Data Protection

Name of the data application: ASFINAG customer account

This declaration serves to fulfil the information obligations according to Art. 13, 14 GDPR within the scope of the ASFINAG customer account. In order to improve readability, the term “data subjects” is used throughout. Of course, this refers to both sexes.

Responsible person in terms of GDPR

Autobahnen- und Schnellstraßen-Finanzierung-Aktiengesellschaft (hereinafter “ASFINAG”),

ASFINAG can be reached at office@asfinag.at in 1030 Vienna, Schnirchgasse 17, PO Box 983, T +43 (1) 9551266, F +43 (1) 9551277. The ASFINAG data protection officers at datenschutz@asfinag.at are the direct contact persons for all issues concerning data protection.

Purpose

The data application customer account serves the identity management of the customers. The purpose is the uniform login, clear presentation and processing of the online services offered by ASFINAG. This creates a central user account for the ASFINAG products mentioned above.

The ASFINAG customer account is currently used for the following ASFINAG products:

  • Websites of ASFINAG
  • Section toll
  • Digital vignette
  • ASFINAG “UNTERWEGS” smartphone app

Details of these data processing operations, which are managed via the ASFINAG customer account, can be found in ASFINAG’s data protection information at www.asfinag.at/privacy

Legal bases for processing data

The data processing in the customer account is carried out on the basis of your given consent in accordance with Art. 6 para. 1lit a GDPR. For the respective online services administered in the customer account, the legal bases stated in the respective privacy policies apply.

Data subjects/data types/duration of storage/forwarding

No.

Data subjects

Data types

Storage

Recipients

1

Users

Login data (Username, Password)

1 year from end of relationship

-

 

 

Master data: first name, last name, address data, e-mail address, phone number, gender, language, company address, license plate number

1 year from end of relationship

-

 

 

Protocol data

13 months from creation date

-

 

Logfiles and Hosting

When you visit our website my.asfinag.at, information is automatically sent from your end device to our website. The following information is temporarily stored in a so-called log file:

  • IP address of the end device
  • Date and time of access
  • Name and URL of the accessed file
  • Website from which access is gained
  • Browser used and, if applicable, the operating system of your end device

This data will be kept for 13 months until automatic deletion.

The processing serves the following purpose:

The temporary storage of the user's IP address by our system is necessary to enable the delivery of the website to the user's computer. This data can be used to gain important information for optimising the website. Error situations can be better understood and user-friendliness is improved. This data also serves to guarantee the security of our systems (e.g. detecting attacks). It is not evaluated for marketing purposes.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the aforementioned purpose.

Cookies & Consent

We use cookies on our website. These are small text files that are automatically stored on your device when you visit our site. The use of cookies serves the technical function of the website (functional cookies).

Functional cookies are necessary to perform basic website functions. You can delete these cookies at any time via the settings in your browser.

The following cookies requiring your consent are set by us:

Name

Host

Purpose

Storage period

asfinagCiamCookieState

my.asfinag.at

If you give your consent to the setting of cookies, a cookie will be set which remembers your consent so that you will not be asked for it on repeated visits to the site.

1 year

 

The following cookies, which do not require your consent, are set by us:

Name

Host

Purpose

Storage period

ASP.NET_SessionId
.AspNet.MyProfileContext
ARRAffinity
__RequestVerificationToken

my.asfinag.at

Session cookies.
Required for the technical function of the website.

Until you close your web browser

 

According to the General Data Protection Regulation, data subjects have the following rights:

  1. Right to receive information

Each data subject has the right – after verifying its identity – to request information from ASFINAG as to whether its personal data is being processed. If this is the case, the data subject shall have the right to obtain further information on the purposes and legal basis of the processing, the categories of data concerning it, the data sources, the recipients of its data, the (non-)existence of an automated decision-making process including profiling, instructions regarding its rights and obligations, and a copy of the personal data.

  1. Right to rectify and delete

If the personal data is inaccurate or incomplete, the data subject may request the rectification, completion or deletion of data relating to it as part of the processing purposes, if necessary by means of a supplementary declaration. In particular, ASFINAG is obliged to delete personal data if the deletion is prescribed by law or if any existing consent for processing has been revoked, if there is no further legal basis for processing, or if personal data is no longer necessary for the purposes for which it had originally been collected.

However, the right to deletion does not exist if the processing is necessary to fulfil a legal obligation of ASFINAG or to perform a task that is in the public interest or that is performed in the exercise of official authority or is required to assert, exercise or defend legal claims.

  1. Right to restrict processing

Every data subject has the right to have the processing of its personal data restricted. One of the following conditions must be fulfilled for this:

  • The accuracy of the personal data is contested by the data subject for a period of time long enough to allow ASFINAG to verify the accuracy of the personal data;
  • The processing is unlawful and the data subject rejects the deletion of the personal data and instead requests the restriction of the use of the personal data;
  • ASFINAG no longer needs the personal data for processing purposes and, at the same time, the data subject needs it for the assertion, exercise or defence of legal claims;
  • If the data subject has objected to the processing, until it has been established whether the legitimate reasons of ASFINAG outweigh those of the data subject.

However, limited data may still be used to protect the rights of another person, for important public interest or to assert, exercise or defend ASFINAG's legal claims.

  1. Right to data transferability

The data subject shall have the right to receive the personal data concerning it that it has provided to ASFINAG in a structured, conventional and machine-readable format or – if technically possible – to have such data transferred to another responsible party. However, this right only exists if the processing is based on the legal basis of a contract or the consent of the data subject.

  1. Right to object

The data subject shall have the right to object at any time to the processing of personal data concerning it on grounds relating to its particular situation. This right shall apply only if the processing

  • is necessary for the performance of a task that is in the public interest, or
  • takes place in the exercise of official authority vested in ASFINAG, or
  • is necessary to safeguard the legitimate interests of ASFINAG or a third party.

ASFINAG will then no longer process the personal data unless it can prove compelling reasons worthy of protection for the processing, which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

  1. Right to object to direct marketing

Where personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning said data subject for the purposes of such marketing. If the data subject objects to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

  1. Right to appeal to the supervisory authority

Every data subject has the right to file a complaint with the data protection authority, Barichgasse 40-42, 1030 Vienna, dsb@dsb.gv.at.