The protection and security of your data is of vital interest also to us. For this reason, we provide you with comprehensive information on how we handle your data. You will learn how we collect your personal data, what we do with it, for what purposes and on what legal basis this is done, and what rights and claims are associated with it for you.

The data protection declaration applies to data processing in the scope of our websites:,, and related services that refer to this Privacy Statement.

Our privacy information for the use of our websites and the Privacy Statement of Österreichische Staatsdruckerei GmbH and youniqx Identity AG do not apply to your activities on the websites of social networks or other providers that you can reach via the links on our websites. Please check the websites of these providers for their data protection rules.

Name and address of the controller

The controller as defined in the General Data Protection Regulation (GDPR), other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature:

Österreichische Staatsdruckerei GmbH
Tenschertstraße 7
1230 Vienna, Austria

Tel.: +43 1 206 66-0


You can reach the data protection officer by e-mail at:


  1. Collection and processing of personal data from business Partner

1.1 Purposes of the processing, categories of personal data

We process personal data in the course of a business relationship with customers and suppliers for the following purposes:

  • Processing for the purpose of contract performance;
  • Processing and transmission of data within the scope of a business relationship with customers and suppliers, including automatically created and archived text documents (e.g. correspondence),
  • Customer care, detail survey for logistics and accounting
  • Communicating with business partners about products, services and projects, e.g. handling enquiries from a customer or supplier
  • Processing of orders, collection of payments, for accounting and settlement purposes, invoicing, deliveries
  • Order processing, e.g. in the context of the production of ID documents
  • Compliance with legal requirements, e.g. retention obligations under tax law
  • Settlement of legal disputes, defence of legal claims, enforcement of existing contracts

1.2 The following categories of personal data may be processed for the above purposes:

  • Customer and supplier data as well as data of interested parties
  • Contact details such as name, title, address, telephone number, e-mail address, address for service, delivery and invoice addressees
  • Information whose processing is required in the context of a project or the handling of a contractual business relationship with Österreichische Staatsdruckerei GmbH or youniqx Identity AG or which is provided voluntarily by contact persons
  • Information from publicly available sources

The data provided by you is necessary to achieve the above-mentioned purposes and to fulfil the contract or to carry out pre-contractual measures. Without this data, the individual purposes described may not be achieved or we may not be able to conclude the contract with you. We take into account in particular the type of personal data, the purpose of the processing, the circumstances of the processing and your interest in the confidentiality of your personal data as part of the necessary balancing of interests.

1.3 Recipients of personal data

Should the situation arise, data will be passed on to the following recipients

  • All relevant departments of Österreichische Staatsdruckerei GmbH or youniqx Identity AG for the purpose of contract execution
  • Competent administrative authorities, especially tax authorities for audits
  • Contractual or business partners involved in the delivery or service
  • Insurances in the event of an insured event
  • Auditors for the purposes of auditing
  • Courts to initiate order for payment proceedings
  • Federal Agency “Statistik Österreich” for the compilation of (official) statistics required by law
  • Group management of the principal for accounting purposes
  • Clients to receive services
  • Banks for the processing of payment transactions

 1.4 Sources of the data (Art. 13 and 14 GDPR)

We process personal data that we receive from you by post, fax or e-mail in the course of contacting you or from your enquiry, as well as any information from publicly available sources.

1.5 Legal basis of the data processing

The data is processed for the performance of a contract or for the implementation of pre-contractual measures on the basis of Art. 6 para. 1 lit. b GDPR.

1.6 Duration of data storage

We store the data until the termination of the business relationship or until the expiry of the warranty, guarantee, limitation and statutory retention periods applicable to the client; furthermore, until the termination of any legal disputes in which the data is required as evidence.

2 Processing of personal data of business partners during video conferences

We hold videoconferences via the Internet and use various communication tools for this purpose. Video conferences are intended to save working time and travel costs and are indispensable, for example, in the event of extraordinary circumstances in order to be able to maintain business operations.

The use of the conference services is associated with a transfer of personal data to a third country, in particular the USA. We expressly point out that for the transfer to the USA, there is no adequacy decision according to Art. 45 (3) GDPR, nor appropriate guarantees according to Art. 46 GDPR.

As a matter of principle, we coordinate the use of the video platform or online software in advance with the business partner, who voluntarily participates in a video or online conference at any time. To enter a virtual meeting room, a participant must agree to the installation of software that makes participation technically possible in the first place.

2.1 The following categories of personal data are processed:

Participant lists, login data such as user, e-mail address, IP address and device data

2.2 Recipients of personal data

Video conferences are only conducted via selected and internally approved service providers.

Possible use of video and online conferencing services:

Microsoft Teams based in the USA. The use of Microsoft Teams is subject to Microsoft’s terms of use and privacy statement.

Privacy statement: By using Microsoft Teams, you accept Microsoft’s terms of use and privacy statement.

ZOOM Video Communications Inc. (“Zoom”) with its registered office in the USA. The use of Zoom is subject to their terms of use and privacy statement: By using “Zoom” you accept their terms of use and privacy statement.

Cisco WebEx based in the USA, Slack based in the USA. The use of Cisco WebEx is subject to their terms of use and privacy statement: By using Cisco WebEx, you accept their terms of use and privacy statement.

2.3 Legal bases of the processing

The data is processed for the performance of a contract or for the implementation of pre-contractual measures on the basis of Art. 6 para. 1 lit. b GDPR.

Through the use, a transmission to a third country (possibly the USA) takes place. This is based on Art. 49 (1) a to c GDPR.

2.4 Duration of data storage

We store collected personal data for as long as necessary for the purposes we have stated, unless there is a longer retention obligation by law. The conference services store the data for the period during which we have an ongoing business relationship with the respective conference service and the services are made available to us, as well as according to legal obligations of the service provider to retain the data.

3 Collection and processing of personal data for visitor registration at the business premises of OeSD

3.1 Purposes of processing and legal bases

The visitor registration data is collected from the data subject prior to the visit, stored and passed on to the responsible reception and security departments in order to register the data subject’s visit at OeSD. Without this registration, visitors have no right of access to the company premises and the company building.

During visitor registration, personal data is collected directly on site (scan of an identity document) in order to determine and record who is on the business premises and to be able to create a visitor pass.

The collection, storage and disclosure is carried out for the purpose of legitimate interest on the basis of Article 6(1) sentence 1 lit. f GDPR.

In individual cases, a balancing of interests is carried out to determine whether an interest worthy of protection stands in the way of collection (especially in the case of children).

We consider the protection of OeSD as a high-security company with critical infrastructure as our legitimate interest. The data is not passed on to third parties.

Failure to provide this data will result in visitors not being able to be registered and therefore not being able to visit the company.

We ensure the protection of personal data through current technical and organisational measures. These are always adapted to the current state of the art.

3.2 Duration of data storage

We store your visitor application and visitor registration data in our system for 12 months. After this period, the data collected for this procedure will be erased.

4 Collection and processing of personal data when visiting our website

Every time you access content on the website, data is temporarily stored that may allow identification. The following data is collected in this process:

  • Date and time of access
  • IP address
  • Host name of the accessing computer
  • Website from which the website was accessed
  • Websites accessed via the website
  • Page visited on our website
  • Message whether the retrieval was successful
  • Transmitted data volume
  • Information about the browser type and version used
  • Operating system

The temporary storage of data is necessary for the course of a website visit in order to enable the delivery of the website. Further storage in log files takes place to ensure the functionality of the website and the security of the information technology systems. These purposes also form the basis of our legitimate interest in data processing.

4.1 Other recipients of the personal data in addition to the controller

The website is hosted by Körbler GmbH; Hofweg 1; 8435 Leitring, Austria | | The host receives the above data as a processor.

4.2 Legal basis of the processing

Legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to provide information about the company and the application/marketing of products and services.

 4.3 How long will the data be stored?

The data shall be deleted as soon as it is no longer required for the original purpose of its collection. With regard to making the website available, the original purpose shall cease to apply when the session ends. Log files are held for the standard websites of the Austrian State Printing House for 7 days, and for the elective servers up to 14 days; during this period, data remains directly and exclusively accessible to administrators. Thereafter, it shall only be indirectly available via the reconstruction of backup tapes and shall be permanently deleted after two weeks.

4.4 Collection and processing of personal data via a contact form on our website

Collection and processing of personal data via contact form on our website

You are able to request information about our products via contact form on our website Therefore we require your name and e-mail address in order to reply to your request.

If you contact us via the form on the website, the data you provide (name and e-mail address) will remain stored for six months for the purpose of processing your enquiry and in the event of follow-up questions.

 4.5 Cookies

Cookies are small text files that enable the storage of specific device-related information on users’ access devices (PCs, smartphones, etc.). They serve to create a user-friendly experience of the websites and thus for the users themselves (e.g. storage of login data). We store information in cookies that is necessary for the operation of the website. However, these do not contain personal data that could be read by third parties. Users may influence the use of cookies. You may set up your browser in such a way that it informs you about the setting of cookies, and you may permit this in individual cases only. By blocking cookies in the browser or deleting cookies on a regular basis, you may also prevent any inference of your online behaviour that would otherwise be possible with this information.

The deactivation of cookies may limit the functionality of our website.

 4.6 Piwik/Matomo

The web analysis service Piwik/Matomo is used on our website. Piwik/Matomo is an open-source software programme that analyses website visitor traffic. This analysis is made possible by means of cookies, which are text files. These cookies collect information regarding your use of our website. These are then stored on a Piwik/Matomo server in Germany. Your IP address will be anonymised prior to this. However, you have the option of preventing cookies from Piwik/Matomo being stored on your computer. If you wish to do so, you must modify the settings of your Internet browser accordingly. This may mean that you are unable to use our website in its entirety.

 4.7 Use of the websites by minors

It should be noted that the processing of personal data is predicated on the condition that the user of the website in question is 14 years old or over. The use of our systems and tools and the resulting processing of users’ data for anyone below this age threshold is prohibited without the consent of the parent / guardian. Should such data processing nevertheless occur, we will – as soon as we are made aware of it – stop processing this data.

 4.8 Social plugins

On our websites, we use social plugins for social networks such as Facebook, Twitter, LinkedIn, Xing and YouTube.

When you visit our website, these plugins are disabled by default, i.e. they do not transmit any data to the respective social networks without your direct intervention. Before you can use the plugins, they must first be activated by clicking on them. The plugin will remain active until you disable it or delete your cookies. Once activated, a direct connection will be established with the server of the respective social network. The plugin content is then transferred by the social networks directly to your browser and incorporated into the website. Upon activating a plugin, the social network is then able at this point to collect data, irrespective of whether you interact with the plugin in question. If you are logged in to a social network, it can link your visit to this website to your user account. A social network cannot assign a visit to other websites until you have activated the respective plugin there. If you have joined a social network and you do not wish for it to link the data collected when visiting our website with your stored membership data, you must log out of the respective social network before activating these plugins. We cannot exercise any control over the amount of data collected by the social networks with their plugins. For more information on the purpose and scope of this data collection and its further processing, as well as the use of said data by the respective social networks (and any respective rights and options afforded to you regarding the protection of your privacy), please refer to the data protection policy of the respective social networks.

 4.9 Facebook Pixel

When advertising its products and brands on Facebook, youniqx Identity AG uses Facebook Pixel, which analyses and evaluates user behaviour after clicking on a Facebook ad and then browsing to the target page. Continuous analysis allows Facebook ads to be tailored to the interests of Facebook users and is therefore used to improve ads on Facebook.  By using Facebook Pixel, youniqx Identity AG can also determine when a user is forwarded to the page after clicking on a Facebook ad. If you have a Facebook account and are logged in, a visit to this website will be assigned to your Facebook user account.

All user data collected whilst using Facebook Pixel remains anonymous for youniqx Identity AG.

Facebook Pixel is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA; for EU residents, the software is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Facebook stores and processes user data in accordance with the Facebook data usage policy (More info: Settings for data collection by Facebook Pixel and the use of user data to display Facebook ads can be edited under ad settings (More info: You can also object to this processing on the American website or the EU website“

4.10 Data protection provisions governing the application and use of Getty Images

The data controller has integrated components of Getty Images into website. Getty Images is an American visual media agency. A visual media agency is a company that offers pictures and other image material to end consumers. Visual media agencies usually market photographs, illustrations and film material. Various customers choose to license the images they use through a visual media agency, in particular Internet site operators, editors of print and TV media and advertising agencies.

The operating company of Getty Images components is

Getty Images International, 1st Floor, The Herbert Building, The Park, Carrickmines,

Dublin 18, Ireland.

Getty Images permits the (potentially free-of-charge) embedding of Stock Images. Embedding involves the incorporation or integration of certain external content, including text, video or image data, which is provided by a third-party website and then appears on another website. For the purposes of embedding, a so-called embedding code is used. An embed code is an HTML code that is integrated into a website by a website operator. If an embedding code has been integrated by a website operator, the external content of the other website will, by default, be immediately displayed as soon as a website is visited. In order to display this third-party content, the external content is loaded directly from the other website.

Getty Images provides further information about the topic of embedding content at

As part of the technical implementation of the embedded code, which enables image material from Getty Images to be displayed, the IP address of the Internet connection – via which the person accesses our website – is transmitted to Getty Images. In addition, Getty Images records our website, the type of browser used, the browser language, the time and length of said access. Furthermore, Getty Images may collect certain navigational information, i.e. information concerning which of our sub-sites the person has visited, and which links have been clicked on, as well as any other forms of interaction attributable to the data subject while visiting our website. This data can be stored and analysed by Getty Images.

For further information and the applicable Getty Images Data Protection Policy, please visit

4.11 Data protection policy governing the application and use of Google AdWords

The data controller has integrated components of Google AdWords into the website. Google AdWords is an Internet advertising service that permits advertisers to run adverts, both on Google’s search engine and on the Google Network. Google AdWords allows an advertiser to pre-define keywords, based on which an advert will be displayed alongside Google’s search engine results only when the search engine retrieves a search result involving the particular keyword. Within the Google Network, adverts are distributed across topic-relevant webpages and in accordance with previously defined keywords by way of an automated algorithm.

The operating company of the Google AdWords services is Google Inc.,1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

We expressly point out that no adequacy decision pursuant to Art. 45(3) GDPR, nor appropriate safeguards pursuant to Art. 46 GDPR, exists for the transfer to the USA. This means that it may not be possible to trace how the data is used and who has access to the data.

You have the option to consent to the use of Google AdWords by opting in before visiting the website

The purpose of Google AdWords is to promote our website by displaying interest-based advertising on third party websites and in the search engine results produced by the Google search engine, as well as by displaying advertisements on our website.

Should a data subject arrive at our website via a Google advert, a so-called conversion cookie will be stored by Google on the IT system of the data subject. The term “cookie” has already been explained in detail above. A conversion cookie becomes invalid after thirty days and is not used to identify the person concerned. Using the conversion cookie (to the extent that said cookie has not yet expired), it can be traced as to whether certain sub-pages – such as the shopping cart from an online shop system – have been accessed on our website. The conversion cookie allows both us and Google to understand if a data subject, who arrived at our website through an AdWords advert, actually generated revenue, i.e. completed a purchase or cancelled the transaction.

The data and information collected through the use of this conversion cookie is used by Google to create visitor statistics for our website. These visitor statistics are then utilised by us to determine the total number of users who have arrived at our website via AdWords adverts, in order to evaluate the success or failure of these AdWords adverts and to optimise our use of AdWords adverts going forward. Neither our company nor any other advertising customer of Google AdWords shall receive any information from Google that could be used to identify the data subject.

The conversion cookie enables the storage of personally identifiable information, such as the web pages visited by the data subject. Every time you visit our website, your personal information – including the IP address of the Internet connection used by the data subject – is transferred to Google in the United States of America. This personal information is stored by Google in the United States of America. Google may then transfer this personal data collected to third parties.

The data subject can prevent cookies from being stored through our website – as previously explained above – at any time by means of a corresponding setting in their Internet browser, which will permanently disable the storage of cookies. Such an Internet browser setting will also prevent Google from storing a conversion cookie on the IT system of the person concerned. In addition, a cookie already stored by Google AdWords can be deleted at any time through the Internet browser or the use of other software programmes.

Furthermore, the data subject shall have the opportunity to object to interest-based advertising by Google. To do so, the data subject must access the link from each of the Internet browsers they use and change the desired settings there.

For further information and Google’s Data Protection Policy, please visit

4.12 Security / Retention periods

The OeSD takes all the necessary technical and organisational security measures to protect your personal data from loss or misuse.

The criterion for the duration of the storage of personal data is the respective statutory retention period. After this deadline, the corresponding data shall be routinely deleted, if no longer required to fulfil a contractual obligation or to initiate contract proceedings.

5. Newsletter

You have the option to subscribe to the OSD newsletter. For this we need your first and last name as well as your e-mail address and your confirmation that you agree to receive the newsletter. You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter e-mail.

5.1 Purpose of processing
Customer service and marketing for our own purposes.

5.2 The following categories of personal data are processed
– First and last name
– e-mail address

5.3 Recipients of personal data

– Marketing department of Österreichische Staatsdruckerei GmbH for the purpose of customer service
– Sendinblue GmbH; Köpenicker Str. 126, 10179 Berlin; provides the necessary infrastructure and tool for sending newsletters by e-mail (data protection information:
– GPK public GmbH; Gußhausstraße 13, 1040 Vienna; for the purpose of designing the newsletter and processing the mail dispatch (data protection information:

5.4 Sources of the data (Art. 13 and 14 DSGVO)

We process personal data (first name, last name, email address) that we receive from you in the context of your newsletter subscription via our homepage.

5.5 Legal basis of the data processing
Art 6 para 1 lit a DSGVO (explicit consent).

5.6 Duration of data storage

You can cancel the subscription of the newsletter at any time via clicking “unsubscribe” in the footer of the newsletter. After unsubscribing, we will no longer use your data for the newsletter mailing. If we do not have any business relationship with you and we are not subject to any legal storage obligations, your data will be deleted after unsubscribing from the newsletter.

6 Data subject rights

6.1 Right to the disclosure of information

You may request the disclosure of information in accordance with Art. 15 GDPR regarding the processing of your personal data.

6.2 Right of objection

For reasons arising from your particular situation, you shall have the right, at any given time, to object to the processing of your personal data pursuant to Art. 6 (1) f GDPR. The data controller shall no longer process your personal data unless he or she can demonstrate compelling legitimate grounds for its processing that outweigh the interests, rights and freedoms of the data subject, or if said processing is essential for the purposes of asserting, exercising or defending legal claims. The collection of data for the provision of the website and the storage of log files is essential to the operation of the website.

6.3 Right to correction

Should your details not (or no longer) be correct, you may request their correction. Should your data be incomplete, you may request its completion.

6.4 Right to deletion

You may demand the deletion of your personal data in accordance with Art. 17 GDPR.

6.5 Right to the restriction of processing

You have the right pursuant to Art. 18 GDPR to request the restricted processing of your personal data.

6.6 Right to data transferability

In the event that the requirements of Art. 20 (1) GDPR are deemed to apply, you have the right to request that any data we process on the basis of your consent (or in fulfilment of a contract) is automatically handed over to yourself or to a third party. The collection of data for the provision of the website and the storage of log files is essential to the operation of the website. This is therefore not based on the issuance of consent as per Art. 6 (1) a GDPR or on a contract as per Art. 6 1 b GDPR, but rather is justified as per Art. 6 (1) f of the GDPR. The requirements of Art. 20 (1) GDPR are therefore not fulfilled in this respect.

Should you wish to exercise your rights, please contact our Data Protection Officer at:

6.7 Right to appeal

Should you believe that the processing of your personal data is in violation of data protection laws, you may – in accordance with Art. 77 (1) GDPR – register a complaint with the pertinent data protection supervisory authority. The responsible data protection supervisory authority is:

Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Vienna

Telephone: +43 1 52 152-0