Data Protection Declaration
1. Foreword
As the operator of Flughafen Graz Betriebs GmbH (hereinafter referred to as ‘Graz Airport’), we take the protection of your personal data very seriously. Personal data is only collected and processed from us within the scope stated below and pursuant to the principles of the GDPR.
The following communication describes how we ensure this protection, which data is collected for which purposes and how this is processed.
Please not that for the benefit of readability all references to persons shall be understood as gender-neutral.
2. Correspondence
If you contact us by email, the following data will be stored by us for tracking purposes:
• Name
• Email address
• Date of receipt
Data processing is carried out for the purpose of handling your enquiry.
The legal basis is our legitimate interest according to point (f) of Art. 6(1) GDPR. If it is a matter of an initial approach for business or an existing contractual relationship, the legal basis is point (b) of Art. 6°(1) GDPR.
The personal data will be processed by the responsible department. Your data will not be disclosed to other recipients.
Your personal data will be stored by us for up to 3 years.
3. Data processing of visitors to our website
When visiting our website, our web servers do not store any of your personal information without your express consent. However, the temporary storage of cookies enables a better use of our website, which is why you are asked for your consent. Nonetheless, you are not obliged to provide your consent and can use the website without providing it – although under possible limitations.
Should you provide your express consent to the storage and use of log files and the use of cookies, our web servers temporarily store each access in a log file. The following data is collected and stored here:
- The IP address of the requesting computer
- The time and date of the access
- The name and URL of the retrieved file
- Amount of data transferred
- Message whether the retrieval was successful (HTTP status code)
- Identification data of the browser and operating system used
- The website from which access is made
Also, subject to your consent, our website uses cookies (please see the Cookie Policy for more information).
The processing of the collected data takes place to enable the use of the website (connection establishment), for system security, technical administration of the network infrastructure and for the purpose of anonymised, statistical evaluation of the use and optimisation of our Internet offerings.
In this context, we point out that an analysis of the IP address only takes place upon attacks to our network infrastructure.
Without your consent, data which has been stored upon access to our Internet offerings will only be transferred to third parties to the extent we are obliged to do so for legal reasons or due to a court ruling or where the transfer of such data is necessary for legal or criminal prosecution in the case of attacks of our Internet infrastructure. A transfer for other non-commercial or commercial purposes will not take place.
Recipients of your data:
We do not carry out all processing activities ourselves with regards to stored log files, but also rely on the support of carefully selected and reliable partners (=processor), namely [ALL-INKL.COM – Neue Medien Münnich]. These also ensure the security of your data through appropriate and state-of-the-art technical and organisational measures. Our partners are not permitted to use the personal data provided for purposes other than those intended.
Storage period:
The storage duration of the collected data is 190 days.
4. Cookies
If you have provided your express consent to the storage and use of log files and the use of cookies upon accessing our website, our website will use cookies in several areas of our website. They serve to make our offerings more user-friendly and effective. Cookies are small text files which are stored on your computer by your browser. Here, that data is exclusively collected in anonymous or pseudonymous form and does not allow any conclusion to your person. The cookies we use are so-called session cookies, which are deleted when you end your browser session.
The following cookies (valid for one session) are used:
- Session cookies
- Tracking cookies
- Cookies of the affiliate network Awin (by clicking on their banner ad)
In your browser settings, you can also specify whether cookies should be set or not. You can prevent the installation of cookies by setting your browser accordingly; however, please note that if you do this, you may not be able to use all the features of our website to the fullest extent possible.
You may withdraw your consent granted to us for the storage and use of log files and for the use of cookies at any time, without giving reason. Here, you can either send us an email to datenschutz@graz-airport.at or a letter to Flughafen Graz Betriebs GmbH, 8073 Feldkirchen bei Graz, or call us on +43 (316) 2902 0. We point out, however, that all processing/transmissions carried out before the withdrawal remain legally valid.
5. Use of Google Analytics:
If you have provided your express consent to the storage and use of log files and use of cookies when accessing our website, this website uses Google Analytics, a web analysis service of Google Inc.
Google Analytics also uses cookies, i.e. text files which are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website (included your IP address) is transmitted to a Google server in the USA and stored there.
However, in the case of the activation of IP anonymisation on this website, the IP address of Google users will be truncated within the member states of the European Union or with users from other contracting states of the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. IP anonymisation is active on this website.
Google uses this information to assess your use of the website, to compile reports on website activity for the website operator and to provide further services associated with the use of the website and the Internet. Google will also transfer this information to third parties, where necessary, provided this is prescribed by law or if third parties process this data on behalf of Google. In no case will Google associate your IP address with other data which is stored by Google.
You can also prevent the installation of cookies by setting your browser software accordingly; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. Furthermore, you can also prevent the collection of data received and the processing of this data by Google by downloading and installing the corresponding browser plugin under the following link: https://tools.google.com/dlpage/gaoptout?hl=de
You have the possibility to deactivate the analysis of data by clicking here (opt out):
Furthermore, you can find more detailed information on Google’s terms of use and its data protection regulations under the following links:
https://support.google.com/analytics/answer/7124332?hl=de
https://www.google.de/intl/de/policies/
The provision of the log files or the use of cookies is neither legally nor contractually required and is not required for the conclusion of a contract. There is therefore no obligation to provide this data, use cookies or allow their use. The only legal basis for the use of log files and the use of cookies is the consent you have issued (Art 6 para. 1 lit a GDPR). If consent is not granted, the use of log files and cookies is prohibited.
6. Use of Facebook
Plugins of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, are integrated on our website. You can recognise the Facebook plugin on our website by the Facebook logo or the ‘Like’ button. You can find an overview of the Facebook plugin here: https://developers.facebook.com/docs/plugins/.
If you have granted your express consent for the storage and use of log files and cookies when accessing our website, a direct connection will be made by the plugin between your browser and the Facebook server. Through this, Facebook receives the information that you have visited our website using your IP address. If you click on the Facebook ‘Like’ button while you are logged in to your Facebook account, you can link the content on our website to your Facebook profile. Through this, Facebook can assign the visit of our website to your user account. We point out that we as the provider of the website are not aware of the content of the data transmitted nor its use by Facebook. You can find further information in Facebook’s data protection declaration under https://www.facebook.com/policy.php. If you don’t want Facebook to be able to assign your visit of our website to your Facebook user account, please log out of it.
7. Data processing of subscribers to our newsletter
Sollten Sie Ihre ausdrückliche Einwilligung zum Erhalt von Newslettern erteilen, so können wir Ihnen zu Werbezwecken einen elektronischen Newsletter mit Inhalten kommerzieller Art übermitteln. Die bei der Anmeldung zum Newsletter angegebenen Daten werden nur zum Zwecke des Versands des Newsletters verwendet. Sie können das Newsletter-Abonnement jederzeit über die im Newsletter vorgesehene Abmeldemöglichkeit oder unter https://seu.cleverreach.com/f/17925-130456/wwu/ beenden. Die von Ihnen zu diesem Zweck erfassten Daten (E-Mail-Adresse und optional Vorname und Nachname) werden von uns nur für den Zeitraum gespeichert, in welchem Sie einen Newsletter empfangen und keinen Widerruf Ihrer Einwilligung zum Erhalt von Newslettern erklärt haben.
Wir führen den Versand unserer Newsletter nicht selbst, sondern durch unseren Partner (=Auftragsverarbeiter) durch, namentlich [CleverReach GmbH & Co. KG]. Dieser sorgt durch geeignete und dem Stand der Technik entsprechende technische und organisatorische Maßnahmen ebenfalls für die Sicherheit Ihrer Daten. Es ist unserem Partner nicht gestattet, die überlassenen personenbezogenen Daten für andere als die Überlassungszwecke zu nutzen.
Die Bereitstellung der Daten für den Newsletter-Erhalt ist weder gesetzlich noch vertraglich vorgeschrieben und ist auch nicht für einen Vertragsabschluss erforderlich. Es besteht daher keine Verpflichtung, diese Daten bereitzustellen bzw. die Zustimmung zum Erhalt eines Newsletters zu erteilen. Die Rechtsgrundlage für den Erhalt eines Newsletters ist nur die dazu erteilte Einwilligung (Art 6 Abs 1 lit a DSG-VO). Wird die Einwilligung nicht erteilt, unterbleibt die Zusendung eines Newsletters.
8. Flight schedule subscription
If you have granted your consent via the form on the website to receive the printed flight schedule per post, we can send you the flight schedule biannually when it starts. The data provided when signing up for the flight schedule will only be used for the purposes of sending such. You can end your flight schedule subscription at any time by sending an email to marketing@graz-airport.at or calling +43 (316) 2902 0. The data collected from you for this purpose is stored by us for the time period in which you receive the flight schedule and have not declared the withdrawal of your consent for receiving such.
We do not send out the flight plan ourselves, as this is done by our partner (=processor) via e.g. a mailing service. It also ensures the security of your data through appropriate and state-of-the-art technical and organisational measures. Our partners are not permitted to use the personal data provided for purposes other than those intended.
9. Data collection according to the Flugabgabegesetz
GPursuant to the federal law introducing flight tax (Flugabgabebesetz) Sec. 10 para. 3 and 4, the aircraft operator is required to report the data summarised for the month to both the tax office and the airport operator. This notification is to be made by the aircraft operator by the 15th of the month following the month in which the tax liability arose, to the operator of the domestic airport from which the relevant flights departed in the relevant month.
Graz Airport provides a web portal to keep the effort required by the airlines and aircraft operators minimal. The data collected in this way is done pursuant to the applicable legal provisions and the principles for the GDPR.
10. Links to other providers
Our websites may contain links to other providers and links to our social media offerings. This data protection information applies for websites and services that belong to us and are operated by us. We have no influence on external links included in our services. We bear no responsibility for whether these providers or social media platform operators comply with the legal data protection regulations.
11. Competitions
Any competitions are carried out by Flughafen Graz Betriebs GmbH either as part of a promotional event (trade fairs, events, etc.) or online. Online means that the competition is communicated on the Graz Airport website or Facebook page and participation takes place via email. In both cases, an email address and/or telephone number will be recorded for contacting in the case of winning, as well as – on a voluntary basis – first name and last name for the purpose of personal salutation. Registration for the newsletter will be offered in the competition as a voluntary option. The data (email address and/or telephone number, if necessary first name and surname) are processed internally within Flughafen Graz Betriebs GmbH for the purpose of determining a winner. Until the withdrawal of consent, only the winner’s data will be stored for the purpose of prize notification, as well as the data of those who have consented to receive the newsletter and will receive such until said consent is withdrawn. Consent to data processing granted in the conditions of participation can be withdrawn at any time via email to marketing@graz-airport.at.
12. Technical data protection
We use technical and organisational measures to protect your data processed by us against random or intentional manipulation, loss, destruction, or access by unauthorised persons. Our security measures are continuously improved in line with technological developments.
13. Integration of services and contents of third parties
It may be that contents of third parties, such as videos from YouTube, maps from Google Maps or graphics from other websites are integrated within our Internet offerings. This always presupposes that the providers of such content always use the user’s IP address, as without the IP address they can’t send the content to the relevant user’s browser. The IP address is therefore required for the presentation of this content. We endeavour to only use such content where the relevant operator only uses the IP address to deliver the content. However, we do not have any influence on the third party storing the IP address, for statistical purposes, for example. As far as we know this to be the case, we will inform the user accordingly. In any case, agreements on data processing pursuant to the GDPR have been made with all third parties.
Contents from the following third parties are integrated into our website:
Newsletter: The Graz Airport newsletter is prepared with the assistance of CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. (Data protection: https://www.cleverreach.com/de/datenschutz/, T&Cs: https://www.cleverreach.com/de/agb/)
Booking portals: The booking portals for flights, travel, hotels and rental cars is provided by Specials.de, a brand of Ypsilon.Net AG, Vilbeler Landstraße 203, 60388 Frankfurt/Main, Germany. The fulfilment partner is RMK nurflug.de GmbH of the same address. (Data protection: http://www.specials.de/datenschutz.html, T&Cs: http://www.specials.de/agb.html)
Survey forms/surveys: Carried out with SurveyMonkey, SurveyMonkey Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland (Terms of Use: https://www.surveymonkey.com/mp/policy/terms-of-use/, data protection: https://www.surveymonkey.com/mp/policy/privacy-policy/, security statement: https://www.surveymonkey.com/mp/policy/security/)
Banner advertising: Banner advertising is either linked directly to the corresponding website or via the affiliate network Awin: AWIN AG, Eichhorn-straße 3, 10785 Berlin, Germany (Data protection: https://www.awin.com/de/rechtliches)
YouTube: Integrated videos are operated by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (data protection: https://www.google.de/intl/de/policies/privacy/)
Google Maps: Integrated maps are operated by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (terms of use: https://www.google.de/intl/de/policies/terms/regional.html, data protection: https://www.google.de/intl/de/policies/privacy)
Facebook: Links to the Graz Airport Facebook page, operated by Facebook, Inc., 1601 Willow Road, Menlo Park, CA 94025 or outside of the USA also by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (terms of use & guidelines: https://www.facebook.com/policies?ref=pf)
Issuu: Digital publishing platform operated by Issuu Inc, 131 Lytton Ave, Palo Alto, CA 94301, USA (terms of use: https://issuu.com/legal/terms, data protection: https://issuu.com/legal/privacy)
In connection with the use of this website, personal data may be transferred to third parties that are based in a third country. Third countries are countries outside the EU or EEA (European Economic Area). The GDPR has no direct legal effect in third countries.
Data is transferred to third countries if an adequate level of data protection exists in the third country on the basis of an adequacy decision by the European Commission or an appropriate guarantee in the form of approved standard contractual clauses for the transfer of personal data to processors in third countries.
Apart from the existence of an adequacy decision or an appropriate guarantee, data may be transferred in exceptional circumstances pursuant to Art. 49 GDPR. This is the case, among other things, if the data subject has given their express consent after being informed of the possible risks.
14. Data processing of customers and contracting parties
We process the following personal data: Your personal data/master data such as title, first name, surname, company/organisation, address, telephone number, email address, fax number as well as other information required for addressing which results from modern communication technologies, date of birth as well as customer authentication data or that of your authorised representative including their authorisation data. In addition, this may also include order data (standing orders or direct debit orders), customer bank data including account holder, data from the fulfilment of our contractual obligation (consumption, turnover, customer billing data), contract data (such as commitment periods, contract variants, contract number), customer number, data on the data subject’s payment or service behaviour, payment methods, advertising and sales data, consulting reports, information, data from customer surveys and competitions, socio-demographic data, information from your electronic correspondence with our company (service portals, apps, cookies), prepayment data if applicable, insolvency or probate data if applicable, as well as data on the fulfilment of legal requirements.
In the case of business customers, we also collect public company data from public records (such as the commercial register, land register, insolvency file), annual reports, VAT number, business purposes, industry affiliation and publicly available business data.
These persons are in a contractual relationship with Flughafen Graz Betriebs GmbH or are seeking such a relationship.
We process your data:
• To fulfil contractual obligations (point (b) of Art. 6°(1) GDPR):
Flughafen Graz Betriebs GmbH or contract processors commissioned by us process your personal data to fulfil the contract with you. This includes billing your services, sending invoices and, if necessary, reminders as well as the communication for processing the contract and payment processing. The legal basis for the processing and provision of your personal data is therefore processing for the fulfilment and execution of the contract. We cannot conclude and process the contract without this data.
• To fulfil legal obligations (point (c) of Art. 6°(1) GDPR):
The processing of personal data may be necessary for the purpose of fulfilling various legal obligations, such as the preparation of annual financial statements, ongoing tax obligations, as well as in the context of audits to audit offices or the fulfilment of aviation regulations. We cannot fulfil our legal obligations without the provision of your data.
• Within the scope of your consent (point (a) of Art. 6°(1) GDPR):
If you have given us consent to process your personal data, it will only be processed in accordance with the purposes and to the extent agreed in the declaration of consent. Any consent given can be revoked at any time with effect for the future (see Data processing for advertising purposes).
• To protect legitimate interests (point (f) of Art. 6°(1) GDPR):
If necessary, data processing beyond the actual fulfilment of the contract may be carried out within the framework of balancing interests in favour of Flughafen Graz Betriebs GmbH or a data processor in order to protect the legitimate interests of us or data processors. In the following cases, data processing is carried out to protect legitimate interests:
– Consultation of and data exchange with credit agencies to determine creditworthiness or default risks;
– Checking and optimising procedures for demand analysis and direct customer contact as well as measures for business management and further development of services and products;
– Advertising for our own products, customer evaluation, market and opinion research, unless you have objected to the use of your data in accordance with Art. 21 GDPR.
– Phone records;
– In the context of legal prosecution for the defence and assertion of legal claims;
– Contact (e.g. by email, phone, post) to survey service quality and customer satisfaction;
– Handling of promotional activities and claims;
– Tax and legal advice such as auditors and experts, consulting and IT services;
– Maintaining network and information security;
– Necessary administrative purposes.
Processing your data for advertising purposes:
- We will process the data that we have obtained in the course of our contractual relationship with you in order to send you emails or letters for the purpose of presenting our products and services and carrying out competitions and marketing measures (point (f) of Art. 6°(1) GDPR), but only for a maximum of 3 years after termination of the contract. You have the right to object to this processing of your data for the purpose of direct advertising at any time without giving reasons by writing to Flughafen Graz Betriebs GmbH, 8073 Feldkirchen or emailing datenschutz@graz-airport.at. If you exercise your right to object to data processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
- For other forms of direct marketing, we will only process your data if you have given your express consent to the processing of your data (point (a) of Art. 6°(1) GDPR). If you have consented to data processing, you can revoke this consent at any time without giving reasons by writing to Flughafen Graz Betriebs GmbH, 8073 Feldkirchen or emailing datenschutz@graz-airport.at. The processing of your personal data for the purpose of direct advertising is not necessary for the processing of our contractual relationship.
Recipients of your data
Your data will be disclosed to those offices or employees who need it to fulfil contractual and legal obligations as well as legitimate interests. In addition, contract processors and other recipients commissioned by us: in particular companies based in the EU such as IT, cloud and telecommunications service providers, printing, scanning and data destruction service providers, external auditors and experts, audit offices, arbitration bodies and authorities (including courts or state government and funding authorities), auditors and tax consultants, insurance companies, debt collection service providers and credit agencies, consulting companies, back-office service providers, lawyers and companies within the Holding Graz – Kommunale Dienstleistungen GmbH group (see the holding’s current organisation chart on the website www.holding-graz.at) receive your data, insofar as they require the data for the fulfilment of their respective service. All contract processors are contractually obliged to treat your data confidentially and to process it only within the scope of the service provision.
Since various recipients and processors change on a regular basis, it is not possible to name them specifically.
Storage period of your data:
We process your personal data, as far as necessary, for the duration of the entire business relationship as well as beyond that for the duration of legal storage and documentation periods, in particular the Federal Tax Code (BAO).
According to Art. 207°(2) in conjunction with point (a) of Art. 208°(1) BAO, duties become statute-barred after ten years with the expiry of the year in which the duty claim arose. According to Art. 132 BAO, books, records and receipts relevant to tax law must be kept for seven years. Therefore, your data will generally be deleted after ten years from the termination of our contractual relationship.
Longer storage can take place beyond that in the event of the controller or data subject’s legitimate interests. A legitimate interest may exist in particular for the enforcement or defence of legal claims, in the case of a pending legal dispute, a legally binding execution title (which has not been fulfilled yet) or in the case of unfulfilled outstanding claims and similar circumstances (up to 30 years).
15. Data processing by video surveillance at Graz Airport
We use video surveillance to ensure the safety of passengers, employees and other persons present at the airport and to protect the property and infrastructure of Graz Airport from danger, damage, burglary, theft and other damaging behaviour. Video surveillance also serves to provide evidence of possible criminal offences and to protect passengers’ property during security checks. Only those areas are monitored whose surveillance is relevant to safety.
The legal basis for data processing is the protection of our legitimate interest according to point (f) of Art 6°(1) GDPR and Art. 12 DSG.
Recipients of your data:
The stored video recording shall be disclosed exclusively due to a written decision by the public prosecutor’s office.
• Competent authority or competent court (for securing evidence in criminal cases)
• Security authorities (for security police purposes)
• Courts (to preserve evidence in civil cases)
• Insurance (exclusively for the settlement of insurance claims)
Retention period:
All the data collected in connection with video surveillance is stored for a maximum of 72 hours. There may be a longer retention period if necessary (criminal proceedings).
16. Datenverarbeitung von Lieferanten und Geschäftspartnern
Graz Airport processes personal data that is collected or transmitted by business partners in the course of a business relationship.
The following categories of personal data are subject to processing, depending on the service provided:
Your personal data/master data such as title, first name, surname, company/organisation, address, telephone number, email address, fax number as well as other information required for addressing which results from modern communication technologies, date of birth as well as customer authentication data or that of your authorised representative including their authorisation data. In addition, this may also include order data (standing orders or direct debit orders), customer bank data including account holder, data from the fulfilment of our contractual obligation (consumption, turnover, customer billing data), contract data (such as commitment periods, contract variants, contract number), customer number, data on the data subject’s payment or performance behaviour, methods of payment, advertising and sales data, consulting reports, information, details from customer surveys and competitions, socio-demographic data, information from your electronic correspondence with our company (service portals, apps, cookies), prepayment data, if applicable, insolvency or probate data, as well as data to meet legal requirements.
Graz Airport processes personal data in order to provide its range of services:
• Running Graz Airport
• Organising information and presentation events and trade fairs at Graz Airport
• Hiring out rooms, hangar space and advertising space at Graz Airport
• Hosting public and non-public events
The following legal bases can be considered:
• Fulfilling contractual obligations (point (b) of Art. 6°(1) GDPR)
Depending on the service contract you have concluded with us, we provide certain services. The processing of personal data is necessary to be able to provide this contractual service. The scope and specific purpose of the data processing results from the individual content of the service contracts. If business partners do not want to provide the data, the conclusion of the contract or execution of the order may be impossible under certain circumstances. An existing contract can no longer be performed under these circumstances and may have to be terminated.
• Fulfilling legal obligations (point (c) of Art. 6°(1) GDPR)
The processing of personal data may be necessary for the purpose of fulfilling various legal obligations, such as the preparation of annual financial statements, ongoing tax obligations, as well as in the context of audits to audit offices or the fulfilment of aviation regulations. We cannot fulfil our legal obligations without the provision of your data.
• Protecting legitimate interests (point (f) of Art. 6°(1) GDPR)
If necessary, data processing beyond the actual fulfilment of the contract may be carried out within the framework of balancing interests in favour of Flughafen Graz Betriebs GmbH or a data processor in order to protect the legitimate interests of us or data processors. In the following cases, data processing is carried out to protect legitimate interests:
– Consultation of and data exchange with credit agencies to determine creditworthiness or default risks;
– Checking and optimising procedures for demand analysis and direct customer contact as well as measures for business management and further development of services and products;
– Advertising for our own products, customer evaluation, market and opinion research, unless you have objected to the use of your data in accordance with Art. 21 GDPR.
– Phone records;
– In the context of legal prosecution for the defence and assertion of legal claims;
– Contact (e.g. by email, phone, post) to survey service quality and customer satisfaction;
– Handling of promotional activities and claims;
– Tax and legal advice such as auditors and experts, consulting and IT services;
– Maintaining network and information security;
– Necessary administrative purposes.
- Consent (point (a) of Art. 6°(1) GDPR)
If the processing of personal data goes beyond contractual or legal obligations as well as a legitimate interest, Graz Airport shall obtain the business partners’ consent.
In the case of consent, the data will be processed exclusively for the stated purpose. Any consent given can be revoked at any time. It can be revoked both in writing and verbally.
Recipients of the personal data are employees of Graz Airport who process the data in accordance with the purpose of use and the legal basis.
Recipients of your data
In addition, contract processors and other recipients commissioned by us: in particular companies based in the EU such as IT, cloud and telecommunications service providers, printing, scanning and data destruction service providers, external auditors and experts, audit offices, arbitration bodies and authorities (including courts or state government and funding authorities), auditors and tax consultants, insurance companies, debt collection service providers and credit agencies, consulting companies, back-office service providers, lawyers and companies within the Holding Graz – Kommunale Dienstleistungen GmbH group (see the holding’s current organisation chart on the website www.holding-graz.at) receive your data, insofar as they require the data for the fulfilment of their respective service. All contract processors are contractually obliged to treat your data confidentially and to process it only within the scope of the service provision.
Since various recipients and processors change on a regular basis, it is not possible to name them specifically.
The collected data will not be sold or given to uninvolved third parties without justification.
Storage period of your data:
We process your personal data, as far as necessary, for the duration of the entire business relationship as well as beyond that for the duration of legal storage and documentation periods, in particular the Federal Tax Code (BAO).
According to Art. 207°(2) in conjunction with point (a) of Art. 208°(1) BAO, duties become statute-barred after ten years with the expiry of the year in which the duty claim arose. According to Art. 132 BAO, books, records and receipts relevant to tax law must be kept for seven years. Therefore, your data will generally be deleted after ten years from the termination of our contractual relationship.
Longer storage can take place beyond that in the event of the controller or data subject’s legitimate interests. A legitimate interest may exist in particular for the enforcement or defence of legal claims, in the case of a pending legal dispute, a legally binding execution title (which has not been fulfilled yet) or in the case of unfulfilled outstanding claims and similar circumstances (up to 30 years).
17. Data processing of applicants
Flughafen Graz Betriebs GmbH and Flughafen Graz Bodenservices GmbH would like to inform you that the application documents you send us together with your personal data will be collected, processed and used by the responsible Human Resources department for the purpose of the application procedure. Your applicant data is processed exclusively through our company data protection notice for applicant management within Austria. Forwarding to third parties is excluded without your explicit consent.
The collection, processing and use of your personal data relates to the following categories of data:
• Your contact information (e.g. your name, address, email address,
• phone number).
• Your CV.
• Information about the job you have applied for (e.g. position,
• scope of work, place of work, salary, required skills and experience).
• Information about your previous work experience and employment (e.g.
• company, location, department, position, role, start date, full-time or
• part-time, working hours).
• Information about your professional qualifications (e.g. level of education,
• associated skills, degrees or certificates).
Your personal data will only be used for the following purposes::
• Administration of your application.
• Personnel issues arising in connection with the recruitment process.
• In the event that you are employed, your personal data will also be used for purposes related to your employment and employment contract basis.
Your data is processed on the basis of the initiation of a contract in connection with the fulfilment of a pre-contractual legal relationship, in accordance with point (b), (c) or (f) of Art. 6°(1) GDPR.
Recipient
Recipients of the personal data are employees of Graz Airport who process the data in accordance with the purpose of use and the legal basis. With your consent, your profile will be recommended for other suitable positions at Flughafen Graz Bodenservices GmbH or vice versa at Flughafen Graz Betriebs GmbH.
Storage period of your data:
From the date your application is submitted, your personal data will be stored for a period of 12 months, unless you have indicated otherwise. Notwithstanding the aforementioned, your personal data may be stored and used for longer periods of time if this is necessary to fulfil our companies’ legal obligations in accordance with applicable law, or insofar as this is necessary to fulfil the (pre-) contractual legal relationship.
18. Film and photo shoots
If you attend events at Graz Airport or visit the airport for other reasons or for work (e.g. employee or partner of a craftsman or construction company in the course of construction work at the airport) it is possible that you appear on film and photo material.
This data protection declaration refers only to film and photo shoots carried out by Graz Airport/ Flughafen Graz Betriebs GmbH or its subsidiaries as the data processing controller, e.g. at events hosted by the airport. This data protection declaration is not valid for film and photoshoots carried out at Graz Airport by third parties.
The photographs and films can be published by us, e.g. on our website and in print media. The purpose of the data processing is the internal documentation of events or happenings at Graz Airport and public relations work (presentation of activities of Graz Airport or its subsidiaries in public).
This data protection declaration applies to this data processing, in addition to this chapter “film and photo shoots” especially the chapter “controller and contact data” and “data subject rights”.
The legal basis is our overriding legitimate interest according to Art 6 para 1 lit f GDPR which consists of documenting and inform about events and happenings at Graz Airport.
Recipients of your data:
Recipients of your pesonal data are employees or Graz Airport who will process it according to the respective purpose and legal basis, as well as (online) media users in the course of public relations work.
Storage period of your data:
We will store your data as long our legitimate interest persist, we need it for the respective purpose or you revoke a given consent.
Responsible as the data controller related to film and photo shoots is in most cases Graz Airport Flughafen Graz Betriebs GmbH. In exceptional cases one of the following companies can be the responsible data controller as well:
- Flughafen Graz Bodenservices GmbH
- Airport Parking Graz GmbH
19. Controller and contact data
Should you have any questions regarding the processing of your personal data, please contact:
Data Processing Controller:
Flughafen Graz Betriebs GmbH
8073 Feldkirchen
Austria
Telephone: +43 (316) 29 02 0
Telefax: +43 (316) 29 02 81
Email: datenschutz@graz-airport.at
Management:
Wolfgang Grimus, EMBA
Mag. Jürgen Löschnig
Data protection coordinator:
Mag. Roman Freisinger
Data protection officer:
Mag. Florian Hutzl
Holding Graz – Kommunale Dienstleistungen GmbH
Andreas Hofer Platz 15
8010 Graz
E-Mail: datenschutz@holding-graz.at
20. Data subject rights
- Right of access by the controller to the personal data concerning you in accordance with Art. 15 GDPR.
The data subject shall have the right to obtain confirmation as to whether their personal data is being processed. If this is the case, then there is a right to information about the nature and content of the processing of their personal data by the controller to the extent of Art. 15 GDPR. - Right to rectification according to Art. 16 GDPR
The data subject shall have the right to the immediate rectification of their inaccurate or incomplete personal data. - Right to erasure according to Art. 17 GDPR
The data subject has the right to demand the immediate erasure of their data by the controller if the requirements of Art. 17 GDPR are met. - Right to restriction of processing according to Art. 18 GDPR
If the prerequisite of Art. 18 GDPR is met, the data subject may request the restriction of processing of their personal data. - Right to data portability according to Art. 20 GDPR
The data subject shall have the right to obtain their personal data in a structured, commonly used and machine-readable format from the controller and to transmit such data to another controller without hindrance from the controller providing the data, provided that the requirements of Art. 20 GDPR are met. - Right to objection to processing according to Art. 21 GDPR
The data subject shall have the right to object to processing of their personal data, unless there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion of legal claims. - Right to revoke consent already given Art.7°(3) GDPR
If the processing of personal data is based on consent, the data subject shall have the right to withdraw their consent with effect for the future at any time, unless there is another legitimate reason for the data processing. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
21. Complaint with data protection authority
ou also have the right to file a complaint with the data protection authority. In this regard, we refer you to the homepage of the Austrian data protection authority [Österreichische Datenschutzbehörde] which can be accessed under the following link: https://www.dsb.gv.at/.
Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Vienna,
Austria
Email: dsb@dsb.gv.at
For data protection questions or to safeguard your rights, you can always contact us via email at datenschutz@graz-airport.at.