������Ƶ

A Data Processing Notice tells people how an organization collects and uses their personal information. Under Austrian data protection law, companies must provide this clear, written explanation before they start handling anyone's data. It's similar to a privacy policy but focuses specifically on data processing activities.

The notice must spell out what data you're collecting, why you need it, how long you'll keep it, and who else might see it. Austrian businesses use these notices to comply with both the EU's GDPR and local data protection requirements, while giving their customers and employees transparency about their data rights. You'll often see these notices during job applications, when signing up for services, or when sharing personal information with Austrian companies.

Use a Data Processing Notice whenever you start handling personal information in new ways within your Austrian organization. Common triggers include launching online services, installing workplace surveillance, introducing customer loyalty programs, or deploying new HR systems. You need this notice before collecting data through websites, apps, or physical forms.

The notice becomes essential when sharing data with third parties, processing sensitive information like health records, or transferring data outside Austria. Austrian law requires you to provide this notice before any significant data collection begins - particularly for employment relationships, marketing campaigns, or when using automated decision-making systems. Having it ready early helps avoid legal complications and builds trust with your data subjects.

• General Employee Data Notice: The most common type, explaining how an Austrian company processes staff data, including payroll, performance tracking, and workplace monitoring.
• Customer Data Processing Notice: Details how businesses handle customer information for services, marketing, and account management.
• Website Privacy Notice: Focuses on online data collection, including cookies, user tracking, and digital marketing practices.
• Special Categories Notice: Used when processing sensitive data like health information or biometric data, requiring extra safeguards under Austrian law.
• Third-Party Processing Notice: Explains data sharing arrangements with external service providers and international transfers.

• Data Protection Officers (DPOs): Draft and maintain Data Processing Notices, ensuring they meet Austrian legal requirements and GDPR standards.
• Legal Teams: Review and approve notices, adapt them for specific business needs, and ensure compliance with Austrian data protection laws.
• HR Departments: Implement notices for employee data processing and explain data handling practices to staff.
• IT Managers: Help identify data processing activities and implement technical measures described in the notices.
• Data Subjects: Individuals whose personal data is being processed, including employees, customers, and website visitors who must receive these notices.

• Data Mapping: Document all personal data types you collect, their sources, and how you use them in your Austrian operations.
• Processing Purpose: List specific reasons for data collection, like customer service, marketing, or legal obligations.
• Data Transfers: Identify any third parties receiving the data and international data flows.
• Storage Details: Determine how long you'll keep different types of data and your deletion procedures.
• Rights Information: Outline data subject rights under Austrian law, including access, correction, and deletion procedures.
• Contact Details: Include your DPO's information and clear procedures for handling data privacy inquiries.

• Controller Identity: Your organization's full legal name, contact details, and DPO information under Austrian law.
• Processing Purpose: Clear explanation of why you collect and use personal data, including legal bases.
• Data Categories: List of all personal data types processed, especially sensitive data requiring special protection.
• Recipients: Details of who receives the data, including third-party processors and international transfers.
• Retention Period: Specific timeframes for keeping different types of personal data.
• Data Subject Rights: Clear explanation of privacy rights under Austrian and EU law, including how to exercise them.
• Complaint Procedures: Information about filing complaints with the Austrian Data Protection Authority.

A Data Processing Notice is often confused with a Data Processing Agreement, but they serve different purposes under Austrian data protection law. Let's clarify their key differences:

• Legal Nature: A notice is a one-way informational document explaining how you handle personal data, while an agreement is a binding contract between two parties processing data.
• Target Audience: Notices are given to data subjects (employees, customers, users), while agreements are made between data controllers and processors.
• Content Focus: Notices explain data collection purposes and rights in plain language, while agreements detail technical requirements, security measures, and legal obligations between businesses.
• Timing: Notices must be provided before data collection begins, while agreements are signed before any data processing collaboration starts.
• Legal Effect: Notices fulfill transparency obligations but don't create contractual obligations, unlike agreements which establish legally binding commitments.