Privacy Statement

The protection of personal data has a high priority for the Federal Chancellery.

We ensure that personal data are processed in accordance with all applicable European and Austrian legal regulations and take our responsibility seriously. We inform you about the collection and processing of data and protect your personal data when recording and processing them.

We have taken technical and organisational measures to ensure that we and our external service providers both comply with the data protection regulations.

Changes to this privacy policy may be necessary when we make changes to our websites and implement new technologies. We therefore recommend that you read this privacy policy again from time to time.

You can find explanations about data protection relating to the processing of your personal data below.

General information on data protection in Austria

Data protection is a fundamental right anchored in the Charter of Fundamental Rights of the European Union. From 25 May 2018, Regulation (EU) 2016/679 Protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR) and the new Federal Act on the protection of natural persons with regard to the processing of personal data (Data Protection Act).

Your rights as a data subject

You fundamentally have the rights to information, correction, deletion, restriction, data portability, withdrawal and objection. If you believe that the processing of your data breaches data protection law or your claims under data protection law are being violated in another way, you can complain to the supervisory authority. In Austria, this is the Data Protection Authority.

For a definition of terms used in the Data Protection Act see below.

Processing activities within the scope of this website

Purpose and legal principles of the processing activities

This website provides information from GovCERT Austria and contact details in the form of e-mail addresses and links to support public administration institutions in preventing and dealing with security incidents in the field of information and communication technologies (ICT).

On the basis of the

the Federal Chancellery is obliged to provide information for the administration and public.

The administrative bodies are also instructed to carry out the tasks passed on to them by the Federal Ministries Act 1986 in an economic, sparing and efficient manner and therefore to provide the use of ICT solutions, which on the basis of the ICT Consolidation Act increasingly includes uniform systems and joint solutions based on predefined ICT standards.

Responsible authority and contacts

  • Responsible authority: Austrian Federal Chancellery, Ballhausplatz 2, 1010 Vienna

  • Processor: CERT.at GmbH with regard to the operational management of GovCERT Austria

  • Responsible department: you can contact us on the following contact details: Federal Chancellery, Division I/8 – Cybersecurity, GovCERT, NIS Office and Federal Backup Data Centre, Ballhausplatz 2, 1010 Vienna, telephone: +43 1 531 15-0, email: cybersicherheit@bka.gv.at
  • You can contact our Data Protection Officer on: Federal Chancellery, Data Protection Officer, Ballhausplatz 2, 1010 Vienna, email: datenschutz@bka.gv.at

Your data when browsing the website

Server logs

Each time you access the website, a protocol file (server log) will storage the following data for a limited period of time:

  • the IP address of the user together with data on the time of the query,
  • the aim of the query,
  • the quantity of data transferred,
  • a message on whether the query was successful,
  • the browser used,
  • the operating system used and
  • the website from which this website was accessed (if this website is accessed via a link).

The purpose of these data is exclusively to guarantee and review system security. There is no person-specific assessment or profile creation. The server logs are stored for six months.

Nevertheless, we reserve the right to assess your IP address in the event of attacks on the internet infrastructure of the Federal Chancellery.

Cookies

The website www.govcert.gv.at only stores the technically required cookies for session control and load distribution.

Matomo analysis tool

The website uses the open source tool Matomo for web analysis. With Matomo, no data are sent to servers that are outside of the control of the Federal Chancellery. Your IP address is anonymised immediately. No personal data are stored for statistical assessments. Link: Matomo Privacy Policy

User profiles

No person-specific user profiles are created.

Passing on of personal data to third parties

Data recorded when the counselling platform is accessed are only passed on to third parties to the extent that we are legally obliged to do this or obliged to do this by a court order, or this is necessary for prosecution or law enforcement in the event of attacks on the internet infrastructure. There is also no passing on to third parties for commercial or non-commercial purposes.

Protection of minors

Persons under the age of fourteen should not send personal data to us without the consent of their parent or guardian. We do not ask for any personal data from children and young people. We do not deliberately collect data of this type and also do not pass it on to third parties.

Your data when using the contact information for messages

If you send us data to the email addresses, the data you provide such as

  • email address
  • optional first name and surname and
  • optional telephone number

will be communicated by being sent to the official area of the relevant Federal Chancellery departments and the GovCERT team and are subject to the relevant legal regulations.

There is no automated decision-making (“profiling”).

Further processing depends on your query. Data that you send us via the contact form, via email or on paper will be handled responsibly by the responsible employees and only used for the intended purpose.

Your queries will be stored by the Federal Chancellery in paper or electronic form in line with the terms applicable to the storage of written correspondence. Your data will only be used to process your request.

Relevant extracts of your data (in particular your name, email, address and contact details) may be sent to other federal services to answer your query appropriately if this is necessary for organisational reasons.

Safety standards

Data protection and information security were already a high priority for us before the entry into force of GDPR and the Data Protection Act.

LFRZ as a contract processor has the following certifications related to IT security:

  • ISO/IEC 27001:2013 (Information technology — Security techniques — Information security management systems — Requirements)

Additional links