Data protection information
Personal data are personal details or other information about identified or identifiable individuals, including data about their Internet surfing and communication activities. Anonymous data, i.e. information which cannot be linked to the identity of an individual (not even via a specific identification number such as an IP address), are not considered personal data (e.g. top-hit results or the number of visitors to a website). The Austrian Productivity Board processes personal data in line with the provisions laid down in the General Data Protection Regulation (GDPR) (EU) and the Austrian Data Protection Act (DSG).
The Austrian Productivity Board takes all necessary technical and organizational security measures to protect your personal data against loss and misuse. Your data will be processed in the secure, state-of-the-art environment operated by the OeNB’s IT services, as contracted between the Austrian Productivity Board and the OeNB's IT business area, pursuant to Article 3 para 11 Fiscal Advisory Council and Productivity Board Act of 2021 (Fiskalrat- und Produktivitätsratgesetz – FPRG). The OeNB's IT infrastructure is certified under the international ISO 9001 and 27001 standards.
Access to the Austrian Productivity Board’s websites is secured via HTTPS. This means that communication between your browser and the OeNB’s servers is encrypted. Regarding any e-mail communication you may have with the Austrian Productivity Board or its employees, please note that the confidentiality of such communication cannot be guaranteed, given the way electronic mail protocols work. For example, the content of unencrypted e-mails can be viewed by third parties.
Transfer of personal data to third countries
As contracted with the Austrian Productivity Board, the OeNB uses website support services offered by providers that are established, or whose parent companies are established, in third countries outside the EEA (in particular Google LLC, headquartered in the USA) to optimize its websites. Where such services are used, it cannot be ruled out that personal data are transferred to a third country within the meaning of the GDPR.
The data controller responsible for users of Google services in Europe is Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland). It cannot be excluded, however, that Google Ireland Limited transfers your personal data to servers run by its head office in the USA, i.e. Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043), or may have to disclose your personal data to US authorities or US intelligence services under the US CLOUD Act. The Court of Justice of the European Union (CJEU) classifies the USA as a third country that does not ensure a level of data protection corresponding to European standards. In particular, there is the risk that, under US law, service providers must disclose personal data to US authorities or US intelligence services for surveillance purposes without data subjects being adequately legally protected. Pursuant to Article 49 para 1 lit a GDPR, you therefore need to consent to transfers of your personal data to service providers in third countries in order for the respective website support services to be put to use. You can give, make changes to or withdraw your consent in the cookie consent banner.
Right to object
According to Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data carried out by the Austrian Productivity Board on the basis of its legal mandate, as laid down in the Fiscal Advisory Council and Productivity Board Act of 2021 (Article 6 para 1 lit e GDPR), or for the purposes of its legitimate interests (Article 6 para 1 lit f GDPR). For further details, please refer to the section “Your rights as a data subject.”
Right to withdraw your consent at any time
You have the right to withdraw your consent to any consent-based processing of your personal data at any time. Withdrawing your consent will be without prejudice to the lawful use of personal data collected up to the point of consent withdrawal (Article 7 para 3 GDPR).
Protection of your personal data when visiting the Austrian Productivity Board’s websites
When you visit any of the Austrian Productivity Board’s websites, the respective server processes certain personal communication data.
Web server logging
When Austrian Productivity Board websites are accessed, the web server records the following data in a combined log format for the purpose of ensuring appropriate information and system security as well as stopping denial of service attacks and saves these data for a period of three years: IP address, username (if required), date and time of your visit as well as technical information about the web object you retrieved and the browser and operating system you used (combined log format). Additional personal information, such as your name, address, telephone number or e-mail address, is not recorded unless you have opted to provide this information in the space provided (e.g. when registering for a newsletter or requesting information via a contact form). In case improper use is made of the OeNB’s websites or in other legitimate exceptional cases, we will forward the data to the authorities in charge for the purpose of the enforcement, exercise or defense of legal claims.
If you register for the Austrian Productivity Board’s newsletters, we will use the personal data you provided, in particular your e-mail address, for sending you the desired information and on the basis of previous consent (Article 6 para 1 lit a GDPR). You can unsubscribe from the newsletter at any time by using the link provided in each e-mail. After unsubscribing from the newsletter, we will delete your data immediately. Your data will be transferred exclusively to the OeNB, as contracted with the Austrian Productivity Board (Article 3 para 11 Fiscal Advisory Council and Productivity Board Act of 2021), and to EWORX CENTER, Hanriederstraße 25, 4150 Rohrbach-Berg, Austria, which, in their capacity as subproviders, use the data for the purpose of providing this e-mail service. Your data will not be transferred to third parties for them to use for their own purposes. You can only register for the newsletter if you provide the required personal data.
Use of Google Analytics
The information generated by using Google Analytics (including your IP address) is transferred to Google servers. To protect your privacy, Google Analytics has been configured in such a way that your IP address will be anonymized immediately upon transfer to Google servers within the area of EU or EEA countries and that it will be stored by Google exclusively in its anonymized form (anonymizeIp=true). Only in exceptional cases is the full IP address sent to Google servers in the USA and shortened there. On behalf of the OeNB, Google will use the information gathered to analyze the usage of the websites and to compile reports on website activities.
You can enable Google Analytics by agreeing to the setting of statistical cookies in the cookie consent banner on our website (Article 6 para 1 lit a and Article 49 para 1 lit a GDPR), where you can also change or withdraw your consent at any time. In addition, the OeNB concluded a data processing agreement with Google Ireland Limited pursuant to Article 28 GDPR.
Use of Google reCAPTCHA
The Austrian Productivity Board uses Google reCAPTCHA (see www.google.com/recaptcha) on its websites. The purpose of this tool is to ensure that the data, or queries, submitted to the OeNB are coming from a human and not a bot. For this, reCAPTCHA will evaluate the following personal data, which will be forwarded to the service provider: IP address of the device you used, the website you visited before ours (referrer URL), date and duration of your visit, identification data of the browser and operating system you used, Google account if you are signed in to Google at the same time, mouse movements around the reCAPTCHA checkboxes, cookies, display instructions and scripts as well as tests requiring you to correctly evaluate images displayed on your screen. These data are processed in accordance with Article 6 para 1 lit f GDPR and on the basis of our legitimate interests in maintaining the security of our web server and protecting the forms on our website against abuse and fraudulent input made by automated software. The OeNB has concluded a data processing agreement with Google Ireland Limited pursuant to Article 28 GDPR.
Protection of your personal data when using cookies
Protection of your personal data in e-mail correspondence with the Austrian Productivity Board
The Austrian Productivity Board facilitates electronic communication via e-mail, in the course of which personal contact and communication data are being processed for the purpose of enabling electronic communication between the Austrian Productivity Board and users and to maintain electronic contact management systems. The legal basis for the processing of data is Article 6 para 1 lit e GDPR in conjunction with the Fiscal Advisory Council and Productivity Board Act of 2021 whenever the Austrian Productivity Board acts in its statutory capacity. In all other instances, the legal basis is Article 6 para 1 lit f GDPR. In the latter case, the legitimate interest is to enable electronic correspondence also for private-law matters. The Austrian Productivity Board stores e-mails for up to ten years unless longer-term storage is required by the underlying purpose of the e-mail correspondence. To use the respective electronic communication channel, you have to provide the required personal data. Otherwise you cannot use it and have to switch to other means of communication (e.g. postal delivery). The personal data you provide will be processed exclusively for the purpose of dealing with your request.
E-mails are checked for spam and harmful content. By default, e-mails are automatically scanned for spam or malware; only in suspicious cases or in case of doubt are individual e-mails scrutinized in more detail by specialists (in consultation with the recipient if necessary). In case of misuse or criminal content, all relevant e-mails are forwarded to the authorities in charge.
For the purpose of ensuring an appropriate degree of information and system security as well as detecting and handling malware, the e-mail server generates log data on e-mail correspondence and stores them for three years. When you send an e-mail to an Austrian Productivity Board or OeNB address, the following data are recorded: recipient’s e-mail address, IP address and hostname; number of recipients; sender’s e-mail address, IP address and hostname; subject, date and time when e-mail was received by server; file name of any attachments; size of message; risk classification for spam and delivery status. These data will not be transferred to third parties. In case improper use is made of the Austrian Productivity Board’s e-mail system, log data will be forwarded to the authorities in charge.
Use of photographs and videos by the Austrian Productivity Board
The Austrian Productivity Board processes photographs and videos of individuals to document its events and activities. With due regard to the rights of individuals shown in photographs and/or videos, the Austrian Productivity Board makes selected photographs and/or videos available to newspapers and TV programs and/or uses them on its websites and in Austrian Productivity Board information material. The Austrian Productivity Board processes this visual material for the purposes of its legitimate interests according to Article 6 para 1 lit f GDPR. The Austrian Productivity Board stores photographs and videos for archiving purposes in the public interest and deletes them if documentation is no longer required (Article 7 Data Protection Act).
Your rights as a data subject
You have the right to obtain confirmation as to whether or not your personal data, and which of your personal data, are being processed by of Austrian Productivity Board (Article 15 GDPR). You have the right to obtain the rectification of inaccurate personal data or to have incomplete personal data completed (Article 16 GDPR) as long as the rectification and/or completion of the data are necessary for the purpose of the processing operation. You have the right to obtain the erasure of your personal data if the Austrian Productivity Board has processed them unlawfully (Article 17 GDPR). Under certain conditions, you have the right to obtain restriction of the processing of your data (Article 18 GDPR). According to Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data carried out by the Austrian Productivity Board in its statutory capacity, as laid down in the Fiscal Advisory Council and Productivity Board Act of 2021 (Article 6 para 1 lit e GDPR), or for the purposes of its legitimate interests (Article 6 para 1 lit f GDPR). You have the right to withdraw your consent to any consent-based processing of your personal data at any time. Withdrawing your consent will be without prejudice to the lawful use of personal data collected up to the point of consent withdrawal (Article 7 para 3 GDPR). Should you consider your right to data protection infringed by any processing of your personal data by the Austrian Productivity Board, you may lodge a complaint with the Austrian Data Protection Authority (DSB).
To assert your rights as a data subject, write to the Office of the Austrian Productivity Board, c/o Oesterreichische Nationalbank, Otto-Wagner-Platz 3, 1090 Vienna, Austria, or by e-mail to email@example.com. In it, state in what way your personal data are subject to data processing, as outlined above, and clearly specify the details of your request. Moreover, please provide proof of your identity by enclosing a black-and-white copy of an official photo identification (e.g. your passport, driver’s license, identity card) or using a qualified electronic signature within the meaning of Article 3 no. 12 eIDAS Regulation. This is to prevent improper requests by unauthorized third parties that might endanger the protection of your personal data. For the reasons outlined above, such requests must be made in writing.