1. Who is in charge of handling your personal data?
1.1 Austrian Post, Rochusplatz 1, 1030 Vienna (hereinafter referred to as “Austrian Post”, “we”, “us”) is responsible for adequately protecting your personal data. Austrian Post complies with all legal stipulations about the protection, lawful handling and confidentiality of personal data as well as data safety.
1.2 We process your personal data pursuant to stipulations defined in data protection legislation, including, but not limited to, the General Data Protection Regulation (GDPR), the Austrian Data Protection Act, the specific stipulations defined in the Austrian Postal Market Act and other pertinent legislation.
2. What interest does Austrian Post have regarding my data and based on which grounds may Austrian Post process my data?
2.1 Performance of a contract and performance steps required prior to entering into a contract: we use your personal data pursuant to Art 6(1)(b) of the GDPR
- for the provision of postal services (shipping and delivering mail), e.g. when you send a parcel
- for the payment of retirement benefits, unemployment benefits
- for logistics services, e.g. shipping goods
- for ongoing customer service and for answering your inquiries, e.g. when you contact us with a question
- for financial services
- for services related to communication and information technology using automated data processing and information technology, e.g. when you use our website or data processing at our distribution centres for letter mail and parcel shipping)
- to manage master data and contractual data, e.g. if you have a user account or a PO box with us or if you are an Austrian Post partner
- for the performance of contracts, e.g. for mail forwarding or release delivery authorizations, collection services, parcel stamps, e-letters or for prize draws
- for the provision of printing services (e.g. postcard app, Austrian Post online printing, photo printing)
- for the performance of contracts, e.g. regarding philately products such as stamps subscriptions, Meine Marke personalised stamps
- for real estate evaluation (e.g. when renting or selling real estate)
- for vehicle marketing purposes
We process your personal master data, address data (e.g. for the provision of postal services), contact data (e.g. e-mail address, telephone number), payment data, shipping data, user data, document content data, identification data (e.g. ID data, company register number, KSV number, VAT number), image data for the abovementioned purposes. We can only enter into and perform a contract if we can process your personal data. If you do not provide the required data, we cannot enter into a contract.
2.2 Your data may also be processed in the interest of Austrian Post or of a third party. This data processing is done pursuant to Article 6(1) (f) of the GDPR.
• For the provision of postal services including clarification and processing of damaged items (letter mail shipping and delivery), e.g. when we deliver a parcel to you. In that case we process the personal data provided by the sender.
- for the compilation of statistics with the goal of developing new rates, for handling offers and inquiries, processing applications and providing services, event management
- for customer service and request/complaint management
- for supplier management purposes
- for invoicing and accounting purposes
- for safeguarding property and responsibility protection via video surveillance
- for visitor and access management
- for our event management
- to apply for subsidies
- for a sustainable environmental and waste management system as well as for the implementation of our sustainability strategy
- For marketing purposes: the use of your data for marketing purposes can also be a justified interest. An example is when you have a customer relationship with us, e.g. you have a user account with Austrian Post and rely on services such as mail forwarding, PO boxes or release delivery authorization. In this case, we might use your data for market research purposes such as satisfaction surveys and studies about the provided services and for consulting services as well as for direct marketing, provided that, having considered all interests, we believe that the there is a justified interest for processing the data. In any other case, we will only use your data if you explicitly agree to it. You can revoke this consent at any time.
- Use of our data for third-party marketing purposes pursuant to Section 151 of the Austrian Industrial Code (activity as address broker and direct marketing company). With these activities, Austrian Post supports businesses in their active and targeted client communication processes. Austrian Post itself gets the required data (name, sex, title, degree, address, data of birth, profession, industry or business and client or interested person file where we obtained your address) from the persons in question, e.g. prior to prize draws. This means that you will receive written information at the time of the data collection saying that the data will be used for third-party advertising purposes. At the time at collection as well as at any later point in time, you have the option to object to this processing. For detailed information about an objection, please click here. However, the data can also be bought from other address brokers and direct marketing businesses. In that case, you will receive information from the suppliers of such address brokers about the planned use of your data.
Names and addresses collected in such manner can then be passed on to advertising businesses for sending out advertising mail or for other marketing purposes. The data can also be used for analyses and evaluations.
In order to improve customer communication processes, data may be analysed with marketing analysis tools and combined with other data. The data used for this purpose is collected with the help of publicly accessible information such as regional statistic data provided by Statistics Austria (no personal data), surveys among the data subjects similar to those done for voting analyses and projections. The lawfulness of the processing of such data is subject to constant verification and will be warranted pursuant to high legal standards.
- For compliance purposes. This means meeting statutory and other requirements, e.g. income tax and social security deductions, recording/reporting duties, audits, compliance with inspections by public authorities, “good governance”, reaction to legal disputes, administration of in-house inquiries/complaints/claims, investigation and behaviour in line with strategies/procedures, fulfilment of a trust-building communication policy as well as disclosure and information needs. To that effect, special categories of personal data (especially data from criminal proceedings) may be processed pursuant to Article 9 of the GDPR. When doing so, we comply with all special statutory stipulations for this processing.
- For planning, implementing and documenting internal revision action as well as forensic analyses to ensure that our business processes improve on a continuous basis and to meet provisions imposed by supervisory authorities. In addition, data collection for clarification and prevention purposes in the case of suspected unlawful activity towards Austrian Post. To that effect, special categories of personal data (especially data from criminal proceedings) may be processed pursuant to Article 9 of the GDPR. When doing so, we comply with all special statutory stipulations for this processing.
- To settle damages and insurance claims. To that effect, special categories of personal data (especially health-related data and criminally relevant data) may be processed pursuant to Article 9 of the GDPR. When doing so, we comply with all special statutory stipulations for this processing.
- For ensuring IT security and maintaining IT operations, the execution of stress tests, the development of new products and systems and the adaptation of existing ones, data migration to ensure system viability and integrity and ultimately, the viability and integrity of processed data. In this case, personal data is predominantly used for tests provided that such tests cannot be done with anonymous data without excessive costs. As a matter of course, data security pursuant to Article 32 of the GDPR will be ensured at all times.
In addition to the aforementioned personal data, we will process your personal master data, address data (e.g. from the provision of postal services), contact data (e.g. e-mail address, telephone number), payment data, shipping data, document content data, identification data, complaint/inquiry data from inquiries/complaints, image and audio data (e.g. video, image and telephone recordings).
2.3 Compliance with statutory obligations: Austrian Post is also subject to statutory obligations, e.g. from the Austrian Postal Market Act, the Delivery Act, stipulations from supervisory authorities, documentation duties as well as provisions from corporations law and capital market laws, tax law and entrepreneurial law. In addition, Austrian Post has inspection and reporting obligations. In order to be able to comply with these provisions, we process your personal data pursuant to Article 6(1) (c) of the GDPR exclusively in the scope required by the law in question.
2.4 Consent: Unless there are no justified grounds as described in 2.1 to 2.3 above, we will ask for your consent pursuant to Article 6 (1) (a) of the GDPR. When doing so, we will naturally comply fully with all applicable statutory provisions (including the Austrian Telecommunications Act). Austrian Post will need your voluntary consent that you can revoke at any time in the future especially for the following purposes:
- Austrian Post account: If you have signed up for an Austrian Post account or for the online services of Austrian Post, we will process the following data categories: personal main data, address data, contact data and, in the case of identification, the required ID data.
- Marketing purposes such as the electronic delivery of e-mails, text messages, messages in Austrian Post customer portals and mobile data applications, via social network and contact via telephone. Based on your consent, Austrian Post may send you marketing information via these channels about events and suggestions about products and services from the Austrian Post range of services.
- Tracking user behaviour on the websites and apps of Austrian Post provided that you use them. For additional information about cookies, please see legal information and cookie information for websites under item 9.
2.5 Austrian Post will send you a separate notification before we start processing your data for purposes other than the ones described in this document.
3. With whom are we allowed to share your data?
3.1 Data transmission within the Austrian Post corporation: We may entrust specific data processing steps to specialised departments or companies within our corporation. We will do that, for instance, to better process your customer data for internal administration purposes.
3.2 External service providers: we comply with statutory and contractual obligations. In a world of labour division, the required data processing work is oftentimes provided by specialises businesses, so-balled service providers (data processors). These businesses can provide such services at attractive rates while delivering high quality. Therefore, we transfer your personal data to such businesses in the scope necessary for them to provide the contractually agreed services. These services may include data storage in secure computer centres, printing invoices and advertising material, postcards, photos and digitising contracts or invoices (creating a digital, non-editable image). Our data processors include IT service providers, printing service providers, service providers for customer assistance activities, contract management, market research institutes, marketing businesses and advertising agencies.
3.3 Courts and public authorities: there are some statutory provisions that Austrian Post can only comply with by sharing your personal data with public authorities (such as social security organisations, tax offices or prosecuting bodies, supervisory bodies, customs bodies) or courts in the required scope.
3.4 Other recipients: As part of a contractual relationship and especially in relation with our performance duty, in specific cases, we may additionally share your personal data (e.g. with other postal service providers (e.g. UPU, IPC), freight forwarding companies, physicians, hospitals, insurance companies and brokers, experts, attorneys, interest groups, address brokers and direct marketing companies, banks and capital investment firms, insurance companies, CPAs, consultants, subsidy granting bodies, shareholders, investors).
4. May your data also be shared with third parties in another country (including outside the EU)?
4.1 Yes, provided that the European Commission has confirmed that this third country has an adequate data protection level and that adequate data protection guarantees exist (e.g. binding in-house data protection provisions or standard EU data protection clauses).
4.2 In exceptional cases, the data may also be shared with a third country with your explicit consent, provided that we have informed you about possible risks associated with the planned disclosure and the lack of adequate data protection guarantees (item 4.1).
5. How long will your data be stored?
5.1 As soon as Austrian Posts no longer needs your personal data for the purposes described above, they will be deleted, unless statutory storage periods to the contrary apply.
5.2. The statutory period of prescription pursuant to the Austrian Civil Code is between three and thirty years. During this time period, claims against Austrian Post may be brought forward. We may keep your personal data as long as necessary depending on the possible claim.
5.3 As a result of corporation law provisions (e.g. Federal Fiscal Act, Company Act), your contractual data must be stored for at least seven years after the end of the contractual relationship.
6. Which rights do you have?
6.1 If you so desire, we will give information about your personal information that we process at Austrian Post whenever you like. In addition, in some cases, you also have the right to data portability, meaning that we would give you all personal data you have disclosed to us in a structured, standard and machine processable format.
6.2 Under certain conditions, you can also demand that the processing of your data is limited or that your personal data is rectified or deleted.
6.3 In some of the abovementioned cases, your consent will give Austrian Post the right to process your data. You can revoke this consent at any time without the need to state reasons with future effect. Until then, we will lawfully process your data.
6.4 Do you have any questions, suggestions or feedback? In that case, please contact our data protection officer mentioned in item 8. In addition, you have the option of filing a complaint with the Austrian Data Authority: Österreichische Datenschutzbehörde, Wickenburggasse 8-10, 1080 Vienna.
7. Your right to object
As a data subject, you have the right to object to the use of your data if the processing serves the purpose of direct marketing. In addition, you have the right to object if reasons arise for you to do so as a result of your particular situation. If you would like to object, please go to our website at www.post.at/kontaktformular, call us at 0800 010 100 or write to Postkundenservice, Bahnsteggasse 17-23, 1210 Vienna.
8. Contact information
You can get in touch with Austrian Post by e-mailing us at email@example.com
or calling us at 0800 010 100 or writing to Postkundenservice, Bahnsteggasse 17-23, 1210 Vienna. If you have questions or suggestions regarding data protection, please contact our data protection officer by e-mailing us at firstname.lastname@example.org or write to Österreichische Post AG, Datenschutzbeauftragte, Rochusplatz 1, 1030 Vienna.
9. Legal information and cookie information for websites
9.1. General information
The information provided on the websites of Austrian Post is for informational purposes only. We take great care to ensure that all information is correct and complete. However, we cannot exclude that unintentional or incidental mistakes will occur.
Austrian Post accepts no liability or guarantee for the information provided on its websites. Above anything, Austrian Post does not guarantee that all information can be displayed using any software or hardware configuration, that the information is up-to-date, secure and free from mistakes, that it meets your expectations and/or that it is permanently available. Also, Austrian Post does not guarantee that its websites and auxiliary systems (e.g. servers) are free from viruses. In addition, Austrian Post reserves the right to complement or change the information on its websites without prior notification.
Austrian Post shall not be liable for incorrect or missing information on its websites, especially not for (hyper)links and other content that is either directly or indirectly used on the websites or that are accessible from them. All decisions based on information provided by Austrian Post on its websites are the sole and only responsibility of the user.
In addition, Austrian Post accepts no liability for immediate/specific damage or consequential damage or other damage of any kind that may result in any way from the direct or indirect use of the information (including hyperlinks) provided on its websites.
All abovementioned provisions also apply to software that can directly or indirectly be accessed or used on the websites of Austrian Post. If third-party software is accessed via (hyper)links, the rules of the provider in question shall apply.
The design and content of these websites is subject to copyright. Any change or reproduction of images or text from these websites is subject to the prior written consent by Austrian Post. It is explicitly prohibited to use marks (e.g. trademarks, logos).
Several parts of our websites rely on cookies and similar technologies (hereinafter referred to as “cookies“). They make our offer more user-friendly and more efficient. Cookies are small text files that are stored on your computer and that your browser will store. On our websites, we use both session and permanent cookies. Session cookies are stored for the duration of a session only. Permanent cookies are used to improve our clients’ use of our websites. Cookies do no harm to your computer and include no viruses. However, some services require users to log on, which does not work without identification cookies.
Go to your browser settings to determine whether you want to allow cookies or not.
9.3.1 Types of cookies
These cookies are used to unequivocally verify users. But they are also used to log in clients again automatically when they visit a given website again (remember_me Cookie). These cookies allow us to unequivocally identify users that are logged in in all applications and thus to provide the very best user experience.
We use the following authentication cookies: PHPSESSID, Session, CID, ssoauth3, isLoggedIn, remember_me
Functionality cookies are used to offer clients the best possible service for recurring functionalities and also to ensure the security of the web application. Monitor resolution values are saved in order to show clients the best resolution and to keep system loading times low. Unwanted areas can be permanently hidden.
We use the following functionaliry cookies: CSRF_PROTECTION, csrf_token, zp_last_tab, zp_hide_jumbotron, aufloesung, TS-Cookies, embed, keep_https, user_locale, user_interface_locale, force, polls_voted, background
On some of its websites, Austrian Post uses Google Analytics including the functionalities of Universal Analytics, a service provided by Google Inc. (hereinafter referred to as “Google”) which is implemented via the Google Tag Manager. Universal Analytics uses so-called “cookies“ that are saved on your computer and which allow for an analysis of your use of the website. Information about your use of Austrian Post websites (including your IP address) generated by these cookies is transferred to a Google server in the United States and saved there.
Austrian Post believes in protecting your data. On the websites of Austrian Post, we use IP anonymization. To that effect, we rely on the function “_anonymizeIp()“ which shortens IP addresses and processes them in this format only. The IP addresses cannot be associated directly with a specific person, i.e. in the member states of the European Union and other states of the European Economic Area, the IP address will be shortened before data is transmitted to Google.
On behalf of Austria Post, Google will use the transmitted information to analyse the use of the internet and the websites, e.g. anonymised analyses and graphs of page views and visits. With the help of the Universal Analytics function, we can analyse activities on our websites across devices (e.g. when accessed from laptops and subsequently from a tablet). This is done by assigning a pseudonymous user ID to a user. Among others, this is done when you sign up for a client account or when you log into your client account. Austrian Post will use this data exclusively for market research, for optimizing our websites and for the provision of additional services related to the use of the internet. In addition, Google might transfer this data to third parties provided that this is required by law or third parties might process the data on behalf of Google. Under no circumstances will Google link your IP address with other Google data. For more information about Google Analytics, please go online or visit www.google.com/analytics
Google Analytics advertising functions
In addition to the standard functions of Google Analytics, on this website we also use Google Analytics advertising functions, specifically the remarketing function (interest-related advertising) and Google Analytics reports about performance by demographic features and interests. The latter allows us to make statistical analyses about demographic data and our users’ areas of interest. The remarketing function is used to specifically target the users of our websites and to win them back as potential clients.
You can object to this data compilation and storage at any time for future effect.
You can prevent the storage of cookies by choosing the pertinent setting in your browser software. However, please note that, after changing these settings, you might not be able to use all functionalities of our websites.
In addition, you can prevent the compilation of data related to your use of the websites (including IP address) generated by cookies as well as processing of such data by Google by clicking on the following link to download and install the available browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=de
To deactivate the Google Analytics advertising function, click here:
In addition, we offer you the option of preventing the tracking process altogether. All you have to do is click on the link below. In order for this objection to be permanent, your browser must accept cookies.
We will only send you newsletters, e-mails or other electronic messages with advertising information if you have previously provided your consent or if a legal permission exists. For our newsletter sign-up process, we use the so-called double opt-in procedure. This means that, after signing up for our newsletter, we will send you an e-mail to the address you have indicated. Your registration will only be valid if you confirm this e-mail (e.g. by clicking on the confirmation link). In order to comply with our documentation duties, we keep logs of all registrations (especially e-mail address and time of registration).
10. Changes or additions
We reserve the right to make changes or additions to the information provided at any time and without prior notification. If certain parts or specific passages are found to be invalid, to have become invalid or are not fully valid, the content and validity of the rest of the document shall remain unaffected.