The protection and security of your data are also of significant interest to us. For this reason, we wish to provide you with detailed information about how we handle your data. You will discover how we collect your personal data, what we do with it, the underlying purpose of its collection and the respective legal basis, as well as any and all rights and claims associated with it.

The data protection policy applies to data processing within our websites:,, and any associated services that refer to this data protection policy.


Name and address of the entity responsible for processing:

The entity responsible within the scope of the General Data Protection Regulations, as well as other data protection laws in the Member States of the European Union and other provisions pertaining to data protection is:

Austrian State Printing House

Tenschertstraße 7

1230 Vienna


Tel.: +43 1 206 66-0



The Data Protection Officer can be contacted via email:


The processing of personal data belonging to business partners

The purpose of processing, categories of personal data 

The provider shall process personal data in the context of a business relationship with customers and suppliers for the following purposes:

  • Communication with business partners regarding products, services and projects e.g. processing requests by a customer or supplier
  • Planning, implementation and administration of the business relationship between the provider and the business partner: Processing of orders, collection of payments, accounting and settlement activities, financial reporting, deliveries
  • Order processing e.g. as part of the creation of ID documents
  • Compliance with statutory requirements e.g. fiscal retention obligations
  • Settlement of legal disputes, defence of legal claims, enforcement of existing contracts

The following categories of personal data may be processed for the above-mentioned purposes:

  • Contact details including your name, salutation, address, telephone number, email address, drop-off, delivery and billing addresses
  • Information needed for processing in the course of a project or the execution of a contractual relationship with the provider, or which is voluntarily provided by individual points of contact
  • Information from publicly available sources

The data you provide is required in order to fulfil the above-stated purposes, to meet all contractual obligations, or to perform actions that precede the contract itself. Without this data, these individually listed purposes may not be fulfilled, or we may not be able to conclude said contract with you.


The collection and processing of personal data when visiting our website

Every time you access the content on our website, data is temporarily stored that may facilitate your identification. The following data is collected in this regard:

  • Date and time of access
  • IP addresses
  • Host name of the accessing computer
  • Website from which this website was accessed
  • Websites accessed via the website
  • Pages visited on our website
  • Notification if this access was successful
  • Amount of data transferred
  • Information about the browser type and version used
  • Operating system

The temporary storage of data is necessary when visiting our website, in order that the content you wish to view can be accessed. Data is also stored in log files to ensure the website’s functionality and the security of all information technology systems involved. Therein lies our legitimate interest in the processing of your data.


Collection and processing of personal data via contact form on our website

You are able to request information about our products via contact form on our website Therefore we require your name and e-mail address in order to reply to your request.

If you contact us via the form on the website, the data you provide (name and e-mail address) will remain stored for six months for the purpose of processing your enquiry and in the event of follow-up questions.


Collection and processing of personal data for visitor sign-in and visitor registration in the premises of OeSD

Purposes of processing and legal basis

Visitor sign-in data is collected by us from the person concerned before the visit, stored and passed on to the responsible reception and security departments in order to register the visit of a person concerned to the OeSD. Without signing in, visitors have no right to access the company premises or the company building.

During visitor registration, personal data is collected directly on site (scan of an identity document) in order to determine and record who is in the business premises and to be able to create a visitor pass.

The collection, storage and forwarding of such information is carried out for the purpose of protecting legitimate interests on the basis of Article 6 paragraph 1 sentence 1 letter f of the GDPR.

In individual cases, a weighing of interests is carried out to determine whether an interest worthy of protection stands in the way of collecting the data (especially in the case of children).

We regard the protection of OeSD as a high-security company with a critical infrastructure as our legitimate interest. The data will not be passed on to third parties.

If this data is not provided by the visitor, the visitor cannot be registered and the company cannot be visited as a result.

We guarantee the protection of personal data through state-of-the-art technical and organisational measures. These will be adapted to the current state of the art.


Duration of data storage

We store your visitor sign-in and visitor registration data in our system for 12 months.

After this period has expired, the data collected for this procedure will be deleted.


Legal basis for data processing

Your data is processed on the basis of Article 6 (1) f GDPR.


Other recipients of personal data in addition to the data controller

This website is hosted by Körbler GmbH; Hofweg 1; 8435 Leitring | | The host receives the above data as the order processor.


For how long is the data stored?  

This data shall be deleted as soon as it is no longer required for the original purpose of its collection. With regard to making the website available, the original purpose shall cease to apply when the session ends. Log files are held for the standard websites of the Austrian State Printing House for 7 days, and for the elective servers up to 14 days; during this period, data remains directly and exclusively accessible to administrators. Thereafter, it shall only be indirectly available via the reconstruction of backup tapes and shall be permanently deleted after two weeks.



Cookies are small text files that enable the storage of specific device-related information on users’ access devices (PCs, smartphones, etc.). They serve to create a user-friendly experience of the websites and thus for the users themselves (e.g. storage of login data). We store information in cookies that is necessary for the operation of the website. However, these do not contain personal data that could be read by third parties. Users may influence the use of cookies. You may set up your browser in such a way that it informs you about the setting of cookies, and you may permit this in individual cases only. By blocking cookies in the browser or deleting cookies on a regular basis, you may also prevent any inference of your online behaviour that would otherwise be possible with this information.

The deactivation of cookies may limit the functionality of our website.



The web analysis service Piwik/Matomo is used on our website. Piwik/Matomo is an open-source software programme that analyses website visitor traffic. This analysis is made possible by means of cookies, which are text files. These cookies collect information regarding your use of our website. These are then stored on a Piwik/Matomo server in Germany. Your IP address will be anonymised prior to this. However, you have the option of preventing cookies from Piwik/Matomo being stored on your computer. If you wish to do so, you must modify the settings of your Internet browser accordingly. This may mean that you are unable to use our website in its entirety.


Use of the websites by minors

It should be noted that the processing of personal data is predicated on the condition that the user of the website in question is 14 years old or over. The use of our systems and tools and the resulting processing of users’ data for anyone below this age threshold is prohibited without the consent of the parent / guardian. Should such data processing nevertheless occur, we will – as soon as we are made aware of it – stop processing this data.

Social plugins

On our websites we use social plugins for social networks such as Facebook, Twitter, LinkedIn, Xing and YouTube.

When you visit our website, these plugins are disabled by default, i.e. they do not transmit any data to the respective social networks without your direct intervention. Before you can use the plugins, they must first be activated by clicking on them. The plugin will remain active until you disable it or delete your cookies. Once activated, a direct connection will be established with the server of the respective social network. The plugin content is then transferred by the social networks directly to your browser and incorporated into the website. Upon activating a plugin, the social network is then able at this point to collect data, irrespective of whether you interact with the plugin in question. If you are logged in to a social network, it can link your visit to this website to your user account. A social network cannot assign a visit to other websites until you have activated the respective plugin there. If you have joined a social network and you do not wish for it to link the data collected when visiting our website with your stored membership data, you must log out of the respective social network before activating these plugins. We cannot exercise any control over the amount of data collected by the social networks with their plugins. For more information on the purpose and scope of this data collection and its further processing, as well as the use of said data by the respective social networks (and any respective rights and options afforded to you regarding the protection of your privacy), please refer to the data protection policy of the respective social networks.


Facebook Pixel

When advertising its products and brands on Facebook, youniqx Identity AG uses Facebook Pixel, which analyses and evaluates user behaviour after clicking on a Facebook ad and then browsing to the target page. Continuous analysis allows Facebook ads to be tailored to the interests of Facebook users and is therefore used to improve ads on Facebook.  By using Facebook Pixel, youniqx Identity AG can also determine when a user is forwarded to the page after clicking on a Facebook ad. If you have a Facebook account and are logged in, a visit to this website will be assigned to your Facebook user account.

All user data collected whilst using Facebook Pixel remains anonymous for youniqx Identity AG.

Facebook Pixel is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA; for EU residents, the software is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Facebook stores and processes user data in accordance with the Facebook data usage policy (More info: Settings for data collection by Facebook Pixel and the use of user data to display Facebook ads can be edited under ad settings (More info: You can also object to this processing on the American website or the EU website“


Data protection provisions governing the application and use of Getty Images

The data controller has integrated components of Getty Images into the website. Getty Images is an American visual media agency. A visual media agency is a company that offers pictures and other image material to end consumers. Visual media agencies usually market photographs, illustrations and film material. Various customers choose to license the images they use through a visual media agency, in particular Internet site operators, editors of print and TV media and advertising agencies.

The operating company of Getty Images components is

Getty Images International, 1st Floor, The Herbert Building, The Park, Carrickmines,

Dublin 18, Ireland.

Getty Images permits the (potentially free-of-charge) embedding of Stock Images. Embedding involves the incorporation or integration of certain external content, including text, video or image data, which is provided by a third-party website and then appears on another website. For the purposes of embedding, a so-called embedding code is used. An embed code is an HTML code that is integrated into a website by a website operator. If an embedding code has been integrated by a website operator, the external content of the other website will, by default, be immediately displayed as soon as a website is visited. In order to display this third-party content, the external content is loaded directly from the other website.

Getty Images provides further information about the topic of embedding content at

As part of the technical implementation of the embedded code, which enables image material from Getty Images to be displayed, the IP address of the Internet connection – via which the person accesses our website – is transmitted to Getty Images. In addition, Getty Images records our website, the type of browser used, the browser language, the time and length of said access. Furthermore, Getty Images may collect certain navigational information, i.e. information concerning which of our sub-sites the person has visited, and which links have been clicked on, as well as any other forms of interaction attributable to the data subject while visiting our website. This data can be stored and analysed by Getty Images.

For further information and the applicable Getty Images Data Protection Policy, please visit

Data protection policy governing the application and use of Google AdWords

The data controller has integrated components of Google AdWords into the website. Google AdWords is an Internet advertising service that permits advertisers to run adverts, both on Google’s search engine and on the Google Network. Google AdWords allows an advertiser to pre-define keywords, based on which an advert will be displayed alongside Google’s search engine results only when the search engine retrieves a search result involving the particular keyword. Within the Google Network, adverts are distributed across topic-relevant webpages and in accordance with previously defined keywords by way of an automated algorithm.

The operating company of those services rendered by Google AdWords is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to promote our website by displaying interest-based advertising on third party websites and in the search engine results produced by the Google search engine, as well as by displaying advertisements on our website.

Should a data subject arrive at our website via a Google advert, a so-called conversion cookie will be stored by Google on the IT system of the data subject. The term “cookie” has already been explained in detail above. A conversion cookie becomes invalid after thirty days and is not used to identify the person concerned. Using the conversion cookie (to the extent that said cookie has not yet expired), it can be traced as to whether certain sub-pages – such as the shopping cart from an online shop system – have been accessed on our website. The conversion cookie allows both us and Google to understand if a data subject, who arrived at our website through an AdWords advert, actually generated revenue, i.e. completed a purchase or cancelled the transaction.

The data and information collected through the use of this conversion cookie is used by Google to create visitor statistics for our website. These visitor statistics are then utilised by us to determine the total number of users who have arrived at our website via AdWords adverts, in order to evaluate the success or failure of these AdWords adverts and to optimise our use of AdWords adverts going forward. Neither our company nor any other advertising customer of Google AdWords shall receive any information from Google that could be used to identify the data subject.

The conversion cookie enables the storage of personally identifiable information, such as the web pages visited by the data subject. Every time you visit our website, your personal information – including the IP address of the Internet connection used by the data subject – is transferred to Google in the United States of America. This personal information is stored by Google in the United States of America. Google may then transfer this personal data collected to third parties.

The data subject can prevent cookies from being stored through our website – as previously explained above – at any time by means of a corresponding setting in their Internet browser, which will permanently disable the storage of cookies. Such an Internet browser setting will also prevent Google from storing a conversion cookie on the IT system of the person concerned. In addition, a cookie already stored by Google AdWords can be deleted at any time through the Internet browser or the use of other software programmes.

Furthermore, the data subject shall have the opportunity to object to interest-based advertising by Google. To do so, the data subject must access the link from each of the Internet browsers they use and change the desired settings there.

For further information and Google’s Data Protection Policy, please visit



You may subscribe to the newsletter via our website To do so, we will require your email address and your declaration of consent that you agree to your subscription to our newsletter. You may revoke your consent to the storage of your data, the email address and its use for distributing the newsletter at any time, for example by clicking on the “unsubscribe” link available in the newsletter.


Application and application process

The provider collects and processes the personal data of applicants as part of the application process. This processing can also be done electronically. This is the case, in particular, if an applicant submits corresponding application documents using electronic resources, e.g. by email, to the provider. Should the provider conclude an employment contract with an applicant, any transmitted data will be stored for the purpose of realising said employment relationship in compliance with all statutory provisions. If no contract of employment is concluded with the applicant, the application documents will be automatically deleted two months after notification of a rejection decision, provided that said deletion does not conflict with any other legitimate interests maintained by the provider. Other legitimate interests within this scope of meaning can include, for example, a burden of proof in accordance with the Federal Equality Act (AGG).


Security / Retention periods

The OeSD takes all the necessary technical and organisational security measures to protect your personal data from loss or misuse.

The criterion for the duration of the storage of personal data is the respective statutory retention period. After this deadline, the corresponding data shall be routinely deleted, if no longer required to fulfil a contractual obligation or to initiate contract proceedings.


Data subject rights

Right to the disclosure of information

You may request the disclosure of information in accordance with Art. 15 GDPR regarding the processing of your personal data.

Right of objection

For reasons arising from your particular situation, you shall have the right, at any given time, to object to the processing of your personal data pursuant to Art. 6 (1) f GDPR. The data controller shall no longer process your personal data unless he or she can demonstrate compelling legitimate grounds for its processing that outweigh the interests, rights and freedoms of the data subject, or if said processing is essential for the purposes of asserting, exercising or defending legal claims. The collection of data for the provision of the website and the storage of log files is essential to the operation of the website.

Right to correction

Should your details not (or no longer) be correct, you may request their correction. Should your data be incomplete, you may request its completion.

Right to deletion

You may demand the deletion of your personal data in accordance with Art. 17 GDPR.

Right to the restriction of processing

You have the right pursuant to Art. 18 GDPR to request the restricted processing of your personal data.

Right to data transferability

In the event that the requirements of Art. 20 (1) GDPR are deemed to apply, you have the right to request that any data we process on the basis of your consent (or in fulfilment of a contract) is automatically handed over to yourself or to a third party. The collection of data for the provision of the website and the storage of log files is essential to the operation of the website. This is therefore not based on the issuance of consent as per Art. 6 (1) a GDPR or on a contract as per Art. 6 1 b GDPR, but rather is justified as per Art. 6 (1) f of the GDPR. The requirements of Art. 20 (1) GDPR are therefore not fulfilled in this respect.

Should you wish to exercise your rights, please contact our Data Protection Officer at:

Right to appeal

Should you believe that the processing of your personal data is in violation of data protection laws, you may – in accordance with Art. 77 (1) GDPR – register a complaint with the pertinent data protection supervisory authority. The responsible data protection supervisory authority is:

Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Vienna

Telephone: +43 1 52 152-0