Information obligations

Compliance with the information requirements under Article 13 GDPR

The name and contact data of the controller and, if applicable, its representative are:

Name: Austrian Standards International – Standardization and Innovation as well as Austrian Standards plus GmbH

Postal address: Heinestraße 38, 1020 Vienna, Austria

Telephone number: +43 1 213 00-0

E-mail address: [email protected]



Information on the rights of data subjects is available here.


We process personal data as follows:

In the context of business relations, the following data provided by you are processed: master data, including contact details (e.g. address, telephone, e-mail, fax, VAT number), bank account data, access data (e.g. user ID, passwords). Additionally, the following data resulting from business relations are processed: communication data, accounting and controlling data, order and contract data, funding and payment conditions, credit rating information, objects of product or service provision, data on delivery terms, organizational data (e.g. deadlines), object and reference, documentation of business transactions, product/service data, inquiries, standard development and committee management, membership management and arbitration procedures.


General data processing in the context of business relations

Data are processed to perform contracts or on the basis of legal provisions in the context of business relations (and to manage such relations). Your data are processed for the formal handling of business transactions to be carried out for us, to analyse and evaluate whether customers are satisfied and to assess the quality of the services used as well as for handling the sale of products and services.

Whenever data are passed on, only the data that are relevant in each individual case are transmitted on the basis of legal provisions or in order to comply with a contract. Data are passed on to the following categories of recipients:

  • Banks
  • Legal representatives
  • Chartered accountants, auditors
  • Courts of law
  • Competent public authorities
  • Debt collection companies
  • External finance providers
  • Contract and business partners
  • Insurance companies
  • Statistics Austria
  • Public inspection services
  • Internal and external interest groups
  • Provident funds, severance pay funds, social security institutions, pension funds
  • Transport companies
  • Suppliers
  • Partner organizations (e.g. standard developers and sales partners)
  • Standardization organizations in the EU (CEN, CENELEC, ETSI)
  • Standardization organizations world-wide (ISO, IEC, CEN, CENELEC and ETSI members outside the EU)
  • Participants in standardization
  • Supervisory authority (Federal Ministry for Digital and Economic Affairs)
  • Advisory Board on Standardization
  • Conciliation Board
  • Functions supporting the officials


Data processing for direct marketing

Data are processed on the basis of your consent and our legitimate interest in developing business with regard to the services and products we offer and extends to text documents electronically created and archived (e.g. correspondence) in that context. The legitimate interest results from the controller's interest in sending messages to its customers in order to market its own portfolio of products and services.


Data processing for organizing events

If you take part in our events, the data you provide are processed on the basis of your consent and in order to perform the contract on the organization and implementation of the event in question.

The transmission of data that are relevant in each specific case is based on your consent and serves for the performance of a contract.


Data processing for competitions and prize draws

If you take part in competitions or prize draws, your data are processed on the basis of your consent for the implementation of the competitions or prize draws.


Data processing for administrative activities

We operate a customer relationship management system and process your data to document and improve your relationship with you (documentation of communications between our staff and you). The legal basis is our legitimate interest in optimizing customer-specific communication with our customers.

The transmission of data that are relevant in each specific case is based on legal provisions and serves for the performance of a contract. Additionally, the data are passed on to the following categories of recipients:

  • Legal representatives
  • Chartered accountants, auditors and tax consultants

We store your data as long as the (business) relations exist and three years thereafter.


Data processing for job application management

The data are exclusively processed for the sole purpose of managing the job application process. Applicant data are stored by Austrian Standards and processed for completing the job application process. They are deleted six months after the related vacancy is filled unless the applicant consented to having his/her data kept on file thereafter. The data are not transferred to third parties.

The personal data are processed on the basis of the provisions of Article 6 (1) (b) (pre-contractual measures), Article 6 (1) (a) (consent), Article 6 (1) (f) (legitimate interest) of GDPR.


Joint controllers under Article 26 GDPR

Austrian Standards International and Austrian Standards Plus GmbH, both headquartered at Heinestraße 38, 1020 Vienna, Austria, act as joint controllers for all the data applications described above. Within the framework of this joint controllership, all the obligations are fulfilled by Austrian Standards International, Heinestraße 38, 1020 Vienna, Austria.


Further information

Data subjects have the right to obtain access to data under Article 15 GDPR, the right to rectification of inaccurate data under Article 16 GDPR, the right to erasure of data under Article 17 GDPR, the right to a restriction of processing under Article 18 GDPR, the right to object to unreasonable data processing under Article 21 GDPR and the right to data portability under Article 20 GDPR.

If data are processed on the basis of a declaration of consent, the data subject may withdraw this consent anytime without prejudice to the lawfulness of previous processing based on the consent given up to the time of its withdrawal.

Data subjects have the right to file complaints with the supervisory authority. In Austria, the competent body is the Data Protection Authority. Its address is:


Austrian Data Protection Authority

Wickenburggasse 8

1080 Vienna


Telephone: +43 1 52 152-0

E-mail: [email protected]


In the context of obtaining data, we inform the person concerned whether the provision of personal data is a statutory or contractual requirement or a requirement necessary to enter into a contract. At the same time, we indicate whether the person concerned is obliged to provide the personal data and point out the possible consequences of a failure to provide them.

There is no automated decision-making, including profiling. If personal data should be processed for a purpose other than that for which the personal data were collected, we inform the person concerned about that other purpose.

If you want to exercise your data protection rights, please click here.