As of October 2018
The protection of your personal data is important to us at Wiener Börse AG. Therefore, we process your personal data exclusively in accordance with statutory provisions, in particular, with the EU General Data Protection Regulation (GDPR), the Austrian Data Protection Act (ADPA) and the Austrian Telecommunications Act (ATA). The following sections provide comprehensive information on how we handle your personal data at Wiener Börse AG as well as on your rights as a data subject.
Personal data means any information relating to an identified or identifiable natural person. This information includes, for example, your name, address, telephone number and date of birth.
Legal Basis and Purpose of Data Processing
Your personal data will be processed only if there are legitimate reasons in the meaning of the GDPR, thus primarily for the purpose of fulfilling the contract or if mandated by law or with your explicit consent. In specific cases, we will process your personal data on the grounds of the legitimate interests of Wiener Börse AG. Only personal data is processed that is necessary for the defined purpose such as name and email address and, if applicable, further data disclosed during registration or when sending an inquiry or when entering into a contract or within activities for initiating business relations or that we have obtained from publicly available sources as permitted.
Your personal data is stored only as long as this is required by law or as long as necessary for fulfilling the defined purpose. After the purpose has been attained or after expiry of the storage periods, your personal data is deleted without delay.
Forwarding of Personal Data to Third Parties
Generally, your data is not forwarded to third parties unless we are under the obligation to do so by law or if the forwarding of the data is necessary for fulfilling the contract.
An exception is made for service providers who work on behalf of Wiener Börse AG. These are, in particular, IT service providers and IT maintenance services, which, for example, support the website of Wiener Börse AG, as well as providers of marketing tools who make mailings on behalf of Wiener Börse AG. All service providers are bound by the instructions of Wiener Börse AG and are subject to strict technical and organizational security measures, and must furthermore comply with data protection regulations.
Data Processing for Meeting Contractual and Statutory Obligations
We process personal data for the purpose of fulfilling our contractual obligations as well as pre-contractual obligations. Moreover, Wiener Börse AG is subject to diverse statutory requirements (esp. Stock Exchange Act) and in this context is obligated to process personal data.
Data Processing for Communication on News, Event Dates and Services Relating to the Vienna Stock Exchange
We process your personal data on the legal basis of your consent and in individual cases also on the legal basis of the legitimate interests of Wiener Börse AG for the purpose of sending you information on events, news and the services of Wiener Börse AG. In this case, we will store and process your personal data (name, email address and, if you have provided us with it: position, company, telephone number, address) for the purposes stated above. You may withdraw your consent at any time by sending an email to dsgvo(a)wienerboerse.at. The withdrawal of consent does not affect the lawfulness of the processing carried out up to the time of withdrawal.
Personal Data of Visitors and Users of our Website
Data collection and data use for contract fulfilment and for opening customer accounts
Wiener Börse AG treats all personal data collected within "Wiener Börse Live" and "My Borse" as confidential information. We collect personal data when you make it available on a voluntary basis when placing an order, when contacting us (e.g. via contact form or email) or when opening a customer account thereby giving your consent to data processing. Which personal data is collected is displayed in the respective registration forms. We use the personal data you have provided us with for fulfilling the contract and for processing your inquiries. In the course of the payment process, personal data is also forwarded to our payment provider, in particular financial and payment data of the transaction (such as the payment amount, credit card number), shopping cart data (e.g. item price), online data (such as the IP address) and personal data (e.g. name, email address). After the complete fulfilment of the contract or after deletion of your customer account, your personal data is blocked for further use and is deleted after the expiry of the storage periods pursuant to tax and commercial law unless you have explicitly consented to the further use of your personal data or if we retain the right to use the data beyond this period as permitted by law of which fact we inform you. You may delete your customer account at any time; you may request this by email.
We will collect, process, use and store the personal data you provide us with only in accordance with the data protection regulations governing the provision of services, and for book-keeping, payment transactions, logistics and customer record-keeping purposes.
In order to protect your personal data from unauthorized access by third parties, the data is transferred using the so-called SSL security system (secure socket layer). This software offers a high level of security and encrypts your entire personal data such as credit card number, name, address and email in a code. In accordance with current technical standards, the data cannot be read by unauthorized third parties and is transmitted securely to us.
You have the right, of course, to request information on your personal data stored on our systems. To request information, please contact us by email. A comprehensive summary of your rights with respect to personal data is given further below on this page.
Data use when registering for the email newsletter
When you register to receive one of our newsletters, we use the personal data required for this purpose or that you have provided us with separately for regularly sending you our email newsletter in accordance with your consent. You may cancel your registration to the newsletters at any time. This can be done either by email or via the link in the newsletter set up for this purpose. When you cancel your registration, we immediately delete your personal data relating to the sending of the newsletter.
Data collection and data use when using the Chatbot tool
In order to use certain features of our chatbot tool, such as leaving messages, you voluntarily provide us with your name and email address, and thereby give us your consent to the processing of this personal data. We only need this data to contact you in order to answer your questions. The personal data entered by you into the tool will be automatically deleted by us within three months of being collected.
Storage of access data in server log files
You may visit our website without having to provide any personal data. We only store access data in so-called server log files such as the name of the file requested, date and time of the query, data volume transmitted and the querying provider. The data is evaluated to ensure disruption-free operation of the webpage and to improve our range of offers, and does not permit us to draw conclusions regarding your person.
Data processing of applications
In the specific case of an application, we will store your applicant data, i.e. mainly data that you provide to us through your application (CV, letter of motivation, online application form). Due to the individuality of each application, this data will diverge from each other, usually the following personal data: Name, title, date of birth, application photo, contact data (e-mail, telephone number, address), education, work experience, certificates, nationality, language skills, other information about your abilities. We may collect your personal information from publicly available sources as part of the recruitment process. We do not ask you to provide us with sensitive information (racial or ethnic origin, political opinions, trade union membership, sexual orientation, philosophical convictions) in the application documents. We do not consider sensitive data in the application process. Sensitive data voluntarily disclosed in the application documents will remain stored in the documents, but will not be processed in any other way.
If you would like us to keep your application documents on record, you must give us your express consent to this and thus to the processing of your personal data. You can give us such consent to the keeping of records for a period of 2 years via our applicant portal. If you do not consent to the keeping of records, your data will be deleted after 6 months from the rejection of your application.
You have the right to receive information at any time regarding your personal data stored at no charge, and you also have the right to have the data corrected or deleted. Furthermore, you have the right to impose restrictions on the processing of the data collected. You may request that the personal data collected be sent to a third party without any hindrances or restrictions. If you have given your consent to data processing, you may withdraw this consent at any time. You may at any time, for reasons relating to your special situation, object to the processing of your personal data which is necessary for protecting the legitimate interests of the controller or of a third party. Your data will no longer be processed after you send an objection unless there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. For inquiries regarding the collection, processing or use of your personal data, for information queries, corrections, deletions, restrictions and data portability as well as the withdrawal of consent with respect to a specific type of data use, please contact us directly as stated below. Should your privacy rights be violated, you have the right to file a complaint with the competent data protection authority.
Data Protection Officer and Controller
For queries and legal claims, you may contact our internet team, and for further details also our Data Protection Officer. The Data Protection Officer and the competent staff member at Wiener Börse AG may be contacted by email at: datenschutzbeauftragter(a)wienerboerse.at.
Data Protection Officer of Wiener Börse AG is IT Beratung- und Wirtschaftsprüfungsgesellschaft mbH, Schwindgasse 4/7, 1040 Vienna, FN 212703 z, with a representative within Wiener Börse AG.
Controller for data processing is Wiener Börse AG, Wallnerstraße 8, 1010 Vienna, FN 334022 i.