Data protection Post App

Österreichische Post app: Österreichische Post's data protection policy

Updated: August 2020
 
1. Who is in charge of handling your personal data?

1.1 Österreichische Post AG, Rochusplatz 1, 1030 Vienna ("Österreichische Post", "we", "us") is responsible for adequately protecting your personal data.  Österreichische Post complies with all legal provisions about the protection, lawful handling and confidentiality of personal data as well as data safety.

1.2 We process your personal data in accordance with data protection regulations, above all the General Data Protection Regulation (GDPR), the Austrian Data Protection Act, relevant regulations defined in the Postal Market Act and other relevant laws.
 
1.3 This data protection policy provides information about why and how we process your data when you use our Österreichische Post app. For general information about data protection at Österreichische Post, please click here
 
2. What interest does Österreichische Post have regarding my data and based on which grounds may Österreichische Post process my data?

2.1 Performance of a contract and performance steps required prior to entering into a contract: we use your personal data pursuant to Art 6 (1) (b) of the GDPR

If you have an Österreichische Post online account and if you have logged in to our Österreichische Post app, we process your data for the services requested by you. These services include: 

a) Mail tracking: you can use this service to follow your item's status and to receive information about any status changes.  If you use the save function, you can assign individual names to your items and access them as needed.

b) E-notifications: use this service to receive delivery notifications on your smartphone or via e-mail. 

c) Parcel forwarding: use this service to forward your parcels. You can have them redirected to a postal branch, a Post Partner of your choice, a HermesPaketShop, a pickup station, a preferred neighbour, or a preferred location. Use our preferred delivery day to have it delivered on the day of your choice. 

d) Branch locator: use this service to find all branches, Post Partners and letterboxes near you. Alternatively, you can also search for addresses. In addition, you will receive information about the distance to the closest service location and how to get there. The system will also show the opening hours for every branch.

e) Damage report: use this service to report any damaged items. 

f) Rate Österreichische Post's services: use this service to let us know how satisfied you were with the services of Österreichische Post. 

g) Receive e-letters: use the e-postbox in your Österreichische Post app to receive e-letters such as invoices, contracts, and other documents in digital format. You can access these documents any time in the Österreichische Post app. 

If you have not logged in to our Österreichische Post app via an Österreichische Post online account, we will process your data for the services requested by you. These services include: 

a) Mail tracking: you can use this service to follow your item's status and to receive information about any status changes.  If you use the save function, you can assign individual names to your items and access them as needed.

b) Branch locator: use this service to find all branches, Post Partners and letterboxes near you. Alternatively, you can also search for addresses. In addition, you will receive information about the distance to the closest service location and how to get there. The system will also show the opening hours for every branch.

Registering for an Österreichische Post account and verifying your identity for this account. 

For the purpose mentioned above, we process your data such as personal master data, date of birth, address data, contact data (e.g., e-mail address, telephone number), item data, usage data, document content data, identification data (e.g., ID data, company register number, VAT number), image data.

We can only enter into and perform a contract if we can process your personal data. If you do not provide the required data, we cannot enter into a contract.
 
2.2 Your data may also be processed in the interest of Österreichische Post or of a third party. This data processing is performed pursuant to Article 6 (1) (f) of the GDPR 

for the purpose of ensuring system security.
for the purpose of statistical analyses, provided that these are technically necessary. 
for customer service including inquiry/complaint management, especially if you have provided ratings for your items or submitted a damage report. 

For this purpose, we process your data such as the date, the kind of device used, type, and version of the operating system used and the browser type and version, item data, personal master data, date of birth, address data and contact data (e.g., e-mail address, telephone number). 
  
2.3 Consent: In some cases, we will ask for your consent pursuant to Article 6 (1) (a) of the GDPR. When doing so, we will naturally fully comply with any additional applicable statutory provisions. Österreichische Post will need your voluntary consent that you can revoke at any time with future effect especially for the following purposes: 

making the Österreichische Post app available to users. In order for us to make the Österreichische Post app available to users, we rely on technical interfaces. For additional information about technical interfaces, please see item 10.
for tracking your user behaviour in order to improve our service. 
for sending you push notifications. 

For this purpose, we process your data such as the date, the kind of device used, type and version of the operating system used and the browser type and version, item data, personal master data, date of birth, address data and contact data (e.g., e-mail address, telephone number).
 
2.4 Österreichische Post will send you a separate notification before we start processing your data for purposes other than the ones described in this document.
 
3. With whom are we allowed to share your data?

3.1 External service providers: We comply with statutory and contractual obligations. In a world of labour division, the required data processing work is oftentimes provided by specialised businesses, so-called service providers (data processors). These businesses can provide such services at attractive rates while delivering high quality. Therefore, we transfer your personal data to such businesses in the scope necessary for them to provide the contractually agreed services. Such services include, among others, data storage in secure IT centres, the use of IT services as well as marketing activities. Our data processors include IT service providers, service providers for customer assistance activities, marketing businesses and advertising agencies. 
 
3.2 Other recipients: As part of a contractual relationship and especially in relation with our performance duty, in specific cases, we may additionally share your personal data with other parties. These third parties that may receive data from us include, among others, attorneys. 
 
4. May your data also be shared with third parties in another country (including outside the EU)?

4.1 Yes, provided that the European Commission has confirmed that this third country has an adequate data protection level and that adequate data protection guarantees exist (e.g., binding in-house data protection provisions or standard EU data protection clauses).
4.2 In exceptional cases, the data may also be shared with a third country with your explicit consent, provided that we have informed you about possible risks associated with the planned disclosure and the lack of adequate data protection guarantees (item 4.1). This is done via technical interfaces that we and third parties may occasionally use to process personal data as well. These third-party providers include Google LLC and Apple Inc which are headquartered in the USA where they process their data. The European Court of Justice has declared the data protection level in the USA to be inadequate. It highlighted the risk of your data being accessed by US authorities for control and surveillance purposes and the fact that no effective legal remedies against this exist. Before we use these technical interfaces and transfer your data to these companies, we will ask you to provide your explicit consent (Article 6 (1) (a) of the GDPR and Article 49 (1) (a) of the GDPR) and we will provide detailed information about all data processing (purpose, data categories, and storage period, among others). For specific information about all technical interfaces, please see item 10 of the data protection policy. You can revoke your consent with future effect at any time. In addition, please note that we are working hard to implement (additional) adequate safeguards pursuant to Article 46 of the GDPR as an alternative legal basis for the above-mentioned data transfer. If you do not agree with this, you cannot use the app. In this case, we kindly ask you not to agree and to deinstall the app. Please note that alternatively, you can use our services on post.at. 
 
5. How long will your data be stored?

5.1 As soon as Österreichische Posts no longer needs your personal data for the purposes described above, they will be deleted, unless statutory storage periods to the contrary apply.

5.2 The statutory period of prescription pursuant to the Austrian Civil Code is between three and thirty years. During this time period, claims against Österreichische Post may be brought forward. We may keep your personal data as long as necessary depending on the possible claim.  As a result of corporation law provisions (e.g., Federal Fiscal Act, Company Act), your contractual data must be stored for at least seven years after the end of the contractual relationship. 

6. Is the processing subject to automated decision-making or profiling?

We do not perform automated decision-making or profiling as defined in Article 22 of the GDPR.

7. What rights do you have?

7.1 If you so desire, we will provide information about your personal data that we process at Österreichische Post whenever you like. In addition, in some cases, you also have the right to data portability, meaning that we would give you all personal data you have disclosed to us in a structured, standard and machine processable format. 

7.2 Under certain conditions, you can also demand that the processing of your data is limited or that your personal data are rectified or deleted. In addition, you can object to the processing.

7.3 In some of the above-mentioned cases, your consent will give Österreichische Post the right to process your data: you can revoke this consent at any time without the need to state reasons with future effect. Until then, we will lawfully process your data.

7.4 Do you have any questions, suggestions or feedback? In that case, please contact our data protection officer mentioned in item 9. Also, you have the option of filing a complaint with the Austrian Data Protection Authority: Österreichische Datenschutzbehörde, Barichgasse 40-42, 1030 Vienna.
 
8. Your right to object

As a data subject, you have the right to object to the use of your data if the processing serves the purpose of direct marketing.  In addition, you have the right to object if reasons arise for you to do so as a result of your particular situation. If you would like to object, please go to our website at datenschutzanfrage.post.at or write to Postkundenservice, Bahnsteggasse 17-23, 1210 Vienna.
 
9. Contact us

To contact the data protection officer of Österreichische Post, please visit datenschutzanfrage.post.at or write to Postkundenservice, Bahnsteggasse 17-23, 1210 Vienna. For any other inquiries, please use our contact form available at post.at/otherinquiries.

10. Legal information and information about technical interfaces

10.1 General information: The information provided on Österreichische Post app is for informational purposes only. We take great care to ensure that all information is correct and complete. However, we cannot exclude that unintentional or incidental mistakes will occur.

Österreichische Post accepts no liability or guarantee for the information provided on the Österreichische Post app. Above anything, Österreichische Post does not guarantee that all information can be displayed using any software or hardware configuration, that the information is up-to-date, secure and free from mistakes, that it meets your expectations and/or that it is permanently available. Also, Österreichische Post does not guarantee that its Österreichische Post app and auxiliary systems (e.g., servers) are free from viruses. In addition, Österreichische Post reserves the right to complement or change the information on its Österreichische Post app without prior notification.

Österreichische Post AG is not liable for inaccurate or missing information. This especially applies, without limitation, to (hyper)links and other content used directly or indirectly on our Österreichische Post app or that can be accessed from it. All decisions based on information provided by Österreichische Post on its Österreichische Post app are the sole and only responsibility of the user.

In addition, Österreichische Post accepts no liability for immediate/specific damage or consequential damage or other damage of any kind that may result in any way from the direct or indirect use of provided information (including hyperlinks). 

All abovementioned provisions also apply to software that can directly or indirectly be accessed or used on the Österreichische Post app. If third-party software is accessed via (hyper)links, the rules of the provider in question shall apply.
 
10.2 Copyright: The structure and content of the Österreichische Post app are protected by copyright. Any use or reproduction of images or text is subject to prior written consent by Österreichische Post. It is explicitly prohibited to use marks (e.g., trademarks, logos).
 
10.3 Use of technical interfaces (so-called software development kits, hereinafter referred to as "SDK"):  For the Österreichische Post app, we rely on different technologies (so-called software development kits, hereinafter referred to as "SDK") to make the app more user friendly. A software development kit (SDK) is a collection of software development tools in one installable package. They facilitate the creation of applications by having compiler, debugger and perhaps a software framework. They are normally specific to a hardware platform and operating system combination. The following SDKs are used for the Österreichische Post app:
Firebase Analytics and tag manager: We use the Firebase Analytics service by Google to create analysis reports and user analyses. When this service is used, data (IP address) are processed and shared with the provider (Google).
Firebase Crashlytics: We use the Firebase Crashlytics service by Google to receive crash reports and use them to correct any mistakes that may have been identified. When this service is used, data (IP address) are processed and shared with the provider (Google).
Firebase Messaging: We use the Firebase messaging service by Google to send push notifications to our users. When this service is used, data (IP address) are processed and shared with the provider (Google).
Firebase Performance: We use the Firebase performance service by Google to measure our app's performance and improve it on an ongoing basis When this service is used, data (IP address) are processed and shared with the provider (Google).
Firebase Remote Config: We use the Firebase remote config service by Google to make changes to the app via remote access. Among others, we use it to activate maintenance pages or deactivate specific app versions. When this service is used, data (IP address) are processed and shared with the provider (Google).
(Android only) Google Play Core: We use the Google Play Core services by Google to display update notifications in the app. When this service is used, data (IP address) are processed and shared with the provider (Google).
Install Referrer: We use the Install Referrer service by Google to identify the origin of a verification. When this service is used, data (IP address) are processed and shared with the provider (Google).
Google Maps / Apple Maps: We use Google Maps (Android) and Apple Aps (iOS) to offer certain app functions such as our branch locator and parcel forwarding. When this service is used, data (IP address, device's location data after approval) are processed and shared with the provider (Google/Apple).
FaceID / TouchID / Fingerprint: We use FaceID and TouchID by Apple (iOS) and fingerprint services by Google (Android) to protect e-postboxes if needed. When you choose one of these security options, data (IP address, encrypted biometric data) are processed and shared with the provider (Google/Apple).

(iOS only) MessageUI: We use the MessageUI service by Apple to send e-mails from the app in the case of support requests. When this service is used, data (IP address) are processed and shared with the provider (Google).

11. Changes or complements

We reserve the right to change or complement the information provided at any time and without prior notification. If certain parts or specific passages are found to be invalid, to have become invalid or are not fully valid, the content and validity of the rest of the document shall remain unaffected.