(Information according to Art 13 and 14 GDPR)

Status as of 19.11.2024

Introduction

In order to make this data processing comprehensible, we would like you to know when we collect which personal data and how we process it for which purposes. Personal data is all information that relates to a specific or identifiable person, e.g. name, address, e-mail address, user behavior. We have taken technical and organizational measures to ensure that we comply with data protection regulations.

We process personal data in compliance with the relevant data protection regulations, in particular the General Data Protection Regulation (GDPR (EU) 2016/679) and the Austrian Data Protection Act (DSG). Processing by us therefore only takes place on the basis of a legal basis (in particular pursuant to Art. 6 para. 1 lit. a - f GDPR).

Responsible and data protection officer

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the:

AustriaTech – Gesellschaft des Bundes für technologiepolitische Maßnahmen GmbH

Raimundgasse 1/6

1020 Wien, Österreich

T: +43 1 26 33 444

F: +43 1 26 33 444-10

E: office@austriatech.at

You can contact our data protection officer as follows:

AustriaTech – Gesellschaft des Bundes für technologiepolitische Maßnahmen GmbH

Raimundgasse 1/6

1020 Wien, Österreich

E: datenschutzbeauftragter@austriatech.at

Legal basis for the processing of personal data

In connection with the operation of the national access point (NAP), various legal bases within the meaning of Art. 6 (1) GDPR come into consideration for the processing of personal data.

The public tasks of the NAP include the provision of information as part of the implementation of the requirements of the ITS Directive 2010/40/EU in conjunction with these supplementary delegated regulations, which require the operation of a NAP by the member states. The legal basis for the processing of personal data is therefore Art. 6 para. 1 lit. e GDPR.

For tasks or areas that do not fall under the public tasks, the fulfillment of a contract pursuant to Art. 6 para. 1 lit. b GDPR is the legal basis to enable the processing of the data and the provision of our service and communication with you.

In certain cases, we may also process your data to protect our legitimate interests (pursuant to Art. 6 para. 1 lit. f GDPR), provided that your interests, fundamental rights and freedoms do not prevail. This may be necessary, for example, to improve our services or to ensure the security of the website.

In certain cases where we are legally obliged to store and process certain data in order to comply with our legal obligations, Art. 6 para. 1 lit. c GDPR (legal obligations) is the legal basis.

Insofar as we obtain the consent of the data subject for individual processing operations of personal data, this serves as the legal basis in accordance with Art. 6 para. 1 lit. a) GDPR.

Data processing when using NAP

This section explains which personal data is processed in the various functionalities of the system.

Contact form

In the contact form, an interested party can provide personal details that are transmitted with the message but not saved. This is the following data:

• First name and surname
•  

When you contact us via the contact form, we collect and process the above-mentioned data, the request you have communicated and, if applicable, any additional data you provide. The purpose of data processing is to document, process and respond to your contact request. The data processing is carried out as part of the public task of operating the NAP (Art. 6 para. 1 lit. e) or AustriaTech's legitimate interest in communicating with users of the website (Art. 6 para. 1 lit. f GDPR).

The basis for this is our legitimate interest in the proper documentation, processing and answering of the request (Art. 6 para. 1 lit. f GDPR). In the event of contact in an existing customer relationship or the initiation of a business relationship, we rely on the fulfillment of the contract or the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR).

Personal data that you voluntarily disclose to us when making inquiries will be stored by us for the purpose of providing the associated processing and record-keeping (up to 3 years after completion or termination), unless a longer storage period is also required for the purpose of fulfilling a legal obligation or for the assertion or defense of legal claims.

Registration for data publishers & communication

The registration of data publishers is relevant in the context of personal data because it involves the storage of a contact person's data. A contact person is recorded for each organization with the following attributes:

• Vor- und Nachname
• E-Mail-Adresse
• Telefonnummer (optional zur ggfs. vereinfachten Kontaktaufnahme)
• The purpose of data processing is the administration and maintenance of your user account and the provision of our services and functions of the NAP.

These attributes are entered voluntarily by the user and can be deleted from the system or changed independently at any time.

The e-mail address provided by the account user during registration is made publicly accessible to other persons in connection with the mobility data of the user concerned in order to enable contact to be made.

If you no longer consent to the processing of your data, you can terminate the process at any time by deleting your user account. The user has the option of changing their e-mail address independently at any time.

Data processing through general system functions

Providing the website and creating log files

Each time you access our website (www.mobilitaetsdaten.gv.at), your end device (e.g. computer) or browser automatically transmits certain information to enable you to visit or operate the website:

•  
• Date and time of request
• - Time zone difference to Greenwich Mean Time (GMT)
• - Content of the request (page/content to be retrieved)
• - Access status/HTTP(S) status code
• - Browser and browser version
• Operating system and its interface

The use of the website by registered users is the subject of functional logging. In principle, user traceability is given here. The following attributes play a role here:Datum und Uhrzeit,

• - Event category (e.g. retrieval of content data, see below for others),
• - Status code,
• - Data on the triggering user:
  
  • User ID and name (human or technical),
  • ID and name,
• Data on the object on which the operation acts.
  
  • ID and name of the user,
  • ID and name of the organization,
  • ID and name of the data offer,
  • Context and
  • Changes (old and new values for fields).
• Whether the action was triggered by a functional system administrator or user support.

This data is only stored temporarily in our system's log files. The legal basis for the processing of the data and its temporary storage in log files is our legitimate interest in data processing Art. 6 para. 1 lit. f GDPR. The temporary storage of the aforementioned data by the system is necessary to enable the website to be delivered to the user's device. The data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems, in particular to ensure the integrity, confidentiality and availability of the data processed via our website. This data is not stored together with other personal data of the user.

Third-party websites: Our website contains hyperlinks to and from third-party websites (e.g. in our news). If you follow a hyperlink to one of these websites, please note that we cannot accept any responsibility or guarantee for third-party content or data protection conditions.

Rights of affected persons

In principle, you have the following rights under the GDPR with regard to your personal data. If the respective statutory requirements are met, you can assert the following data subject rights.

Right of information

In accordance with Art. 15 GDPR, you can obtain comprehensive information about the personal data processed by the NAP concerning your person as well as about other attributes such as the duration of storage or the purposes of processing.

Right to correction

In accordance with Art. 16 GDPR, you have the right to request the rectification of data concerning you if it is incorrect or incomplete.

Right to erasure

You can request the deletion of personal data if the requirements of Art. 17 GDPR are met.

Right to limitation of processing

In accordance with Article 18 of the General Data Protection Regulation, you may request the restriction of the processing of your data if it is unclear whether the data is being processed incorrectly, incompletely or unlawfully until final clarification has been obtained.

Right to data portability

In accordance with Art. 20 GDPR, the right to data portability includes the right to receive the personal data concerning you from the controller in a commonly used and machine-readable format and, where applicable, to transmit those data to another controller, provided that the processing is based on consent (Art. 6 (1) (a)) or on a contract (Art. 6 (1) (b)) to which you are a party and the processing is carried out by automated means (Art. 20 GDPR).

Right to appeal

In the case of processing based on legitimate interests (pursuant to Art. 6 (1) (f) GDPR), you have the right to object to the processing of your personal data on grounds relating to your particular situation. In the case of processing for the purpose of direct marketing, this right exists without restriction. (Art. 21 GDPR)

Right to withdraw consent

If the processing of personal data is based on your consent (Article 6(1)(a) GDPR), you can withdraw this consent at any time with effect for the future in accordance with Article 7(3) GDPR. The lawfulness of the processing based on your consent remains unaffected until you withdraw it.

Possibility to complain

You have the right to lodge a complaint with a supervisory authority responsible for you (in Austria this is the data protection authority, www.dsb.gv.at) if you believe that the processing of your personal data violates the GDPR or that your rights as a data subject have been violated.(Art. 77 GDPR)
To assert the aforementioned data subject rights, please contact us in writing (by letter or email) at the following email address: admin@mobilitaetsdaten.gv.at

Amendment of this declaration

We always keep our privacy policy up to date and make adjustments in the course of the further development of our websites and the implementation of new legal requirements if necessary.