Data Protection Declaration

Schienen-Control GmbH has been established as company and legal entity according to § 77 of the Austrian Railway Act 1957, BGBl 1957/60 as amended by BGBl I 2015/137, and is assigned the tasks and competences provided by the respective legal terms of the Austrian Railway Act. These include the role as an administrative office for Schienen-Control Kommission, the Austrian Railway Regulatory Authority, and the competences further determined by the Austrian Railway Act. Furthermore, the Agency for Passenger Rights is part of the organisational structure of Schienen-Control GmbH.

As long as not otherwise indicated, Schienen-Control GmbH processes only personal data within its legaly assigned duties and competences.

As long as Schienen-Control GmbH is acting according to its legally assigned duties and competences, the processing of personal data requires no further consent according to the provisions of the General Data Protection Regulation.

While using the website of Schienen-Control GmbH, which includes the online presence of the Agency for Passenger Rights, Schienen-Control GmbH will use the services of Google Analytics in order to monitor and analyse activities on our website. The collected information is mainly used to improve the online presence of the Agency for Passenger Rights and potentially place advertisments for the Agency.

The mentioned services require the use of cookies for Schienen-Control GmbHs website. Cookies are small text files that are provided by our server and subsequently sent to the respective server with every browser request. All cookies used by Schienen-Control GmbHs website are considered „1st-Party Cookies“, meaning that they are solely provided by our own server. Other than the cookies required for the support of Google Analytics and Google Adworks services, Schienen-Control GmbH uses only those cookies which ensure the proper functioning of the provided webservices. However, these are only valid for each individual session and thus deleted after leaving the website.

All relevant provisions concerning the use, transfer and security of the so processed data are based on the Processor Agreement concluded with Google LLC and its subsidiaries.

Cookies for the provision of Google Analytics services as implemented by Schienen-Control GmbH are used under the strict precaution of then anonymization of the users IP-address. Since the users IP- Adress is the main source for identification of the data subject, the anonymization thus guarantees that no personal data according to the provisions of the General Data Protection Regulation is collected. Further information on this topic can be found here.

As Schienen-Control GmbH is constantly making efforts for a particularly high level of data protection and security beyond the applicable legal provisions, an additional opting-out-tool for all cookies used in Google Services can be found here:

You can change your cookie settings here:

Change Cookie-Settings

Furthermore, it is possible to deactivate the overall use of cookies via the settings of your webbrowser.

According to the provisions of the General Data Protection Regulation, data subjects having their data processed are entitled to claim the following rights:

  • Right of access by the data subject (Art 15 GDPR);
  • Right to rectification (Art 16 GDPR);
  • Right to data portability (Art 20 GDPR);

As far as data is no longer required for the legal purposes it has been collected for, data subjects also have the following rights:

  • Right to erasure (Art 17 GDPR);
  • Right to restriction of processing (Art 18 GDPR);

Schienen-Control GmbH wants to further emphasize at this point that, given the standardized anonymization of the IP-adresses of every visitor to our website, no personal data is being collected by Google Analytics. Furthermore, other cookies used to support the functionality of our website are being deleted immediately after leaving our website. Thus, the aforementioned rights might only be applicable within a limited scope ore might not be applicable at all.

In case the use of cookies for the services of Google Analytics is nevertheless object of a claim according to the rights of the data subject, tools for exercising the data subject rights provided by Google can be found here.

Nonwithstanding the aforementioned rights, data subjects are entitled to object to the processing of their personal data at any given time according to Art 21 GDPR. The successful exertion of the right to objection does however require the occurrence of special circumstances if data is being rightfully processed.

Data subjects also have the possibility to address the Supervisory Authority at any given time if they feel their personal data is being unlawfully processed.

If any questions should arise concerning this Data Protection Declaration, the protection of privacy or personal data or if data subjects want to exert their rights, please contact the data protection officer by E-Mail or letter:

Caroline Trefil
c.trefil@schienencontrol.gv.at

Postal address:
Schienen-Control GmbH
Linke Wienzeile 4/1/6
A-1060 Wien
Phone: +43 1 505 07 07

Austrian Supervisory Authority:
The competent Supervisory Authority for Austria is the Federal Data Protection Authority (“Datenschutzbehörde”, DSB): https://www.dsb.gv.at