Privacy statement Privacy statement for oesterreich.gv.at and the "Digitales Amt (Digital Office)” government app in the not-authenticated area

1. Purpose of the privacy policy

The Federal Ministry for Digital and Economic Affairs (Bundesministerium für Digitalisierung und Wirtschaftssstandort – BMDW) has a duty to protect your personal data. In this statement, we outline which data is reached during the use of oesterreich.gv.at, how it is collected, and also what we use this data for.

The Federal Ministry of Digital and Economic Affairs is responsible for the data collected from you in accordance with Article 24 et seq. of the General Data Protection Regulation (GDPR).

2. What is the purpose of this declaration?

This declaration applies to the website oesterreich.gv.at, all subpages and the "Digitales Amt" government app.

3. Data capture

Your data are collected by the following data processing operations.

3.1 Cookies

Cookies are small text files that are stored on the requesting party's device in order to recognize them. Thus, the information contained in the cookies serve the session control or it is necessary information for the functionality and are technically absolutely necessary.

  • www.oesterreich.gv.at: this domain represents the non-registered area of oesterreich.gv.at and does not use cookies
  • www.help.gv.at: this domain is used for the authority search and form search and requires the technically necessary cookies "gemeindecode" and "JSESSIONID".
  • eid.oesterreich.gv.at: this domain is used for the registration procedure and requires the technically necessary cookies "UNIQUE_ID" and "JSESSIONID".
  • secure.oesterreich.gv.at: this domain represents the logged in area of oesterreich.gv.at and uses the cookie "_shibsession_xxxxxxxx" for the session control, where "xxxxxxxxx" is a generated hexadecimal value

3.2 Log data

 Each time you access the website, the visit is recorded in a log file (server logs) for a period of 6 months with the following log data:

  • IP address of the enquirer
  • call method (GET, HEAD, PUT)
  • target address without HOST
  • minutes with version (e.g. HTTP/1.1)
  • name of the file retrieved and amount of data transferred
  • date and time of the retrieval
  • notification indicating whether the retrieval was successful
  • processing time of the request in microseconds
  • user agent used
  • SSL version used
  • referrer

This data is used for system security verification, error analysis and for statistical purposess.

We reserve the right to carry out personal analysis or profiling in the event of attacks on BMDW’s internet infrastructure.

3.3 Analysis tool Matomo

The website and the app use the open-source tool Matomo for statistical purposes. In addition, the log data are stored in the Matomo tool and hence made anonymous. With Matomo, no data are transmitted to servers which are not monitored by the Federal Ministry for Digital and Economic Affairs (BMDW).

3.4 Chatbot

To ensure a continuous improvement in the answering performance, dialogues and data arising from user enquiries are processed to enhance the service quality.

3.5 Services automated by the mobile signature or citizen’s card

In order to use specific services in a registered area, a mobile signature or citizen’s card is required. Information on the mobile signature and its possible uses can be found on this website, as well as on www.buergerkarte.at.

When using your mobile signature or citizen’s card, the following data are processed on the website or in the app:

  • first name
  • surname
  • date of birth
  • personal identifiers associated with the specific area, as well as encrypted area-specific personal identifiers which are generated with the help of the mobile signature or citizen’s card, and which depend on the particular process and particular stage of the process
  • txID (identification number), which is assigned by the system when logging in with the mobile signature and is retained until logging out.

3.6 A-Trust mobile signature service in the app

The use of personal data by A-Trust takes place in accordance with the relevant data-protection regulations, in particular the requirements of the General Data Protection Regulation (GDPR). The use of data takes place exclusively for the purpose of fulfilling a contract or on a legal basis. The customer also recognizes and consents to the fact that the following types of data need to be used and processed in order for services included in the contract to be delivered:

Name (first name(s), surname(s)), telephone number, certificate serial number, length of validity of the certificate, timings of signatures, domain of the signature recipient, unique ID, Push ID, document to be signed, date of contract.

3.7 Feedback function

In order to continuously improve the platform oesterreich.gv.at and the "Digitales Amt" government app based on the experiences of users, it is possible to give feedback. In this process, a rating and an open comment can be posted, of which the latter is saved in plain text. Feedback is anonymous and no information about the assessor is stored (unless the person himself/herself enters personal data in the comment field).

3.8 Push notifications in the app

Push notifications from "Digitales Amt" are sent via Firebase Cloud Messaging (FCM). For iOS users, the transmission also takes place via the Apple Push Notification Service (APNs). In this case, the option to use Google Analytics is disabled.

In order to send the notifications to the respective recipient, a non-person-specific ID is generated for the app and processed in FCM – with iOS additionally in APNs –, and in the push notification service of the app.

To be able to use the notification function, you must enable this feature in the app.

To do so, the app opens an operating system dialogue once you have accepted the terms and conditions of use. You can always change your selection in the system settings, but you must switch back into the app for it to take effect.

4. Data storage

The data are stored in the Federal Data Processing Centre Ltd ("Bundesrechenzentrum GmbH" or simply "BRZ GmbH"), the IT service provider of the Austrian federal administration. Copies are available exclusively for the central backup process of the Federal Data Processing Centre Ltd (BRZ GmbH). The BRZ GmbH system administrators, who are responsible for the technical operation, have access to this data. This data is accessed only iexclusively in individual cases, in accordance with the General Data Protection Regulation (GDPR) the Data Protection Act (Datenschutzgesetz or DSG) and this data protection declaration.

There is no transfer of this data to any third parties.

5. Data subject rights

You have the right to information about data concerning yourself, as well as the right to have data rectified or deleted. You have a right to restrict or to object to data processing, as well as the right to transfer data.

If you consider that your rights are not being complied with or are not being ad-equately complied with, you have the possibility to lodge a complaint with the Data Protection Authority.

6. Contact details

Responsible department: Federal Ministry for Digital and Economic Affairs (Bundesministerium für Digitalisierung und Wirtschaftsstandort - BMDW)

Abteilung I/B/4 E-Government Bürger
Stubenring 1
A-1010 Vienna

BMDW data protection officers:

  • Dipl.-Ing.Beate LUKAS-JANOWSKY
  • Mag.Jakob WURM (Master’s degree)
Not certified translation
Last update: 1 September 2021

Responsible for the content: Federal Ministry for Digital and Economic Affairs