Content

Privacy policy

ASFINAG Autobahnen- und Schnellstraßen-Finanzierung-Aktiengesellschaft, 1030 Vienna, Schnirchgasse 17, T +43 50 108-10000, F +43 50 108-10020, office@asfinag.at, FN 92191 a (hereinafter "ASFINAG") is responsible for the data processing described in the following.

The ASFINAG data protection officer is available at: ASFINAG Data Protection, c/o Autobahnen- und Schnellstraßen-Finanzierung-Aktiengesellschaft, 1030 Vienna, Schnirchgasse 17, datenschutz@asfinag.at, Tel. +43 1 955 1266, Fax +43 1 955 1277.

ASFINAG Autobahnen- und Schnellstraßen- Finanzierungs-Aktiengesellschaft attaches great importance to the protection of your personal data. If the use of our website is not possible without the provision of personal data; the use of your personal data (such as name, address, e-mail address) is always voluntary and only with your consent. This also applies to the transfer of your personal data to third parties (subsidiaries or other third parties).

We have applied the necessary technical and organisational measures according to the legal requirements for electronic communication and data protection.

Data processing digital toll product sales

The information on the processing of personal data is for information purposes only and does not constitute a contract with the user.

Data processing in connection with the sale of digital toll products is used for the payment (online shop, ASFINAG app, toll stations, points of sale, vending machines) billing and and management of time-related tolls and the digital section toll for motor vehicles with a maximum technically permissible laden mass of up to 3.5 tonnes on toll motorways and expressways.

Legal bases of the processing

ASFINAG Enabling Act 1997, ASFINAG Act, usufruct agreement ASFINAG-Bund, BStMG – Federal Roads Toll Act (BStMG) 2002, tolling regulations for motorways and expressways in Austria as amended, Arlberg expressway Financing Act, Phyrn Motorway Financing Act, Karawanken motorway Financing Act, Act on the Financing of the Innsbruck-Brenner Motorway, Tauern Motorway Financing Act, Vignette Price Ordinance, Art 6 para. 1 lit c GDPR in conjunction with § 16a BStMG (for data mentioned in § 16a BStMG).
Corporate Code (UGB) and Federal Fiscal Code (BAO).

Legal basis of the transfer

Art. 6 para 1 lit b GDPR (transmission to payment service providers for contract fulfilment), § 30 BStMG (central registration registry), § 30a BStMG (national contact point).

Data subjects / data types / duration of storage / forwarding

No. Data subjects Data types Storage period Recipients
1 Purchasers of digital vignettes or digital section tolls Vehicle license plate number 7 years from the end of the calendar year of purchase -

 

 

Country of registration

7 years from the end of the calendar year of purchase

-

 

 

Product ID (vignette number)

1 year from the end of the validity of the toll product

-

 

 

Purchased product

7 years from the end of the calendar year of purchase

-

 

 

Status or period of validity

1 year from the end of the validity of the toll product

-

 

 

E-mail address

7 years from the end of the calendar year of purchase

-

 

 

Purchase time

7 years from the end of the calendar year of purchase

-

 

 

Subscription price and payment method or data for payment processing, including data for invoicing

7 years from the end of the calendar year of purchase

1

 

 

Place, date and time of the passed toll lane for FLEX tickets

7 years after creation (passage)

 

2

Purchasers using registration codes (instead of other payment methods) 

Registration code number

1 year from the end of the validity of the toll product

-

3

Purchasers with card payment or giroPay

Transaction number of the payment service provider (from the payment service provider)

1 year from the end of the validity of the toll product

1

 

 

Payment method (credit card, debit card,...)

1 year from the end of the validity of the toll product

1

 

 

Data for the correct allocation of the payment (e-mail, ASFINAG customer number, invoice number)

1 year from the end of the validity of the toll product

1

 

 

Optional data, if provided by the customer (customer name)

1 year from the end of the validity of the toll product

1

4

Purchasers using PaySEPA or raisinbank debit

Transaction number of the payment service provider (from the payment service provider)

1 year from the end of the validity of the toll product

1

 

 

Means of payment (SEPA direct debit)

1 year from the end of the validity of the toll product

1

 

 

Data for the correct allocation of the payment (e-mail, vehicle registration number and nationality)

1 year from the end of the validity of the toll product

1

 

 

Optional data, if provided by customers (first name, last name, invoice address, country, company name, UID)

1 year from the end of the validity of the toll product

1

5

Purchasers using the payment service PayPal 

Transaction number of the payment service provider (from the payment service provider)

1 year from the end of the validity of the toll product

1

 

 

Data for the correct allocation of the payment (ASFINAG customer number)

1 year from the end of the validity of the toll product

1

6

Purchasers paying with Amazon Pay

Transaction number of the payment service provider (from the payment service provider)

1 year from the end of the validity of the toll product

1

 

 

Data for the correct allocation of the payment (ASFINAG customer number)

1 year from the end of the validity of the toll product

1

7

If purchased as an entrepreneur (additional)

Name and address

7 years from the end of the calendar year of purchase

-

 

 

Telephone number and name of contact person (optional)

7 years from the end of the calendar year of purchase

-

 

 

UID number (optional)

7 years from the end of the calendar year of purchase

 

8

Purchasers and marketing authorisation holders whose products have undergone changes (other than vehicle license plate number changes) 

Business case identification number

1 year from the end of the validity of the toll product

-

 

 

Original and new data status (historisation)

1 year from the end of the validity of the toll product

-

 

 

Data in connection with any expense reimbursement (invoice number, amount, collected expense reimbursement, time of collection, payment processing)

7 years from the end of the calendar year of purchase

1

 

 

Explanatory notes

1 year from the end of the validity of the toll product

-

 

 

Evidence (documents proving the facts; e.g. relocation etc.) and the result of the examination of the facts

1 year from the end of the validity of the toll product

-

9

Registered owner of a vehicle entitled to a free digital vignette

Vehicle registration number (transmitted by the Ministry of Social Affairs)

1 year from the end of the validity of the toll product

-

10

Registered owners whose vehicle license plates are entitled to use the toll roads in accordance with the Tolling Regulations

License plate or license plate part

1 year from the end of the validity of the toll product

 

 

 

Application form incl. contact person data

1 year from the end of the validity of the toll product

 

 

 

Date of registration

1 year from the end of the validity of the toll product

-

 

 

Optional: Name of the organisation of the registered owner

1 year from the end of the validity of the toll product

-

 

 

Date of commencement of the exemption

1 year from the end of the validity of the toll product

-

 

 

Date of end of exemption

1 year from the end of the validity of the toll product

-

11

Purchasers withdrawing from the purchase of digital vignettes or digital section tolls

Fact of the cancellation return

1 year from the date of withdrawal

-

 

 

First name and last name

1 year from the date of withdrawal

-

 

 

Address

1 year from the date of withdrawal

-

 

 

Bank details for cancellation return

1 year from the date of withdrawal

-

 

 

Transaction number of the payment

1 year from the date of withdrawal

-

 

 

Date of cancellation

1 year from the date of withdrawal

-

 

 

Reversal amount

1 year from the date of withdrawal

-

 

 

Date of the original order

1 year from the date of withdrawal

-

 

 

Country of registration

1 year from the date of withdrawal

-

 

 

Vehicle license plate number

1 year from the date of withdrawal

-

 

 

Product ID

1 year from the date of withdrawal

-

Consignee (including processors)

  1. Payment service providers (see tolling regulations – Annex 2 Payment methods and means of payment)
  2. Central registration registry

Processors who may have access to personal data in the course of technical development, maintenance or support activities, but who are not involved in the operational processing of personal data:

  • ATOS IT Solutions and Services GmbH
  • ACP IT Solutions GmbH
  • Tieto Austria GmbH
  • Microsoft Österreich GmbH (transfer to a third country cannot be excluded – EU standard contractual clauses)

Log files

When you visit our website, information is automatically sent from your terminal to our website. The following information is temporarily stored in a log file:

  • IP address of the terminal
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which the access was made
  • Browser used and, if applicable, the operating system of your terminal
  • Data entered by you in form fields
  • User_agent
  • HttpSessionId
  • Language setting of the browser

This data is stored for 4 months until it is automatically deleted.

The processing serves the following purpose:
The temporary storage of the user's IP address by our system is necessary to enable the delivery of the website to the user's computer. This data can be used to gain important information for optimising the website. Error situations can be better understood and user-friendliness is improved. This data also serves to guarantee the security of our systems (e.g. detecting attacks). It is not evaluated for marketing purposes.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the aforementioned purpose.

Data analysis / Matomo

Our website uses the open source software "Matomo" (https://matomo.org/) as a web analysis tool. This enables us to create an analysis of the use of the website. The purpose of this analysis is to improve the website for you by, among other things, detecting navigation problems in the website and adapting functions and offers according to your preferences.

Matomo sets the cookies listed below. The data collected by the cookies is automatically anonymised immediately by shortening the IP address and thus making it impossible to trace it back to your end device or person.

In addition, the data is stored exclusively on our server and is not transmitted to other servers or third parties. The determination with immediate anonymisation of your data is absolutely necessary for the operation of the website.

MTCaptcha

Our website uses a service from MTCaptcha to prevent automated queries and to allow access only to legitimate users and to protect against abuse by spammers and bots. The cookies set by this service serve exclusively to prevent the use of forms by bots and automatic scripts and are absolutely necessary for the operation of the website. No personal data is collected. For more information on data protection when using MTCaptcha, please see https://www.mtcaptcha.com/gdpr-captcha.

Cookies

The legal basis for the use of functionally necessary cookies is our legitimate interest in accordance with Art 6 Paragraph 1 lit f GDPR to ensure the technical operation and basic functions of our website as well as to save your selected cookie settings and operate the website accordingly. For all other cookies (other than those that are functionally necessary), the legal basis for their use is your consent in accordance with Art. 6 para. 1 lit a GDPR. You have the right to revoke your consent at any time, but this does not affect the legality of the processing carried out up to that point.

In the following, you will find a list of the cookies we use that don't require consent

Name Storage period Type/purpose
__RequestVerificationToken End of session Prevents unauthorised posting of website content (so-called cross-site request forgery). Contains no information about the user.
ASP.NET_SessionId End of session Multi-purpose platform session cookie used by websites based on Microsoft.NET technology.
.ASPXANONYMOUS 1 hour Unique ID for anonymous users.
_pk_id 13 months Collects statistics about the user's visits to the website, such as the number of visits, average time spent on the website and which pages were read.
_pk_ses 30 minutes Used by Matomo Analytics Platform to track page views of the visitor during the session.
_pk_ref 6 months Used by Matomo Analytics Platform to identify the referral website the visitor came from.
jsV End of session Set by MTCaptcha and is used to store the script version used.
mtv1ConfSum End of session Set by MTCaptcha as test data for validation.
mtv1Pulse End of session Set by MTCaptcha as an identification string.
contrast 365 days Saves the setting for increased contrast in order to activate this setting by default the next time you visit the website.
     


In the following, you will find a list of the essential cookies we use that require consent:

Name Storage period Type/purpose
NonEssentialCookiesAccepted 3 months Storage of the cookie banner decision

epslanguage

1 year

Language preferences of the user

 

Below you will find a list of the cookies we use that require consent when you consent to all cookies:

Name Storage period Type/purpose
tt_viewer 1 year Determines the cookie ID of the user via Teads Universal Pixel for advertising campaigns
tt_liveramp
tt_salesforce
1 day Technical cookie for the Teads Universal Pixel function
MicrosoftApplicationsTelemetryDeviceId 1 year This ID is used by Microsoft for the purposes of technical monitoring of the Omnichannel – Chat Widget Service.
dtCookie Session Follows the visit of several requests for Dynatrace services.

dtLatC

Session

Measures the server latency for Dynatrace performance.

dtPC

Session

Used for Dynatrace services to identify the correct endpoints.

rxVisitor

2 years

Defines a unique visitor ID for the user for Dynatrace services in order to identify the visitor to whom the sessions are to be assigned.

Rxvt

Session

Stores timestamps for Dynatrace services to determine when sessions start and end.

dtSa

Session

Used to store context information of user actions for Dynatrace services across different pages.

The use of our products at shop.asfinag.at is not possible without cookies. If you have disabled cookies across the board, you cannot use our products at shop.asfinag.at.

Omnichannel – Chat

Our website uses a chatbot as well as a live chat from the Microsoft Dynamics 365 module, Omnichannel for Customer Service (https://docs.microsoft.com/en-us/dynamics365/customer-service/introduction-omnichannel). This is provided by Microsoft Cooperation, 1 Microsoft Way, 98052 Redmond, USA.

The Chatbot is a dialogue system that can automatically answer your questions using routines and rules. If it is not possible for the chatbot to find a suitable answer, a live chat with an ASFINAG employee can be established. When the chatbot is started, the following data is processed:

  • Date and time of access
  • Duration of access
  • Device type, browser, operating system
  • Visitor language
  • Contents of the transmitted chats
  • Automatic mood recognition (sentiment analysis)

Depending on the course of the conversation with our chatbot or our employees, personal data may arise in the chat, which will be entered by you. We have configured our systems to process and store your data exclusively in the European Union.

For enquiries concerning information about ASFINAG products you have already purchased (digital vignettes, section tolls, etc.) or ASFINAG products you would like to purchase in the future, data processing is based on the contract already in place with you or our pre-contractual obligations for the future contract pursuant to Art. 6 para. 1 lit b GDPR.

For all other customer service enquiries that you address to the chatbot or our employees, our legitimate interest in the performance of our customer service pursuant to Art. 6 para. 1 lit f GDPR is used.

The chat histories with the chatbot are identified by means of an anonymous ID and stored for 90 days. The duration and time of the communication are processed for statistical purposes and to optimise the service.

Evaluations in the context of chats with our employees are carried out on the basis of your explicit, voluntary and informed consent pursuant to Art. 6 para. 1 lit a GDPR. Your consent may be revoked at any time at datenschutz@asfinag.at.

Alternatively, you are also welcome to contact the ASFINAG Service Center by telephone or via our contact form. Further information is available at www.asfinag.at/en/contact/.

The chat logs of the live chats (incl. previous history with the chatbot) count as corporate communication and are stored for three years for archiving purposes.

Teads Universal Pixel

In order to carry out targeted advertising campaigns, such as advertising the digital vignette, we use the "Teads Universal Pixel" technology from Teads Schweiz GmbH (Teads.tv) in the ASFINAG Toll Shop. In order to be able to show you personalised advertising content, the Teads Universal Pixel is processed on your end device or in the browser you use.

The Teads Universal Pixel collects the source of the device, the browser type, the operating system, the approximate location, the website accessed, the user's interactions with advertisements and the user's IP address, the last octet of which is deleted for anonymisation. This data is used across devices to filter an ad campaign by, among other things, user interests and location, and to prevent a user from being shown the same ad again. This anonymised data is statistically analysed for internal business analysis. There is no exchange of personal data with Teads Schweiz GmbH or Teads.tv. Teads.tv does not collect or process any information that allows a specific person to be directly identified.

The legal basis for the data processing is your consent via the cookie banner in accordance with Art. 6 para. 1 lit. a GDPR.

You can delete your consent to the display of interest-based advertising by the Teads Universal Pixel at any time via the settings in your browser. The legality of the processing up to the time of your revocation shall not be affected by this.

The Teads Universal Pixel will be stored until revoked.

Here you can find more information about the data protection of Teads.tv: https://teads.tv/privacy-policy/

Dynatrace

Dynatrace gains insight into the performance of the web application and the navigation of our users on the website. Dynatrace records click paths, JavaScript errors, browser types and geographic regions, but does not record the contents of fields such as payment data. If all cookies are accepted, the name, email address and IP address fields are also collected. This data helps us to identify functional problems. Collected data will be deleted automatically after 35 days.

Dynatrace privacy policy

Information on the rights of the data subjects

According to the General Data Protection Regulation, data subjects have the following rights:

1. Right to receive information

Each data subject has the right – after verifying its identity – to request information from ASFINAG as to whether its personal data is being processed. If this is the case, the data subject shall have the right to obtain further information on the purposes and legal basis of the processing, the categories of data concerning it, the data sources, the recipients of its data, the (non-)existence of an automated decision-making process including profiling, instructions regarding its rights and obligations, and a copy of the personal data.

2. Right to rectification and erasure

If the personal data is inaccurate or incomplete, the data subject may request the rectification, completion or erasure of data relating to it as part of the processing purposes, if necessary by means of a supplementary declaration. In particular, ASFINAG is obliged to erase personal data if the erasure is prescribed by law or if any existing consent for processing has been revoked, if there is no further legal basis for processing, or if personal data is no longer necessary for the purposes for which it had originally been collected.

However, the right to erasure does not exist if the processing is necessary to fulfil a legal obligation of ASFINAG or to perform a task that is in the public interest or that is performed in the exercise of official authority or is required to assert, exercise or defend legal claims.

3. Right to restriction of processing

Every data subject has the right to have the processing of its personal data restricted. One of the following conditions must be fulfilled for this:

  • The accuracy of the personal data is contested by the data subject for a period of time long enough to allow ASFINAG to verify the accuracy of the personal data;
  • The processing is unlawful and the data subject rejects the deletion of the personal data and instead requests the restriction of the use of the personal data;
  • ASFINAG no longer needs the personal data for processing purposes and, at the same time, the data subject needs it for the assertion, exercise or defence of legal claims;
  • If the data subject has objected to the processing, until it has been established whether the legitimate reasons of ASFINAG outweigh those of the data subject.

However, limited data may still be used to protect the rights of another person, for important public interest or to assert, exercise or defend ASFINAG's legal claims.

4. Right to data transferability

The data subject shall have the right to receive the personal data concerning it that it has provided to ASFINAG in a structured, conventional and machine-readable format or – if technically possible – to have such data transferred to another responsible party. However, this right only exists if the processing is based on the legal basis of a contract or the consent of the data subject.

5. Right to object

The data subject shall have the right to object at any time to the processing of personal data concerning it on grounds relating to its particular situation. This right shall apply only if the processing

  • is necessary for the performance of a task that is in the public interest, or
  • takes place in the exercise of official authority vested in ASFINAG, or
  • is necessary to safeguard the legitimate interests of ASFINAG or a third party.

ASFINAG will then no longer process the personal data unless it can prove compelling reasons worthy of protection for the processing, which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

6. Right to object to direct marketing

Where personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning said data subject for the purposes of such marketing. If the data subject objects to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

7. Right to appeal to the supervisory authority

Every data subject has the right to file a complaint with the data protection authority, Barichgasse 40-42, 1030 Vienna, dsb@dsb.gv.at.