Handling personal data responsibly is important to us. We therefore explain to you in this policy how your data are processed by BBU and what measures we take to protect them. Personal data are processed exclusively on the basis of the provisions of the EU’s General Data Protection Regulation (GDPR) and Austrian legislation. Our employees are regularly trained in aspects of data protection law and process data responsibly within the scope of the legal framework. We have put technical and organisational measures in place to ensure that the data protection regulations are complied with both by ourselves and by our external service providers.
BBU GmbH is the “Data Controller” within the meaning of the GDPR. The data controller responsible for the processing of personal data is the natural or legal person who decides solely or with others about the purposes of and means for processing personal data.
Bundesagentur für Betreuungs- und Unterstützungsleistungen GmbH
You can contact our data protection officer at:
Personal data are all data that can be used to identify you personally. These include your name, date of birth, phone number, email address, IP address, etc.
Data must always be processed for a defined purpose and on a legal basis.
At BBU, the purpose is essentially focused on the requirements that are necessary for fulfilling our legally delegated tasks pursuant to the BBU Establishment Act (BBU-G).
The following provisions apply as the legal basis for the processing.
BBU stores personal data only for as long as necessary and proceeds in accordance with the internal erasure concept, which is based solely on the fulfilment of the purpose and on legal retention periods.
As a general rule, personal data are not transmitted to third countries, and automated decision-making is not carried out. Exceptions to this rule have a legal or special contractual basis.
Any publication of personal data on our website (such as members of the executive board, media contacts or other points of contact with photos) is done for the purpose of providing contact and networking information on the legal basis of the express consent of the data subject (Art. 6 (1) (a) GDPR) and, if necessary, on the legal basis of the legitimate interest (Art. 6 (1) (f) GDPR).
We process your data using processors who support us in the provision of the services (e.g. web hosting, website programming and maintenance). These processors are obligated to the strict protection of your personal data and may not process your personal data for any purpose other than for the provision of our services. We have also concluded appropriate contracts with these processors to ensure that the pertinent data protection regulations are complied with.
When a visit is made to our website, the following data are stored in a log file for 4 weeks:
These data are used exclusively for checking system security. There is no personal analysis or profiling. Nevertheless, we reserve the right to evaluate your IP address in the event of attacks on the internet infrastructure of BBU GmbH.
The legal basis for temporary storage is Art. 6 (1) (f) GDPR.
On our website, we also use a web analysis service (Matomo), whose cookies enable the analysis of the user’s browsing behaviour, so that we can continuously improve the quality of our website and its contents. The information collected in this way is stored solely for these purposes. The following are stored:
Our website uses Matomo with the setting “Anonymize Visitors’ IP addresses”. This allows a shortened form of IP addresses to be processed, thereby preventing a direct personal connection. The software is configured so that the IP addresses are not stored in full, but instead with 3 bytes of the IP addressed masked (e.g. 192.xxx.xxx.xxx). Doing so prevents the shortened IP address from being associated with the computer accessing the website. The IP address transmitted by your browser via Matomo will not be merged with other data collected by us.
The data of the described processing will be erased again after a retention period of 6 months.
As the cookies are stored on your terminal device, you also have control over them and can generally deactivate or restrict cookies by changing your browser’s settings. If you fully deactivate cookies, you may also deactivate cookies that are essential for the website, thereby restricting your ability to make full use of it.
Our website also allows you to prevent your actions being analysed and linked. This will prevent us from learning from your actions and improving operability for you and other users. You can adjust the settings for our website here.
To ensure the security of this website, we use the Wordfence plug-in from Defiant, Inc. This sets cookies in your browser and collects and stores your IP address. Further information can be found here.
You can prevent this website from summarising and analysing the measures taken here. While doing so protects your privacy, it also prevents the owner from learning from your actions and creating a better experience for you and other users.
(Checkbox selected) You are not logged out. Deselect this checkbox to deactivate the option.
(Checkbox deselected) You are logged out. Select this checkbox to activate the option.
The legal basis for processing the user’s data is Art. 6 (1) (f) GDPR.
We use embedded YouTube videos in the extended privacy mode. This means that YouTube does not store any cookies for a user who displays a website with an embedded YouTube video player, but does not click on the video to start playback. If the user clicks on the YouTube video player, YouTube may under certain circumstances store cookies on the user’s computer. Please note that as the provider of the websites, we do not receive any information about the content of transmitted data or their use from YouTube. For more information on YouTube’s official data protection policy, please refer to the following link.
The legal basis for processing the user’s data is Art. 6 (1) (f) GDPR.
Data that were logged when you visited the website of BBU or that you make available for use will be transmitted to third parties only if we are required to do so by law or court decision, or if this is required for legal or criminal proceedings following attacks on the internet infrastructure.
If you get in touch with us via the contact form on our website or by email, the data you provide will be dealt with responsibly by our employees and stored for a period of six months for the purpose of processing your inquiry and for handling any follow-up questions. You are at liberty to decide whether you wish to share these data. We will not pass on your data without your consent.
If you transmit data to us via the contact data on our website, we will guarantee secure transmission. If you transmit data to us away from the website, e.g. via email, we will be unable to guarantee secure transmission. We therefore recommend that you never transmit confidential data unencrypted via email.
The legal basis for processing is Art. 6 (1) (f) GDPR.
With regard to your data that are stored with us, you have the right to information, correction, erasure, restriction, data portability, revocation and objection. If you believe that the processing of your data violates data protection law, or your claims under data protection law have been violated in some other way, you may submit a complaint to the supervisory authority. In Austria, this is the Data Protection Authority.