Data privacy statement
Personal data are personal details or other information about identified or identifiable individuals, including data about their surfing and communication activities on the Internet. Anonymous data, i.e. information which cannot be linked to the identity of an individual (not even via a specific identification number such as an IP address), are not considered personal data (e.g. information on most frequently visited websites or the number of visitors to a website). The OeNB processes personal data in line with the provisions laid down in the General Data Protection Regulation (GDPR) (EU) and the Austrian Data Protection Act (DSG).
Data protection officer
The OeNB’s Data Protection Officer is Bernhard Horn, please find the contact details below.
The OeNB takes all necessary technical and organizational security measures to protect your personal data against loss and misuse. Your data will be processed in a secure, state-of-the-art operating environment. The OeNB’s IT infrastructure is certified under the international ISO 9001 and 27001 standards.
Access to the OeNB’s websites is secured via HTTPS. This means that communication between your browser and the OeNB’s servers is encrypted. If you wish to contact the OeNB or its employees by e-mail, please note that, given the technical configuration of e-mail protocols, the confidentiality of e-mail information cannot be guaranteed. The content of unencrypted e-mails can be viewed by third parties unless special security measures are taken. To transfer confidential information, we therefore recommend using only the contact form or any other secure mode of Transfer.
Protection of your personal data when visiting the OeNB’s websites
When you visit one of the OeNB’s websites, the respective server records the following personal communication data:
Web server logging
When OeNB websites are accessed, the web server records the following data in a combined log format for the purpose of ensuring appropriate information and system security: IP address, username (if required), date and time the site was accessed as well as technical information about the web object retrieved and the browser and operating system used. For further details, see the corresponding documentation under “Processing of personal data by the OeNB” below.
Additional personal information, such as your name, address, telephone number or e-mail address, is not recorded unless you have opted to provide this information in the space provided (e.g. when registering for a newsletter or requesting information via a contact form). The personal data you provide will be processed exclusively for the purpose of dealing with your request. These data will not be transferred to third parties. In case improper use is made of the OeNB’s websites, log data will be forwarded to the authorities in charge.
Social media plug-ins
Many OeNB web pages allow you to connect to social media networks via social media plug-ins. To protect its website visitors’ data, the OeNB uses social media buttons based on Shariff technology. This means that no personal data are transmitted to the operators of social media services when you access OeNB web pages. A plug-in will make contact with the server of the given service only if you click on the respective button. Then, the information that you have visited our website will be transmitted to that service. If you click on the plug-in while logged in to the selected service, you can share content from the respective OeNB web pages on your profile or leave a comment. This allows the service to assign your visit to the OeNB’s web pages to your user account. Please note that, as website operator, the OeNB does not receive any information about the content of the transmitted data or on how these data are used by the service in question.
By activating and using a social media plug-in, you agree to the subsequent transfer of personal data to the selected service. More information on how the respective services use your personal data can be found in the data privacy statements provided by the selected service(s):
- Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland
- Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
- Twitter International Company, The Academy, 42 Pearse Street, Dublin 2, Ireland
Use of Google Analytics
The information generated by using Google Analytics (including your IP address) is transferred to a Google server. To protect your privacy, Google Analytics has been configured in such a way that your IP address will be anonymized immediately after it has been transferred to Google from within any EU or EEA country and that it will be stored by Google exclusively in its anonymized form (anonymizeIp=true). Only in exceptional cases is the full IP address sent to Google servers in the U.S.A. and shortened there.
On behalf of the OeNB, Google will use the information gathered to analyze visitors’ use of the OeNB’s websites and to compile reports on website activities. Google will not match the IP address transmitted from your browser for the purposes of Google Analytics with any other data held by Google.
By using OeNB websites you agree to the storage of cookies on your computer and the processing of your personal data as described above. You can prevent the storage of cookies by adjusting your browser settings accordingly; however, this could cause some website functions to become unavailable. Additionally, you can disable Google Analytics by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=en. More information on Google Analytics and on how it processes personal data can be found at https://support.google.com/analytics/answer/6004245?hl=en.
Use of Google reCaptcha
OeNB websites use Google reCaptcha where forms enable the transmission of data or inquiries. Purpose of this tool is to ensure that data transmitted in fact origin from a human being and not from automated bots. This validation requires the processing of the following personal data: IP-address of the device used, websites visited (referrer-URL), date and duration of visits, browser and operating system, google account (if logged in), mouse movements in the reCaptcha-area, cookies, fonts and scripts as well as image exercises to be solved. Legal basis for this processing is Art. 6 para. 1 item f GDPR. Legitimate interest is the security of our webserver and the prevention from automated data input or attacks using input forms.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The transmission of data to Google LLC is subject to an adequacy decision by the European Commission (Privacy Shield: www.privacyshield.gov/participant?id=a2zt000000001L5AAI). Opt-Out: tools.google.com/dlpage/gaoptout?hl=de, settings for advertising pop-ups: adssettings.google.com/authenticated. Further information on the processing of personal data regarding Google reCaptcha is available under policies.google.com/privacy.
Protection of your personal data during e-mail correspondence with the OeNB
For the purpose of ensuring an appropriate degree of information and system security as well as detecting and handling malware, the OeNB e-mail server generates log data on e-mail correspondence and stores it for three years. When you send an e-mail to an OeNB address, the following data are recorded: recipient’s e-mail address, IP address and hostname; number of recipients; sender’s e-mail address, IP address and hostname; subject, date and time when e-mail was received by server; file name of any attachments; size of message; risk classification for spam and delivery status. These data are not transferred to third parties. In case improper use is made of OeNB websites, log data will be forwarded to the authorities in charge.
E-mails are checked for spam and harmful content. Checking e-mails and filtering spam or malware is automated by default; only in suspicious cases or in case of doubt are individual e-mails scrutinized in more detail by dedicated specialists (in consultation with the recipient if necessary). Misappropriated e-mails or e-mails containing illegal content are forwarded to the authorities in charge. The OeNB stores e-mails for up to ten years unless longer-term storage is required by the underlying purpose of the e-mail correspondence
Use of photographs and videos by the OeNB
The OeNB processes photographs and videos of individuals to document its events and activities. With due regard to the rights of individuals shown in photographs and/or videos, the OeNB makes selected photographs and/or videos available to newspapers and TV programs and/or uses them on its websites, in OeNB information material and in the social media, e.g. on Facebook, Twitter or YouTube. The OeNB processes this visual material for the purposes of its legitimate interests according to Article 6 (1) (f) GDPR. The OeNB stores photographs and videos for archiving purposes in the public interest and deletes them if documentation is no longer required (Article 7 DSG).
Overview of your rights as a data subject
You have the right to obtain access to your personal data being processed by the OeNB (Article 15 GDPR). You have the right to obtain the rectification of inaccurate personal data or to have incomplete personal data completed (Article 16 GDPR) as long as the rectification and/or completion of the data are necessary for the purpose of the processing operation. You have the right to obtain the erasure of your personal data if the OeNB has processed them unlawfully (Article 17 GDPR). Under certain conditions, you have the right to obtain restriction of the processing of your personal data (Article 18 GDPR). You have the right to object to the processing of your personal data on grounds relating to your particular situation or where personal data are processed for direct marketing purposes (Article 21 GDPR). In addition to the right to obtain access you have the right to receive your personal data, which you have provided to the OeNB, in a structured, commonly used and machine-readable format or to have these data transmitted to another controller where the processing is carried out by automated means and where technically feasible (Article 20 GDPR).
To exercise your rights as a data subject, send a letter to “Oesterreichische Nationalbank, Abteilung ITS/Datenschutz, Otto-Wagner-Platz 3, 1090 Vienna, AUSTRIA” or an e-mail to firstname.lastname@example.org specifying the processing activities or IT-systems you assume personal data about you being processed by the OeNB and clearly specifying the details of your request. Moreover, please provide proof of your identity by enclosing a black-and-white copy of an official identification document (e.g. your passport, driver’s license, identity card) or using a qualified electronic signature within the meaning of Article 3 (12) eIDAS Regulation to prevent improper requests by unauthorized third parties that might endanger the protection of your personal data. For the reasons outlined above, such requests must be made in writing. Should you consider your right to data protection violated by any processing of your personal data by the OeNB, you may file a complaint with the Austrian Data Protection Authority (DSB) or bring an action before the competent civil court.
Detailed privacy information
In fulfillment of its mandate and in safeguarding its interests, the OeNB frequently processes personal data. This page informs data subjects that are not OeNB staff members pursuant to Article 13 and 14 GDPR on how their personal data are protected when subject to data processing by the OeNB. Information on the purpose(s) and legal basis of processing operations, the type(s) of processed data and your respective rights under the data protection framework is made available below. OeNB staff members will find the relevant information on the OeNB’s intranet.
The following documents provide detailed information pursuant to Article 13 and 14 GDPR how the OeNB processes personal data. Currently, the documents are only available in German, the translation is in progress.
- Access authorization – OeNB web portal (PDF), 90 kB
- Accounting and controlling (PDF), 142 kB
- Bank History Archives (PDF), 98 kB
- Call logging (telephone switchboard and security service) (PDF), 87 kB
- Cash authentication training (PDF), 105 kB
- Competition entries (PDF), 84 kB
- Contact platform for central bank research activities in the ESCB (PDF), 105 kB
- Database for non-OeNB Anniversary Fund grants to third parties (PDF), 119 kB
- Documentation of monetary policy operations (PDF), 84 kB
- Education and training management (personnel development tool) (PDF), 118 kB
- Event management (PDF), 114 kB
- Exchange of banknotes and coins (PDF), 103 kB
- JVI supervision and course management (PDF), 119 kB
- Management activities and equity interest management (PDF), 179 kB
- Museum administration (PDF), 113 kB
- Newsletter (PDF), 103 kB
- OeNB Anniversary Fund for the Promotion of Scientific Research and Teaching (PDF), 135 kB
- Office communication and contact management system (PDF), 111 kB
- Payment Systems (PDF), 120 kB
- Photographs and videos (PDF), 95 kB
- Procurement and sales management including intra-group invoicing (PDF), 136 kB
- Security services – call logging (PDF), 83 kB
- Seizure Tracking Application (SETRA) (PDF), 103 kB
- Statistics Hotline ticketing system (PDF), 150 kB
- Treasury – call logging (PDF), 76 kB
- Video surveillance (PDF), 84 kB
- Visiting Research Program of the Economic Analysis and Research Department (PDF), 92 kB