Information on DATA PROTECTION
(as of December 1, 2020)
This data protection statement aims to give you an overview of the processing of your personal data by APK Vorsorgekasse AG within our remit as a corporate staff and self-employment provision fund.
The protection and safeguarding of your personal data and your private sphere are or paramount importance to us. Hence we process your data strictly in line with statutory provisions (General Data Protection Regulation GDPR, Data Protection Act and Telecommunications Act 2003).
I. Data Protection Officer and contact details
Legal responsibility pursuant to Par 4 Z 7 General Data Protection Regulation lies with:
APK Vorsorgekasse AG, Thomas-Klestil-Platz 13, 1030 Wien,
Phone: +43(0)5027550, Email: office@apk-vk.at
If you have any queries or concerns regarding the processing of your data by our enterprise, we would ask you to contact our data protection officer (see Chapter V – Contacts for questions or asserting your data subject rights with APK Vorsorgekasse AG).
II. Data processing in the context of our website
Cookies
Cookies are small data files embedded in your computer, tablet or smartphone with the help of your web browser. These data files do not cause any damage and only serve to track visitors to the website. When next you click on the website using the same terminal, the data saved to the cookies can be relayed to the website (‘First Party Cookie’) or to another website the cookie is attached to (Third Party Cookie).
Necessary Cookies
Necessary cookies help with the use of a website by enabling basic functions such as page navigation and access to safe areas of the website. Our client portal (www.kontostand.at) cannot work without the use of necessary cookies.
Name | Creator | Purpose | Duration of storage |
ssupp.vid | Smartsupp Live Chat | Visitor ID, deleted after six months | 6 months |
ssupp.chatid | Smartsupp Live Chat | Chat ID, deleted as soon as the browser is closed. | Session |
ssupp.group | Smartsupp Live Chat | Group the visitor is assigned to, deleted as soon as the browser is closed. | Session |
ssupp.opened | Smartsupp Live Chat | Status of the Chat Box (minimised or open). Deleted as soon as the browser is closed. | Session |
ssupp.barclicked | Smartsupp Live Chat | The moment the chat is opened. Deleted as soon as the browser is closed. | Session |
ssupp.message | Smartsupp Live Chat | Cache for unsent messages. Deleted as soon as the browser is closed. | Session |
ssupp.unreaded | Smartsupp Live Chat | Number of unread messages in chat. Deleted as soon as the browser is closed. | Session |
ssupp.visits | Smartsupp Live Chat | Number of chat calls so far. Deleted after six months. | 6 months |
cb_permissions | APK Vorsorgekasse AG | Settings of the cookie banners | Permanent |
| accessibility | APK Vorsorgekasse AG | Accessibility settings (high-contrast mode) | 1 week |
III. Newsletter
Die APK Vorsorgekasse AG informiert interessierte Personen (unter anderem Betriebsräte und Vertreter der Dienstgeber) regelmäßig über Neuigkeiten, die Geschäftsentwicklung, sowie die Veranlagung in Form eines Online-Newsletters, der auch per E-Mail verschickt wird. Hierfür wird die Softwarelösung „eyepin VX“ der eyepin GmbH verwendet, die durch die chiliSCHARF GmbH (als Betreiber der Webseiten der Gesellschaften der APK-Gruppe) verwaltet wird.
E-Mail Adresse und (optional) Vor- und Nachname werden zum Zweck der Versendung und persönlicher Adressierung des Newsletters an die eyepin GmbH übertragen und dort verarbeitet. Bei dem Unternehmen eyepin GmbH handelt es sich um ein österreichisches Unternehmen, das vertraglich zur Einhaltung der Vorschriften der DSGVO verpflichtete wurde. Der Newsletter wird erst nach Ihrer ausdrücklichen Zustimmung zugesendet. Es besteht außerdem jederzeit die Möglichkeit, sich vom Newsletter abzumelden.
III. Data processing in the administration of contributions
Personal data
The term ‘personal data’ covers any information relating to natural persons directly or indirectly (such as names, addresses or gender). We ascertain, process and store personal data to the extent we need them for operating a corporate staff and self-employment provision fund, and data which are supplied to us by contribution-paying employers or independent contractors. Additionally, we process personal data which we get from you direct (e.g. self-employed pension provision for attorneys-at-law, in the context of disposal of severance pay entitlements, changes of address). These data are processed by us for this purpose:
Contracting partners: Enterprises
Name of company, company register extract, beneficial owner (name, date of birth, gender, nationality, address), authorised representative/s (name, date of birth, gender, copy of photo ID), line of business, contribution account number, contact (name, email, phone number)
Contracting partners: Self-employed
Name, date of birth, gender, social security number, address, type of self-employed activity, copy of photo ID
Administration of severance pay entitlements
Data provided by the Federation of Austrian Social Insurance Institutions, such as name, title, gender, date of birth, social security number, home address, employer, qualifying period for benefits, proof of contribution base, date of retirement, date of death
Customer services
Phone memos, written communication (email, facsimile, letter)
Disposal of accrued benefits
Request for disposal, copy of photo ID, bank certificate, surviving dependants, (name, date of birth, home address, bank details, copy of photo ID), devolvement order, death certificate, family allowance documentation
With a client’s consent (to facilitate the provision of information on disposal):
email address, phone number
Legal basis and purpose of processing
We process the above-mentioned personal data in compliance with our contractual obligations (Article 6 para 1b GDPR)
Your personal data are processed on the basis of your enrolment contract pursuant to the Corporate Staff and Self-Employment Provision Act (BMSVG).
The purpose of data processing is governed by BMSVG; it comprises the taking on deposit, and investing, of severance pay contributions and self-employed provision contributions, the administration of accrued severance pay entitlements and subsequent disbursement as well as the provision of pertinent information to prospective beneficiaries (Corporate staff and self-employment provision agenda).
Should you not furnish these data, or not to the extent required, we may not be able to justify the contractual relationship in your favour or comply with your request for disposal.
Processing your data on the basis of your consent (Article 6, para 1a, GDPR)
Insofar as you have given your consent to the processing of your personal data for specific purposes (e.g. information relating to disbursement via email, telephone contacts, newsletter), processing is lawful, since based on your consent. Such consent may be withdrawn at any time. This also applies to withdrawing any declaration of consent given us prior to GDPR taking effect. Please note that such withdrawal is valid only as of the date it is made and does not impact the lawfulness of any processing based on previously given consent.
In some cases, it may be essential to fulfilling our contractual obligations for you to provide further personal data, or arrange for the provision of data of/by third parties, e.g., relating to the disposal of your severance pay entitlements. Should we not be furnished with these data, or not to the extent required, we cannot act on your request for disposal. Please note that this shall not constitute contractual nonfulfillment on our part.
Processing data in compliance with statutory provisions (Art. 6, para 1 c, GDPR)
Pursuant to the legal provisions of the Corporate Staff and Self-Employment Provision Act, employers and prospective beneficiaries are obliged to furnish the corporate staff and self-employment provision funds immediately and truthfully with information about all crucial issues relating to the contractual agreement, the administration of accrued benefits, and the scrutiny of entitlements to disbursal.
Furthermore, as a corporate staff and self-employment provision fund, we are subject to legal constraints such as the Financial Markets Anti-Money Laundering Act. In consequence, we are obliged to demand proof of identity for the prevention of fraud and money laundering.
Processing data to protect legitimate interests (Article 6, para 1f, GDPR)
Additionally, your data may be processed in order to protect legitimate interests on our part, e.g., in matters of conducting our business and evolving processes, safeguarding IT security and IT operations, including tests, in-house risk management as well as in the course of a judicial prosecution.
Data transfer to third parties
Pursuant to Section 1, para 1 Z 21, Banking System Act (BWG), we are subject to banking secrecy pursuant to Section 38, Banking System Act. Hence we are obliged to maintain secrecy with regard to all client-related information and data. Personal data are provided in-house only to those divisions or members of staff who require them for discharging their contractual or statutory duties or for protecting legitimate interests.
Additionally, our subcontracted partners (e.g., IT service providers or postal service providers) are only granted access to your data if they need them for fulfilling specific tasks. Without exception, data will only be transferred to other external recipients if you have given your personal consent (e.g., on your instructions, data are transferred to other corporate staff provision funds), if we are legally obliged or authorised, or in the case of overarching legitimate interests.
Duration of data storage
As a matter of principle, we store your data for the duration of a valid contractual relationship with us. Beyond that, we are subject to numerous restrictions on data storage, in accordance with which we are obliged to store data about you or third parties (e.g., entitled third parties) or your disposals beyond the termination of the contractual relationship, as is the case on account of the limitation period provisions enshrined in company law. Additonally, we also store your data as long as it is possible for you to file legal claims arising from our contractual relationship, which, depending on the case, can be up to 30 years in accordance with the Civil Code.
IV. Your rights (data subject rights)
Right to access:
Having furnished proof of your identity, you can send a written request for information about all processed data concerning your person to APK Vorsorgekasse AG (see IV: Contacts for questions or asserting your data subject rights with APK Vorsorgekasse AG) to us. If no data concerning the person requesting information are being processed, s/he will be informed of this fact (negative reply). In cases of legitimate interests on the part of the provider of information / third party (for instance to prevent or prosecute criminal offences) no details might be provided.
Right to rectification or erasure:
We constantly endeavour to keep your data up-to-date. Having furnished proof of your identity you can send a written request for potentially incorrect data relating to your person, or data processed in contravention of the Data Protection Act, to be rectified or erased. For economic and administrative reasons, such erasure / rectification may only be feasible at certain points in time. Please note that personal data we received on account of a contractual relationship, or that we are legally bound to store, cannot be erased before termination of the respective statutory storage obligation.
Right to object:
Provided we are in receipt of, and are processing, your personal data by your consent, you are entitled to withdraw your consent at any time with the effect that, as soon as we receive your withdrawal of consent, we will not process your data any longer for the purposes referred to in your note of consent.
Right to restriction of processing:
In certain circumstances, after you have asserted this right, we are only allowed to store your data and not to continue processing them. However, your rights might be curtailed if, in consequence, it is impossible for us to discharge our contractual or statutory obligations.
Right to data portability:
You are entitled to request that all your personal data processed by APK Vorsorgekasse AG be made available by means of automated procedures in a structured, commonly used machine-readable format.
Right to lodge a complaint with the Data Protection Authority:
Should you become aware of any infringement of the law or of statutory duties by APK Vorsorgekasse AG, you are entitled to lodge a complaint with the Data Protection Authority (www.dsb.gv.at/kontakt).
V. Contacts for questions or asserting your data subject rights with APK Vorsorgekasse AG
Please contact our data protection officer if you have any questions or concerns in matters of data protection:
APK Vorsorgekasse AG, Thomas-Klestil-Platz 13, 1030 Wien,
Phone: +43(0)5027550,
Email: datenschutz@apk-vk.at