OeKB Privacy Policy

Content of the Privacy Policy

1. General information
2. Contact persons and details
3. Identification and storage of personal data
4. Use and disclosure of personal data
5. Right to information, rectification, erasure or restriction of the processing of your stored data as well as to objection and to data portability
6. Data security
7. Cookies
8. Logging e-mail traffic
9. Social Media
10. Webinars
11. Updating this Privacy Policy

1. General information

We at Oesterreichische Kontrollbank Aktiengesellschaft (OeKB) are committed to handling your personal data with the utmost care during your visit to our website – from collecting to processing and storing it. Austrian and European laws on data protection form the basis for this.

This privacy policy applies to all data processing for which OeKB is the controller, i.e. decides why and how your personal data is processed. Individual pages may refer to links of other providers within and outside the OeKB Group not covered by the privacy policy, i.e. we cannot assume any liability for the content therein or for how data is used and processed.

2. Contact persons and data

The following company is responsible for data processing:
Oesterreichische Kontrollbank Aktiengesellschaft (OeKB)
Am Hof 4
A-1010 Vienna
Telephone: +43 1 53 127 -0
Fax: +43 1 53127-5262
E-mail: info@oekb.at

The Data Protection Officer of OeKB is:
Manfred Erich Leiter-Rummerstorfer
E-mail: dataprotection@oekb.at

Information on data processing according to art. 13 and 14 DSGVO

Below you will also find information about the nature, extent and purpose of the collection and use of data when you visit our websites.

3. Identification and storage of personal data

For technical reasons, every time you access our website, your browser automatically transmits the data listed below to our web servers. Storage is solely for statistical and technical purposes, for example, to evaluate the frequency of page visits or to detect disruptions to server operations.
The following data is logged and evaluated:

• IP address
• browser type and version
• operating system
• device (PC, tablet or smartphone)
• resolution of the computer
• source (country and city)
• language
• page views
• date, time and duration of the visit
• bounce rate
• traffic sources (social media, search engines or referring websites)
• click or conversion rate
• request (filename of the requested file)
• Username and password (only for pages with login details, such as my.oekb, the Login-Portal or the General Terms and Conditions in Export Services procedures)
• any content of forms

Additional personal data, such as name, home address, e-mail address, date of birth or business-related data, are only recorded if you indicate them yourself. For example, on our website you may indicate such information when making an online application, when using the feedback form, when registering for a newsletter, or when requesting the signature directory.

4. Use and disclosure of personal data

Personal data transmitted by you will only be used to handle your request, as part of the fulfilment of contracts concluded with you or for technical administration.

If you have consented to the processing of your personal data, processing will take place only in accordance with the purposes set out in the declaration of consent and to the extent agreed therein. As such, you will only receive advertising or e-mail newsletters from us on the basis of your consent here. You can revoke consent at any time, free of charge, with effect for the future: in electronic newsletters using the cancellation link provided, or via a written and telephone notification to all contact details listed.

Moreover, your data will be received only by those bodies or employees within OeKB who or which require it to fulfil contractual, legal and regulatory obligations and to serve legitimate interests. We also use selected processors for the technical and organisational implementation of our website. All processors will be placed under a corresponding contractual obligation to handle your personal data confidentially and only to process it within the framework of the provision of their service according to our instructions.

5. Right to information, rectification, erasure or restriction of the processing of your stored data as well as to objection and to data portability

You have a right to information, rectification, erasure or restriction of the processing of your stored data, a right to object to the processing and a right to data portability in accordance with the prerequisites of data protection law.

You can address any appeals to the Austrian Data Protection Authority.

6. Data Security

The security of your data in our systems is very important to us. Our goal is to manage your data with the utmost care and to take all necessary technical and organisational security measures to protect your personal data from loss and misuse.

Access to nearly all our websites is secured via HTTPS if your browser supports SSL. This means that communication between your device and our servers is encrypted. If you wish to contact us or our employees by e-mail, we would like to point out that the confidentiality of the information provided is not guaranteed. The content of e-mails may be viewed by third parties due to their technical design, unless special technical security measures are taken.

7. Cookies

a) General information on cookies

OeKB uses cookies for optimising your experience while you are on our website. Cookies are small text files that are stored on your device. Cookies help us to make our website and our offer more user-friendly and more effective. 

What cookies do we use

We use so-called session cookies, which will automatically be deleted from your device after you leave our website, and persistent cookies, which remain stored on the device for identification purposes. Persistent cookies are valid for a precisely defined period and will also be automatically deleted after its expiry.

In addition, we use so-called first-party cookies. Such cookies are generated by OeKB itself, as website operator, and stored on your device. 

Only technically required cookies are used for our website.

Legal basis for cookie placement

Technically required cookies are stored on the basis of Art. 6 (1) (f) GDPR. As website operator, OeKB has a legitimate interest in storing cookies for the purpose of providing its services in a technically flawless and optimised manner.

In section 7 b, the various cookies that are used on our website and their purpose are described in greater detail.

You can configure your browser so that you will be informed about cookies to be placed and only admit them in individual instances, that you exclude the acceptance of cookies generally or in certain cases, and that you enable cookies to be automatically deleted when the browser is closed. Disabling cookies generally may restrict the functionality of this website.

The steps and measures required for this depend on the specific Internet browser you use. Use the links below for more information on how to proceed with standard browsers:

• Chrome 
• Safari 
• Firefox 
• Edge 
• Internet Explorer 
• Opera 

b) The following cookies are used on the OeKB website

1. Technically required cookies 

Technically required cookies help you use a website by allowing basic functions such as site navigation and access to secure areas of the website. Without such cookies, the website cannot function correctly. The use of such cookies is based on protecting our legitimate interests (Art. 6 (1) (f) GDPR), i.e. safeguarding operation, security and optimisation of our website.

The following technically required cookies are used on our website:

8. Logging of e-mail traffic

To ensure an appropriate level of information and system security and to detect malicious software, we store log data of e-mail traffic. When you send an e-mail to one of our addresses, the following information is logged: e-mail and IP addresses of the recipient and the sender, number of recipients, subject, date and time of receipt at the server, file name of any attachments, message size, risk classification for spam and delivery status. E-mails are checked purely automatically in the first step. Individual e-mails are manually checked by responsible persons only in the event of a suspected threat to the security of the IT systems.

In addition, we process your personal data in connection with e-mails, as far as necessary, for the duration of the entire business initiation phase and beyond in accordance with statutory retention and documentation obligations.    

9. Social Media

We integrate the services of various social networks in our website through social media plug-ins and iFrames. These comprise LinkedIn and YouTube.

We prevent the transmission of data to these services as far as possible. Only when you click on the symbol of a service and actively call it up, your IP address and cookies, among other things, are transmitted and the service receives the information that you have visited our website with your IP address. If you are actively logged in to one of the social media networks, this information will be assigned to your user account. Please note that we ourselves neither have a secure knowledge of nor influence over how and which data reaches the respective services. By activating and using a social media plug-in, you consent to the transfer of personal data to the selected service.

For the latest information on the nature, purpose, extent, use and protection of your data through these networks and their associated rights, please refer to the privacy policy of the selected service provider. According to our information, these are as follows. We assume no responsibility for the completeness and accuracy of this information:

• LinkedIn Ireland, 70 Sir John Rogerson’s Quay, Dublin 2, Irland
  LinkedIn privacy policy
• Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
  Google (incl. YouTube) privacy policy

10. Webinars

Webinars are set up and conducted using Microsoft Teams. In this context, we provide the following information and outline the related processing of personal data for participation in webinars via Microsoft Teams. Any person who has a registration link for an OeKB webinar may register accordingly.

Use of Your Personal Data
For the organisation, delivery, follow-up and further development of webinars, OeKB uses the webinar functionality of Microsoft Teams. In this context, Microsoft Ireland Operations Limited acts as our data processor, with whom OeKB has concluded a data processing agreement in accordance with Art. 28 GDPR.
For persons who register for or participate in our webinars, we process the following personal data:

• Webinar participant information: first name, last name, email address, date and time of webinar registration, company/organisation, as well as additional voluntary information, e.g. role within the company.
• The names of participants are displayed during the webinar.
• Webinar metadata: topic, participant IP address, device and browser information, participation times (login/logout)
• Text data: if a webinar participant uses the chat, question or polling features (Q&A function), the text entries made by the respective participant are processed in order to display them during the webinar and to log them. The webinar participant may decide whether questions are addressed only to the speakers or to the entire audience. If questions are submitted that are answered as part of the post-webinar follow-up, the questions and the email addresses of the webinar participants are processed in order to provide responses after the event. Participants may interact with other participants, speakers and organisers via chat, reactions and Q&A.
• Information provided by internal and external speakers is made available to all interested webinar participants following the speakers’ prior written consent.
• Attention data: during the webinar, the software records when a participant first joined the webinar (date and time) and when the participant left the webinar (date and time).
• Recordings: if enabled, participants are informed prior to the start of the recording that audio, video and screen sharing, transcriptions and participant names may be recorded.

Further information on Microsoft’s Microsoft Privacy Statement can be accessed via this link. If you do not wish or are unable to use the Microsoft Teams app, participation is also possible via a browser version that offers basic functionality.

Legal Basis for Processing
The legal basis for processing personal data in connection with webinars for the purposes of organisation, delivery, follow-up (e.g. answering subsequent questions) and further development of webinars (e.g. creation of participant statistics over time, effectiveness of and interest in webinars) is consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future by sending an email to OeKB Events events@oekb.at.

In the course of data processing when using Microsoft Teams, personal data are also transferred to the United States for the provision of technical services. The European Court of Justice currently recognises the United States as providing an adequate level of data protection. Nevertheless, there is a risk that your data may be accessed by US authorities for control and surveillance purposes and that no effective legal remedies may be available. By giving your consent, you explicitly agree (Art. 49(1)(a) GDPR) that your personal data may be transferred to the United States for the purposes described above.

Rights of Data Subjects
As a data subject (webinar participant), you have the right, where applicable, to access and rectify your personal data, the right to erasure or restriction of processing of your stored personal data, the right to object to the processing of your personal data, and the right to data portability in accordance with the requirements of data protection law. Complaints may be addressed to the Austrian Data Protection Authority.

Data Retention Period
Personal data processed in connection with webinars are stored only for as long as necessary for the defined purposes, taking into account any statutory retention requirements. Subject to any statutory retention obligations, personal data are generally stored for a period of two years after the respective webinar has been conducted.
 

11. Update of this Privacy Policy

We reserve the right to amend this privacy policy as necessary to reflect technical developments and legal changes or to update it in connection with the offer of new services or products.

Version: January 2026