Status: October 2023

General

The protection of your personal data is important to us at Wiener Börse AG. Therefore, we process your personal data exclusively in accordance with statutory provisions, in particular, with the EU General Data Protection Regulation (GDPR), the Austrian Data Protection Act (ADPA) and the Austrian Telecommunications Act (ATA). The following sections provide comprehensive information on how we treat your personal data at Wiener Börse AG as well as on your rights as a data subject.

Personal data

Personal data means any information relating to an identified or identifiable natural person. These include, for example, your name, address, telephone number or date of birth. 

Legal basis and purpose of data processing

Your personal data will be processed only if there are legitimate reasons in the meaning of the GDPR, thus primarily for the purpose of initiating and fulfilling a contract or if mandated by law or after having obtained your explicit consent. In individual cases, we will process your personal data also on the grounds of the legitimate interests of Wiener Börse AG. Only personal data is processed that is necessary for the defined purpose such as name and email address and, if applicable, also further data disclosed during registration or when sending an inquiry or when entering into a contract or within the scope of initiating business relations or data we have obtained from publicly available sources as permitted. 

Duration of storage

Your personal data is stored only as long as this is required by law or as long as it is necessary for fulfilling the defined purpose. After the purpose has been attained or after expiry of the storage periods, your personal data is deleted without delay. 

Forwarding of personal data to third parties

Generally, your data is not forwarded to third parties unless we are under the obligation to do so by law or if the forwarding of the data is necessary for fulfilling the contract. 

An exception is made for service providers acting on behalf of Wiener Börse AG under a contract. These are, in particular, IT service providers and IT maintenance service providers who take care of the website of Wiener Börse AG as well as providers of marketing tools used, for example, to send newsletters and mailings on behalf of Wiener Börse AG. All service providers are bound by the instructions of Wiener Börse AG and are subject to strict technical and organizational security measures and must furthermore comply with data protection regulations. 

Data processing for meeting contractual and statutory obligations

We process personal data mainly for the purpose of fulfilling our contractual obligations as well as pre-contractual obligations. Moreover, Wiener Börse AG is subject to diverse statutory requirements (in particular, the Stock Exchange Act) and in this context is obligated to process personal data. 

Data use when communicating news, events and services relating to the Vienna Stock Exchange

We process your personal data on the legal basis of your consent and in individual cases as well as on the legal basis of the legitimate interests of Wiener Börse AG in order to send you information on events, news and the services of Wiener Börse AG. In this case, we will store and process your personal data (name, email address and, if you have provided us with it: position, company, telephone number, address) for the purposes stated above. You may withdraw your consent at any time by sending an email to dsgvo(a)wienerboerse.at. The withdrawal of consent does not affect the lawfulness of the processing up to the point in time of withdrawal. 

Information on third-party providers:

  • Electronic invitations and registration to events: Invitario Österreich, Lerchenfelder Straße 74/1/6, 1080 Vienna, Austria
  • Printed invitations: VSG Direktwerbung GmbH, Industriestraße B18, 2345 Brunn am Gebirge

Information on data protection for online meetings and webinars

It is our assumption that by taking part in online meetings and/or webinars organized by Wiener Börse AG you are familiar with the data protection information contained in this document and that by participating in these events you consent to the corresponding processing of your personal data. The lawfulness of the processing of your personal data is based on our legitimate interests.

When a relevant notice is included in an invitation, we record our online meetings and/or webinars held as video conferences (via MS Teams, Zoom, Cisco Webex, etc.) and store these recordings for internal documentation purposes and for the purpose of media reporting (internet, brochures, etc.) as well as for social media purposes (e.g. LinkedIn, YouTube, Twitter) for a period of a maximum of two years. 

As an attendee of a virtual meeting you may avoid a video recording of yourself by selecting the relevant settings on your computer such as by turning off the camera. 

As a general rule, only the required personal data are stored: name of attendee, email address, if applicable the name of the institution/company on whose behalf you are appearing, as well as image and sound – provided your computer settings permit this. Furthermore, we store data on your attendance periods (time of log-in and log-off) for online meetings and produce automatically generated attendance records.

Personal data of visitors and users of our website

Storage of access data in server logfiles

You may visit our website without having to provide any personal data. We only store access data in so-called server logfiles such as the name of the file requested, date and time of the query, IP address, data volume transmitted and the querying provider. The data is evaluated to ensure disruption-free operation of the page and to improve the range of offers. This is our legitimate interest in the meaning of GDPR. The data does not permit us to draw conclusions regarding your person. 

Server location

Your personal data is stored on servers of an external service provider within the European Union. This guarantees compliance with European data protection regulations. 

Information on third-party providers:

  • Website provider: FactSet Digital Solutions GmbH, Sandweg 94, 60316 Frankfurt am Main, Germany

Use of web fonts

On our website, we use external fonts, so-called Google web fonts. This is a Google service. We have downloaded the Google Web Fonts and host them on our own servers. The integration and display of the web fonts thus takes place from our own servers.

We use Google web fonts to optimize our website for users. This is our legitimate interest in the processing of the aforementioned data  in the meaning of GDPR.

More on Google Web Fonts
Data Protection Declaration of Google

Information on third-party providers:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Use of cookies

Details are available in our Cookie Policy.

Data collection and data use for contract fulfilment and for opening customer and user accounts

Wiener Börse AG treats all personal data collected within "Wiener Börse Live" and "My Borse" confidentially. We collect personal data when you provide us with this information voluntarily when placing an order, when contacting us (e.g. via contact form or email) or when opening a customer or user account and in this manner give your consent to data processing. The personal data collected is displayed on the respective data entry forms. We use the personal data you have provided us with for fulfilling the contract and for processing your inquiries. When processing payments, the personal data is also sent to our payment services provider. This data comprises financial data and payment data relating to the transaction (such as the payment amount, credit card number), shopping cart data (e.g. item prices), online data (e.g. IP address) and personal data (e.g. name, email address). After the complete fulfilment of the contract or after deletion of your customer account, your personal data is blocked for any further use and deleted after the expiry of the storage periods pursuant to tax law and commercial law unless you have explicitly consented to the further use of your personal data or if we continue the use of the data beyond this period as permitted by law and of which we inform you. You may delete your customer account at any time, and this may be requested by email.

We will collect, process, use and store the personal data you provide us with only in accordance with the data protection regulations on the provision of services, for book-keeping, payment transactions, logistics and customer record-keeping. 

In order to protect your personal data from unauthorized access by third parties, the transfer of the data is done using the so-called SSL security system (secure socket layer). This software offers a high level of security and encrypts your entire personal data such as credit card number, name, address and email in a code. Under current technical standards, the data cannot be read by unauthorized third parties and is transmitted securely to us. 

You have the right, of course, to request information on the personal data we store about you. To request this information, please contact us by email. A comprehensive summary of your rights with respect to personal data is given further below on this page. 

Information on third-party providers:  

  • Website provider: FactSet Digital Solutions GmbH, Sandweg 94, 60316 Frankfurt am Main, Germany
  • Payment services provider: Qenta Payment CEE GmbH, Reininghausstraße 13a, 8020 Graz, Austria

Data use when registering for the email newsletter

When you register to receive one of our newsletters, we use the personal data needed or the data you have provided separately for the purpose of regularly sending you our email newsletter as you have consented. When registering, the personal data is also sent to our newsletter service provider. You may cancel your registration to the newsletters at any time. This can be done either by email or via the link in the newsletter set up for this purpose. When you cancel your registration, we immediately delete your personal data relating to the sending of the newsletter.

Information on third-party providers:

  • Website provider: FactSet Digital Solutions GmbH, Sandweg 94, 60316 Frankfurt am Main, Germany
  • Newsletter tool: ONELOGIN Business & Technology Consulting GmbH, Universitätsstraße 92, A-9020 Klagenfurt am Wörthersee

Use of data when contacting us via the contact form or by email

If you use the contact form on our website or send us an email, we use and store the personal data you send us. By sending us your contact request, you agree to the processing of the data you have submitted. If you contact us via a contact form on our website, we also save your IP address. Your data is not forwarded to third parties and is deleted after contact unless it is needed for further uses. 

Information on third-party providers:

  • Website provider: FactSet Digital Solutions GmbH, Sandweg 94, 60316 Frankfurt am Main, Germany

Use of captchas

For the registration and contact forms on our website, we use Google reCAPTCHA to prevent the automatic completion of text entries by software or bots. Google reCAPTCHA is a Google service. The reCAPTCHA function reveals if an entry has been made correctly by a natural person or through misuse by a machine and automated processing. This measure increases security on our website and specifically averts spam. In this function, data such as the IP address and, if applicable, further data needed by Google for the reCAPTCHA service is sent to Google and, if applicable, stored on servers in the U.S. IP addresses are almost always shortened within the member states of the European Union or other states members of the European Economic Area before sending the data to servers in the U.S.

Data processing is done on the basis of the legitimate interests in the meaning of GDPR. The interest of Wiener Börse AG consists of protecting its web services from misuse through automatic processing and as protection against spam.  

More on reCAPTCHA
Data Protection Declaration of Google

Information on third-party providers:

  • Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland

Use of Google services for statistics and marketing purposes

Google Tag Manager

Google Tag Manager is used on this website. Google Tag Manager is a tool for the management of website tags, especially for online marketers. The tool itself does not collect personal data. It only serves to trigger other tags which may in turn collect data. Google Tag Manager does not access this data. When deactivation is carried out at the domain or cookie level, this deactivation remains in place for all tracking tags implemented by Google Tag Manager. 

Details in the FAQ on Google Tag Manager
Terms of Use of Google Tag Manager
Data Protection Declaration of Google

Information on third-party providers:

  • Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland

Information regarding the web analysis service

This website uses Google Analytics, a web analysis service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland. Google Analytics uses so-called "Cookies"; these are text files stored on your end device and that enable the analysis of your use of our website.

The processing of your data using Google Analytics is based on your explicit consent within the terms of Art 6 (1) lit. a DSGVO. You can withdraw your consent (except for the absolutely necessary cookies that serve the smooth functioning of the website and cannot be deselected) at any time in the cookie policy under "Consent and withdrawal" with effect for the future.

Cookies are only used if you have explicitly given your consent. Otherwise Google Analytics does not use cookies, but only records access data on an aggregate basis and therefore, the data cannot be assigned to any specific user. If you give your consent to the use of cookies, the information regarding your use of the website generated by cookies is sent to a server operated by Google and is stored there. The anonymization of your IP address is automatically applied during data collection in Google Analytics 4. No individual IP addresses are logged or stored. All IP addresses collected from users in the EU are dropped before they are logged via EU domains and servers. For EU-based traffic, IP-address data is used solely for geo-location data derivation before being immediately discarded. All information that is entered into Google Analytics is used by Google to evaluate your use of the website, to generate reports on website activity for Wiener Börse AG and also to supply services related to the use of the website and the internet. Google may send this information to third parties provided this is required by law or if third parties process the data on behalf of Google. Google will in no case connect your IP address with other Google data. In accordance with the Cookie Policy, you may accept or reject cookies at any time.

If you want to prevent Google Analytics from storing cookies on the websites that you visit in the future, you may download and install a Browser-Add-on. For the technical implementation of the deactivation, an opt-out cookie is set in the browser. This cookie serves exclusively to allocate and implement the rejection. For technical reasons, an opt-out cookie is valid only for the browser in use when it was set. If the cookies are deleted or a different browser or end device is used, the opt-out must be carried out again.

We use Google Analytics also to evaluate data from DoubleClick cookies and we also use Google Ads for statistical purposes. If you want to block this, you can use the advertising settings manager to deactivate this function.

We have entered into the corresponding contract with Google regarding data processing. Our intent in the meaning the GDPR (legitimate interest) is to improve the range of services offered on our website. The data is stored for a period of 14 months.

Details on data protection in connection with Google Analytics

Information on third-party providers:

  • Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland

Use of Google Ads & remarketing

We use Google Ads to attract attention to our offers and videos with the help of text ads displayed directly in the Google search engine, display ads on third-party websites and on YouTube. Furthermore, this website uses Google's remarketing function. This function is used to present interest-specific ads to users from the Google advertising network. The user's browser stores cookies on the respective end device that make it possible to recognize the user when the user opens websites that are part of the advertising network. Users are presented ads on these pages that refer to content that the user previously opened on websites that use the Google remarketing function. If applicable, Google stores data on servers in the U.S.

We, our advertising partners and Google receive information on the fact that you have clicked on an ad and were forwarded to us. These evaluations allow us to recognize which of the advertising measures employed were especially effective and also help us optimize our advertising. The statistics made available to us by Google include the number of users that have clicked on our ads and show to which sub websites the user has been forwarded. This function permits us to see which search terms recorded clicks on ads with a higher frequency. Our interest consists of being able to show you advertising that is of interest to you and also to optimize our website for you. 

In accordance with the Cookie Policy, you may accept or reject cookies at any time. Furthermore, you can block participation in this tracking process by changing the settings in your browser to block the use of cookies, or by deselecting specific types of ads in the Google Ads settings, or by deactivating interest-specific ads on Google or by deactivating cookies of advertisers by using the respective deactivation function of the Network Advertising Initiative.

Details on Google Remarketing and Google's Privacy Policy

Information on third-party providers:

  • Partner for online advertising using Google Ads: Deetail - grafikatur & more eU, Gießenweg 1, 6167 Völs, Austria
  • Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland

Marketing of online advertising space

Online advertising space is available on our website. The marketing of the advertising space is done by external marketing partners who use the tool "Google Ad Manager" for technical processing. Cookies are used to display target-group specific advertising and, if applicable, data is sent to the U.S. Data processing is done on the basis of the legitimate interests of Wiener Börse AG in the meaning of GDPR. Your personal data is sent to our advertising partners to enable them to display the target-group specific advertising. Details are given in our Cookie Policy under the heading Marketing. Furthermore, the link below shows a list of all cookies that our marketing partner receives from customers/agencies and displays in its campaigns. It also contains a detailed description and the opt-out possibilities.  

List of all cookies and opt-in/out possibilities
Data Protection Declaration of Google

Information on third-party providers:

  • Online advertising partner: austria.com/plus - Russmedia Digital GmbH, Praterstraße 1, 1020 Wien, Austria
  • Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland

Embedding of services and contents of third parties

We embed the contents of third parties on our website to make our offers more attractive. These refer to YouTube videos, Podcasts from Apple Podcasts and Spotify, Google Maps as well as digital publications with Issuu. Some of the content is sourced from social media networks or other companies from the U.S. By embedding the content of third parties, the third parties may use cookies and similar techniques and the data may be forwarded to the U.S. (for example, your IP address, browser information, Cookie ID, Pixel ID, page loaded, date and time of loading). Details on the embedded content from each of the networks and these companies and also on the data they process as well as regarding your data protection rights, which may also include advertising purposes, are available here:

Presence in social media

The Vienna Stock Exchange operates company channels on popular "social media" such as Twitter, LinkedIn and YouTube. We ensure compliance with applicable data protection regulations within the scope of our control possibilities for data processing.

Data protection and whistleblowing

Wiener Börse AG (WBAG) is obliged pursuant to Articles 95 and 159 BörseG, Article 9 Reference Values Enforcement Act in connection with Article 14 Regulation (EU) 2016/1011 (Benchmark Regulation) as well as Article 3 HSchG to set up a whistleblower system regarding possible violations of the law by WBAG, whereby the whistleblowers are to be protected from personal disadvantages and unfounded or unjustified suspicions are to be prevented. To this end, WBAG has commissioned NWT Consulting & Compliance GmbH to provide a whistleblowing system that meets the legal requirements.

Data processing in the job application process

In the specific case of job applications, we will store your data, especially the data that you provided in your job application (CV, cover letter, online application form). On account of the individual nature of every job application, the data will be divergent. Personal data usually includes name, title, date of birth, application photo, contact data (email, phone number, address), education, job experience, job certificates, proof of nationality, language skills, other information on your capabilities. Under certain circumstances, we may obtain your personal data from publicly available sources within the scope of the recruiting process. We request you to refrain from sending us sensitive data (data on race or ethnic origin, political opinions, membership in trade unions, sexual orientation, philosophical beliefs) in the job application documents. We do not take sensitive data into account in the recruiting process. Any sensitive data included in the job application on a voluntary basis remains stored in the files but is not processed in any way. 

If you want us to keep your job application documents on file, you must give us your explicit consent to the processing of your personal data. You may use our recruiting portal to send us your consent to keep your data on file for a period of two years. If you do not give your consent to keep your data on file, your data will be deleted after a period of six months as of the time your application was rejected. 

Information on third-party providers:

  • Online job application portal: Sage GmbH, Stella-Klein-Löw-Weg 15, 1020 Vienna

Your rights

You have the right to receive information at any time at no charge regarding the personal data stored, and you also have the right to have the data corrected or deleted. Furthermore, you have the right to impose restrictions on the processing of the data collected. You may request the sending without hindrances or restrictions of the personal data collected to a third party. If you have given your consent to data processing, you may withdraw this consent at any time. You may object to the processing of your personal data at any time for reasons relating to your special situation that are necessary for protecting the legitimate interests of the controller or of a third party. Your data will no longer be processed after you send an objection unless there are compelling legitimate ground for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. For inquiries regarding the collection, processing or use of your personal data, for information queries, corrections, deletions, restrictions and data portability as well as the withdrawal of consent with respect to a specific type of data use, please contact us directly as stated below. Should your privacy rights be violated, you have the right to file a complaint with the Data Protection Authority. 

Data protection officer and controller

For queries and claims, you may contact our internet team at any time, and for further details, also our Data Protection Officer. The Data Protection Officer at Wiener Börse AG can be reached by email at: datenschutzbeauftragter(a)wienerboerse.at.

Controller for data processing is Wiener Börse AG, Wallnerstraße 8. 1010 Vienna, FN 161826.