The protection of personal data has a high priority for the Federal Chancellery.
We ensure that personal data are processed in accordance with all applicable European and Austrian legal regulations and take our responsibility seriously. We inform you about the collection and processing of data and protect your personal data when recording and processing them.
We have taken technical and organisational measures to ensure that we and our external service providers both comply with the data protection regulations.
You can find explanations about data protection relating to the processing of your personal data below.
General information on data protection in Austria
Data protection is a fundamental right anchored in the Charter of Fundamental Rights of the European Union. From 25 May 2018, Regulation (EU) 2016/679 Protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR) and the new Federal Act on the protection of natural persons with regard to the processing of personal data (Data Protection Act).
Your rights as a data subject
You fundamentally have the rights to information, correction, deletion, restriction, data portability, withdrawal and objection. If you believe that the processing of your data breaches data protection law or your claims under data protection law are being violated in another way, you can complain to the supervisory authority. In Austria, this is the Data Protection Authority.
For a definition of terms used in the Data Protection Act see below.
Processing activities within the scope of this website
Purpose and legal principles of the processing activities
This website provides information from GovCERT Austria and contact details in the form of e-mail addresses and links to support public administration institutions in preventing and dealing with security incidents in the field of information and communication technologies (ICT).
On the basis of the
the Federal Chancellery is obliged to provide information for the administration and public.
The administrative bodies are also instructed to carry out the tasks passed on to them by the Federal Ministries Act 1986 in an economic, sparing and efficient manner and therefore to provide the use of ICT solutions, which on the basis of the ICT Consolidation Act increasingly includes uniform systems and joint solutions based on predefined ICT standards.
Responsible authority and contacts
- Responsible authority: Austrian Federal Chancellery, Ballhausplatz 2, 1010 Vienna
Processor: CERT.at GmbH with regard to the operational management of GovCERT Austria
- Responsible department: you can contact us on the following contact details: Federal Chancellery, Division I/8 – Cybersecurity, GovCERT, NIS Office and Federal Backup Data Centre, Ballhausplatz 2, 1010 Vienna, telephone: +43 1 531 15-0, email: firstname.lastname@example.org
- You can contact our Data Protection Officer on: Federal Chancellery, Data Protection Officer, Ballhausplatz 2, 1010 Vienna, email: email@example.com
Your data when browsing the website
Each time you access the website, a protocol file (server log) will storage the following data for a limited period of time:
- the IP address of the user together with data on the time of the query,
- the aim of the query,
- the quantity of data transferred,
- a message on whether the query was successful,
- the browser used,
- the operating system used and
- the website from which this website was accessed (if this website is accessed via a link).
The purpose of these data is exclusively to guarantee and review system security. There is no person-specific assessment or profile creation. The server logs are stored for six months.
Nevertheless, we reserve the right to assess your IP address in the event of attacks on the internet infrastructure of the Federal Chancellery.
The website www.govcert.gv.at only stores the technically required cookies for session control and load distribution.
Matomo analysis tool
No person-specific user profiles are created.
Passing on of personal data to third parties
Data recorded when the counselling platform is accessed are only passed on to third parties to the extent that we are legally obliged to do this or obliged to do this by a court order, or this is necessary for prosecution or law enforcement in the event of attacks on the internet infrastructure. There is also no passing on to third parties for commercial or non-commercial purposes.
Protection of minors
Persons under the age of fourteen should not send personal data to us without the consent of their parent or guardian. We do not ask for any personal data from children and young people. We do not deliberately collect data of this type and also do not pass it on to third parties.
Your data when using the contact information for messages
If you send us data to the email addresses, the data you provide such as
- email address
- optional first name and surname and
- optional telephone number
will be communicated by being sent to the official area of the relevant Federal Chancellery departments and the GovCERT team and are subject to the relevant legal regulations.
There is no automated decision-making (“profiling”).
Further processing depends on your query. Data that you send us via the contact form, via email or on paper will be handled responsibly by the responsible employees and only used for the intended purpose.
Your queries will be stored by the Federal Chancellery in paper or electronic form in line with the terms applicable to the storage of written correspondence. Your data will only be used to process your request.
Relevant extracts of your data (in particular your name, email, address and contact details) may be sent to other federal services to answer your query appropriately if this is necessary for organisational reasons.
Data protection and information security were already a high priority for us before the entry into force of GDPR and the Data Protection Act.
LFRZ as a contract processor has the following certifications related to IT security:
- ISO/IEC 27001:2013 (Information technology — Security techniques — Information security management systems — Requirements)