Privacy Policy

1. Purpose of the Privacy Policy

The association A-SIT (Center for Secure Information Technology – Austria) stands by its commitment to protect your personal data. In this statement, we explain what data is collected in the course of using the applications operated by A-SIT and how, and what we use this data for. A-SIT is the controller pursuant to Article 24 et seq. of the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679) regarding the data collected from you. We draw your attention here in particular to the data subject rights (see point 4), which includes your right to have the data deleted.

2 What does this Declaration Apply to?

This declaration applies to all publicly accessible websites and subpages of the domains a-sit.at and egiz.gv.at.

3. Collection of data

Your data is collected through the following data processing operations.

Cookies:

Cookies are processed after consent according to Art. 6 (1) lit. a GDPR. Such cookies are small text files that are stored on the requesting party’s device in order to recognize them. Thus, the information contained in the cookies is used for session control or it is necessary information for functionality and is technically essential.

  1. 1. randomly generated cookies are used for session control for publicly accessible information pages
  2. 2. for publicly accessible application servers (reference systems, demonstrators and A-SIT specific applications), cookies are used for session control and for any login, signature or verification processes (e.g. JSESSIONID, MOA_ID_SSO, MOA_INTERFEDERATION_SSO).

If this data is not provided, it will not be possible to use the services in question.

Log Data:

The servers store the connection data of all website accesses in so-called server log files. The processing of log data is done by consent according to Art. 6 (1) lit. a GDPR. This access data is transmitted to us by your browser. It is the following data:

  • – IP address of the inquirer(s)
  • – Calling method (GET, HEAD, PUT, …)
  • – Destination address without HOST
  • – Protocol with version ( /1.1 )
  • – Name of the retrieved file and amount of data transferred
  • – Date and time of the retrieval
  • – Message whether the retrieval was successful
  • – Processing time of the request in microseconds
  • – User agent used incl. version
  • – Cryptographic methods used for communication
  • – Referrer

We need this information to optimize the service of the website and to correct any errors, but also to protect the website from attacks. The log files are also evaluated statistically, for example to analyze the number of monthly accesses, the most frequently visited pages or downloads. If this data is not provided, it is not possible to use the services in question.

Via ID Austria/“Handy-Signatur“ or citizen card:

An ID Austria/”Handy-Signatur” (a mobile phone signature system) or citizen card is required to use certain services/applications. The processing of the relevant data takes place through consent pursuant to Art. 6 (1) lit. a GDPR on the one hand for the registration process (“authentication”) and on the other hand for the use of the services/applications.

The following data is processed to the maximum extent when using your ID Austria/”Handy-Signatur” signature or citizen card on the website or in the respective application:

  • – First name
  • – Surname
  • – Date of birth
  • – Area-specific personal identifier (bPK – bereichsspezifisches Personenkennzeichen)
  • – Qualified signature certificate incl. metadata contained therein

However, depending on the service/application, it is possible that only that subset of the aforementioned data is processed which is necessary for the operation of the service/application. Furthermore, it is not possible to use the services/application in question without the transmission of the aforementioned data or at least the relevant subset thereof.

The data for handling the registration process for authentication with ID Austria/”Handy-Signatur” or citizen card are only processed during the registration process and are not stored beyond that.

With the registration process via ID Austria/”Handy-Signatur” signature or citizen card, a comparison (so-called “matching”) is carried out with the data stored in the relevant service/application so that authentication is possible. In the service/application in question, the existing data is stored for as long as the person in question performs services on behalf of A-SIT.

The lawful processing of this above-mentioned data is based on consent pursuant to Art. 6 (1) lit. a GDPR.

The data will not be submitted to third parties.

Signature creation

For the use of the offered services/applications for the creation of digital signatures, the document to be signed is additionally processed. This document to be signed is processed exclusively for carrying out the signature process. The document itself is not processed by the service or its provider for any other purpose and is not stored beyond the signature process. The data will not be passed on to third parties. If this data is not provided, the service in question cannot be used.

4. Data Subject Rights (particularly the Right of Deletion)

You have the right to access information according to Art. 15 (GDPR) about the personal data concerning you as well as to rectification (Art. 16. GDPR) or erasure (Art. 17 GDPR) or to restriction of processing (Art. 18 GDPR) or a right to object to processing (Art. 18 GDPR) as well as the right to data portability (Art. 20 GDPR).

If the processing is based on consent, you have the right to withdraw your consent at any time; however, we point out that the processing was lawful based on the consent until the withdrawal.

If a data subject wishes to exercise the aforementioned data subject rights (pursuant to Art. 15, 16 or 17 GDPR), he or she may do so by contacting us at the contact details provided in Section 5.

If you are of the opinion that your data subject rights are not or not sufficiently complied with, you have the possibility to lodge a complaint with a supervisory authority (Art. 77 GDPR) with the competent data protection authority.

5. contact details

A-SIT Center for Secure Information Technology – Austria
Seidlgasse 22 / Top 9,
1030 Vienna, Austria
E-mail: office@a-sit.at