Skip to content

Privacy Policy

By using this Website you declare that you agree to the use of your data as described in this Data Privacy Statement:

Information provided and used

The Website of ABA – Invest in Austria does not collect any personal data without your consent. However, you can voluntarily provide us with information for certain purposes in the designated areas of the Website (e.g. your name, e-mail address, telephone number provided by you when you contacted us).

At this time, you may provide personal information via forms on this Website, for example, to arrange for a consulting appointment or to register for our newsletter. In such cases, the information you submit will be stored in our CRM system. It will be used to actively shape the consulting process focusing on Austria as a business location and to send you supplementary information regarding your request.

We will not ask you for any sensitive information (e.g. data relating to race or ethnic origin, political opinions, religious or philosophical convictions trade union membership, health or sexual orientation).

You agree that we may also use your personal information that you provided to us via this Website (e.g. name, email address) for marketing purposes or for passing it on to third parties if you have ticked the relevant box pursuant to the General Data Protection Regulation

You can revoke your approval to this storage of data at any time.

Right of access, rectification and deletion of data

If you would like to request access to your personal information, correct or delete the data or if you have any questions, suggestions or concerns regarding your privacy while using this website, please contact us using the contact form or send an e-mail to office@aba.gv.at.

Changes to this privacy statement

We may modify or amend this privacy statement from time to time at our discretion. When we make changes to this statement, we will amend the revision date at the top of this page, and the modified or amended privacy statement shall take effect as of this date with respect to your information. We encourage you to periodically review this privacy statement to be informed about how we are protecting your information.

Disclosure of information to third parties

The dissemination of personal data to selected third parties with whom we have existing cooperation agreements takes place within the context of the advisory process. These cooperation partners include:

  • Lawyers and tax consultants
  • Banks and insurance companies
  • Service providers in the real estate sector (in particular real estate agents, planning offices, business centres, serviced offices)
  • Management and funding consultancies
  • Providers of market research and location analyses
  • Personnel consultants and recruiters
  • Call centres
  • Digital marketing agencies
  • Logistics providers and freight forwarders
  • Research centres
  • Suppliers of relocation services (especially serviced apartments, translation services and relocation agencies)
  • VC/PE – financing / investors
  • Operators of film locations
  • Business promotion agencies in the federal provinces
  • Foreign trade centre of the Austrian Federal Economic Chamber
  • Contractual partners with whom the Austrian Business Agency has a valid contractual relationship to provide services at no charge

Furthermore, data is conveyed to courts or public authorities within the context of the Austrian Data Protection Act (DSG 2000), inasmuch as we are legally required to do so.

Data Protection Notice for Events

  • If you decide to attend any events we host or organise, please be aware that we will process the personal data you provide, specifically:

    • information on your identity (e.g. name, gender)
    • your contact details (e.g. address, e-mail address)
    • images taken at our events (photos and video recordings)
    • other information concerning you (e.g. date of birth, arrival and departure dates)

    We will obtain the data for your registration either from our central customer relationship management (CRM) database or, if you have not participated in any event or an event of similar content, you will have to provide such data yourself (Article 6 (1)(a) GDPR). The provision of your personal data is voluntary. Please note, however, that you may not be able to participate if you provide incomplete information or no information at all.

  • We process your personal data in preparation of the event and to ensure you get access and can participate in the event. Any information on your participation will be stored in our central CRM system.

    We may publish specific personal data (name, employer, photo) of certain individuals (e.g. speakers and participants in panel discussions) for the purpose of promoting the event.

    We regularly photograph and/or film our events (including audio recordings) for the purpose of our press and public relations activities. The photographs and videos may be published to the extent permitted by law, in particular on our website, on our social media channels, on business network portals, and in print media.

  • We will process your personal data to fulfil (pre-)contractual obligations towards our event participants in accordance with Article 6 (1)(b) GDPR and based on our legitimate interests in accordance with Article 6 (1)(f) GDPR (administration in organising and hosting an event; data storage in our CRM system).

    Our publication of photographs and/or video recordings (including audio recordings) is in the public interest as well as in our interest of communicating our events to the public in accordance with Article 6 (1)(e and f) GDPR. We will not publish any recordings that may compromise your personal rights and your right to privacy. We are not interested in identifying individual persons, but purely in documenting the event. Any data processing on the basis of legitimate interest will only take place after careful consideration of the interests of individuals affected by the processing.

  • We will store your data only as long as necessary for carrying out the event, or for as long as deemed necessary within the scope of statutory retention periods, or for as long as legal claims can be asserted against ABA.

  • We may make your personal data available to the following third parties on the basis of legal provisions or contractual agreements, provided they are directly involved in the event and the organisational process makes this necessary:

    • hotels, shuttle services
    • printers, agencies for advertising the event in newsletters or on posters
    • caterers
    • other conference participants
    • internal and external IT service providers for technical support during the event, online video conference operators
    • event/cooperation partners

    Moreover, we may share your personal data with third parties as necessary on the basis of our legitimate interests (e.g. auditors, insurance companies in the event of an insurance claim, legal representatives in the event of a claim, etc.).

    We do not actively transmit data to third countries, with the exception of images published on our social media channels (Instagram, Facebook, etc.), which may be transmitted to the United States. If images are published on our social media channels, this data may also be processed by the platforms themselves.

    If you do not agree to the publication of your photographs and/or video recordings, including audio recordings, please inform the photographer immediately or contact us in advance of the event. You may also object to the use of your data at a later date.

  • Various events take place as hybrid events or online video conferences. We use the tools “Zoom” and “Microsoft Teams” for this purpose.

    We make use of the service “Zoom” in accordance with a data processing agreement concluded with the US-based enterprise Zoom Video Communications, Inc.

    Find out more about the terms of use and the privacy policy of Zoom here: https://zoom.us/de-de/privacy.html – you agree to these terms upon registration.

    We make use of “Microsoft Teams” as a tool of Microsoft 365 in accordance with a data processing agreement concluded with Microsoft Ireland Operations.

    Find out more about the terms of use and the privacy policy of Microsoft Teams here: https://learn.microsoft.com/de-de/microsoftteams/privacy/location-of-data-in-teams – you agree to these terms upon registration.

    If you use Zoom or Microsoft Teams, the respective provider will receive certain personal data as necessary for using the software (including your IP address). Various other types of data may also be processed when using Zoom and Microsoft Teams. The specific scope of data processing depends on what data you provide before or during participation in an online video conference (e.g. your voice, contributions and comments you provide during the online video conference that are heard/seen by other participants).

    If you register using your first name and surname, we will receive such personal data and may store it when recording the video conference. If we record an online event, you will be informed in advance or will see a corresponding notification in the online meeting, and – if necessary – will be asked for your consent. You may give your consent, for example, by sending a message in the chat; your consent is always voluntary. If you do not agree to the transmission of your personal data, please do not take part in the video conference.

    Our audio and video streams will only be recorded in legitimate exceptional cases and with prior notification by the host (in particular for public conferences or events).

    The purpose of operating the video conferencing service Zoom and Microsoft Teams is to participate in and follow the event without personally attending. When using Zoom and Microsoft Teams, your personal data will be processed on the following legal grounds:

    Article 6 (1)(b) GDPR if the online video conference is conducted within the framework of contractual relationships. If there is no such contractual relationship, the legal basis is Article 6 (1)(f) GDPR with regard to our interest in the effective implementation of “online video conferences”.

Advertising to existing customers

  • We reserve the right to use the data collected as part of our ongoing service relationship (in particular your first and last name, your e-mail address, the name and address of your company and any other information you may have provided) to provide you with current and relevant information by e-mail, unless you object or have objected to this use. You are an existing client of ABA if you have made use of at least one ABA service (event participation, consultation, download of our brochure, etc.). Direct advertising only includes information about ABA's own similar services, such as the services you have already purchased. You can unsubscribe from our existing customer advertising at the end of each mailing via the unsubscribe link.

  • We process your data in order to provide you with information about ABA's own similar services, such as the services you have already purchased.

  • We have a legitimate interest (Art. 6 para. 1 lit. f GDPR in conjunction with § 174 para. 4 TKG) in providing our clients with up-to-date and relevant information on similar services in order to build and maintain a long-term customer relationship.

  • We store your data until you object to receiving direct advertising or until our existing customer advertising service is discontinued. You can object at any time - please send your objection by e-mail to office@aba.gv.at.

Cookies

This Website collects standard Internet log information including your IP address, browser type and language, date and time of your visit and referring Website addresses. To ensure that this Website is well managed and to facilitate improved navigation, we or our service providers may also use cookies (small text files stored in a user’s browser) or Web beacons (electronic images that allow this Website to count visitors who have accessed a particular page and to access certain cookies) to collect aggregate data.

 

  • This website uses Google Analytics with Signals, a Web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed 14 months on your computer to help the Website analyse how visitors use the site and "Signals". Google Signals are session data from websites and apps that the search engine links to users who are logged into their Google account and have allowed personalized advertising. The information generated by the cookie about your use of the website (including the anonymized IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may prevent the installation of the cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the previously-described manner and for the purposes set out above.

    In order to deactivate the analytic data collection on the part of Google Analytics, you can use the following link: Browser add-on to deactivate Google Analytics.

  • We use the “visitor action pixels” from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our website. This allows user behavior to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation.

    Please click here if you would like to know more about the facebook ads pixel:  https://www.facebook.com/business/learn/facebook-ads-pixel

    Please click here if you would like to change your facebook ad settings: www.facebook.com

  • We use the LinkedIn Insight Tag from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland on our website.
    We use the LinkedIn Insight Tag to track conversions, retarget website visitors, and unlock additional insights about members interacting with our LinkedIn adverts.

    Please click here if you would like to know more about the LinkedIn Insight Tag:  https://www.linkedin.com/legal/privacy-policy

    Please click here if you would like to change your LinkedIn ad settings or to deactivate the data collection: www.linkedin.com

  • This Website uses various social media applications or services that allow you to share content with other users. Any personal information or other information that you contribute to any social media application can be read, collected and used by other users of that social media application over whom we have little or no control. Therefore, we are not responsible for any other user’s misuse or misappropriation of any personal information or other information that you contribute to any social media application.

    We use applications of the following social networks on our website:

    • LinkedIn
    • Facebook
    • Twitter
    • YouTube
  • On our website we make use of the marketing automation and web tracking solutions provided by ClickDimensions LLC, 6849 Peachtree Dunwoody Road, Building B-1, Suite 200, Sandy Springs, GA 30328, United States of America ("ClickDimensions"). In turn, these use so-called cookies (i.e. cookies and tracking pixel) which are stored on your computer and which enable an analysis of website use.

    ClickDimensions uses its own HTML browser cookies in the web tracking technology. This means that visitors to your website can readily adjust their own browser to reject cookies, and to easily delete cookies placed by us or others.

    For example, to set the browser Internet Explorer to reject cookies, choose in the menu bar Extras > Internet Options > Privacy > and under Settings (using the range slider) the desired degree of protection. In order to delete cookies in Internet Explorer, select Extras > Internet Options > General >, click the button Delete in the browser history and activate the option Cookies in the following dialogue box.

    If you do not want the website to set a cookie, you can activate the private mode in your browser. The designations for the respective private browser mode are as follows

    • InPrivate mode in Microsoft Edge
    • InPrivate mode in Microsoft Internet Explorer
    • Incognito mode in Google Chrome
    • Private browsing mode in Mozilla FireFox
    • Private browsing mode in Apple Safari

    ClickDimensions never stores information in the LSO area of your computer. We never make use of so-called "flash cookies" (local shared objects, in short LSO).

    ClickDimensions does not make use of any visitor identification methods in which the information provided by you is exchanged with other websites.

  • In order to register to receive our newsletter, it is sufficient if you provide your name and email address. Our newsletter contains information about Austria as a business location, our services and references to events. The newsletter registration, in which you approve the storage and processing of your data, takes place within the context of the so-called double-opt-in process. This means that after submitting your data, you will receive an email in which you are requested to confirm your registration. We will not transmit your email address to any third parties without your approval. You can unsubscribe from receiving the newsletter at any time. You will find a link to cancel your newsletter subscription at the end of every newsletter.

    If you wish to download photos from a Work in Austria newsletter or if you click on a link in one of these emails, it is automatically recorded via the email service of ClickDimensions LLC, 6849 Peachtree Dunwoody Road, Building B-1, Suite 200, Sandy Springs, GA 30328, USA ("ClickDimensions"). The generated usage information is transferred from the servers of ClickDimensions in the Netherlands to our servers in Germany and is stored there for the purpose of statistical usage analysis. The results help us to continuously improve the contents of our newsletter and to make the information offering on our websites more interesting for you. If you do not agree with the storage and evaluation of this data, you can unsubscribe using the link to be found at the end of every newsletter. 

  • We use “Cloudflare” to improve the security and delivery speed of our website. The service provider is Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, USA (hereinafter referred to as ‘Cloudflare’). Cloudflare offers a global Content Delivery Network (CDN) – a network of connected servers that determine the fastest way to transmit our content when you visit our website. Moreover, Cloudflare also offers security services to protect our website from any improper access. These include a reverse proxy, a pass-through security service, and a content distribution network.

    Cloudflare collects and uses information from website visitors to operate, maintain, and improve its services in accordance with customer agreements. This information may include IP addresses, system configuration information (browser type, operating system) and other information about traffic to and from the website. Cloudflare acts as a processor for us and may, therefore, only process data in accordance with our instructions and not for its own purposes.

    For further information please consult the Cloudflare Privacy Policy: https://www.cloudflare.com/de-de/privacypolicy/?tid=221061928

    The EU Commission has issued an adequacy decision for the USA, the so-called “EU-US Data Privacy Framework” (DPF). As Cloudflare is certified in accordance with the DPF, it commits to complying with European data protection principles.

    The use of Cloudflare is based on our legitimate interest in the secure use of our website, the defence against harmful external attacks, and our interest in not operating a content delivery network ourselves in accordance with Art. 6 (1)(f) GDPR.

  • Our website uses the CookieScript Cookie Manager by Objectis Ltd, Lithuania (Laisves st. 60, LT-05120 Vilnius, Lithuania). This software scans our website in order to identify and categorise all existing cookies. A data-protection-compliant cookie notice will inform you as a website visitor of our use of cookies, so you may decide for yourself which cookies you allow.

    When you visit our website, CookieYes will set a cookie for one year to store your consent preferences and take them into account on subsequent visits to this website. In addition, CookieYes will determine your masked IP address (this is a technical security measure in which the IP address is shortened). The sole purpose of collecting the masked IP address is to prove that consent has been given.

    Please find more detailed information on the purpose of data collection and the CookieYes Privacy Policy at: https://cookie-script.com/legal/privacy-policy

    If you wish to withdraw your consent, all you need to do is delete the cookie in your browser or change your setting by clicking on the round button at the bottom left.

    The use of CookieScript is based on our legal obligation to obtain your consent to the storage of certain cookies on your end device and to document them in accordance with data protection regulations, and on our legitimate interest in the legally compliant design of our website in accordance with Art. 6 (1)(1)(c) GDPR as well as Art. 6 (1)(f) GDPR.

Employee Data Protection (Agreement on data processing and consent pursuant to Art. 28 GDPR)

for consulting and supporting companies with a registered office and/or place/s of business in Austria in order to obtain the necessary permits to employ international skilled workers (individuals without Austrian citizenship) and/or for consulting and supporting international skilled workers directly.

  1. 01

    1.1 In the following Agreement the abbreviation “ABA” refers to the Austrian Business Agency Österreichische Industrieansiedlungs- und WirtschaftswerbungsgmbH. This GmbH is a non-profit organization for the promotion of Austria as a business location. Within the framework of its promotion activities, ABA also serves as a competence centre and service point for legal matters with regard to hiring international skilled workers in Austria.

    1.2 The term “international skilled worker” refers to any person intended to be employed in Austria without having Austrian citizenship.  

    1.3 The following provisions apply to legal matters concerning a company with a registered office and/or place/s of business in Austria that has come to an understanding with an international skilled worker (Section 1.2) with regard to his/her employment in Austria, whose employment has not yet been approved, if necessary, by the competent authorities. 

    1.4 The abbreviation “AuslBG” refers to Ausländerbeschäftigungsgesetz (Act Governing the Employment of Foreign Nationals), “NAG” for Niederlassungs- und Aufenthaltsgesetz (Settlement and Residence Act) as amended. 

    1.5 “GDPR” stands for Regulation (EUR) 2016/679 – General Data Protection Regulation. 

  2. 02

    2.1 Employers and employees (Section 1.3) are informed of the Austrian legal position that international skilled workers (with exceptions, such as individuals from EU Member States) may not be employed in Austria or begin and keep up employment or any other gainful occupation in Austria, unless they  

    2.1.1 obtain a work or posting permit

    2.1.2 or obtain a notification confirmation

    2.1.3 or hold a valid residence title for this employment or any other gainful occupation, namely

    • either a “Red-White-Red Card” or a “Red-White-Red Card plus”
    • or a “Blue Card EU”,
    • or a residence permit as an intra-corporate transferee (“ICT”)
    • or a residence permit as a mobile intra-corporate transferee (“mobile ICT”)
    • or a “settlement permit”
    • or a “settlement permit – artist”
    • or a “settlement permit – researcher”
    • or a “settlement permit – special cases of dependent gainful occupation”
    • or a “settlement permit – dependant”
    • or an exemption certification or a residence title “family member”
    • or a residence title “long-term resident – EU” 

    2.1.4 and/or hold another permit provided by law (residence permits and such like). 

    2.2 These permits or residence titles are usually granted for a limited period of time.

    2.3 Any of these permits must be granted prior to the commencement of employment, keeping in mind not only the criteria under the Act Governing the Employment of Foreign Nationals but also the provisions under the Settlement and Residence Act. 

     2.4 With regard to documents that are made available in the course of obtaining advice and support from the ABA (point 4), legal information is provided to the effect that ‘anyone who produces a false document/certificate (Urkunde) with the intention of falsifying a genuine document/certificate (Urkunde) with the intention of using it in legal transactions as proof of a right, a legal relationship or a fact’ is liable to prosecution pursuant to Section 223 Austrian Criminal Code (Strafgesetzbuch, StGB). According to the law, anyone who uses a false or falsified document/certificate (Urkunde) in legal transactions to prove a right, a legal relationship or a fact’ is also to be prosecuted. If there are reasons for suspicion, the ABA expressly reserves the right to inform the competent authorities of the reasons for suspicion in order to prevent any damage to Austria as a business location and also to take company interests (employers) into account.

  3. 03

    3.1 In legal matters as described above in Section 1.3, when a company makes an offer of employment to an international skilled worker, ABA provides the company and/or the skilled worker upon request with basic information on key legislation and the corresponding process to obtain the permits required to work in Austria. For the benefit of the company and/or the international skilled worker, ABA also offers consulting and support to any business promotion agency of Austria’s federal provinces and/or any recruitment agency that may be involved in the individual recruitment (offer of employment).

    3.2 The application is filed by the company and/or the international skilled worker (namely the parties in the process); under the supervision of ABA upon request.

    3.3 After submission of the application, ABA supports the applicant party/parties, meaning the company and/or the international skilled worker, by accompanying them through the individual stages of the process. Until revoked at any time, the party/parties authorise ABA to obtain access to the process file as well as information from the competent authorities on the status of the relevant process, any documents that might still need to be submitted, and the estimated duration of the process. 

    3.4 If the permits and/or residence titles mentioned above are granted for a limited period (point 2.2), the party/parties affected by the time limit will keep a record of the time limit for any application for extension on their own responsibility. If ABA offers a reminder service in the form of a reminder email in individual cases and the party/parties concerned make use of this offer, the reminder service shall be provided by sending an email to the email address last notified to ABA. The risk of receipt, for example in the event of a change of address, but also in all other cases, shall be borne by the party/parties concerned. The ABA shall in no case be liable for any failure of the party/parties concerned to meet the deadline.

    3.5 ABA shall use the personal data provided to ABA exclusively for the fulfilment of the respective processing purpose, in particular for advice and support (point 3.1), and shall store this data for as long as this is necessary according to the agreed purpose or otherwise or in accordance with consent. The storage period is also subject to statutory periods, including statutory limitation periods, such as those in accordance with the provisions of Sections 1478 et seq. Austrian Civil Code (Allgemein bürgerliches Gesetzbuch, ABGB). According to these, the short limitation period is 3 years, whereas the long limitation period is 30 years.

  4. 04

    4.1    ABA is only able to provide the requested consulting and support in legal matters as described above in Section 1.3, if it is granted access to the personal data of the international skilled worker (hereinafter referred to in short as employee data) as well as the data of the company and the necessary documents for the application (Section 3.2). 

    4.2 This data and the documents mentioned above include in particular:

    4.2.1 a completed and signed application form, in which all relevant personal data must be entered, 

    4.2.2 information and documents from the company’s side, namely

    • job description, 
    • employer’s declaration,
    • if applicable, additional explanation/s,

    4.2.3 employee data and corresponding documents of the skilled worker, namely

    • birth certificate (including if applicable those of family members),
    • curriculum vitae of the international skilled worker,
    • police clearance certificate,
    • if applicable, wedding certificate, partner certificate or any other civil status certificate/s,
    • passport,
    • passport photo with bill,
    • if applicable, any already granted residence titles,
    • if applicable, any already granted visa,

    4.2.4 job-related data and/or documents, namely

    • offer of employment (signed by both sides),
    • proof of qualifications and/or training (school certificate/s, university diploma/s, certificate/s of participation etc.), 
    • proof of professional experience and/or previous employments (work confirmation letter/s, confirmation of social insurance periods, other documents, e.g. on previous self-employed work etc.),
    • language certificate/s,
    • if applicable, further “skills certificates” and such like.

    4.3 This data and documents, which the company and/or the international skilled worker (or acting on their behalf and in their interest either a business promotion agency of a federal province or a recruitment agency) voluntarily provides to ABA, is exclusively saved, used (including transfer) and processed by ABA for the purpose of consulting and support as described in Section 3 in legal matters as described above in Section 1.3. 

    4.4 ABA places great value in the protection of personal data. ABA therefore observes the applicable legal provisions regarding the protection, lawful handling and confidentiality of personal data, as well as on data security, in particular the Austrian Data Protection Act (“DSG”), the EU General Data Protection Regulation (“GDPR”) and the Telecommunications Act (“TKG”).

  1. 05

    5.1 Introduction

    5.1.1 If ABA is granted access to data, in particular employee data and documents (Section 4), exclusively by the company, ABA shall provide its consulting and support services on behalf of the company as the data controller (Art. 28 GDPR) and in accordance with the following provisions; if the business promotion agency of a federal province and/or a recruitment agency are involved (Section 3.1, second sentence), the provisions equally shall apply to the business promotion agency and/or recruitment agency mutatis mutandis. 

    5.2 Object and term of the Agreement

    5.2.1 The object of the Agreement is the consulting and support in a specific legal matter as described in Section 1.3. 

    5.2.2 The contractual relationship shall end with the performance of the desired consulting and support.

    5.2.3 It shall therefore end with the conclusion of the accompanied process, a granted permit or deadline expiration in case of commissioned deadline monitoring (Section 3.4).   

    5.3 Obligations of ABA

    5.3.1 ABA shall process the data and/or processing results exclusively on behalf of the company. If ABA is ordered by an official public authority to release the granted data or documents, ABA shall inform the company without delay and refer the public authority to the company as permitted by law. 

    5.3.2 ABA agrees to the legal obligations

    • that all persons authorised to process the personal data have committed themselves to confidentiality in writing or are under an appropriate statutory obligation of confidentiality;
    • and that ABA takes all measures required pursuant to Art. 32 GDPR to ensure the security of the processing.

    5.3.3  ABA shall take technical and organisational measures appropriate to ensure that the company is able to uphold the rights of the skilled worker as the data subject in accordance with Chapter III GDPR (information, access to personal data, rectification and erasure, data portability, object, individual automated decision-making) at any time within the statutory time limits, and provides the company with all the information it needs. If ABA receives a request (from the side of the skilled worker) that makes clear that the requesting party mistakenly believes ABA is the controller of their data processing, ABA shall forward the request to the company without delay and inform the requesting party correspondingly.      

    5.3.4 ABA shall also support the company in observing the obligations under Art. 32 through 36 GDPR (data security measures, notification of a personal data breach to the supervisory authority, communication of a personal data breach to the data subject etc.).

    5.3.5 The company shall have monitoring rights at all times with regard to the data shared with the processor. ABA shall provide the company with all the information it needs to monitor compliance with all obligations as described in Section 5. ABA shall also inform the company if it believes instructions of the company to violate the data protection regulations of the European Union or a Member State.  

    5.3.6 Upon conclusion of the contractual relationship, ABA shall return all processing results and documents including data to the company and delete them on behalf of the company.  

    5.4 Performance of the employment contract, indemnify and hold harmless

    5.4.1 In light of an offer of employment (Sections 1.3, 3), the permit/s required to work in Austria are fundamental to the performance of the employment contract with the international skilled worker; the corresponding consulting and support services are therefore especially in the interest of the skilled worker.

    5.4.2 If the skilled worker still claims the violation of data protection, the company that consulted ABA in its role as data controller shall indemnify and hold ABA harmless. 

    5.5 Place of performance of data processing

    5.5.1 Any and all data processing activities by ABA take place within the EU or EEA. 

  2. 06

    6.1 Introduction

    6.1.1    If the international skilled worker consults ABA due to an employment offer (Sections 1.3, 3) and provides ABA with employment-related data, employee data and documents (Section 4), he or she agrees, subject to withdrawal, to the collection, storage and processing of data and documents (Section 4) for the purpose of consulting and support with regard to obtaining the permit/s required to work in Austria; in accordance with the scope of services described in Section 3.    

    6.1.2    The skilled worker shall authorise ABA to make every effort and take the appropriate steps as ABA deems necessary and useful for these purposes.  In this sense, the skilled worker shall authorise ABA in particular, if necessary and appropriate, to share data and documents with involved and/or relevant public authorities, such as

    •    the Austrian Public Employment Service (AMS) and its regional branch offices,
    •    the Information Recognition Application System (AAIS) of the competent federal ministry, the ENIC NARIC (National Academic Recognition Centre) AUSTRIA,
    •    the various Austrian federal ministries, especially the Federal Ministry of the Interior, the Federal Ministry of Labour and Economy, the Federal Ministry for European and International Affairs, and the Federal Ministry of Education, Science and Research, 
    •    the immigration, citizenship and registry offices of the federal provinces, especially local district authorities and public offices of the provincial governments,
    •    Austrian representations abroad (embassies, consulates),
    •    and for further information, the public authorities and offices that issued the documents. 

    6.1.3 If the provided data and/or documents refer to family members of the skilled worker (Section 4.2.3), the skilled worker shall declare that the relevant family members have also given their consent for ABA to become active in the interest of the skilled worker for the purposes described in Section 3 without any further restrictions.  

    6.2 Voluntariness

    6.2.1 The international skilled worker shall be informed that his or her consent to the collection, storage, processing, use and possible transfer (Section 6.1.2) of personal data and documents is voluntary.  

    6.2.2 No disadvantages shall arise if the international skilled worker withholds his or her consent; in this case, however, ABA is not able to consult or support the international skilled worker, or accompany his or her application process.   

    6.3 Withdrawal

    6.3.1 The international skilled worker shall have the right to withdraw his or her consent at any time. 

    6.3.2 The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. 

    6.4 Rights of the data subject

    6.4.1 The skilled worker is informed that he or she has the following rights in accordance with Art. 12 et seqq. GDPR:

    • the right to access pursuant to Art. 15 GDPR (The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.),
    • the right to rectification pursuant to Art. 16 GDPR (The data subject shall have the right to obtain the rectification of inaccurate personal data concerning him or her.),
    • the right to erasure pursuant to Art. 17 GDPR (If the legal requirements are fulfilled, the data subject shall have the right to obtain the erasure of personal data concerning him or her.),
    • the right to restriction of processing pursuant to Art. 18 GDPR,
    • the right to object to the processing of personal data pursuant to Art. 21 GDPR,
    • if applicable, the right to data portability pursuant to Art. 20 GDPR (The data subject shall have this right, if applicable, if the processing is based on consent or on a contract and if the processing is carried out by automated means.)

    6.4.2 If a data subject should in any case hold the opinion that the processing of his or her data is in breach of data protection law or that his or her data protection rights have otherwise been violated, the data subject is entitled to file a complaint with the Austrian Data Protection Authority at the following address:
    Österreichische Datenschutzbehörde, Barichgasse 40-42, A-1030 Vienna, Austria / Europe Phone number: +43 1 52152-0, email: dsb@dsb.gv.at.

  3. 07

    7.1 In legal matters as described above in Section 1.3, ABA provides the services of consulting and support as described in Section 3 free of charge.

    7.2  A legal claim to this service does not exist.

Portal "Customer Portal WORK IN AUSTRIA"

  1. 01

    Registered users can share documents with ABA and submit inquiries via our portal "Customer Portal WORK in AUSTRIA". In turn, ABA employees are available to provide advice and support. We use SharePoint Online for our portal. This comprises a collaboration and data exchange platform from Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park Leopoldstown Dublin 18, D18 P521 Ireland, which ensures the efficient and fast retrieval of documents from any location. When using SharePoint, personal data about you will be processed. Please note that this data protection notice only informs you about the processing of your personal data by us if you use Microsoft applications together with us. Further information about the processing by Microsoft can be found here: Microsoft Privacy Statement - Microsoft Privacy.

     

  2. 02

    Various types of data are processed when you use our portal; the scope of the data depends on the information you provide as a user. However, certain information is already processed automatically as soon as you use the SharePoint application, i.e:

    • Your IP address,
    • Your user name (access data for the SharePoint application),
    • Identification features: Personal information that identifies you as a user, sender, recipient of data within the SharePoint application (surname, first name, telephone number, e-mail address, other data (such as a profile picture you have stored),
    • Your user activities, such as time of access, date, type of access, information on the data/files/documents which were accessed and all activities in connection with use, such as creating, changing or deleting a document, setting up a team (and channels in teams), making notes in the notebook, starting a chat, replying in the chat.
    • Diagnostic data so that the services can be provided (error-free). The processing of diagnostic data serves the purpose of improving and updating the software, ensuring the security of the services and rapid troubleshooting by Microsoft.
  3. 03

    The processing of the user's personal data is based on the user's consent (Art. 6 para. 1 lit. a GDPR).

  1. 04

    The documents uploaded by the user are routinely deleted 36 months after they have been made available. In the event of the explicit consent granted by the user, the deletion period is extended by a further 3 years (e.g. in the case of residence permits issued for a limited period for a possible application for extension).

  2. 05

    The user's personal data will be viewed by selected ABA employees. Microsoft can access the documents/data/information uploaded to the portal by the user; Microsoft is a so-called processor. The processing of personal data by Microsoft takes place exclusively on servers located in the EU. Personal data is not transferred to third parties or third countries outside the EU, unless the user himself is currently located in such a country. In addition, we transfer your data to external third parties to the extent necessary on the basis of our legitimate interests (e.g., legal representatives to clarify any unlawful or improper use of the portal, etc.). We are also legally obliged to provide information to certain public bodies upon request (e.g., law enforcement authorities, courts, etc.).

Last changes: Oct 24, 2024

Back to main navigation