Privacy Policy

Privacy Policy of nic.at GmbH

Manage Cookie Settings

nic.at GmbH is responsible for use of your personal data in accordance with the law, in connection with the registration and administration of your .at domain. If you conclude other contracts (e.g. with your provider/registrar) when registering a .at domain, the respective counterparty is responsible regarding such contracts. We handle your data with the utmost care and in accordance with the principles of the GDPR.

What is the GDPR?
The GDPR is the European General Data Protection Regulation, which applies directly in all EU member states as of 25 May 2018. It protects natural persons with regard to the processing of personal data, and sets out a range of obligations for those who process personal data to provide information and clarification. This means data controllers and those who process data for them. The GDPR also establishes numerous rights and legal remedies for persons whose data is processed (“data subjects”). Austria has enacted additional measures to the GDPR in its Datenschutzgesetz (Data Protection Act).

The text of the GDPR can be found here: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679
The text of the Austrian Data Protection Act, together with a translation, can be found here: https://www.ris.bka.gv.at/Dokumente/Erv/ERV_1999_1_165/ERV_1999_1_165.pdf
We are committed to transparent communication about the processing of your data. Below you will find details regarding the way we handle your personal data as well as your individual data protection rights.

We are committed to transparent communication about the processing of your data. Below you will find details regarding the way we handle your personal data as well as your individual data protection rights.

1 How we handle your data

1.1 Data collection on our website

nic.at GmbH handles your data with the utmost care and is committed to transparent communication about the processing of your data in accordance with the EU General Data Protection Regulation (GDPR). Personal data are collected primarily for the purpose of fulfilling our contract with you. To the extent that any data processors are engaged in order to fulfil the contract, nic.at GmbH ensures by means of contracts with them that processors comply with data protection obligations, and verifies that they do so. In principle, the personal data of natural persons will no longer be published in the WHOIS database from 25 May 2018. The same applies to transferring such data to third parties, if such parties do not demonstrate a predominant legitimate or public interest. Your data will not be forwarded to third parties for their marketing purposes. You receive our newsletter if you have given your consent to do so, which you may revoke at any time. For details on data protection and your rights, please refer to our privacy policy.

Controller according to the GDPR:
nic.at GmbH

Jakob-Haringer-Straße 8/V
5020 Salzburg
Austria

E: service@nic.at
T: +43 662 46 69 0 

1.2 Data processing and data processing categories

If you wish to register a .at domain, you can approach nic.at GmbH directly, or a .at registrar. This means we either receive your data directly from you, or indirectly from the party you have contracted in this regard. In either case, we require the following data in order to register a .at domain when the domain holder is a natural person:

  • First and last name,
  • Contact details (postal address and e-mail address)
    A telephone number and a fax number can also be provided, but are not required.

We collect these data as domain holder data, together with information on the specific contractual relationship including any changes, and your domain names, as well as technical data such as name server data, the IP address (if required for technical purposes) and DS records.

Whilst we have abolished admin-c data in line with the principle of data minimisation, for security reasons we still need to collect and store information on the technical contact person (tech-c). We operate critical infrastructure that is of major importance for maintaining social and economic functions, and disruption of which could bring about extensive damage. We need to be able to reach your technical contact person quickly and directly in critical situations to ensure that we can meet the specific security requirements of your domains.

If you are an end customer of nic.at GmbH and have selected the direct debit payment method, we also store the bank details you provide. In the case of all other payment options, you will be forwarded to the corresponding provider (e.g. Saferpay, PayPal, Giropay, EPS); data that are necessary for processing the payment is exchanged, but we do not process your bank and credit card details.

If you are an invoice recipient for .at domains, we process data that are required for invoicing and bookkeeping.

Communications data are collected as required (including records of telephone calls, e-mails, forms, all necessary documents, log-in data, etc.).

Data are also collected and processed when you visit our website. The extent to which and the purposes for which we collect and analyse anonymous data on our website are described under point 4.1 "Cookies”.

If you subscribe to our newsletter, we process the data required to send it to you and store the respective consent you have provided.

Publication of the personal data of natural persons in the WHOIS database is in principle no longer permitted. The same applies to transferring such data to third parties, if such parties do not demonstrate legitimate or public interest.

1.3 Your options for controlling your data

If you would like to check that the domain holder data stored in connection with your domain is correct, you can submit an information request. The simplest option is to have us send the information to the e-mail address we have for your domain. You will promptly receive an automated message with the WHOIS data for your domain. If you would like to have the disclosure of your data sent to a different e-mail address, we require proof of identity. We need to be sure that you are actually the person who is requesting your data. Depending on the request, we might also require additional, possibly more specific information, such as your contact details and information on whether we have a contractual relationship with you, in order to be able to send you the desired information.

In addition, as a natural person you have the option to expressly request that your name and selected contact data for your domain be published in the WHOIS database. If you do not wish such information to be published, you must ensure that you, or your registrar (whoever submits the application), enters the correct “person type” when registering the domain. You have the choice to be entered as a legal or natural person. The company and contact details of legal persons are publicly accessible. Because there are natural persons behind every legal entity, we recommend that you provide department names rather than names of individual employees, and non-personal e-mail addresses where contact details are required. Otherwise, the consent of the named contact person must be obtained in advance.

1.4 Legal basis and purpose of data processing

Your data are collected and processed first and foremost as follows:

  • for the purpose of fulfilling the contract
  • anonymous user behaviour provides the basis for optimising the performance of our website, in which we have a legitimate interest
  • interest-based advertising, in which we have a legitimate interest
  • newsletters, on the basis of your consent, which you can revoke at any time

Your data will not be forwarded to third parties for their marketing purposes.

1.5 Our data recipients

Your data are processed by different departments, depending on the purpose.

An external tax consultant takes care of tax matters for us, and a collections agency is used to recover receivables when a counterparty to a contract with us is in serious default.

nic.at GmbH also enlists a number of processors, to whom data required for the performance of their contracted tasks are forwarded.

Since contracts are concluded with various parties in the course of domain registration and use (e.g. with your registrar, provider or reseller), data are reciprocally transferred for the purpose of contract fulfilment. In addition, every registrar has WHOIS access to domains that it does not administer, because this is necessary for the efficient administration of .at domains. All registrars are contractually obliged to limit use of their full access to the purpose specified in the registrar’s agreement. Some of the 400-plus registrars are located in third countries, where the GDPR does not apply. 

In addition, the technical contact details of a domain are globally permanently available via name server queries for retrieval by third parties since this requires the availability of a registered domain at any times and thus fulfilling the contract concluded with the domain holder.

In order to fulfill its legal and contractual duties, nic.at also grants its subsidiary CERT.at GmbH access to the Whois database. CERT.at is among other things the Austrian national CERT (Computer Emergency Response Team), which is the primary contact point for IT-security.

1.6 Our processors

We carefully select our service providers who process personal data on our behalf. If we commission third parties to process personal data on the basis of a data processing agreement, this is done in accordance with Art. 28 of the GDPR.

nic.at GmbH enlists a number of processors to whom data are forwarded if required for the performance of their contracted tasks. For instance, Vienna University Computer Center provides us with important technical support. If you have selected direct debit as your payment method, your bank details are forwarded to our bank. We also work with several marketing agencies. In all cases, nic.at GmbH ensures by means of contracts with processors that they comply with data protection obligations.

1.7 Transfer to third countries

If we process data to a third country or if this is done in the context of using the services of third parties or disclosure or transfer of data to other persons or companies, this is only done for the reasons described above for the transfer of data.

Subject to express consent or contractual necessity, we process or allow data to be processed only in third countries with a recognized level of data protection or on the basis of special guarantees, such as contractual obligations through so-called standard contractual clauses of the EU Commission, the existence of certifications or binding corporate rules in accordance with Art. 44 - 49 of the GDPR.

Data transfer to the US / Discontinuation of the Privacy Shield
We would like to expressly point out that as of July 16, 2020, due to a legal dispute between a private individual and the Irish supervisory authority, the so-called "Privacy-Shield", an adequacy decision of the EU Commission according to Art 45 GDPR, which confirmed an adequate level of data protection for the US under certain circumstances, is no longer valid with immediate effect. The Privacy Shield therefore no longer constitutes a valid legal basis for the transfer of personal data to the United States!

Legally compliant transfer of data to the US on the basis of standard contractual clauses?
The standard contractual clauses adopted by the Commission in 2010 (2010/87/EU of 05.02.2010), Art. 46 paragraph 2 lit. c GDPR, are still valid, but a level of protection for personal data must be ensured which is equivalent to the level in the European Union. Therefore, not only the contractual relationships with our service providers are relevant, but also the possibility of access to the data by U.S. authorities and the legal system of the U.S. (legislation and jurisdiction, administrative practice of authorities).

For the further use of US tools we take the following measures:
As far as possible, your consent will be asked for before using a US tool and you will be informed in advance in a transparent manner about the functioning of a service. The risks involved in transferring data to the USA can be found in this section.

We make every effort to conclude standard contract clauses with US service providers and to demand additional guarantees.  In particular, we require the use of technologies that do not allow access to data, e.g. the use of encryption that cannot be broken even by US services or anonymization or pseudonymization of data, where only the service provider can make the assignment to a person.  At the same time, we require additional information from the service provider if data is actually accessed by third parties or the service provider exhausts all legal remedies until access to data is granted at all.

1.8 Automated registration

A number of conditions must be met in order for your desired domain to be registered. Satisfaction of these conditions is checked by automated means. This applies regardless of whether you submit a registration directly to nic.at GmbH or, as in most cases, you use a registrar.

In all cases, the first step is to check whether your desired domain is available.

If you submit a registration yourself via www.nic.at and have chosen a domain that is available, you can add it to your shopping basket. After you have entered domain holder data and technical data, a check is performed to see if the name servers provided are correctly configured (i.e., if they respond to a request). Among other things, the syntax of your domain name is also checked. More detailed information on the technical requirements for registration can be found at https://www.nic.at/en/my-at-domain/registration/registration-guidelines

If you have any questions regarding automated registration, please contact customer services; details are available at  service@nic.at.

1.9 WHOIS

The WHOIS is a public directory of registered .at domains, which previously showed the holders of all .at domains and their contact details. Due to the direct applicability of the GDPR, this extensive means for the public to make queries will change as follows:

Holder data concerning legal persons will still be published in the WHOIS. It is recommended that the natural persons responsible for these legal entities include department names in their contact details, and not the names of individual employees, as well as providing non-personal e-mail addresses.

Holder data concerning natural persons will no longer be published in the WHOIS. Such data will only appear in the WHOIS at a natural person’s express request. On a case-by-case basis, holder data concerning natural persons will be shared in response to a specific information request from a third party, which must demonstrate a legitimate interest in order to receive such data.

Please note that in this respect the submitter of the application (i.e. you or your registrar) is responsible for ensuring that the correct person type, i.e. an organisation or private individual, is specified upon registration.

1.10 Information requests by third parties

As a rule, the holder data for domains held by natural persons can no longer be accessed in the WHOIS. A third party which claims to require these data, for instance to assert legal claims, must submit an information request to nic.at GmbH. In every case, we very carefully assess whether the request appears justified on the basis of the facts provided. The third party must have a legitimate interest in the data requested, and be able to demonstrate such an interest.

For instance, the wish to purchase a particular domain or ascertain the identity of a counterparty to a contract is not sufficient.

With regard to the disclosure of domain holder data in connection with infringements of name rights, trademarks and/or brand rights or other legal claims, we require a precise statement of the facts and specific evidence (e.g. an extract from the trademark register) in order to assess whether a legitimate interest exists.

1.11 Erasure of data

We believe that data must not be stored indefinitely without good reason. We intend to store data only for as long as necessary. In our view, storage of data for the duration of a contractual relationship is definitely necessary. In addition, we store data for as long as claims arising from a contractual relationship can be enforced. Furthermore, due to various statutory requirements, such as those on proper accounting, we are obliged to store data for specific periods.

 

2 Your data protection rights

The GDPR includes an extensive package of protective rights for natural persons whose data are processed (i.e. collected, stored, transferred, restricted, erased, etc.):

2.1 Right of access

In accordance with Art. 15 of the GDPR, you have the right to request information about your personal data processed by us. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned duration of storage, the existence of a right of rectification, deletion, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision making including profiling and, where applicable, meaningful information on the details thereof.

2.2 Right of correction

In accordance with Art. 16 of the GDPR, you have the right to demand without delay the correction of incorrect or incomplete personal data stored by us.

2.3 Right “to be forgotten” / erasure

In accordance with Art. 17 of the GDPR, you have the right to demand the deletion of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

2.4 Right to restriction of processing

In accordance with Art. 18 of the GDPR, you have the right to demand the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer require the data, but you require it for the assertion, exercise or defense of legal claims or you have lodged an objection to the processing in accordance with Art. 21 of the GDPR.

2.5 Right to object

In accordance with Art. 21 of the GDPR, if your personal data are processed on the basis of our legitimate interest, you have the right to object to the processing of your personal data for reasons arising from your specific situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without indicating a specific situation.

2.6 Right to data portability

In accordance with Art. 20 of the GDPR, you have the right to receive your personal data from us, and to have the data transmitted to another controller, provided this is technically feasible.

2.7 Right to withdraw consent

In accordance with Art. 7 paragraph 3 of the GDPR, you may at any time revoke your consent to us. As a result, we may no longer continue the data processing based on this consent in the future. Among other things, you have the option of revoking your consent to the use of cookies on our website with effect for the future by calling up our Cookie Settings.

2.8 Assertion of rights of data subjects

You yourself decide on the use of your personal data. Should you therefore wish to exercise one of your above-mentioned rights towards us, you are welcome to contact us by email at service@nic.at or by post, as well as by telephone.

Together with your application, please send us a copy of an official photo ID for clear identification (if this cannot be clearly determined) and support us in concretizing your request by answering questions from our responsible employees regarding the processing of your personal data. In your request, please state in which role (employee, applicant, visitor, supplier, customer, etc.) and in which period of time you have been in contact with us. This enables us to process your request promptly.

2.9 Right to lodge a complaint with a supervisory authority

In accordance with Art. 77 of the GDPR, you have the right to complain to a data protection authority regarding the illegal processing of your data by us. As a rule, you can contact the data protetion authority at your usual place of residence or workplace or at the headquarters of our company. 

The responsible data protection authority for nic.at GmbH is:

Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Wien, Österreich
Tel.: +43 1 52 152-0, dsb@dsb.gv.at

 

3 Security of personal data

The security of your personal data is of particular concern to us. Therefore, in accordance with Art. 32 of the GDPR and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.

These measures shall include, but not be limited to, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, disclosure, safeguarding of availability and segregation of data relating to them. Furthermore, we have established procedures to ensure that data subjects' rights are exercised, data is deleted, and we respond to data threats. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware and software, in accordance with the principle of privacy by design and through data protection-friendly pre-settings in accordance with Art. 25 of the GDPR. 

Information security is of considerable importance for the protection of data. Therefore, nic.at GmbH is certified according to the international standard ISO 27001 in order to be able to offer the greatest possible security.

Our understanding of security is also requested from the processors we use.

 

4 Technologies on our website

 

Cookies and Local Storage

We use cookies to make our website as user-friendly and functional as possible for you. Some of these cookies are stored on the device you use to access the site. 

Cookies are small packages of data that are exchanged between your browser and our web server whenever you visit our website. They do not cause any damage and are used solely to recognise website visitors. Cookies can only store information provided by your browser, e.g. information that you have entered into your browser or that is available on the website. Cookies cannot execute code and cannot be used to access your terminal device. 

The next time you access our website using the same device, the information stored in the cookies can then either be sent back to us (“first-party cookie”) or to a web application of third party to whom the cookie belongs (“third-party cookie”).  The information that is stored and sent back allows each web application to recognise that you have already accessed and visited the website using the browser on your device. 

Cookies contain the following information:

  • Cookie name
  • Name of the server from which the cookie originates
  • Cookie ID number
  • An expiry date, after which the cookie will be automatically deleted

We classify cookies in the following categories depending on their purpose and function:  

  • Technically necessary cookies, to ensure the technical operation and basic functions of our website. These types of cookies are used, for example, to maintain your settings while you navigate our website; or they can ensure that important information is retained throughout the session (e.g. login, shopping cart). 
  • Statistics cookies, to understand how visitors interact with our website by collecting and analysing information on an anonymous basis only. In this way we gain valuable insights to optimize both the website and our products and services. 
  • Marketing cookies, to provide targeted promotional and marketing activities for users on our website.
  • Unclassified cookies are cookies that we are trying to classify together with individual cookie providers.

Depending on the storage period, we also divide cookies into session and persistent cookies. Session cookies store information that is used during your current browser session. These cookies are automatically deleted when the browser is closed. No information remains on your device. Persistent cookies store information between two visits to the website. Based on this information, you will be recognized as a returning visitor on your next visit and the website will react accordingly. The lifespan of a persistent cookie is determined by the provider of the cookie.

The legal basis for using technically necessary cookies is our legitimate interest in the technically fault-free operation and smooth functionality of our website as described in Art. 6 paragraph 1 lit. f of the GDPR. The use of statistics and marketing cookies is subject to your consent, in accordance with Art. 6 paragraph 1 lit. a of the GDPR.  You can withdraw your consent for the future use of cookies at any time in accordance with Art. 7 paragraph 3 of the GDPR.  Your consent is voluntary. If consent is not given, no disadvantages arise. For more information about the cookies we actually use (specifically, their purpose and lifespan), refer to this Privacy Policy and to the information in our cookie banner about the cookies we use.

You can also set your web browser so that it does not store any cookies in general on your device or so that you will be asked each time you visit the site whether you accept the use of cookies. Cookies that have already been stored can be deleted at any time. Refer to the Help section of your browser to learn how to do this.
 
Please note that a general deactivation of cookies may lead to functional restrictions on our website. 

On our website, we also use so-called local storage functions (also called "local data"). This means that data is stored locally in the cache of your browser, which continues to exist and can be read even after you close the browser - as long as you do not delete the cache or data is stored within the session storage. 

Third parties cannot access the data stored in the local storage. If special plug-ins or tools use the local storage functions, you are informed within the description of the respective plug-in or tool. 

If you do not wish plug-ins or tools to use local storage functions, you can control this in the settings of your respective browser. We would like to point out that this may result in functional restrictions.

Facebook-Pixel

Purpose: Marketing
Recipient country: USA

We use the Facebook-Pixel provided by the social network Facebook on our website for purposes of analysis and optimisation and for the commercial operation of our website. This tool is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (‘Facebook’).

ATTENTION: Within the scope of this service, data is transferred to the US or such a transfer cannot be excluded.

Facebook-Pixel makes it possible for Facebook to identify visitors of our website as target groups for displaying ads (‘Facebook ads’). Therefore, we use Facebook-Pixel to display our Facebook ads only to Facebook users who have shown interest in our online product offering, or who show certain characteristics (e.g. interests in specific topics or products that are determined based on the websites they have visited), which we share with Facebook (i.e. ‘custom audiences’). By using Facebook-Pixel, we also want to ensure that our Facebook ads match the potential interests of users and do not cause any inconvenience. Furthermore, by using Facebook-Pixel, we can evaluate the effectiveness of Facebook ads for statistical and market research purposes by seeing whether the user was redirected to our website after clicking on a Facebook ad (i.e. ‘conversion’).

Your actions are stored in one or more cookies. These cookies enable Facebook to match your user data (such as IP address, user ID) with the data of your Facebook account. The collected data is anonymous and not visible to us and can only be used in the context of advertisements. You can prevent the linking with your Facebook account by logging out before you take any action.

The processing of your data is based on your consent within the meaning of Art 6 paragraph 1 lit. a GDPR. You can revoke this consent at any time with effect for the future.

Further information on how Facebook processes personal data, including the legal basis on which Facebook relies and the possibilities for exercising the rights of data subjects vis-à-vis Facebook, can be found in the Facebook Data Policy at https://www.facebook.com/policy.php

If you want to control what kind of adverts are displayed to you on Facebook, you can go to the page Facebook has set up for this purpose and follow the instructions on configuring user-targeted adverts:  https://www.facebook.com/settings?tab=ads 

The settings chosen will be applied across all platforms, meaning that they will apply to all devices from your desktop to mobile.

Facebook processes data in accordance with its privacy policy. For general information about the presentation of Facebook ads, refer to: https://www.facebook.com/policy.php 

You can find more specific, detailed information about Facebook-Pixel and how it works on Facebook’s Help pages: https://en-gb.facebook.com/business/help/742478679120153?id=1205376682832142

Google Translate

On our website, a web service called Google Translate is loaded for the translation of texts and terms of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

ATTENTION: Within the scope of this service, data is transferred to the US or such a transfer cannot be excluded.

When Google Translate is started, your browser establishes a connection to Google's servers. This informs Google that our website has been accessed via your IP address.

To use the functions of Google Translate it is necessary to store your IP address. Generally information is transferred to a Google server in the USA and stored there.

We use this service to ensure the full functionality and easy access to our website as well as the accessibility of our online offer for international users.  This constitutes a legitimate interest within the meaning of Art 6 paragraph 1 lit. f GDPR.

The data will be deleted as soon as the purpose of their collection has been fulfilled.

You can find out exactly where Google data centres are located here: https://www.google.com/about/datacenters/inside/locations/ 

Further information on the handling of the transferred data can be found in Google's privacy policy: https://www.google.com/intl/de/policies/privac

Hosting

In the process of hosting our website, we store all data related to the operation of our website. This is necessary for enabling operation of our website. Therefore, we process this data on the legal grounds of our legitimate interest in optimising our website as described under Art. 6 paragraph 1 lit. f of the GDPR. To provide access to our website, we use the services of web hosting providers, to whom we supply the aforementioned data within the context of contractual processing in accordance with art. 28 of the GDPR.

LinkedIn Conversion Tracking (Marketing)

Our website uses LinkedIn conversion tracking, a web analysis service of the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA. 

ATTENTION: Within the scope of this service, data is transferred to the US or such a transfer cannot be excluded.

The information collected by the LinkedIn insight tag about your usage of our website is encrypted. 

The processing of your data is based on your consent in accordance with Art 6 paragraph 1 lit a GDPR. You can revoke your consent for the future at any time.

LinkedIn members also can opt out of LinkedIn conversion tracking and block/delete cookies at https://www.linkedin.com/psettings/advertising/ , as well as disable demographic features. There is no separate opt-out option for third-party impressions or click tracking for campaigns that run on LinkedIn in LinkedIn settings, since all underlying campaigns respect LinkedIn member settings.

We use LinkedIn conversion tracking to analyse the usage of our website and to continually improve the web site. We can improve the experience we offer and make it more interesting for you as a user by using the statistics that are collected. 

Additional third-party information: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA;

http://www.linkedin.com/legal/privacy-policy https://www.linkedin.com/help/lms/answer/85787 https://www.linkedin.com/help/linkedin/answer/87150/linkedin-marketinglosungen-und-die-datenschutz-grundverordnung-dsgvo-?lang=en

Mailworx

We use the services of mailworx for sending newsletters. The provider is Eworx Network & Internet GmbH, Hafenstraße 2a, 4020 Linz, Austria ("mailworx"). mailworx is a service with which, among other things, the dispatch of newsletters can be organised and analysed. 

If you enter data for the purpose of subscribing to the newsletter (e.g. e-mail address), it will be stored on the mailworx servers in Austria. With the help of mailworx we can analyse our newsletter campaigns. When you open an e-mail sent with mailworx, a file contained in the e-mail (so-called web beacon) connects to the mailworx servers in Austria. In this way it can be determined whether a newsletter message has been opened and which links have been clicked. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. Detailed information on the functions of mailworx can be found in the following link: https://mailworx.info/en/editor

If you do not want mailworx to analyze your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.

The dispatch of the newsletter and the associated performance measurement are based on the consent of the recipients pursuant to Art. 6 para. 1 lit. a GDPR or, if consent is not required, on our legitimate interests in direct marketing for similar products and services pursuant to Art. 6 para. 1 lit. f GDPR.  You can revoke your consent pursuant to Art. 7 para. 3 GDPR at any time with effect for the future by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

You can find more details in the mailworx data protection regulations at: https://mailworx.info/en/about-us/privacy-policy

Matomo

On our website the web analysis service Matomo (www.matomo.org) formerly Piwik of the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand ("Matomo") is used for statistical analysis of user behaviour and for optimisation and marketing purposes. 

The following data will be processed within the scope of range measurement: the type and version of browser you use, the operating system you use, your country of origin, the date and time of the server enquiry, the number of visits, your length of stay on the website and the external links you clicked on. The IP address is anonymized before it is stored. Pseudonymized user profiles can be created and evaluated from the data collected as part of this service.  The data collected using Matomo technology (including your pseudonymized IP address) is processed on our servers and not passed on to third parties.

The information generated in the pseudonymous user profile is not used to personally identify the visitor to this website and is not merged with personal data about the bearer of the pseudonym. 

The processing of your data in the cookies is based on your consent in accordance with Art. 6 paragraph 1 lit. a GDPR. You can revoke this consent at any time with effect for the future.

Further information on the use of data and the handling of the provisions of the GDPR by Matomo can be found in Matomo's data protection declaration at https://matomo.org/gdpr/

We would like to point out that the EU Commission has certified an appropriate level of data protection in New Zealand. A transfer of data is therefore permitted according to Art. 45 GDPR.

Piwik Pro Analtics Suite

On our website, we use the service Piwik Pro Analytics Suite for web analysis. The provider of this service is Piwik PRO GmbH, Kurfürstendamm 21, 10719 Berlin, Germany ("Piwik Pro").

We use the Piwik Pro Analytics Suite service as an analytics and customer data platform in particular to optimize the user experience by offering you products, content or services tailored to you. As part of this service, we therefore collect first-party data about website visitors based on cookies, IP numbers and so-called browser fingerprints; we create user profiles based on browsing history and calculate metrics related to website usage, such as bounce rate, intensity of visits, page views, etc. The analysis collects data about which content, pages and services are used.  The analysis collects data on what content, pages and features you use on our website. 

The processing of your data in particular the tracking within the scope of this service is based on your consent pursuant to Article 6 paragraph 1 lit. a GDPR. You can revoke your consent at any time with effect for the future.

For more information about Piwik Pro's data protection, please visit https://piwik.pro/privacy-policy/

Server Log Files

For technical reasons, particularly to ensure a functioning and secure website, we process the technically necessary data about accesses to our website in so-called server log files which your browser automatically sends to us. 

The access data we process includes:

  • The name of the website you are accessing  
  • The browser type (including version) you use
  • The operating system you use
  • The site you visited before  accessing our site (referrer URL)
  • The time of your server request
  • The amount of data transferred
  • The host name of computer (IP address) you are using to access the site

This data cannot be traced back to any natural person and is used solely to perform statistical analyses and to operate and improve our website while also optimising our site and keeping it secure. This data is sent exclusively to our website operator. The data is neither connected nor aggregated with other data sources. In case of suspicion of unlawful use of our website, we reserve the right to examine the data retroactively. This data processing takes place on the legal grounds of our legitimate interest in maintaining a technically fault-free and optimal website, as described under Art. 6 paragraph 1 lit. f of the GDPR.

The access data is deleted within a short period of time after serving its purpose (usually within a few days) unless further storage is required for evidence purposes. In such cases, the data is stored until the incident is definitively resolved.

SSL Encryption

Within your visit to our website, we use the widespread SSL procedure (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser. We use this encryption procedure on the basis of our justified interest in the use of suitable encryption techniques in accordance with Art. 6 paragraph 1 lit. f GDPR.

We also make use of suitable technical and organisational security measures in accordance with Art. 32 GDPR to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments and kept state-of-the-art.

Youtube

Purpose: External media
Recipient country: USA

On our website, we use the "YouTube" service to embed videos. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("YouTube").

ATTENTION: Within the scope of this service, data is transferred to the US or such a transfer cannot be ruled out.

We have activated the extended data protection mode on YouTube. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch a video. However, the disclosure of data to YouTube partners is not excluded by the extended data protection mode.

As soon as you start a YouTube video, a connection to YouTube's servers is established. This tells YouTube which of our pages you have visited. If you are logged into your YouTube account, you thereby enable YouTube to assign your surfing behaviour directly to your personal profile. This can be prevented by logging out of your account.

Furthermore, YouTube can save various cookies on your end device after starting a video or use comparable technologies (e.g. device fingerprinting). YouTube also uses the local storage on your end device. In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts.

YouTube is used in the interest of an appealing presentation of our website. This represents a legitimate interest within the meaning of Art. 6 paragraph 1 lit. f GDPR. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 paragraph 1 lit. a GDPR; the consent can be revoked at any time for the future.

The applicable privacy policy of YouTube can be found at: https://www.google.com/policies/privacy/, Opt-out option: https://adssettings.google.com/authenticated

 
 

5 Manage cookie settings


About cookies

You can set your browser so that the storage of cookies is generally prevented or you are asked each time whether you agree to the setting of cookies. Once set, you can delete cookies at any time. How this works can be found in the help function of your browser. 

Required

Technically necessary cookies are used to enable the technical operation of a website and make it functional for you. The use is based on our legitimate interest to provide a technically flawless website. However, you can generally disable the use of cookies in your browser. 

SurnamePurposeCreatorStorage timeDomain
amp_0fe956ensures the functionality, operation and login to internal tools such as CMS, internal gateways and portals.  www.nic.at
amp_0fe956_nic.atensures the functionality, operation and login to internal tools such as CMS, internal gateways and portals.  www.nic.at
arp_scroll_positionensures the functionality and usability of the page and is used to track errors.  www.nic.at
BCSI-CS-ensures the functionality, operation and login to internal tools such as CMS, internal gateways and portals.BlueCoat www.nic.at
CookieConsentcontains the information to what extent the user has confirmed the use of cookies. 6 monthswww.nic.at
cookieconsent_modecontains the information to what extent the user has confirmed the use of cookies.DataReporter GmbH12 monthswww.nic.at
cookieconsent_statuscontains the information to what extent the user has confirmed the use of cookies.DataReporter GmbH12 monthswww.nic.at
CookieScriptConsentcontains the information to what extent the user has confirmed the use of cookies. 6 monthswww.nic.at
googtransensures the functionality and usability of the page and is used to track errors.Google www.nic.at
langensures the functionality and usability of the page and is used to track errors. Session.linkedin.com
laravel_sessioncounts the number of sessions and assigns an anonymous identifier to each visitor. 2 hourswww.nic.at
mp_52e5e0805583e8a410f1ed50d8e0c049_mixpanelensures the functionality and usability of the page and is used to track errors.  www.nic.at
rl_page_init_referring_domainsave settings and preferences of the user such as the current language setting.  www.nic.at
rm_scroll_possave settings and preferences of the user such as the current language setting.  www.nic.at
SLG_GWPT_Show_Hide_tmpensures the functionality and usability of the page and is used to track errors.  www.nic.at
SLG_G_WPT_TOensures the functionality and usability of the page and is used to track errors.  www.nic.at
SLG_wptGlobTipTmpensures the functionality and usability of the page and is used to track errors.  www.nic.at
SLO_GWPT_Show_Hide_tmpensures the functionality and usability of the page and is used to track errors.CloudFlare www.nic.at
SLO_G_WPT_TOensures the functionality and usability of the page and is used to track errors.  www.nic.at
SLO_wptGlobTipTmpensures the functionality and usability of the page and is used to track errors.CloudFlare www.nic.at
SL_GWPT_Show_Hide_tmpensures the functionality and usability of the page and is used to track errors.  www.nic.at
SL_G_WPT_TOsave settings and preferences of the user such as the current language setting.  www.nic.at
SL_wptGlobTipTmpensures the functionality and usability of the page and is used to track errors.  www.nic.at
ssm_au_csave settings and preferences of the user such as the current language setting. Sessionwww.nic.at
SWG_CS_HTTPS_1ensures the functionality and usability of the page and is used to track errors.  www.nic.at
trdipcktrffcextensures the functionality and usability of the page and is used to track errors.  www.nic.at
X-SIG-HTTPS-Umbrella-SAMLcounts the number of sessions and assigns an anonymous identifier to each visitor.  www.nic.at
XSRF-TOKENensures the functionality and usability of the page and is used to track errors. 2 hourswww.nic.at
_sm_au_censures the functionality and usability of the page and is used to track errors. Sessionwww.nic.at

Statistics

Statistics cookies collect information about how websites are used to improve their attractiveness, content and functionality. A use takes place only with your consent and only as long as you have not deactivated the respective cookie.

SurnamePurposeCreatorStorage timeDomain
perf_dv5Tr4nContains information to help distinguish users from the page. Gathers data about user visits, such as which pages are relevant.  www.nic.at
_dd_sContains information to help distinguish users from the page. Gathers data about user visits, such as which pages are relevant.DataDog15 minuteswww.nic.at
_gaContains information to help distinguish users from the page. Gathers data about user visits, such as which pages are relevant.Google2 yearswww.nic.at
_gatContains information to help distinguish users from the page. Gathers data about user visits, such as which pages are relevant.Google1 minutewww.nic.at
_gidContains information to help distinguish users from the page. Gathers data about user visits, such as which pages are relevant.Google1 daywww.nic.at
_pk_id.48.1ee0Contains information to help distinguish users from the page. Gathers data about user visits, such as which pages are relevant.Matomo/Piwik1 yearwww.nic.at
_pk_ref.48.1ee0Contains information to help distinguish users from the page. Gathers data about user visits, such as which pages are relevant.Matomo/Piwik www.nic.at
_pk_ses.48.1ee0Contains information to help distinguish users from the page. Gathers data about user visits, such as which pages are relevant.Matomo/Piwik30 minuteswww.nic.at
_pk_testcookieContains information to help distinguish users from the page. Gathers data about user visits, such as which pages are relevant.Matomo/Piwik www.nic.at
_pk_testcookie.48.1ee0Contains information to help distinguish users from the page. Gathers data about user visits, such as which pages are relevant.Matomo/Piwik www.nic.at
__utmaContains information to help distinguish users from the page. Gathers data about user visits, such as which pages are relevant.Google2 yearswww.nic.at
__utmbContains information to help distinguish users from the page. Gathers data about user visits, such as which pages are relevant.Google30 minuteswww.nic.at
__utmcContains information to help distinguish users from the page. Gathers data about user visits, such as which pages are relevant.GoogleSessionwww.nic.at
__utmtContains information to help distinguish users from the page. Gathers data about user visits, such as which pages are relevant.Google10 minuteswww.nic.at
__utmzContains information to help distinguish users from the page. Gathers data about user visits, such as which pages are relevant.Google6 monthswww.nic.at

Marketing

Marketing cookies come from external advertising companies and are used to collect information about the websites visited by the user. A use takes place only with your consent and only as long as you have not deactivated the respective cookie.

SurnamePurposeCreatorStorage timeDomain
AnalyticsSyncHistoryregisters a unique ID that identifies and recognizes the user. Used for targeted advertising.LinkedIn1 month.linkedin.com
bcookieregisters a unique ID that identifies and recognizes the user. Used for targeted advertising.LinkedIn2 years.linkedin.com
bscookieregisters a unique ID that identifies and recognizes the user. Used for targeted advertising.LinkedIn2 years.www.linkedin.com
frregisters a unique ID that identifies and recognizes the user. Used for targeted advertising.Facebook3 months.facebook.com
lidcregisters a unique ID that identifies and recognizes the user. Used for targeted advertising.LinkedIn1 day.linkedin.com
li_gcregisters a unique ID that identifies and recognizes the user. Used for targeted advertising.LinkedIn2 years.linkedin.com
NIDregisters a unique ID that identifies and recognizes the user. Used for targeted advertising.Google6 monthswww.google.com
rl_anonymous_idregisters a unique ID that identifies and recognizes the user. Used for targeted advertising.RudderStack www.nic.at
rl_group_idregisters a unique ID that identifies and recognizes the user. Used for targeted advertising.RudderStack www.nic.at
rl_group_traitregisters a unique ID that identifies and recognizes the user. Used for targeted advertising.RudderStack www.nic.at
rl_traitregisters a unique ID that identifies and recognizes the user. Used for targeted advertising.RudderStack www.nic.at
rl_user_idregisters a unique ID that identifies and recognizes the user. Used for targeted advertising.RudderStack www.nic.at
UserMatchHistoryregisters a unique ID that identifies and recognizes the user. Used for targeted advertising.LinkedIn1 month.linkedin.com
_fbcregisters a unique ID that identifies and recognizes the user. Used for targeted advertising.Facebook www.nic.at
_fbpregisters a unique ID that identifies and recognizes the user. Used for targeted advertising.Facebook3 monthswww.nic.at


 

 

6 Actuality of this Privacy Policy

Due to further developments or changes in legal requirements, it may become necessary to adapt this Privacy Policy from time to time. The current Privacy Policy can be found and printed out by you at any time here on this website.

For questions regarding data privacy, you can reach us at service@nic.at or at the other contact details stated in this Privacy Policy.

Salzburg,   14. March 2022

Download as PDF