Information on data protection
Any individual whose personal data is processed is known as a “data subject”. We would now like to provide you with an overview of how your personal data is processed and your rights in this regard.
We process your personal data exclusively in accordance with the provisions of the European General Data Protection Regulation (GDPR), the Data Protection Act (DSG) and the Telecommunications Act 2021 (TKG 2021). We process no more data than is absolutely necessary. Whenever possible, your data will be anonymised.
1. Who is responsible and who can I contact?
We - VNG Austria GmbH - process your personal data and are therefore the “data controller”. If you have any questions regarding the information provided here or how your data is used, please contact us at the following address:
VNG Austria GmbH
Telephone: +43 3112 21075
2. What kinds of personal data do we process?
We process your data for the following purposes:
- Use of the website
We process your personal data in connection with the use of this website.
2.1.1 Scope of data processing
When you access our website, we automatically collect and store information in server log files. Your browser automatically sends these log files to us. The server log files contain the following information:
- browser type
- browser version
- operating system used
- referrer URL
- host name of the computer accessing the website
- date and time of the server request
- IP address of the computer making the request
- name of the file which was accessed
- amount of data transferred
2.1.2 Purpose of data processing
We process this data for the purposes of logging system usage, the authorisation process and evaluating the server log files for problem analysis. If you do not make your data available, accessing the website may not be possible under certain circumstances.
2.1.3 Legal basis for data processing
Processing the aforementioned data is in our legitimate interest as the operator of the website in accordance with Art. 6(1)(f) GDPR. Individual datasets are not normally merged. However, we reserve the right to review the data if we become aware of any indication of the unlawful use of the website.
You can provide a justified objection to the processing of your personal data at any time in accordance with Art. 21 GDPR. All objections must be sent to firstname.lastname@example.org.
2.1.4 Recipients of the data
We use the following service provider to operate and host our website and to ensure the security of our IT systems:
- EXXETA AG
- VNG Handel & Vertrieb GmbH
Under certain circumstances, this service provider may be granted access to your personal data in the course of its work. This service provider may also engage subcontractors. The service providers are contractually obliged to protect your personal data at all times, to take suitable technical and organisational measures with regard to data security and not to process your data for their own purposes or to pass it on to third parties.
We also reserve the right, if there is reasonable suspicion, to forward the data collected for this purpose to the responsible authorities and court. The above will always occur on the basis of our legitimate interest in proper legal prosecution in accordance with Art. 6(1)(f) GDPR.
Your personal data will not be transferred to third countries.
2.1.5 Retention period
The data collected on this website is rotated daily and automatically stored for a period of 30 days after a one-day retention period in order to significantly minimise the risk of cyberattacks. If we have reasonable grounds to suspect abusive behaviour and we forward the data to the responsible public authorities, this data will be stored on a separate data carrier and deleted after the legal proceedings have ended.
2.1.6 Automated decision-making
We do not use your information for automated decision-making or profiling.
2.1.7 Further processing
The data processed for this purpose will - in the event of a justified suspicion - be further processed for IT security purposes. For further information, please contact email@example.com.
2.2. Contract processing and contract initiation
The processing of personal data is necessary for the initiation and fulfilment of the contractual relationship.
We also process the data of interested parties who contact us.
2.2.1 Scope of data processing
We process your personal data exclusively to the extent necessary to fulfil our legal and contractual obligations as part of the initiation and processing of the contractual relationship and for customer support. In particular, this includes the personal data that we specifically collect from you or that is generated by us in the course of the contractual relationship, including name, e-mail address, telephone number, company affiliation and role within the company, as well as other data comparable to the aforementioned categories. If we obtain data from other sources, this is stated accordingly below.
If you do not want us to process your data in connection with this processing activity, it will unfortunately not be possible for us to fulfil the contractual relationship properly. We will also be unable to process your enquiry or contact you.
2.2.2 Purpose of data processing
Personal data is used exclusively for the purpose of fulfilling our (pre-)contractual and legal obligations. This includes the provision of our contractually agreed services, providing support to our customers and handling their concerns, etc.
2.2.3 Legal basis for data processing
Personal data is processed for this purpose in order to fulfil our (pre-)contractual obligations in accordance with Art 6(1)(b) GDPR. If we are legally obliged to process the data, the processing takes place on the basis of Art. 6(1)(c) GDPR. Criminally relevant data in accordance with Art 10 GDPR is processed in the context of the assertion, exercise and/or defence against legal claims in accordance with Art. 6(1)(b) GDPR in conjunction with Art. 9(2)(f) GDPR.
2.2.4. Recipients of the data
We also transmit your data which is processed for the purpose of contract fulfilment and our services to the following recipients:
a) We transmit your data to the following recipients as part of our fulfilment of contractual obligations in accordance with Art. 6(1)(b) GDPR:
- insurance providers when taking out insurance for an insured event concerning the delivery/service or upon the occurrence of the insured event
- contractual or business partners that are involved or should be involved in the delivery or service
b) We also use the service providers below to ensure that contracts are processed efficiently. These service providers are contractually obliged to take all necessary data security measures.
- VNG Handel & Vertrieb GmbH
c) We are also subject to certain statutory obligations which require us to forward personal data. We transfer your data to the following recipients in accordance with Article 6(1)(c) GDPR:
- competent administrative authorities, in particular tax authorities
- courts (including [federal] administrative courts) due to legal obligations
- “Statistics Austria” federal agency for the compilation of legally required (official) statistics
- liability insurance providers in relation to the occurrence of an insured event under legal obligations
- tax consultants and auditors
- Energie-Control Austria for the Regulation of the Electricity and Natural Gas Industries, Rudolfsplatz 13A, 1010 Vienna, Austria
We reserve the right to forward the data collected for this purpose to the competent authorities and courts as well as our legal representatives and insurer and all other recipients specifically mandated in individual cases in the event that we have a justified suspicion of abuse The above will always occur on the basis of our legitimate interest in proper legal prosecution in accordance with Art. 6(1)(f) GDPR.
Your data is not transferred to third countries for processing.
2.2.5 Retention period
Normally we only store your personal data for as long as needed to fulfil the contract, i.e. usually until the end of the business relationship. We are obliged to retain data relevant to tax law in accordance with § 132 BAO (Austrian Federal Tax Code) and business correspondence in accordance with § 212 UGB (Austrian Company Code) for a period of at least seven years. The data will be retained for the duration that specific claims are asserted against us. If we have reasonable grounds to suspect abusive behaviour and we forward the data to the responsible public authorities, this data will be stored on a separate data carrier and deleted after the legal proceedings have ended. If you have any questions about the specific retention period for your personal data, please contact us at the address provided or by email at firstname.lastname@example.org.
2.2.6 Further processing of the data
The data processed for this purpose will not be processed for any other purpose.
2.2.7 Automated decision-making
We do not use your information for automated decision-making or profiling.
3. Rights of data subjects
You have the following rights as a data subject:
Right to information
You have the right to request information about which of your personal data is being processed by us as the data controller. This request can be made at any time and is not subject to any formal requirements. You have the right to request additional information such as the purposes for which your data is being processed and the recipients of your data, information about the origin of the data and information about automated decision-making, including the algorithms involved. You also have the right to request information as to whether your personal data is transferred to a third country or to an international organisation. This includes a right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR.
Right to rectification and right to restriction of processing
You have the right to ask us to correct or complete incorrect or incomplete data. You also have the right to request that the processing of your data be restricted so that it may only be processed with your consent or for the establishment, exercise or defence of or against legal claims or for the protection of the rights of another natural or legal person or for reasons which are in the public interest. This right applies if the accuracy of the data is disputed, for example.
Right to data portability
You may request that a copy of the data provided to us be sent to you - or, if technically feasible, to an identifiable third party - in a structured, commonly used and machine-readable format.
Right to deletion
You can request that your data be deleted under certain circumstances, for example if it is not being processed in accordance with data protection regulations.
Right of objection
You have the right to object to the processing of your personal data at any time, provided you provide justification for doing so. If you exercise this right, we will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, or if the processing of your data serves the establishment, exercise or defence of or against legal claims.
Right to withdraw your declaration of consent
If we have obtained your consent to the processing of your data in advance in accordance with Art. 6(1)(a) GDPR, you have the right to revoke your declaration of consent under data protection law at any time and without giving reasons by sending an e-mail to email@example.com. If you withdraw your consent, this will not affect the lawfulness of any processing based on your consent before it was withdrawn. We will delete your data immediately unless we are legally required to retain it.
If you believe that the processing of your data violates your right to confidentiality or that your data protection rights have been violated in any other way, you can lodge a complaint with the competent supervisory authority. In Austria, the competent authority is the
Austrian Data Protection Authority Barichgasse 40-42, 1030 Vienna.
This does not affect your right to bring an action before the regional court in accordance with § 29(2) DSG (Data Protection Act) and your right to pursue other legal remedies, such as asserting claims for damages in the event of unlawful processing.
4. Information in the event of a change of purpose
If there is a change in the reason for which we process your personal data, we will inform you thereof immediately.