Effective: December 2022
1. What information is available on this page?
Österreichische Post AG (hereinafter referred to as "Austrian Post", "we", "us") processes your per-sonal data in full compliance with the provisions of data protection law, in particular the General Data Protection Regulation (GDPR), the Austrian Data Protection Act, and all other applicable laws.
In this document, you will find information about the scope and purpose of our data processing within the scope of our Supplier Portal ("Lieferantenportal") and about your rights in this regard.
This includes the following sections:
- To whom is this Information addressed? (point 2)
- Who is responsible for the processing of your data? (point 3)
- Information on data processing within the Supplier Portal (point 4),
- Automated decision making and profiling (point 5)
- What rights do you have? (point 6)
- How can you contact us? (point 7)
- Information about cookies and thirdparty websites (point 8)
2. To whom is this information addressed?
The information you find on this page is addressed to our suppliers who use the Supplier Portal of the Post.
If you are a customer/prospective customer of Austrian Post or visit the websites of Austrian Post, our data protection information available at www.post.at/en/i/c/data-protection
3. Who is responsible for the processing of your data?
Responsible for the processing behind all data protection information available on this page is the
4. Information on data processing within the framework of the Supplier Portal
As a sector contracting authority, Austrian Post is in part legally subject to the Federal Public Procurement Act (BVergG) and thus also to certain strict documentation requirements. We process your data for the purpose of award and tender management in order to carry out tenders, procurement processes and invoice processing as well as contract initiation and processing of contracts as well as documentation of the entire award process and all documentation. For this purpose, the suppliers register themselves on the Supplier Portal of Austrian Post, whereby they themselves are responsible for changes to the account data and contact persons.
Which of your data can we process for this purpose?
Personal account data (such as name, job title and industry affiliation), contact and address data (such as address, e-mail address, telephone and fax numbers), tax data (such as tax and/or VAT ID order data), creditworthiness information and payment terms, legitimation and authentication data (such as ID data, signature, company stamp and passwords), historical data on the business relationship between you and us and companies associated with us, data in the context of ongoing contact maintenance or business initiation (such as data on communication that has taken place including date and time as well as purpose) and copies of correspondence, provided this is done in writing, by e-mail or by fax.
In addition, the processing of the name of your authorized employee as well as the entrepreneurial status, address, etc. is required.
What is the legal basis for this processing?
The legal basis for the supplier management are
our legal obligations (Art 6 Abs 1 lit c GDPR) according to § 132 BAO and §§ 33ff, 78 ff, 82 Abs 2 Z 1, 83 BVerG and §11 RHG (documentation obligation and execution of tenders);
As well as our legitimate interest according to Art 6 para. 1 lit f GDPR in the proper management of our partners and suppliers.
How long can your data be stored?
Your data can be stored for a maximum of 30 years after the end of the business relationship for the purpose of supplier management.
With whom are we allowed to share your data?
External service providers (processors): We comply with legal and contractual obligations. In our society, which is based on the division of labour, the necessary data processing is often carried out by specialised companies, so-called service providers (processors). These companies can provide such services in an economically favourable and high-quality manner. Therefore, we transmit your personal data to these companies to the extent necessary for the respective service provision.
Our processors are carefully audited without exception and on a regular basis. Legally compliant contracts guarantee the secure processing of your data without gaps.
Your data may be transferred to the following processors for the purpose of maintaining the Supplier Portal:
QAD Europe GmbH
Data transfers outside the EU or EEA:
All information you submit to us is stored on servers within the European Union. In the case of the provision of services for ARAS Kargo, your data will be transferred to Turkey. The legal basis for the transfer of personal data outside the European Union is your explicit consent. In these cases, the security of your personal data is furthermore ensured after a documented case-by-case assessment by concluding EU standard data protection clauses (appropriate guarantee pursuant to Art 46 GDPR) with ARAS Kargo. These standard data protection clauses are available on request at post.at/other-data-protection-requests.
Other information about this processing:
You are not contractually or legally obliged to provide your data. If you do not provide the aforementioned data, it will not be possible to conclude a contract or register for the Austrian Post Supplier Portal.
5. Automated decision making and profiling
The processing of data by Austrian Post described on this page does not involve any automated decision-making or profiling pursuant to Art. 22 (1) and (4) GDPR.
6. What rights do you have?
You have the right to information about your personal data that we process as a controller. You can find more information on this in Art 15 of the GDPR.
Under certain conditions, you can request the restriction of processing as well as the correction and deletion of your personal data. Further information on this can be found in Art 16-19 of the GDPR.
Under certain circumstances, you also have a right to data portability and thus to your personal data disclosed to us in a structured, common and machine-readable format. Further information on this can be found in Art. 20 of the GDPR.
You also have the right to object at any time to processing of your data that is carried out in the legitimate interests of Austrian Post or third parties, if reasons arise from your particular situation. You can find more information on this in Art. 21 of the GDPR.
The processing of your personal data may be based on your consent pursuant to Art 6 para 1 lit a GDPR. You can revoke your consent at any time without giving reasons with effect for the future; until then we process your data lawfully.
You can see in point 4 on which legal basis we base our data processing.
You want to exercise your rights or you have further questions, suggestions or criticism? In this case, you can contact the contacts listed under point 7 ("How can you contact us?").
Furthermore, you have the possibility to complain to the Austrian data protection authority:
Austrian Data Protection Authority,
Phone: +43 1 52 152-0
7. How can you contact us?
To contact the data protection officer of Austrian Post or to exercise your rights, please use the options listed under point 8 of our data protection information: post.at/data-protection
Cookies and similar technologies (hereinafter referred to as "cookies") are used in several places on our websites. They serve to make our offer more user-friendly and effective. Cookies are small text files that are stored on your computer and saved by your browser. We use session and permanent cookies on our website. Session cookies are only stored for the duration of the session. Permanent cookies, i.e. long-lasting cookies, serve to improve the use of our website for our customers.
In principle, you can also use our pages without cookies. However, a login is required for certain services, which will not work without authentication cookies.
In your browser settings you can determine whether cookies may be set or not.
- 2. Types of cookies
With the help of these cookies, we can uniquely identify the logged-in user across all applications and thus ensure optimal user guidance.
The Supplier Portal uses the following authentication cookies: jsessionid
The functionality cookies are used to offer the customer an optimal service for recurring functionalities on the one hand, on the other hand they serve the security of the web application. Monitor resolution values are stored in order to provide images in the optimal resolution for the customer so that the loading times also remain low depending on the system. But also unwanted areas can be hidden permanently.
The Supplier Portal uses the following functionality cookies: astras-popups-allowed, astras_cdi, astras-cookies-accepted.
- 3. Third-party websites
The Supplier Portal may contain hyperlinks to and from third party websites. If you follow a hyperlink to one of these websites, please note that we cannot accept any responsibility or warranty for third-party content or data protection conditions. Please make sure you are aware of the applicable data protection conditions before submitting personal data to these websites.