������Ƶ

A Privacy Notice tells people how an organization collects and uses their personal data. Under Austrian data protection law, companies must provide this information clearly and openly to their customers, employees, and website visitors. It explains what data gets collected, why it's needed, and how long it's kept.

This document helps organizations comply with both the Austrian Data Protection Act and EU's GDPR requirements. It covers key points like data sharing with third parties, international transfers, and how individuals can exercise their privacy rights. Companies typically display it on their websites and include it in employee handbooks and customer agreements.

Your organization needs a Privacy Notice when collecting any personal data from individuals in Austria. This includes launching a new website, hiring employees, starting email marketing campaigns, or setting up customer databases. Austrian law requires this notice before you begin gathering information.

A Privacy Notice becomes essential when expanding operations, introducing new data processing activities, or working with international partners. You must update it when changing how you handle personal data, implementing new technologies, or responding to regulatory changes. It's particularly important when processing sensitive data like health information or when using automated decision-making systems.

• Data Privacy Notice: The most comprehensive type, covering all data processing activities across an organization
• Applicant Privacy Notice: Specifically tailored for job candidates, explaining how their application data is handled
• Company Privacy Notice: Used for internal operations, focusing on employee data processing
• Customer Privacy Notice: Designed for customer interactions, including marketing and service delivery
• Data Processing Notice: Technical version for specific processing operations or third-party data sharing

• Data Protection Officers: Lead the creation and maintenance of Privacy Notices, ensuring compliance with Austrian law and GDPR requirements
• Legal Teams: Review and adapt notices to meet specific organizational needs and regulatory updates
• Business Owners: Responsible for implementing privacy notices in their operations and ensuring staff compliance
• HR Departments: Handle employee-related privacy notices and ensure proper communication of data processing practices
• IT Managers: Implement technical measures described in the notices and maintain data security standards
• Marketing Teams: Ensure customer communications and data collection align with privacy notice requirements

• Data Mapping: Document all personal data your organization collects, processes, and stores
• Processing Purposes: List specific reasons for data collection and how it's used in your operations
• Third Parties: Identify all external organizations receiving or processing the data
• Security Measures: Detail your technical and organizational data protection methods
• Individual Rights: Outline how data subjects can exercise their GDPR rights
• Contact Details: Include your DPO or responsible person's information
• Review Process: Set up regular updates and compliance checks of your notice

• Identity and Contact: Company details and Data Protection Officer information
• Processing Purpose: Clear explanation of why personal data is collected and used
• Legal Basis: Specific grounds under GDPR and Austrian law for processing data
• Data Categories: List of personal information types being collected and processed
• Recipients: Details about who receives or has access to the data
• Transfer Information: Rules for sending data outside the EU/EEA
• Retention Period: How long data is kept and when it's deleted
• Data Subject Rights: Explanation of privacy rights and how to exercise them

A Privacy Notice differs significantly from a Notice of Intent in both purpose and legal requirements. While both are formal communications, they serve distinct functions under Austrian law.

• Legal Basis: Privacy Notices are mandatory under GDPR and Austrian data protection law, while Notices of Intent are voluntary business communications
• Content Focus: Privacy Notices detail data processing practices and rights, whereas Notices of Intent declare future business actions or decisions
• Timing: Privacy Notices must be provided before data collection begins, while Notices of Intent are issued before taking specific business actions
• Audience: Privacy Notices address all data subjects (customers, employees, users), but Notices of Intent target specific parties in a business context
• Regulatory Oversight: Privacy Notices fall under data protection authority supervision, while Notices of Intent primarily relate to contract and business law