Austria Wirtschaftsservice Gesellschaft mbH ("aws", "we", "us") is committed to the adequate protection of your personal data. We therefore observe the applicable legal provisions for the protection, lawful handling and confidentiality of personal data, as well as data security, in particular the Austrian Data Protection Act ("DSG"), the EU Data Protection Regulation ("GDPR") and the Telecommunications Act ("TKG").
1. Who is the data processing Controller and who can you contact?
1.1. The Controller within the meaning of Article 4 Sec. 7 GDPR for data processing is:
Austria Wirtschaftsservice Gesellschaft mbH
Telephone: +43 1 501 75
If you have concerns regarding the processing of your personal data or if you wish to assert your rights:
The Data Protection Coordinator of Austria Wirtschaftsservice GmbH is:
Dr Bettina Schober
If tasks are assigned to aws by the federal government by way of a servicing agreement, the aws and the federal government are jointly responsible for the processing within the meaning of Art. 26 GDPR, provided that the federal government is represented by owners’ representatives, the Federal Ministry of Digital and Economic Affairs, and/or the Federal Ministry of Transport, Infrastructure and Technology.
Furthermore, shared responsibility can exist within the meaning of Art. 26 GDPR if servicing agreements are concluded with third parties and joint/legal responsibilities and relationships give rise to shared responsibility within the meaning of Art. 26 GDPR. Such joint responsibility is, amongst other things, provided within the framework of the servicing of ERP-Fonds loan programmes with the Austrian National Bank.
1.2. Pursuant to Art. 5 Sec. 1 of the Austria Wirschaftservice Act, the task of aws is the awarding and servicing of company-related business development subsidies, as well as the provision of other public-interest financing and advisory services to support the economy.
The tasks (“measures”) of the company include in particular:
- the awarding and servicing of funding and other financing under the Guarantee Act 1977 and the SME Funding Act;
- the promotion of innovation and the provision of innovation advice for the benefit of the Austrian economy, the promotion and participation in the acquisition, exploitation and enforcement of intellectual property rights and the continuation of other tasks of the Innovation Agency;
- taking care of the tasks and business of the ERP-Fonds;
- the awarding and servicing of subsidies and other financing as well as the assumption of business transactions, which are transferred to the company by law or a winding-up agreement;
- the provision of advisory services, in particular to the Federal Government;
- direct investment, primarily in small and medium-sized enterprises;
- the conclusion of loan agreements and the granting of loans;
- the servicing of the Business Promotion Programme for the employment bonus (Art. 10b et seq. Austria Wirtschaftsservice Act).
2. What data are processed and from what sources do these data come?
We process the personal data that you provide us with in the course of servicing one of the above-mentioned measures, e.g. if you have applied for/requested funding or other measures. In addition, we process data that we - depending on the legal basis of the measure - have received from third parties, e.g. Federal Ministry of Finance, Federation of Austrian Social Security Institutions, regional health insurance funds, credit bureaus (CRIF GmbH), debtor directories (KSV 1870 Holding AG), from publicly available sources (e.g. Commercial Register) and from databases (e.g. patent databases).
Personal data include your personal details (name, address, contact details, date of birth, place of birth, nationality, etc.), information about your financial status (e.g. credit rating data, scoring or rating data, etc.), documentation data (e.g. advisory reports), information from your electronic traffic with aws (e.g. apps, cookies, etc.) as well as data for meeting legal and regulatory requirements.
3. For what purposes and on what legal Basis are the data processed?
3.1. For the fulfilment of contractual obligations (Article 6(1) (b) GDPR):
The processing of personal data takes place for the purpose of servicing the subsidy financing, advisory or other contract based on one of the above measures (point 1.2).
The purposes of the data processing are primarily aimed at the specific request or use of the measure (grant, credit, guarantee, coaching product).
The details for the purpose of the respective data processing can be found in the legal basis applicable to the respective measure (e.g. laws, Ministry of Finance regulation on the General Framework Guidelines for the Granting of Federal Subsidy funding (ARR), Special Guidelines, Guidelines, Programme Documents, General Terms and Conditions, Contracts).
Furthermore, we process data from applicants in the context of application processes for the purpose of filling open positions. If a contract of employment is concluded, the data transmitted for the purpose of servicing the employment relationship will be stored in compliance with statutory provisions. If no employment contract is concluded, the application documents will be deleted, provided that deletion does not conflict with any other legitimate interests of aws. Other legitimate interests in this sense include, for example, an obligation to provide evidence in proceedings under the Equal Treatment Act.
3.2. For the fulfilment of legal obligations (Article 6 (1) (c) GDPR):
Processing of personal data may be required for the purpose of fulfilling various legal and other legal requirements to which aws is subject as a institution providing subsidy funding. This includes, for example:
- Avoidance of unwanted multiple subsidies and misuse of funding in accordance with the requirements of the ARR;
- Reports to the Money Laundering Reporting Office in certain suspicious cases (Art. 16 FM-AMLA);
3.3. For the protection of legitimate interests (Art. 6 (1) (f) GDPR):
As far as necessary, in the interests of the aws or of a third party, data processing may take place beyond the actual performance of the contract in order to safeguard legitimate interests of the aws or third parties. e.g.:
- Consultation of and data exchange with credit bureaus (e.g. Austrian Credit Protection Association 1870, CRIF GmbH) for the determination of credit and default risks;
3.4. Within the scope of your consent (Art. 6 (1) (a) GDPR):
If you have given us consent to process your personal data, processing will only take place in accordance with the purposes set out in the declaration of consent and to the extent agreed therein. Given consent may be withdrawn at any time with effect for the future (e.g. you can object to the processing of your personal data for marketing and advertising purposes, if you no longer consent to processing in the future):
- Providing information through our newsletter
- Sending of aws product Information
- Advertising and public Relations
4. Who receives the data?
If there is a legal or regulatory obligation, public bodies and institutions (e.g. organs and representatives of the Court of Auditors, the Federal Ministry of Finance, BRZ GmbH for the purpose of processing in the Transparency Database, the European Commission in accordance with EU legal provisions, etc.) may be the recipient of your personal data.
To the extent necessary for the above purposes, we will submit your data to the following recipients:
- Credit institutions (measures pursuant to point 1.2)
- Cooperation partners (e.g. chambers of commerce)
- other funding agencies (according to the respective legal principles)
In addition, processors commissioned by us (especially IT service providers) will receive your data, if they need the data to perform their respective services. All processors are contractually obliged to treat your data confidentially and to process them only as part of the provision of services.
5. How Long are the data stored for?
We process your personal data, as far as is necessary for the duration of the entire business relationship (from the initiation and servicing to the termination of a funding contract) and beyond, according to the statutory storage and documentation obligations, which arise in particular from the enterprise code (UGB), the federal tax code (BAO), the general framework guidelines for subsidies from Federal funds (“ARR”) as well as the respective European Union legal regulations, as amended. If we no longer need your personal data, we will delete them from our systems and records or render them anonymous so that they can no longer be identified.
6. What data do we collect from visitors and users of our website?
In the course of your use of the website, we collect, gather and store the following data:
- IP address
- Referrer URL (the previously and subsequently visited website)
- Number, duration and time of the views (your interaction with the website)
- Search engines and keywords that you have used to find us
- Browser type, device type, screen resolution, internet service provider and operating System
We collect these so-called log files (access data) automatically using cookies.
Detailed preliminary information is provided about the use of individual cookies (type, duration and any third-party access) and your consent is obtained via the cookie banner on our website before the data are used (“opt-in”). You can amend or revoke your consent via this cookie banner at any time. Consent to the storage of cookies does not have to be granted if such cookies are absolutely necessary for the provision of contents or services.
You can find further information on the Matomo website.
8. aws newsletter
Based on your consent to receive our newsletter, we will use your voluntarily provided personal data (form of address, title, first name, surname, email address) to send our newsletter by email. This consent may be revoked at any time with effect for the future (e.g. via the unsubscribe link in each newsletter or by email to the data protection coordinator). After revocation, no further data shall be collected and the email address will be deleted from the distribution list.
We use the newsletter software provided by eyepin GmbH, Billrothstrasse 52, 1190 Vienna, Austria.
The newsletters of eyepin GmbH contain so-called tracking pixels. A tracking pixel is a miniature graph embedded in such emails, which are sent in HTML format to facilitate logfile recording and logfile analysis. This allows a statistical analysis to be conducted of the success or failure of online marketing campaigns. eyepin GmbH can identify whether and when an email has been opened by a data subject based on the embedded tracking pixel. Moreover, newsletter tracking is used to survey which links in the email have been accessed by the data subject.
Such personal data collected via the tracking pixels in the newsletters and via newsletter tracking are stored and analysed by aws to optimise newsletter dispatch and better adapt the content of future newsletters to the interests of the data subject. These personal data are not passed onto third parties. Data subjects are entitled to revoke any related, separate declaration of consent submitted through the double opt-in procedure at any time by unsubscribing from receipt of the newsletter. You can find further information on the Eyepin website.
9. How do we protect your data?
We comply with the provisions of Article 32 GDPR by taking appropriate technical and organisational security measures and doing our utmost to ensure the confidentiality and security of your personal data.
10. What data protection rights are available to data subjects?
Information, rectification, deletion
Data subjects have the right: (i) to require aws to confirm the processing of personal data concerning them and, if so, to obtain information (ii) to request rectification of any inaccurate personal data concerning them and (iii) to request, under certain conditions, the erasure of personal data concerning them.
Furthermore, the data subjects have the right to object to the processing of their personal data. In the event of such a disagreement, aws will no longer process the data unless (i) it can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject or (ii) the processing is for the assertion, exercise or defence of legal claims.
Restriction of processing
Data subjects are also entitled to require that aws restricts processing if (i) it dispute the accuracy its data, for a period of time that enables aws to verify the accuracy; (ii) the processing is illegitimate and it rejects erasure, requiring restriction instead, (iii) aws no longer needs its personal data for the purposes of processing, but requires the data for the assertion, exercise or defence of legal claims, or (iv) it has objected to the processing and the decision on the underlying aspects is pending.
Furthermore, under certain conditions, data subjects may require that they receive the personal data that they have provided to aws, and may instruct aws to directly transfer such data to a third Party.
Asserting your rights
To exercise these rights, please contact aws or their Data Protection Coordinator in writing (contact details can be found in point 1 above). The Data Protection Coordinator is also available to you at any time for any other enquiries regarding the use and security of your data. If you believe that aws is using your data in an unauthorised manner, you can also file a complaint with the Austrian Data Protection Authority.
11. Final provision