Privacy Policy

Introduction

You are currently at the Austrian eIDAS node. Since you intended to log in to an Austrian service provider using an electronic identification means issued in another Member State, you have been redirected to the Austrian eIDAS node on the legal basis of Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (the so-called eIDAS Regulation) .

Pursuant to Section 6 (5) of the E-Government Act (E-GovG), when such an electronic identification means is used for data subjects who are registered neither in the Central Register of Residents (Zentrales Melderegister - ZMR) nor in the Supplementary Register for Natural Persons (Ergänzungsregister für natürliche Personen - ERnP), an entry must be created in the Supplementary Register. For this purpose, the person identification data of the electronic identification means used shall be entered into the Supplementary Register. If an entry already exists for the data subject in the Central Register of Residents or the Supplementary Register, the person identification data of the electronic identification means used shall be entered into the respective register. For unique identification in electronic transactions, the identity link (Personenbindung) shall be established accordingly in accordance with Section 4 (5) or Section 14 (3) of the E-GovG.

Controller

The controller responsible for the processing of your personal data in accordance with data protection laws is:

Source PIN Register Authority (Stammzahlenregisterbehörde)
Austrian Federal Chancellery (Bundeskanzleramt Österreich),

Division VII/2,

Ballhausplatz 2, 1010 Wien
E-Mail: post.szrb@bka.gv.at

Processing Activity

Scope of the processing of personal data

Depending on the circumstances we collect (depending on the data already available in the Central Register of Residents and the Supplementary Register for Natural Persons) the following personal data when an electronic identification means issued in another Member State is used for the purpose of authentication when logging in to an Austrian service provider:

  • Unique identifier for natural persons (“PersonIdentifier”)
  • First name(s)
  • Surname(s)
  • Date of birth
  • Optional attributes for natural persons, in particular place of birth and birth name
  • Address data from a current or former residence in Austria
  • Sector-specific personal identifier (bPK)
  • Identifier (“Country Code”) of the Member State in which the electronic identification means used was issued

Legal basis for the processing of this data

This processing of personal data is based on Art. 6 (1) (e) GDPR. The eIDAS Regulation (Articles 6 and following) provides the basis under EU law.

Purpose of Processing

The purpose of this processing is to allow you to use an electronic identification means from another Member State to log in to Austrian service providers.

Retention Period

Your data is retrieved and forwarded by the eIDAS node on a one-time basis only. In the course of authentication at the eIDAS node, your data may be used to create a new entry or to expand and update your existing entry in the Supplementary Register for Natural Persons (ERnP), as well as to expand your existing entry in the Central Register of Residents (ZMR). Legally defined deletion and retention periods apply to ZMR and ERnP.

Source

In principle, your data is obtained during the login process from the eIDAS infrastructure of the Member State that issued the electronic identification means used for login. If required and requested by you, you may also provide address data from a current or former residence in Austria. Furthermore, if required, possible, and requested by you, your sector-specific personal identifier (bPK) will be obtained from the Austrian electronic identification system “ID Austria” along with your first name, surname, and date of birth.

Recipients of Personal Data

Your data, or parts thereof, will be disclosed to the relevant registers of the Austrian administration (Central Register of Residents (ZMR), Supplementary Register for Natural Persons (ERnP), Address Register) and subsequently to the Austrian electronic identification system "ID Austria" as well as to those Austrian service providers where you log in.

Note

In your ID Austria usage history, you can track when you logged in to which Austrian service provider.

Automated Decision-Making

There is no automated decision-making pursuant to Art. 22 GDPR.

Rights of the Data Subject

Right of Access

You have the right to obtain information from us regarding all personal data processed by the ID Austria system. ID Austria provides you with secure remote access to your personal data that the ID Austria system can provide.

Right to Rectification

After reviewing which data the ID Austria system draws from which sector-specific sources, you may, if necessary, perform or arrange for a data correction. You will find more detailed information on the competent controllers in the respective notes.

Other Data Subject Rights

Furthermore, you have the right to erasure, the right to restriction of processing, the right to object to processing, and the right to data portability.

Supervisory Authority

You have the right to lodge a complaint with the national supervisory authority of your place of residence if you assume that the processing of your personal data is unlawful. In Austria, the competent authority is the Data Protection Authority (Datenschutzbehörde).

Data Protection Officer of the Federal Chancellery (Bundeskanzleramt)

Austrian Federal Chancellery (Bundeskanzleramt Österreich),
Data Protection Officer
Ballhausplatz 2, 1010 Wien
E-Mail: datenschutz@bka.gv.at