-Data protection notice for business customers
The protection of your personal data is important to us. We collect, use, and process your data exclusively within the framework of legal provisions (General Data Protection Regulation – GDPR, Data Protection Act – DSG, Telecommunications Act 2003 – TKG 2003). Below we inform you about the most important aspects of data processing within the scope of our business relationship or the initiation of a business relationship.
Contents
- Controller
- Purposes of data processing
- Data origin
- Processed data Categories and legal bases of processing
- Transmission of your personal data
- Retention period
- Your rights
1 Verantwortlicher
Internationales Amtssitz- und Konferenzzentrum Wien AG („IAKW-AG“)
Bruno-Kreisky-Platz 1
A – 1220 Wien
Telefon: +43 1 26069-0
Fax: +43 1 26069-303
E-Mail: [email protected]
You can contact our Data Protection Officer at [email protected]
2 Purposes of data processing
We process your personal data for the following purposes:
- In the context of our business relationship or the initiation of a business relationship, the data you provide is processed with the support of automation (e.g., email communication, CRM software) and in the form of archived text documents (e.g., correspondence, offers, and contracts, personalized invoices) to carry out pre-contractual measures and fulfill contracts concluded with you.
- Furthermore, within the scope of our business relationships, the data you provide is processed to send you information about news from the Austria Center Vienna, best practice examples from organizers, and tips for participants in Vienna, as well as invitations to our own events (e.g., newsletters, information emails, etc.). You can object to this use of electronic contact information at any time and at no cost.
3 Data origin
The personal data we process has been provided to us by you as a business partner within the scope of our business relationship and/or at sales forums, workshops, trade fairs, etc., in connection with the initiation of a business relationship. Furthermore, we cooperate with the International Congress & Convention Association (ICCA) or the Vienna Convention Bureau (VIC), which bring us into contact with interested parties or provide us with their data for contact purposes in accordance with legal requirements. If necessary, we process data that we have lawfully obtained from publicly accessible sources (e.g., commercial register, association register, land register).
4 Processed data categories and legal bases of processing
4.1. We process the following personal data of yours exclusively
- With your consent in accordance with Art 6 para 1 lit a GDPR;
- based on a contract initiation or fulfillment in accordance with Art 6 para 1 lit b GDPR;
- based on our overriding legitimate interest in accordance with Art 6 para 1 lit f GDPR.
4.2. The following data categories are processed by us, if necessary, to fulfill the purposes mentioned in point 1:
Company, company register number, VAT number, first name, last name, title, language, nationality, function in the company or area of responsibility at the customer, profession, representation authority, date of birth (if absolutely necessary for identification), contact person for, business address and other essential addresses, care data (such as: sent advertising material, booked events, etc.), telephone number, fax number, log files (in the case of pseudonymized analysis and evaluation of newsletters), email address, bank details, subject of delivery or service, bonus, discount or commission data, other tax-relevant information.
5 Transmission of your personal data
5.1. We only transmit your personal data if this is necessary to achieve the purposes set out in point 1 or if you have given your consent.
5.2. For customer care (CRM), sending our newsletter, and statistical evaluation, we use Dynamics 365 Customer Engagement. If you sign up for our newsletter, we process your personal data to send you the newsletter. For this, we need your email address, to which the newsletter should be sent, your preferred salutation, as well as your first and last name. Additionally, you have the option to receive the newsletter in a language of your choice. We use a service provider (processor), the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
In the course of sending the newsletter, we collect statistical data to optimize our newsletter service. Through newsletter tracking, we can evaluate the use of our newsletters. For example, we can see if a newsletter email was opened and which links were clicked. This way, we can analyze and improve our newsletter campaigns. Furthermore, newsletter tracking collects which links in the email were called up to optimize the newsletter’s dispatch and better tailor the content of future newsletters to your interests. This data is not passed on to third parties. Affected persons are entitled to revoke the separate consent given via the double opt-in procedure at any time by unsubscribing from the newsletter. After a revocation, no further data will be collected, and no newsletter will be sent. A new registration to receive the newsletter remains possible. We use the double opt-in procedure for sending the newsletter: After you sign up for the newsletter, we send you an email. Only when you confirm your email address via the link contained therein within 30 days will we send you the newsletter. This ensures that only you can sign up for the newsletter service with your email address. The confirmation must be made promptly after receiving our email, otherwise, your registration and email address will be deleted from our database. You can unsubscribe from the subscribed newsletter at any time. To do so, please unsubscribe via the link contained at the end of each newsletter or contact us for this purpose using the contact details mentioned in point 1. “Responsible Party”.
5.3. In the context of answering inquiries and processing contracts, we may use the Microsoft Cloud or Microsoft Azure of the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
5.4. The Microsoft Cloud, which is used for the purposes in points 4.3 and 4.4, is certified by reliable security standards, including ISO 27001 and ISO 27018. Data transmission to countries outside the EEA does not generally take place according to the data storage locations and transmission policies of Microsoft Cloud Services. Furthermore, the Microsoft Corporation is listed in the Data Privacy Framework (https://www.dataprivacyframework.gov/list). We have concluded a data processing agreement (Service Level Agreement) with Microsoft. Through this agreement, Microsoft assures that it will process personal data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subjects. Further information on the data protection standards of the Microsoft Corporation can be found here: https://www.microsoft.com/en-us/trustcenter
5.5. For the planning, execution, and follow-up of your events, as well as for customer care (CRM), we use the Event Business Management Software of Ungerboeck Systems International GmbH (short: Ungerboeck), Kaiserstrasse 72, 76133 Karlsruhe. We have concluded a data processing agreement with Ungerboeck. Through this agreement, Ungerboeck assures that it will process personal data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subjects.
5.6. For the execution of your event, your contact details may be passed on to our cooperating partner companies for the preparation of offers for your event.
5.7. Furthermore, it may be necessary for legal reasons or for contract processing that your data is passed on to banks, tax consultants, collection agencies, legal representatives, courts, and administrative authorities.
6 Retention Period
We only retain your personal data for as long as it is necessary for the purposes for which we collected your data.
- For tax reasons, we generally store contracts and other documents, as well as related correspondence from our contractual relationship, for the duration of the statutory retention and documentation obligations, which arise in particular from the Commercial Code (UGB). In addition, the statutory limitation periods are also taken into account when determining the storage duration.
- We store your contact details until you unsubscribe from the newsletter. When you do so, your decision is automatically recorded. This ensures that you no longer receive the newsletter from the time you unsubscribe. You also have the option of having your data deleted from our servers. If you wish to do so, please contact us at [email protected]. For statistical purposes, data are retained after erasure in anonymised form that cannot be associated with the data subject.
7 Your rights
As a data subject, you have the following rights with regard to processing of your personal data:
Right to withdraw consent
If we process your data on the basis of your consent, you have the right to withdraw your consent at any time. The data will no longer be processed when we receive notification of withdrawal of your consent. Withdrawing your consent does not affect the lawfulness of processing of your data carried out prior to withdrawal.
Right of access
You can demand information on the origins and categories of the data we process in connection with you and your transactions, the retention period, the recipients to which we disclose/have disclosed your personal data, as well as the purpose and form of such processing. Please note that under section 4(6) Austrian Datenschutzgesetz (Data Protection Act) 2018, no information can be provided if this endangers business or trade secrets.
Right to rectification and erasure
If we process personal data that are inaccurate or incomplete, you can demand rectification or completion of the data. You can also demand that unlawfully processed data be deleted. Please note that this only applies to inaccurate, incomplete and unlawfully processed data. These rights are mutually complementary, meaning that you can only demand either the rectification or completion, or the erasure of your data.
Right to restriction of processing
If it is unclear whether your processed personal data are inaccurate or incomplete, or have been unlawfully processed, you can demand that processing of your data be restricted until the matter is finally clarified.
Right to object
If your personal data are accurate and complete and are being lawfully processed by us, you can submit a reasoned objection to processing of the data in certain cases. You can also submit an objection if you receive direct advertising from us and no longer wish to receive it in future.
Right to data portability
If we process personal data that you have provided, under certain circumstances you have the right to demand that these data are transferred to you in a machine-readable format. You can also request that we transfer these data directly to a third party selected by you, provided this is technically feasible.
Right to lodge a complaint with a supervisory authority
Although we make every effort to ensure the protection and integrity of your data, differences of opinion may still arise regarding the ways in which we use your data. If you believe that we are using your data in a prohibited manner, you can contact us directly, but you are also entitled to lodge a complaint with the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, tel. +43 (0)1 52152-0, e-mail: [email protected].
If you have any questions regarding data protection in general or the exercise of your rights, you can contact us using the contact details provided in section 2 Controller, above. If there are reasonable doubts regarding your identity, please send us a copy of an official photo ID so we can ensure that personal data are not being disclosed to an unauthorised third party.