Privacy Policy

Austria Wirtschaftsservice Gesellschaft mbH ("aws", "we", "us") is committed to the adequate protection of your personal data. We therefore observe the applicable legal provisions for the protection, lawful handling and confidentiality of personal data, as well as data security, in particular the Austrian Data Protection Act ("DSG"), the EU Data Protection Regulation ("GDPR") and the Telecommunications Act ("TKG").

This Privacy Policy informs you about the processing of your personal data by aws and your rights in this regard. The content and scope of the data processing depend on the products, subsidies or services requested by you.


1. Who is the data processing Controller and who can you contact?

1.1.   The Controller within the meaning of Article 4 Sec. 7 GDPR for data processing is:

Austria Wirtschaftsservice Gesellschaft mbH
Walcherstraße 11A
1020 Wien
Telephone: +43 1 501 75

If you have concerns regarding the processing of your personal data or if you wish to assert your rights:
The Data Protection Coordinator of Austria Wirtschaftsservice GmbH is:

Dr Bettina Schober

If tasks are assigned to aws by the federal government by way of a servicing agreement, the aws and the federal government are jointly responsible for the processing within the meaning of Art. 26 GDPR, provided that the federal government is represented by owners’ representatives, the Federal Ministry of Digital and Economic Affairs, and/or the Federal Ministry of Transport, Infrastructure and Technology.
Furthermore, shared responsibility can exist within the meaning of Art. 26 GDPR if servicing agreements are concluded with third parties and joint/legal responsibilities and relationships give rise to shared responsibility within the meaning of Art. 26 GDPR. Such joint responsibility is, amongst other things, provided within the framework of the servicing of ERP-Fonds loan programmes with the Austrian National Bank.


1.2.   Pursuant to Art. 5 Sec. 1 of the Austria Wirschaftservice Act, the task of aws is the awarding and servicing of company-related business development subsidies, as well as the provision of other public-interest financing and advisory services to support the economy.

The tasks (“measures”) of the company include in particular:


2. What data are processed and from what sources do these data come?

We process the personal data that you provide us with in the course of servicing one of the above-mentioned measures, e.g. if you have applied for/requested funding or other measures. In addition, we process data that we - depending on the legal basis of the measure - have received from third parties, e.g. Federal Ministry of Finance, Federation of Austrian Social Security Institutions, regional health insurance funds, credit bureaus (CRIF GmbH), debtor directories (KSV 1870 Holding AG), from publicly available sources (e.g. Commercial Register) and from databases (e.g. patent databases).

Personal data include your personal details (name, address, contact details, date of birth, place of birth, nationality, etc.), information about your financial status (e.g. credit rating data, scoring or rating data, etc.), documentation data (e.g. advisory reports), information from your electronic traffic with aws (e.g. apps, cookies, etc.) as well as data for meeting legal and regulatory requirements.


3. For what purposes and on what legal Basis are the data processed?

3.1.   For the fulfilment of contractual obligations (Article 6(1) (b) GDPR):

The processing of personal data takes place for the purpose of servicing the subsidy financing, advisory or other contract based on one of the above measures (point 1.2).

The purposes of the data processing are primarily aimed at the specific request or use of the measure (grant, credit, guarantee, coaching product).

The details for the purpose of the respective data processing can be found in the legal basis applicable to the respective measure (e.g. laws, Ministry of Finance regulation on the General Framework Guidelines for the Granting of Federal Subsidy funding (ARR), Special Guidelines, Guidelines, Programme Documents, General Terms and Conditions, Contracts).

Furthermore, we process data from applicants in the context of application processes for the purpose of filling open positions. If a contract of employment is concluded, the data transmitted for the purpose of servicing the employment relationship will be stored in compliance with statutory provisions. If no employment contract is concluded, the application documents will be deleted, provided that deletion does not conflict with any other legitimate interests of aws. Other legitimate interests in this sense include, for example, an obligation to provide evidence in proceedings under the Equal Treatment Act.


3.2.   For the fulfilment of legal obligations (Article 6 (1) (c) GDPR):

Processing of personal data may be required for the purpose of fulfilling various legal and other legal requirements to which aws is subject as a institution providing subsidy funding. This includes, for example:

3.3.   For the protection of legitimate interests (Art. 6 (1) (f) GDPR):

As far as necessary, in the interests of the aws or of a third party, data processing may take place beyond the actual performance of the contract in order to safeguard legitimate interests of the aws or third parties. e.g.:

3.4.   Within the scope of your consent (Art. 6 (1) (a) GDPR):

If you have given us consent to process your personal data, processing will only take place in accordance with the purposes set out in the declaration of consent and to the extent agreed therein. Given consent may be withdrawn at any time with effect for the future (e.g. you can object to the processing of your personal data for marketing and advertising purposes, if you no longer consent to processing in the future):

4. Who receives the data?

If there is a legal or regulatory obligation, public bodies and institutions (e.g. organs and representatives of the Court of Auditors, the Federal Ministry of Finance, BRZ GmbH for the purpose of processing in the Transparency Database, the European Commission in accordance with EU legal provisions, etc.) may be the recipient of your personal data.

To the extent necessary for the above purposes, we will submit your data to the following recipients:

In addition, processors commissioned by us (especially IT service providers) will receive your data, if they need the data to perform their respective services. All processors are contractually obliged to treat your data confidentially and to process them only as part of the provision of services.

5. How Long are the data stored for?

We process your personal data, as far as is necessary for the duration of the entire business relationship (from the initiation and servicing to the termination of a funding contract) and beyond, according to the statutory storage and documentation obligations, which arise in particular from the enterprise code (UGB), the federal tax code (BAO), the general framework guidelines for subsidies from Federal funds (“ARR”) as well as the respective European Union legal regulations, as amended. If we no longer need your personal data, we will delete them from our systems and records or render them anonymous so that they can no longer be identified.

6. What data do we collect from visitors and users of our website?

In the course of your use of the website, we collect, gather and store the following data:

We collect these so-called log files (access data) automatically using cookies. 

7. Does the Website use cookies?

Cookies are small text files that are temporarily stored on your computer and by your browser. This is to make your use of the website more convenient.

Like most websites, we use cookies if you have given your consent to improve your use of our website. If you do not give your consent, we will only collect anonymous data about your visit to our website, for example to determine the total number of visitors to our website.

Google Analytics

If you have so consented, this website also uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). This analytics tool uses cookies to aggregate standard logging information and visitor behaviour of our website. The information generated by this cookie about your use of the website is usually transmitted to and stored by Google on a server in the United States or countries outside the EU.

The following information is collected by Google Analytics: IP address, browser, device type, device model, country, service provider, screen resolution, website time, language, operating system, pages viewed on the website. Google will use this information to analyse your use of the website in order to compile reports on website activity for us.

This website uses Google Analytics with the extension “anonymizeIP()”, so that the IP addresses are processed further only in abbreviated form, in order to exclude direct attribution to you personally.

You can also object to the placement of cookies through the browser settings or download a corresponding browser plug-in at

8. aws Newsletter?

Based on your consent to receive our newsletter, we will use your voluntarily provided personal data (title, name, address, company, position, email address) to send our newsletter by email. This consent may be revoked at any time with effect for the future (e.g. via the unsubscribe link in each newsletter or by email to 

9. How do we protect your data?

We comply with the provisions of Article 32 GDPR by taking appropriate technical and organisational security measures and doing our utmost to ensure the confidentiality and security of your personal data.


10. What data protection rights are available to data subjects?

Information, rectification, deletion

Data subjects have the right: (i) to require aws to confirm the processing of personal data concerning them and, if so, to obtain information (ii) to request rectification of any inaccurate personal data concerning them and (iii) to request, under certain conditions, the erasure of personal data concerning them.


Furthermore, the data subjects have the right to object to the processing of their personal data. In the event of such a disagreement, aws will no longer process the data unless (i) it can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject or (ii) the processing is for the assertion, exercise or defence of legal claims.

Restriction of processing

Data subjects are also entitled to require that aws restricts processing if (i) it dispute the accuracy its data, for a period of time that enables aws to verify the accuracy; (ii) the processing is illegitimate and it rejects erasure, requiring restriction instead, (iii) aws no longer needs its personal data for the purposes of processing, but requires the data for the assertion, exercise or defence of legal claims, or (iv) it has objected to the processing and the decision on the underlying aspects is pending.


Furthermore, under certain conditions, data subjects may require that they receive the personal data that they have provided to aws, and may instruct aws to directly transfer such data to a third Party.

Asserting your rights

To exercise these rights, please contact aws or their Data Protection Coordinator in writing (contact details can be found in point 1 above). The Data Protection Coordinator is also available to you at any time for any other enquiries regarding the use and security of your data. If you believe that aws is using your data in an unauthorised manner, you can also file a complaint with the Austrian Data Protection Authority.

11. Final provision

In the course of ongoing development, aws will continue to adjust this privacy policy. You should therefore regularly access this statement to keep yourself informed about the current Version.