Data Protection

General Information

We are committed to protecting your personal data. We process your data exclusively on the basis of legal provisions (EU General Data Protection Regulation (GDPR), Austrian Data Protection Act, Austrian Telecommunications Act 2003). This document explains how we process your personal data in relation to our websites wirtschaftsagentur.at, viennabusinessagency.at, jobs.wirtschaftsagentur.at and cockpit.wirtschaftsagentur.at as well as the claims and rights to which you are entitled in accordance with the provisions of data protection law. The entity responsible for processing your personal data is the

Vienna Business Agency. A service offered by the City of Vienna.

Mariahilfer Strasse 20, 1070 Vienna
Email: info@wirtschaftsagentur.at
Tel.: +43 1 25200

If you have any complaints, questions or suggestions regarding data protection, we will be happy to assist you at any time. Contact the Data Protection Officer at:

Mr Harald Kudlich
Mariahilfer Strasse 20, 1070 Vienna
Email:
Tel.: +43 1 25200 853

We process the data that you provide to us as follows:

1. Data processing when you contact us

If you contact us (e.g. by email or telephone), your data will be processed to carry out pre-contractual measures or to process or handle your request for the purpose of contract fulfilment.

2. Data processing when you register for a user account
If you register for a user account on one of our websites, we process the data provided during your registration to carry out pre-contractual measures or to fulfil a contractual relationship for the provision of the user account. Your data will not be disclosed to third parties or will be disclosed only if you have given your express prior consent to such disclosure.

3. Data processing when we provide consulting services
If you receive consulting services from us, we process your data to manage the service and to formally handle the business cases we are responsible for as part of our services. Your data is processed to fulfil a contractual relationship or in accordance with legal requirements as part of or to implement a business relationship.

In each case, the relevant data is transmitted in accordance with legal requirements or to fulfil a contractual relationship. If necessary, data will be transmitted to the following categories of recipients:

Banks, legal representatives, certified public accountants, auditors, tax advisers, law courts, administrative authorities, collection agencies, third-party lenders, contractual and business partners, insurance providers and Statistics Austria.

We only process your data for as long as necessary to fulfil the contractual relationship or in accordance with legal obligations (e.g. seven years in accordance with tax and corporate law retention obligations).

4. Data processing when we process funding
If you apply for funding from us, we will process your data as part of the formal handling of the business cases for which we are responsible as part of our services (processing and administration of funding applications, billing of funding, etc.). Your data is processed to fulfil a contractual relationship or in accordance with legal requirements as part of or to implement a business relationship.

Banks, legal representatives, public accountants, auditors and tax consultants, courts, administrative authorities, debt collection agencies, third-party lenders, contract and business partners, insurance companies and Statistics Austria.

We only process your data for as long as is necessary to fulfil the contractual relationship, in accordance with legal obligations, or within the scope of our obligations as a company subject to auditing by the Austrian Court of Auditors (Rechnungshof), which is a maximum of 30 years pursuant to the statute of limitations in Section 1478 of the Austrian Civil Code.

5. Data processing when recruiting
We search and select personnel for ourselves and sometimes also for our subsidiaries and associated companies. Job advertisements always state the company being recruited for. You must create an application profile in order to register on our recruitment platform. After entering your email address, you will receive a link to create an application profile.

The data you enter and upload during registration and in the job portal will be processed for the purpose of conducting the application procedure and assessing your suitability, ability and qualifications with regard to the position in question. Your data is processed to carry out pre-contractual measures and on the basis of our legitimate interest in carrying out an efficient application process.

In each case, the relevant data is transmitted to the company to which you are applying in order to fulfil a contractual relationship. We use a data processor – eRecruiter GmbH, OK

Platz 1a, A-4020 Linz (Company no. 459812w) – to operate our electronic recruitment platform.

Your personal data will be stored for as long as the respective storage purpose applies. If you apply for a specific advertised position or send an unsolicited application, your data will be retained for a further six months after the recruiting process has concluded, after which it will be deleted. This retention period can be extended to three years if you have given your consent by clicking on the box provided. After three years, the data will be deleted. If you have an active application upon expiry of the retention period, the retention period will be extended until the ongoing application process is completed

6. Data processing for organising events
If you take part in our events, your data is processed to fulfil a contractual relationship or on a legal basis for the organisation and implementation of the relevant event.

We may take photographs and video recordings of you during the event for documentation purposes. Such images are processed on the basis of our legitimate interest in documenting the event and facilitating media coverage about the event (such as in newspapers, magazines, publications and on websites and social media platforms).

7. Data processing for direct marketing purposes
If we have received your contact information in connection with the use of our services, you may receive communications from us by post, email or SMS to promote other similar products and services that we offer. In this case, this processing of your data is based on our legitimate interest in initiating business in relation to our range of services. This legitimate interest arises from our interest in sending you messages to regularly inform you about news, current offers and events, as well as to advertise our own range of services. You can object to the processing of your data for the purpose of direct marketing at any time.

If you subscribe to our newsletter, you will receive regular information from us about our range of services and activities. The legal basis for processing is your consent. You can unsubscribe from our newsletter at any time.

8. Image processing for the purposes of preventative protection of persons or property
Image recordings are processed on the basis of a predominant legitimate interest as defined by Section 12 of the Austrian Data Protection Act (video surveillance at some of our properties) as a preventive measure and to ensure the traceability of criminal acts and enable the investigation of criminal offences.

9. Data processing in the context of concluding cooperation agreements and submitting reports according to Section 2 of the Austrian Act on the Transparency of Media Cooperation and Funding (MedKF-TG)

We process data from our cooperation partners for the purpose of concluding cooperation agreements in accordance with a collaboration through the provision of advertising services by the cooperation partners and the provision of a financial contribution by us in return for advertising services rendered. In the course of concluding the cooperation agreement with you, we process your data on a contractual basis (Art. 6(1)(b) GDPR), namely for the purposes of initiating, maintaining and processing the cooperation agreement.

We also process your data to comply with the provisions of Section 2(1) MedKF-TG regarding media cooperations and advertising orders, which include advertising placements on websites, in electronic newsletters and mobile apps, and advertising posters, in the form of banners, large posters or other advertising spaces specified in the cooperation agreement. Pursuant to Section 2(1) MedKF-TG, there is a reporting obligation in relation to all media, regardless of whether they are periodical media or not. Data processing is carried out to fulfil a legal obligation in accordance with Art. 6(1)(c) GDPR.

We process data that we receive through your use of our online presence as follows

1. Server logs
If you visit our website, our web server will collect usage data (known as server logs). This collection is necessary for the technical establishment of a connection to our server and the use of our website. The following server logs are collected: the IP address of the requesting computer, together with the date, time, request, which file was requested (name and URL), the volume of data transmitted to you, notification of whether the request was successful, identification data for the browser and operating system used, and the website from which our website was accessed (if our website was accessed via a link).

The legal basis for processing is based on our legitimate interest in ensuring system security, technically administering the website and optimising service quality. In the event of a cyberattack, this data will be passed on to law enforcement agencies. No further transmission to third parties will occur. The server logs are stored for a maximum of six months.

2. Cookies
We use cookies on our website to enable the use of certain functions. Cookies are small text files that our website stores on your computer in order to identify it again in future. These

files may contain information regarding use of the website. The information contained in the cookies is used to save the individual selections you have made in order to then restore them when you access the respective page again. We also use cookies to generate non-personalised statistics. Most web browsers automatically accept cookies. You can prevent this by changing your browser settings. You can remove cookies stored on your computer at any time by deleting temporary internet files. If the sole purpose of data processing is to execute or facilitate the transmission of a message via an electronic communication network or if the data processing is essential for us to provide services to you that you have expressly requested, this data will be processed on the basis of our legitimate interest.

In all other cases, the data is processed based on your consent.

You can access further information about the cookies (name, purpose, operator, storage period, etc.) at any time by accessing the Privacy function, which is dynamically displayed at the bottom left of the website page. If you want to change or revoke your consent to the use of cookies, you can do this here at any time.

We occasionally use services from Google, Meta, Adform and LinkedIn for our website. This use only takes place with your individual consent to each service. If you consent to such use by clicking on the corresponding field in the cookie banner on our website, transmission to third countries (including outside the EU, in particular the USA) is possible.

3. Video embedding using “Streamdiver”
We use the external service Streamdiver for video streaming and management on our website, operated in Austrian data centres. The content delivery network also used by Streamdiver is also operated exclusively in data centres in Europe and therefore within the scope of the GDPR.

Streamdiver processes personal data only to the extent that this is technically absolutely necessary. It is technically necessary to process your IP address in connection with the delivery of data to your browser.

For technical reasons, certain other data and information must also be collected and stored when using the Streamdiver platform, e.g. the pages used, time and duration of the visit, and data provided by the browser used (e.g. on the operating system and the system settings used).

Streamdiver uses this data and information anonymously to make its offer as user-friendly as possible and to optimise it technically.

This data is not used to personally identify visitors to this website. You can find more information here: The self-organizing video platform – Streamdiver

4. Embedding of print data, text and photos using pagestrip

We use the external service pagestrip to embed reports and white papers on our website. pagestrip is operated by alice interactive GmbH, an Austrian company, and the data is hosted directly by pagestrip. The infrastructure is operated by Amazon Web Services via Amazon Data Services Austria GmbH, based in Austria. For embedding, pagestrip also uses US services such as Cloudflare and Fastly. See here for more information: pagestrip.com; Cloudflare; Fastly.

Further information

You have the right of access to your stored data in accordance with Art. 15 GDPR, the right to rectification of inaccurate data in accordance with Art. 16 GDPR, the right to erasure of data in accordance with Art. 17 GDPR, the right to restriction of processing in accordance with Art. 18 GDPR, the right to data portability in accordance with Art. 20 GDPR as well as the right to object to unreasonable data processing in accordance with Art. 21 GDPR.

If processing is performed on the basis of a declaration of consent, you have the option of revoking this consent at any time. If you do so, the legality of the processing performed on the basis of your consent prior to its revocation shall remain unaffected.

You have the right to lodge a complaint with a supervisory authority. The responsible authority in Austria is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde). The address is:

Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Telephone: +43 1 52 152-0
Email:

We require the data that we request from you in order to provide our services as part of the contractual relationship, to provide information that you have asked us for, or when sending out our newsletters and other information. If you do not provide the requested data, we cannot provide our services.

We do not carry out automated decision-making, including profiling. If we process your personal data for a purpose other than that for which we collected the data, we will disclose this fact to you and inform you of that other purpose.

Further information on joint data processing in accordance with Art. 26 GDPR can be found in the declaration “Data processing for the purpose of business location marketing, setting up business operations and network development” (PDF).