and only serve to recognize the website visitor. Cookies can only store information supplied by your browser, i.e. information that you yourself have entered into the browser or that is present on the website. Cookies cannot execute code and cannot be used to access your terminal device.
The next time you visit our website with the same terminal device, the information stored in cookies may subsequently be sent back either to us ("first-party cookie") or to a third-party web application to which the cookie belongs ("third-party cookie"). Through the stored and returned information, the respective web application recognizes that you have already called up and visited the website with the browser of your end device.
We use Wonder as a video conferencing system. When you use Wonder, your data (name, email, IP address) will be processed.
Before using Wonder, you must give your consent.
Examples of cookies that "Wonder" uses:
- Session cookies: are necessary to use the service.
- Preference cookies: are used to store settings and usage instructions.
- Security cookies: are necessary for security settings.
Your data will transmitted to Wonder. Server location is in the US. There is not the level of data protection that corresponds to the standards of the EU. In particular, US intelligence agencies can access your data without your approval, you won’t be able to take legal action against them.
Click for the privacy statement of "Wonder”: https://wonder.me/policies/privacy-policies
The Austrian Energy Agency has concluded a data processing agreement with Wonder.
We process your personal data in connection with the implementation of telephone conferences, online meetings and video conferences as well as webinars using Webex/Cisco. Webex is Part of the Cisco Systems Inc. group.
The following data are processed: Name, first name, e-mail address, IP address.
You can turn off the microphone as well as the video function of the terminal device at any time. If a seminar is recorded, the participants will be informed in advance and can thus submit an objection. Cisco Systems Inc. is based in the USA. The USA does not have a level of data protection that corresponds to the standards of the EU. In particular, US intelligence agencies can access your data without you being informed and without you being able to take legal action against them.
Click for the privacy statement of "Webex/Cisco”: https://www.cisco.com/c/de_at/about/legal/privacy-full.html
The Austrian Energy Agency has concluded an DPA with Cisco Systems Inc.
The company headquarters of dsign Systems GMBH is located in Germany. We have concluded a DPA with dsign Systems GMBH. Taskcards is a digital pinboard. The following data is sent to the company when you use the tool: name, age, address, IP address and usage-behavior when visiting a website. We have concluded a DPA with dsign Systems GMBH.
Click for the privacy statement of "Taskcards”: https://www.taskcards.de/#/home/start
Lamapoll is operated by Lamano GmbH & Co. KG. We use Lamapoll for online surveys. The following data is processed: Your IP address, as well as browser data. Lamapoll stores your data for 7 days.
We have concluded a DPA with Lamapoll.
Mentimeter AB is a Swedish company. We use Mentimeter for online surveys through our Webex account. Mentimeter stores the following personal data: IP address, email address, browser.
It is not possible to conclude a DPA with Mentimeter. The IP address of the presenter is stored permanently until revoked. The IP address of survey participants is stored for 12 months,
Mentimeter is hosted in the EU, there are also servers in the USA. There is a risk that your personal data, will be stored in servers in the USA. The USA does not have a level of data protection that corresponds to the standards of the EU. In particular, US intelligence agencies can access your data without you being informed and without you being able to take legal action against them.
You can find Mentimeter's privacy statement here: https://www.mentimeter.com/privacy
On this website you can contact to Twitter. Only when you click on the corresponding buttons will contact be made to the server of Twitter and your data (IP-address, End device used, browser type) transmitted.
By clicking on the Twitter icon, data is sent to Twitter. Twitter is subject to the US Cloud Act. In the event of a government request to Twitter, data must be released. Klick for Twitter privacy statement: https://twitter.com/en/privacy
The sending of newsletters with current information, notice of events etc. is based on your registration in the list of recipients. In each newsletter, you have the option of withdrawing this consent to the processing of your personal data by "opting out" of the list of recipients.
By subscribing to the newsletter, the following data is collected: First name, last name, e-mail. The data is transmitted to our order processor sendinblue GmbH. The Austrian Energy Agency has concluded an data processing agreement with Sendinblue.
You can revoke your consent at any time using the unsubscribe option in the respective newsletter or by email email@example.com. Your data will be stored until you revoke your consent or the newsletter service is discontinued.
If you register for the CA-RES Plenary Meetings of other Events that we organise, we will process the personal data you provide (e-mail, name, company) in order to put you on the guest list of our event as requested. This data is necessary for administration and will be processed with external processors if necessary. If you do not wish to receive any further event invitations, you can revoke this at any time by email: firstname.lastname@example.org or in the respective event invitation. Kindly note that we use your data only for internal purpose.
We do our utmost to make your visit and use of our website as secure as possible. We therefore comply with the provisions of Article 32 of the General Data Protection Regulation (GDPR) to ensure the confidentiality and security of your personal data and take appropriate technical and organisational security measures.
Image & video material:
During Plenary Meetings, the CA-RES Coordination team will take photographs, which will be used for the final publication. The final publication will be publicly disseminated. The photos will be stored securely. If you would prefer for you not to be photographed, please let the CA-RES coordination know. We will never share your information with third parties for any marketing purposes. If you would like to see your images, or would like us to delete them after the meeting, please email us to email@example.com
Recordings taken during virtual meetings are only for internal purposes of the CA-RES4 and will be visible only in the secure area of the CA-RES Webpage.
Information about your rights:
You have the right to obtain information about the data we hold about you. In addition, you can submit requests for correction of your data or restriction of the processing of your data if there are uncertainties that need to be clarified. You can object to the processing of your data. You can submit a request for deletion of your data. You can submit a request for the transfer of your data in a machine-readable format. You can submit a request against exclusively automated decision-making, except in cases of processing by consent, contract or existing legal bases for processing.
You may withdraw any consent you have given. The consequences may be a failure to treat the interests you have disclosed.
Duration of the storage of personal data:
Business transactions in general
For reasons of tax law and company law, business-relevant documents must be kept for 7 years in accordance with § 132 of the Austrian Federal Fiscal Code (BAO) and §§ 190, 212 of the Austrian Federal Business Code (UGB).
In addition to the retention period of 7 years pursuant to § 132 para. 1 of the Austrian Federal Fiscal Code resulting from the wage tax and duty to pay, various specific retention periods up to the general retention obligation of employment data of 30 years pursuant to § 1478 of the Austrian Federal General Civil Code (ABGB) must be taken into account in and after the current employment relationship.
Irrespective of the requirements under public procurement law to retain data of the award procedure for at least three years or, in the case of the subsequent contractual relationship, for the term of the contract, the long limitation period under civil law of 30 years pursuant to Section 1489 of the Austrian Federal Civil Code (ABGB) must be observed for retention in accordance with the ECJ ruling of 26 November 2015, Rs C-166/14, MedEval.
Data related to processing by public authorities
In connection with federal processing activities, data must be retained for 10 years pursuant to section 25(3) of the Office Regulations, unless the specific content of the file or legal provisions require longer retention (Federal Archival Material Ordinance).
Data protection authority
You can submit any claims as a complaint to the data protection authority.
On the website of the data protection authority www.dsb.gv.at you will find further information, FAQs and all relevant legal bases for data protection in Austria.
Austrian Data Protection Authority (Österreichische Datenschutzbehörde)
Telephone: +43 1 52 152-0
Our data protection officer
Markus Stender / Georg Koller - SDH Attorneys at Law, 1010 Vienna, stender(at)sdh-law.eu, koller(at)sdh-law.eu