Privacy policy


    The BVS & the BVS Group

    The Upper Austrian Fire Prevention Agency (“Brandverhütungsstelle für Oberösterreich”) and its subsidiaries (hereinafter referred to as “BVS Group”) is a competent partner regarding preventive fire protection for legislators and administrations but also for businesses, planners and the general public.
    As part of our activities we need to process personal data, whereby each of the subsidiary companies of the BVS Group can be a data controller within the meaning of the European General Data Protection Regulation (GDPR).

    Should you still have questions with regard to data protection, you can contact us anytime:

    BVS – Brandverhütungsstelle für Oö. reg.GenmbH
    Petzoldstraße 45, 4020 Linz, datenschutz@bvs-ooe.at, +43 732 7617-250

    For matters concerning data protection of the BVS Group, you may also contact our external data protection officer:

    Mr. Stefan Schiffer
    Leonfeldner Straße 124, 4040 Linz, Austria
    E-mail: dsba-bvs@qed.at, Mobile: +43 699 12547249


    Joint Controllers

    Together with our subsidiaries (BVS Group) we process personal data, whereby each of the subsidiary companies of the BVS Group can be a data controller within the meaning of the European General Data Protection Regulation (GDPR):

    1. BVS – Brandverhütungsstelle für Oberösterreich registrierte Genossenschaft m.b.H.
      Petzoldstraße 45, 4020 Linz, datenschutz@bvs-ooe.at
    2. BVS-Holding GmbH
      Petzoldstraße 45, 4020 Linz, datenschutz@bvs-ooe.at
    3. IBS – Institut für Brandschutztechnik und Sicherheitsforschung Gesellschaft m.b.H.
      Petzoldstraße 45, 4020 Linz, datenschutz@ibs-austria.at
    4. IBS – Technisches Büro GmbH
      Petzoldstraße 45, 4020 Linz, datenschutz-tb@ibs-austria.at
    5. IGS – Institut für geprüfte Sicherheit eGen
      Petzoldstraße 45, 4020 Linz, datenschutz@bvs-ooe.at

    Joint controllership of processing activities such as customer management, customer service and own-purpose marketing, event organization, data privacy file and process management, accounting or human resource management allows to determine – in close coordination and cooperation with each company – the purposes and means of processing data, to ensure the efficiency, effectiveness and expediency of the business processes. This increases the confidentiality, integrity, availability and resilience of systems and services by reducing redundancy and by sharing resources. The IT systems and the IT infrastructure that are required for joint processing activities are operated as a shared service.
    The BVS – Brandverhütungsstelle für Oberösterreich registrierte Genossenschaft m.b.H. is the dominant company of the BVS Group. The other companies are required to implement the data protection frameworks in their division but are still involved in defining the purposes and means of processing for the joint processing activities.
    The BVS – Brandverhütungsstelle für Oberösterreich registrierte Genossenschaft m.b.H. assures the rights of the data subjects in accordance with Art. 15 to Art. 22 GDPR as well as the information obligations according to Art. 13 and Art. 14 GDPR for all processing activities. It is also the designated contact point for data subjects:
    BVS – Brandverhütungsstelle für Oberösterreich registrierte Genossenschaft m.b.H.
    Petzoldstraße 45, 4020 Linz, Austria
    e-mail: datenschutz@bvs-ooe.at, phone: +43 732 7617-250
    The right of the data subjects, pursuant to Art. 26 (3) GDPR, to exercise their rights in respect of and against each of the controllers remains unaffected.
    The BVS – Brandverhütungsstelle für Oberösterreich registrierte Genossenschaft m.b.H. is in charge of the management and maintenance of the records of processing activities, the definition, review and updating of the technical and organisational measures as well as the notification of a personal data breach to the supervisory authority, with corresponding cooperation obligations for the other companies.

    Whose personal data do we process?

    When we process personal data, it means that we collect, record, store, adapt, retrieve, use, transmit, make available or erasure data.

    In the context of our activities, we process personal data of people from outside the BVS Group with whom we are in direct contact or who become known to us within the scope of our business transactions. These are in particular:

    • (Prospective) customers of the BVS Group when they are natural persons; or the contact persons of (prospective) customers when they are legal persons (e.g. companies or authorities).

    Due to our wide-ranging scope of activities, we have (prospective) customers from different fields. In particular they are manufacturers of construction products, planners, construction companies or owners of buildings, contractors of expert opinions on fire and explosion investigations and course and seminar participants.

    • Suppliers of the BVS Group when they are natural persons; or the contact persons of suppliers when they are legal persons.
    • Building project participants who are not customers or suppliers as well as persons involved in the installation and acceptance of fire protection systems (e.g. employees of construction companies and fire protection representatives).
    • Speakers at courses and seminars arranged by us.
    • Injured parties and other involved parties at fires and explosions that are examined by us.
    • Applicants at one of the BVS Group companies.
    • Visitors to our internet presence.
    What kind of personal data do we process?

    We process personal data provided by you and data which we collect from our business partners during business transactions as well as data we receive from other persons and organisations (such as authorities, insurances, banks and fire services) or data which are taken from publicly accessible sources (like public registers, websites or professional networks) – Details can be found below in section “From where do we receive your personal data?”.
    We basically process only those personal data that are necessary in order to identify natural persons and to be able to communicate with them. These data are:

    • Identification data (e.g. first name, surname, date of birth)
    • Name affixes (e.g. academic degrees, job titles)
    • Contact data (e.g. address, telephone number, email address, website address)
    • Organisation data (e.g. company affiliation, legal form, GLN, VAT number, business purpose)
    • Correspondence with these persons (e.g. emails with appendices)

    In addition, we process personal data in the different BVS Group companies depending on the activity, especially:

    • Payment details (e.g. bank details of customers, speakers and suppliers)
    • Building data and plans of which the owners are natural persons
    • Credit rating data (e.g. enquiries of “AKV-Alpenländischer Kreditorenverband”) in case the (prospective) customer is a natural person (individual company).
    • Course and seminar participation and certificates issued for that purpose
    • Injury data of fires and explosions (e.g. damage location, damage amount, cause of the fire) as far as natural persons are concerned
    • Applications and CVs of applicants
    • Usage data gathered when visiting our website: The collection of this information is conducted with technical means supplied by third persons – details can be found below in the section Additional information for our internet presence. The evaluation of these data is solely processed in anonymous form.

    Separate information will be provided on all further data categories which are not equivalent to the ones described above.

    What are the purposes and legal bases of processing your data?

    Contract performance and associated legal obligations and legitimate interests

    We process personal data primarily for the contractual handling of the orders of our customers, suppliers or authorities. We only store those personal data that are necessary for us within the context of the contact, data that are subject to legitimate interest or data that we are legally obliged to collect, as well as data which are necessary for us when deciding whether we want to submit or accept an offer.

    General personal data (such as names or contact data) are processed due to legitimate interest for the whole BVS Group (see below).

    Personal data extending beyond these general data shall only be processed in the subsidiary within the BVS Group that maintains the business relation or the public contract. If any of this data shall be transmitted to another subsidiary within the BVS Group, separate information will be provided.

    Legal obligations and performance of tasks in public interest

    When processing data from fires or explosions in Upper Austria, we fulfil an important legal mandate of the Upper Austrian Fire and Emergency Act (Oö Feuer- und Gefahrenpolizeigesetz). This covers the preparation of fire damage statistics as regulated by the Upper Austrian Fire and Emergency Regulation (Oö. Feuer- und Gefahrenpolizeiverordnung), for which we collect data on fire incidents including personal data.

    According to the Upper Austrian Fire and Emergency Act, we train experts to be able to determine causes of fires and explosions as well as for fire prevention and preventive fire protection tasks and have to provide such experts for courts and authorities whenever needed (e.g. for fire inspections). When preparing expert opinions envisaged in this context, processing personal data is inevitable.

    Likewise, we are obliged to carry out and promote training and further education for persons involved in fire prevention and preventive fire protection tasks. In compliance with the Upper Austrian Fire and Emergency Regulation, we train fire safety officers together with the Upper Austrian Fire Brigade School (Landes-Feuerwehrschule für Oberösterreich) and offer courses for operators of fire alarm systems, sprinkler systems, gas extinguishing systems, smoke and heat exhaust systems and pressure ventilation systems. For these purposes, we store the necessary identification and organisational data of the training and course participants as well as the associated evidence and certificates.

    Legitimate interest

    The jointly processing of general personal data (such as person master data or contact data) for the entire BVS Group shares from the legitimate interest of keeping these data centralised. This avoids double recordings of persons and assures that an update is available to all companies within the BVS Group.

    Some personal data are being processed to enable us to improve our services and offerings or to draw existing customer’s attention to our offers. In any case, we will only process your data if we are convinced that your interests or fundamental rights and freedoms are not overridden by our interests.

    For example, we save the name and contact data of the contact persons of our business partners.

    Customers are informed about specific offers or reminded of the expiration of deadlines (e.g. inspection of fire protection systems, expiry of certificates, refresher courses for fire protection representatives).

    Occasionally, we use the personal data to reconquer or attract customers (direct marketing).

    Consent

    You will only receive marketing emails (newsletter), if you have expressly consented to receiving our newsletter. Withdrawal of your consent is possible at any time – find details on how to unsubscribe in our newsletter.

    How long we keep your data?

    We shall store your personal data only until such time that it is required for the purposes of processing, or for the duration of statutory or contractual storage periods or for as long as it can be necessary to establish, exercise or defend legal claims. Separate information will be provided on storage periods for specific processing activities.

    From where do we receive your data?

    Data that we do not receive from you directly mainly come from the following sources:

    • From our business partners and other project participants (e.g. identification, contact and organisational data, plans, correspondence)
    • From authorities, public prosecutors and courts (e.g. identification, contact and organisational data, plans, submission documents, damage data from fires and explosions).
    • From the Upper Austrian Fire Brigade School (e.g. identification data and certificates of the fire safety officers).
    • From insurance companies (e.g. identification and contact data, damage data from fires and explosions).
    • From publicly accessible sources (e.g. credit rating data, execution and insolvency data)

    Separate information will be provided on all other data sources.

    To whom do we transmit your data?

    Transfer of data to other controllers within the BVS Group

    Within the BVS Group, we will principally only transmit general personal data. All other data may be transmitted between BVS Group subsidiaries if more subsidiaries are involved in an order or if a contract has direct relation to a former order of another BVS Group company.

    Transfer of data to recipients outside the BVS Group

    We will only transmit your personal data to recipients outside the BVS Group based on the respective processing purpose and legal bases, e.g. if you have consented to the transfer, or if it is necessary for the performance of a contract or for compliance with a legal obligation to which we are subject.

    Recipients of personal data are, in particular:

    • Customers, authorities, other project participants and cooperation partners: e.g. data used in the processing of orders.
    • Fire brigades: e.g. data used in the approval of fire control plans.
    • Banks: e.g. data used in payment transactions.
    • “Alpenländischen Kreditorenverband” (AKV): e.g. data used for credit rating and collection orders.
    • Insurances, authorities or courts: e.g. data on injured parties from fires and explosions.
    • Lawyers: e.g. data of the respective legal representation.
    • Tax authority: e.g. data used for the company audit and tax calculation.
    • “Raiffeisenverband Oberösterreich” and other public accountants: e.g. data used in audits of the BVS Group.
    • Newsletter sender: e.g. email addresses of newsletter recipients.

    Transfer of data to third countries

    We will only transfer personal data to third countries insofar as the customer or one of his partners comes from a third country and if it the data transfer is necessary for the contract performance.

    However, it cannot be ruled out that personal data which is published on our website is not retrieved from a third country.

    Additional information for our internet presence

    Our websites use services from external providers. These providers process your personal data either as our joint controllers or as our processors.

    Cookies

    We use cookies to be able to offer our information and services. We use functionally necessary cookies based on our legitimate interest. We ask for your consent in the cookie window for cookies that are not functionally necessary. If you give your consent, we will process your personal data for our own customer service and marketing purposes.

    Specific information on the individual cookies and the option to withdraw your consent can be found under ‘Details’ in the cookie window.

    Meta Pixel and LinkedIn Insight Tag

    If you consent to the use of the meta pixel or LinkedIn Insight Tag in the cookie window, we will use these technologies to measure your interactions on our websites to improve our offering. We send this information to Meta and LinkedIn for analysis purposes. You can find more information about the Meta Pixel here and about the LinkedIn Insight Tag here.

    Google maps

    For the presentation of our locations and other geographical information, we use the online mapping service Google Maps after having obtained your express consent for this in accordance with Art. 49(1)(a) of GDPR. By giving your consent, you agree to having your user data (IP address, tracking ID, etc.) processed in the USA or other insecure third countries where no adequate protection of your data currently exists. There is a risk that your data will be processed for control and monitoring purposes without any means of redress.

    You can revoke your consent at any time by deleting the browser data of the respective BVS Group website. The revocation of consent shall not affect the lawfulness of the processing carried out up to that point.

    Social media presence
    (Facebook, Instagram, LinkedIn, Xing, YouTube)

    We operate various social media channels for customer service and marketing for our own purposes out of the legitimate interest in the positive presentation of our companies, our services and products to the public and for the purpose of direct advertising in accordance with Recital 47 GDPR.

    When you access our social media pages in your browser, the social media operator determines the user’s IP address and sets cookies. If you are logged in with the respective social media account in the browser, the social media operator can merge your data.

    When using the respective social media app, you must be logged in. Depending on your settings in the app, personal data is transmitted to the social media operator (name, user ID, email address, messages, location, financial data, fitness data, contacts, photos & videos, etc.).

    Facebook and Instagram:
    Individual companies in the BVS Group are joint controllers in accordance with Art. 26 GDPR with Facebook Ireland Limited, 4 Grand Canal Square, D2 Dublin, Ireland. You can find more information about shared responsibility with Facebook and the handling of user data in Facebook’s Page Insights addendum: https://en-gb.facebook.com/legal/terms/page_controller_addendum/

    LinkedIn:
    Individual companies in the BVS Group are joint controllers in accordance with Art. 26 GDPR with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. For more information about shared responsibility with LinkedIn and handling user data, see LinkedIn’s Insights addendum: https://legal.linkedin.com/pages-joint-controller-addendum

    Xing:
    The BVS Group uses social media channels from New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. New Work SE, as the operator of the Xing platform, does not provide us with any personal data of individual users unless it is publicly visible. You can find more information about the operator’s data processing in Xing’s data protection declaration: https://privacy.xing.com/en/privacy-policy

    YouTube:
    The BVS Group uses YouTube channels from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google, as the operator of the YouTube platform, does not provide us with personal data about individual users unless it is publicly visible. You can find more information about the operator’s data processing in Google’s data protection declaration: https://policies.google.com/privacy?hl=en#europeanrequirements

    Which rights do you have?

    Right of access and right to rectification

    You principally have the right to obtain access and the right to rectification of false data. You have the right of access to the personal data that we process from you. If the data are no longer up to date or incomplete, you can demand from us the rectification of inaccurate personal data. For exceptions and details please see Art. 15 and Art.16 of GDPR.

    Right to erasure

    You have the right to obtain from us the erasure of your personal data without undue delay insofar as no legal basis for the processing of the data exists, or it has ceased to exist. For exceptions and details please see Art. 17 of GDPR.

    Right to restriction of processing

    You have the right to obtain from us the restriction of processing of your personal data insofar as you contest the accuracy of your personal data, or the processing is unlawful and you request the restriction of their use instead, or we no longer need the personal data but they are required by you for the establishment, exercise or defence of legal claims, or if you have objected to processing pending the verification whether our legitimate grounds override yours. For exceptions and details please see Art. 18 of GDPR.

    Right to data portability

    You have the right to receive the personal data concerning you, which you have provided to us based on your consent or a contract with you. For exceptions and details please see Art. 20 of GDPR.

    Right to object

    Insofar as we process your personal data based on a legitimate interest, you have the right to object. We shall only process your personal data if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. For exceptions and details please see Art. 21 of GDPR.

    Right to withdraw your consent

    If you have given us your consent to the processing of your data, you can withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing your personal data before its withdrawal. For exceptions and details please see Art. 7 of GDPR.

    Please turn to us directly, if you wish to exercise these rights.

    If you are concerned that the processing of your data violates the data protection law or that your claims on data protection are infringed in any other way, you have the right to complain at a supervisory authority. In Austria the data protection supervisory authority is:

    Österreichische Datenschutzbehörde
    https://www.dsb.gv.at

    Stand: 13th August 2024