Privacy policy

1) General information

Handling personal data responsibly is important to us. We therefore explain to you in this policy how your data are processed by BBU and what measures we take to protect them. Personal data are processed exclusively on the basis of the provisions of the EU’s General Data Protection Regulation (GDPR) and Austrian legislation. Our employees are regularly trained in aspects of data protection law and process data responsibly within the scope of the legal framework. We have put technical and organisational measures in place to ensure that the data protection regulations are complied with both by ourselves and by our external service providers.

BBU GmbH is the “Data Controller” within the meaning of the GDPR. The data controller responsible for the processing of personal data is the natural or legal person who decides solely or with others about the purposes of and means for processing personal data.

Contact details of the Data Controller:

Bundesagentur für Betreuungs- und Unterstützungsleistungen GmbH

Modecenterstraße 22
1030 Wien

You can contact our data protection officer at:

2) Processing of personal data at BBU generally

Personal data are all data that can be used to identify you personally. These include your name, date of birth, phone number, email address, IP address, etc.

Data must always be processed for a defined purpose and on a legal basis.

At BBU, the purpose is essentially focused on the requirements that are necessary for fulfilling our legally delegated tasks pursuant to the BBU Establishment Act (BBU-G).

The following provisions apply as the legal basis for the processing.

  • If the processing takes place on the basis of your consent, the legal basis is Art. 6 (1) (a) GDPR.
  • If the processing is required for the fulfilment of a contract or pre-contractual measures in which one of the contractual parties is the data subject, the legal basis is Art. 6 (1) (b) GDPR.
  • If the processing is based on a necessary legal obligation, the legal basis is Art. 6 (1) (c) GDPR.
  • If the processing is required for vital interests of the data subject or another natural person, the legal basis is Art. 6 (1) (d) GDPR.
  • If the processing is required for the performance of a task in the public interest or in the exercise of official authority that has been delegated to the data controller, the legal basis is Art. 6 (1) (e) GDPR.
  • If the processing is required for the performance of a legitimate interest of our organisation or of a third party and these interests predominate without impairing the basis rights and basic freedoms of the data subject in this regard, the legal basis is Art. 6 (1) (f) GDPR.

BBU stores personal data only for as long as necessary and proceeds in accordance with the internal erasure concept, which is based solely on the fulfilment of the purpose and on legal retention periods.

As a general rule, personal data are not transmitted to third countries, and automated decision-making is not carried out. Exceptions to this rule have a legal or special contractual basis.

3) Publication of information with personal data on our website

Any publication of personal data on our website (such as members of the executive board, media contacts or other points of contact with photos) is done for the purpose of providing contact and networking information on the legal basis of the express consent of the data subject (Art. 6 (1) (a) GDPR) and, if necessary, on the legal basis of the legitimate interest (Art. 6 (1) (f) GDPR).

4) Data processing when visiting our website

We process your data using processors who support us in the provision of the services (e.g. web hosting, website programming and maintenance). These processors are obligated to the strict protection of your personal data and may not process your personal data for any purpose other than for the provision of our services. We have also concluded appropriate contracts with these processors to ensure that the pertinent data protection regulations are complied with.

a) Log Files

When a visit is made to our website, the following data are stored in a log file for 4 weeks:

  • date and time of access
  • the user’s IP address
  • inquiry details and target address
  • notification as to whether the visit was successful.

These data are used exclusively for checking system security. There is no personal analysis or profiling. Nevertheless, we reserve the right to evaluate your IP address in the event of attacks on the internet infrastructure of BBU GmbH.

The legal basis for temporary storage is Art. 6 (1) (f) GDPR.

b) Cookies

Our website also uses cookies. Cookies are small text files that are stored in the internet browser or by the internet browser on a user’s computer system. When a user visits a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string that enables the unambiguous identification of the browser the next time the website is visited.


On our website, we also use a web analysis service (Matomo), whose cookies enable the analysis of the user’s browsing behaviour, so that we can continuously improve the quality of our website and its contents. The information collected in this way is stored solely for these purposes. The following are stored:

  • a byte of the IP address of the user’s system
  • the visited website
  • the website from which the user arrives at the visited website (referrer)
  • the sub-pages that are visited from the visited website
  • the time spent on the website
  • how frequently the website is visited.

Our website uses Matomo with the setting “Anonymize Visitors’ IP addresses”. This allows a shortened form of IP addresses to be processed, thereby preventing a direct personal connection. The software is configured so that the IP addresses are not stored in full, but instead with 3 bytes of the IP addressed masked (e.g. Doing so prevents the shortened IP address from being associated with the computer accessing the website. The IP address transmitted by your browser via Matomo will not be merged with other data collected by us.

The data of the described processing will be erased again after a retention period of 6 months.

As the cookies are stored on your terminal device, you also have control over them and can generally deactivate or restrict cookies by changing your browser’s settings. If you fully deactivate cookies, you may also deactivate cookies that are essential for the website, thereby restricting your ability to make full use of it.

Our website also allows you to prevent your actions being analysed and linked. This will prevent us from learning from your actions and improving operability for you and other users. You can adjust the settings for our website here.


To ensure the security of this website, we use the Wordfence plug-in from Defiant, Inc. This sets cookies in your browser and collects and stores your IP address. Further information can be found here.

Deactivating web analytics

You can prevent this website from summarising and analysing the measures taken here. While doing so protects your privacy, it also prevents the owner from learning from your actions and creating a better experience for you and other users.

(Checkbox selected) You are not logged out. Deselect this checkbox to deactivate the option.

(Checkbox deselected) You are logged out. Select this checkbox to activate the option.

The legal basis for processing the user’s data is Art. 6 (1) (f) GDPR.

c) Note on YouTube videos

We use the provider YouTube to integrate videos into our website. YouTube is a service of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA (“YouTube”). These videos are stored on and can be played directly from our website. YouTube uses cookies to collect data and for statistical data evaluation. YouTube uses cookies for purposes including the recording of reliable video statistics, the avoidance of fraud and to improve user-friendliness. The information generated by the cookies about your use of this website (including your IP address) is transferred to servers of YouTube in the United States and stored there. Your IP address cannot be assigned in principle if you have not logged on or are not permanently logged on to YouTube or another Google service before you visit the website.

We use embedded YouTube videos in the extended privacy mode. This means that YouTube does not store any cookies for a user who displays a website with an embedded YouTube video player, but does not click on the video to start playback. If the user clicks on the YouTube video player, YouTube may under certain circumstances store cookies on the user’s computer. Please note that as the provider of the websites, we do not receive any information about the content of transmitted data or their use from YouTube. For more information on YouTube’s official data protection policy, please refer to the following link.

The legal basis for processing the user’s data is Art. 6 (1) (f) GDPR.

d) Transmission of personal data

Data that were logged when you visited the website of BBU or that you make available for use will be transmitted to third parties only if we are required to do so by law or court decision, or if this is required for legal or criminal proceedings following attacks on the internet infrastructure.

e) External Links

If our website contains links to other websites, we have no influence over whether those websites comply with this privacy policy.

f) Getting in touch with us

If you get in touch with us via the contact form on our website or by email, the data you provide will be dealt with responsibly by our employees and stored for a period of six months for the purpose of processing your inquiry and for handling any follow-up questions. You are at liberty to decide whether you wish to share these data. We will not pass on your data without your consent.

If you transmit data to us via the contact data on our website, we will guarantee secure transmission. If you transmit data to us away from the website, e.g. via email, we will be unable to guarantee secure transmission. We therefore recommend that you never transmit confidential data unencrypted via email.

The legal basis for processing is Art. 6 (1) (f) GDPR.

5) Your rights

With regard to your data that are stored with us, you have the right to information, correction, erasure, restriction, data portability, revocation and objection. If you believe that the processing of your data violates data protection law, or your claims under data protection law have been violated in some other way, you may submit a complaint to the supervisory authority. In Austria, this is the Data Protection Authority.