EDM - Privacy Information

General information

The protection and security of your personal data are important to us. Therefore, EDM stores and processes personal data of natural persons in accordance with the applicable Austrian and European data protection laws.

We take our responsibility very seriously.

Personal data is protected in EDM by appropriate technical and organisational measures against loss and against access and manipulation by unauthorised persons. We want you to know the purposes for which and the legal basis on which we collect personal data and how we process this data.

We would also like to inform you about your rights with regard to data protection matters and tell you whom you can contact in this regard.

 

What data is processed in EDM?

If you only visit the EDM website, we process the following data in the web server log files:

  • online identification number (IP address)
  • browser and operating system used
  • date/time stamp of the visit
  • the URL called up including all parameters
  • if applicable, the page you were on when you clicked the page link
  • the protocol version used by your browser
  • the method of access used
  • the size of the data retrieved

The legal basis for the processing of this personal data is the fulfilment of a legal obligation within the meaning of Article 6 (1) item c of the GDPR, documentation and logging obligations, which also represent the purpose of the processing. The web server log files are stored for 6 months and then automatically deleted. In the case of misuse or security incidents, for example, they provide information to help investigate the incident.

Should such a case occur, the relevant data will be stored until the incident has been finally resolved and, if necessary, will be transmitted to the responsible authorities.

 

If you have logged into EDM as an authorised person, we also process the following data:

  • your login name and your encrypted stored password
  • the timestamp of your login
  • the timestamp of your logout
  • your internal user key in the form of a number
  • what data you have accessed
  • type of access (read, write, etc.)
  • possibly the purpose of the access

The legal basis for the processing of this personal data is the fulfilment of legal obligations within the meaning of Article 6 (1) item c of the GDPR, documentation and protocol obligations, which also represent the purpose of the processing.

 

If you are registered in EDM, we process the following personal data of natural persons:

  • Name
  • Address
  • Domestic business address(es) (relevant for deliveries)
  • Telephone number
  • Fax number
  • E-mail address
  • Supplementary register number, if applicable
  • Contact details of registered contact persons
  • Geo-referencing data on systems, operating sites
  • Role in EDM, e.g. assessor, waste collector, handler, etc.

The legal bases for the processing of this personal data can be found in the following section regarding the legal bases.

 

On what legal basis do we process your personal data?

EDM is an eGovernment system that is operated on the basis of and within the framework of laws. In particular, these laws include the Waste Management Act 2002 (AWG 2002), see especially § 21 and § 22 AWG 2002, the Trade Act 1994 (GewO 1994), the Emission Protection Act for Steam Boilers (EG-K 2013), the Water Rights Act 1959 (WRG 1959) , the Emissions Allowances Act 2011 (EZG 2011), the Radiation Protection Act 2020 (StrSchG 2020), the Chemicals Act (ChemG 1996), the EU PRTR Regulation, the EU Industrial Emissions Directive, the Environmental Information Act (UIG), the EU POPs Regulation, the EC Waste Shipments Regulation, and individual uses provided for in the respective provincial law pursuant to § 22 (5d) AWG 2002.

 

Which cookies are used in EDM?

Our website uses so-called cookies. These are small text files that are stored on your end device with the help of the browser. They do not cause any damage.

The cookies used in EDM are, without exception, technically necessary cookies that serve to make the operation of EDM more secure and, for example, to ensure technical reliability. Some cookies remain stored on your end device until you delete them. They enable us to recognise your browser upon your next visit.

Cookie name

Cookie type

Purpose

Storage duration

3 Stk.TS{zahlenkombination}

Technically necessary

Load distribution, application protection

Valid until the end of the session

JSESSIONID

Technically necessary

Identification beyond multiple accesses.

Valid until the end of the session

_EDMSESSIONTICKET_

Technically necessary

Identification of the user throughout EDM

Validity max. 30 min. or until logoff

In addition to the cookies listed by name here, various cookies are used in the individual specialised applications to support navigation and to store the status of the web user interface. All of these cookies are technically necessary and are only valid until the end of the session, i.e. they are not stored beyond the point when the Internet browser is closed.

Please refer to the previous section on legal bases for information regarding the legal basis for the processing of this personal data.

 

Where does this data come from?

First of all, data is generated by visiting our website (some of the data is transmitted by your browser). Master data and notification data are mainly recorded by your input or managed by the responsible authority (particularly official permits) in EDM.

 

What security standards is data processing subject to?

In EDM, personal data is processed with the utmost care, and extensive technical and organisational security measures are taken to ensure that the applicable data protection regulations are observed by all responsible bodies as well as by the processors commissioned by the controllers. The security measures correspond to the current state of the art and include, among other things, the use of modern security technologies and encryption methods, physical access controls, and precautions to ward off attacks.

 

Who processes your data?

The Federal Ministry for Climate Action, Environment, Energy, Mobility, Innovation and Technology (BMK) and the provincial governors process the data as joint controllers within the meaning of Article 4 (7) in conjunction with Article 26 Regulation (EU) No. 2016/679 (General Data Protection Regulation) on the protection of natural persons with regard to the processing of personal data.

 

Who else has access to your data?

In direct federal administration, other competent authorities and bodies may also access EDM data within the scope of their competence and for legally defined purposes, such as the district administrative authorities (see, for example, § 22 [4] to [5c] AWG 2002). In addition, there is a legal basis which allows the provincial governments and provincial administrations (insofar as this is provided for in provincial law) to also participate in EDM (e.g. § 22 [5d] AWG 2002). In direct federal administration, customs authorities and their bodies as well as the federal police may also access the data in the registers for the purpose of performing their given tasks within the scope of their respective competence, insofar as this is necessary for the execution of this federal law and the regulations based on it as well as the EC Waste Shipments Regulation (§87a [2] to [4] AWG 2002).
The Federal Environment Agency for the purpose of observing and collecting data on the development of the environment and environmental pollution by evaluating the register data (§87a [5] AWG 2002) and to provide support and development services as part of the assignment by the responsible bodies.
Authorised specialists or specialist institutions according to the provisions of the AWG 2002 as described in §87a (1a) AWG 2002.
Your data will not be disclosed to persons other than those provided for by law: Data that was logged when accessing EDM will only be transmitted to third parties if we are obliged to do so by law or court order or if this is required for the purposes of legal or criminal prosecution in the event of attacks on EDM infrastructure.

 

How long is the data retained?

The duration of the storage depends on the relevant legal provisions, but data from reports may be stored in the interest of ensuring the traceability of historical development even if the company that reported the data no longer exists.

 

Your rights

You have the right to information about the personal data pertaining to you, the right to rectification or erasure, the right to restriction of processing, the right to object to the processing, and the right to data portability. The right to erasure exists, but will generally not be applicable in the case of the fulfilment of legal tasks. The right to object will not be applied as a rule, because this would presumably result in the violation of your other legal obligations under the Waste Management Act 2002. If in doubt, please e-mail your question to datenschutz@bmk.gv.at.

The right to rectification according to Article 16 GDPR does not usually exist with regard to the correction, update, or completion of personal data contained in a report or required for control tasks of the authority (see Article 22 [9] of the Waste Management Act 2002). The right to data portability will generally not be applicable due to the responsibility under direct federal administration (Article 20 [3] GDPR).

If you are of the opinion that your rights are not being honoured or not being honoured sufficiently, you have the option of lodging a complaint with the supervisory authority (in Austria, this is the Austrian Data Protection Authority; www.dsb.gv.at).

 

Who are the controllers within the meaning of the General Data Protection Regulation?

The joint controllers within the meaning of Article 4 (7) in conjunction with Article 26 of the GDPR are the Federal Ministry for Climate Action, Environment, Energy, Mobility, Innovation and Technology (BMK) and the individual provincial governors.

Please refer to the following list for the relevant provincial governors:

https://www.parlament.gv.at/WWER/LAND/

The BMK is the legal contact for data protection.

For visitors: Radetzkystraße 2, 1030 Vienna

Mailing address: Radetzkystraße 2, PO Box 201, 1000 Vienna

Web: https://www.bmk.gv.at/

Data Protection Officer: datenschutz@bmk.gv.at

 

Version: 2.0, as of: 03/09/2021