Privacy Policy

Information in accordance with Articles 13 and 14 of the GDPR

1.    General
The protection of your personal data is very important to us.
AustriaTech – Gesellschaft des Bundes für technologiepolitische Maßnahmen GmbH (hereinafter referred to as ‘AustriaTech’ or ‘we’) processes personal data exclusively in accordance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and the Austrian Data Protection Act (DSG).
AustriaTech has taken technical and organisational measures to ensure a level of protection for personal data that is appropriate to the risk. If external service providers are used, this is done exclusively on the basis of corresponding order processing agreements in accordance with Art. 28 GDPR.

2.    Data controller and contact details
The controller responsible for the processing of personal data is the:
AustriaTech – Gesellschaft des Bundes für technologiepolitische Maßnahmen GmbH
Raimundgasse 1/6
1020 Vienna, Austria
T: +43 1 26 33 444
E: office@austriatech.at
The data protection officer:
AustriaTech – Gesellschaft des Bundes für technologiepolitische Maßnahmen GmbH
Raimundgasse 1/6
1020 Vienna, Austria
E-Mail: datenschutzbeauftragter(at)austriatech.at

3.    Enquiries via contact form 
When you contact us via the contact form, we process the personal data you provide (for example, your name, email address, telephone number, the content of your enquiry and any documents transmitted).
•    Purpose of processing
The processing is carried out for the purpose of receiving, documenting, handling and responding to your enquiry.
•    Legal basis
Processing is based on:
Art. 6(1)(b) GDPR, where the processing is necessary to take steps at your request prior to entering into a contract or to perform an existing contractual relationship; and
Art. 6(1)(f) GDPR, where processing is necessary for the purposes of our legitimate interest in ensuring efficient communication and proper handling of enquiries.
•    Retention period
Your data will be stored only for as long as necessary to process and respond to your enquiry and will be deleted thereafter, unless statutory retention obligations or contractual requirements require further storage.

4.    Registration and user account for access to C-ROADS Releases
We offer you the possibility to create a user account in order to store your details and to obtain access to download C-ROADS Releases and related documents.
In this context, we process the personal data you provide during registration (such as surname, first name, organisation, country and email address).
•    Purpose of processing
The processing serves:
the creation and administration of your user account,
the provision of access to C-ROADS Releases, and
the fulfilment of your request to obtain such documents.
•    Legal basis
Processing is based on:
Art. 6(1)(b) GDPR, where the processing is necessary for the performance of a user relationship or to take steps prior to entering into such a relationship; and
Art. 6(1)(f) GDPR, reflecting our legitimate interest in securely providing access to C-ROADS documentation requested by registered users and in administering the platform.
•    Retention period
We process your personal data for as long as your user account remains active.
Your data will be deleted or anonymised once the account is deleted, unless statutory retention obligations or overriding legal claims require continued storage.

5.    Google fonts 
Our website uses Google Fonts to display external fonts. This is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (hereinafter: Google). Through certification according to the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active 
Google guarantees that it will follow the EU's data protection regulations when processing data in the United States. To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed. 
The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the optimisation and economic operation of our site. 
When you access our site, a connection to Google is established from which Google can identify the site from which your request has been sent and to which IP address the fonts are being transmitted for display. Google offers detailed information at https://adssettings.google.com/authenticated 
https://policies.google.com/privacy 
in particular on options for preventing the use of data

6.    Cookie use 
To facilitate the use of our website we use cookies. "Cookies" are small bits of information that are stored by your browser on your computer hard drive and are necessary for personalised use of our website. Thus, the information contained in cookies facilitates session control, in particular improvement of navigation, for example, through font size. Cookies help you navigate our site. Most Web browsers automatically accept cookies. By changing the settings of your browser, you can change this. You can also remove cookies stored on your computer at any time by deleting temporary files. 

7.    Third party websites 
The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites. 
8.    International data transfers 
Information that we collect may be stored and processed in and transferred between C-Roads Platform Member States and associated members to enable us to use the information in accordance with this privacy policy. Information which you provide may be transferred to countries which do not have data protection laws equivalent to those in force in the European Economic Area.

9.    Data recipients and transfers to third countries
Personal data will only be transferred to third parties if there is a valid legal basis for doing so. Transfers will only be made to the extent necessary.
As a general rule, personal data will not be transferred to recipients in third countries or international organisations unless expressly stated otherwise.

10.    Storage period:
We only store personal data for as long as is necessary to fulfil the respective purposes, or to comply with legal storage obligations.

11.    Your rights as a data subject
In accordance with the GDPR, you have the following rights in particular:
•    Right of access (Art. 15 GDPR): Once your identity has been verified, you may request confirmation from AustriaTech as to whether your personal data is being processed and request access to this data and the information specified in Art. 15 GDPR.
•    Right to rectification (Art. 16 GDPR): You may request the rectification of data if we process inaccurate or incomplete data about you (Art. 16 GDPR).
•    Right to erasure (Art. 17 GDPR): You may request the erasure of relevant personal data if the conditions of Art. 17 GDPR are met.
•    Right to restriction of processing (Art. 18 GDPR): You may request the restriction of the processing of your data if it is unclear whether it is inaccurate or incomplete or is being processed unlawfully until the matter has been finally clarified (Art. 18 GDPR).
•    Right to data portability (Art. 20 GDPR): You have the right to data portability of the data you have provided to us, provided that the processing is based on consent (Art. 6(1)(a) or on a contract (Art. 6(1)(b) to which you are a party and the processing is carried out by automated means (Art. 20 GDPR).
•    Right to object (Art. 21 GDPR): If processing is based on legitimate interests (in accordance with Art. 6(1)(f) GDPR), you have the right to object to the processing of your personal data. 21 GDPR, provided there are reasons arising from your particular situation that justify this objection. This right applies without restriction in the case of processing for the purpose of direct marketing.
•    Right to withdraw consent: You have the right to withdraw your consent to the processing of your personal data at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
To exercise your rights, please contact:
datenschutzbeauftragter(at)austriatech.at

12.    Right to lodge a complaint
If you believe that the processing of your personal data violates the GDPR or your rights as a data subject have been violated, you have the right to lodge a complaint with the supervisory authority responsible for you. In Austria, this is the Data Protection Authority (www.dsb.gv.at).
To assert these rights, please contact the contact person listed under “Data controller and contact details” in writing (by letter or email) or directly at datenschutzbeauftragter(at)austriatech.at

13.    Policy amendments 
We may update this privacy policy from time-to-time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes